Merge pull request #6082 from seanlaii/operator
Standardize the naming of karmada config in Karmada Operator
This commit is contained in:
karmada-bot
GitHub
commit
4982157d65
|
|
@ -111,7 +111,7 @@ kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" ap
|
||||||
kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" wait --for=condition=Ready --timeout=1000s karmada ${KARMADA_INSTANCE_NAME} -n ${KARMADA_INSTANCE_NAMESPACE}
|
kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" wait --for=condition=Ready --timeout=1000s karmada ${KARMADA_INSTANCE_NAME} -n ${KARMADA_INSTANCE_NAMESPACE}
|
||||||
|
|
||||||
# generate kubeconfig for karmada instance
|
# generate kubeconfig for karmada instance
|
||||||
kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" get secret -n ${KARMADA_INSTANCE_NAMESPACE} ${KARMADA_INSTANCE_NAME}-admin-config -o jsonpath={.data.kubeconfig} | base64 -d > ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config
|
kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" get secret -n ${KARMADA_INSTANCE_NAMESPACE} ${KARMADA_INSTANCE_NAME}-admin-config -o jsonpath='{.data.karmada\.config}' | base64 -d > ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config
|
||||||
cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "certificate-authority-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/ca.crt
|
cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "certificate-authority-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/ca.crt
|
||||||
cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "client-certificate-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/karmada.crt
|
cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "client-certificate-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/karmada.crt
|
||||||
cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "client-key-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/karmada.key
|
cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "client-key-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/karmada.key
|
||||||
|
|
|
||||||
|
|
@ -159,7 +159,7 @@ func (p *Planner) afterRunJob() error {
|
||||||
return fmt.Errorf("error when creating cluster client to install karmada, err: %w", err)
|
return fmt.Errorf("error when creating cluster client to install karmada, err: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
secret, err := remoteClient.CoreV1().Secrets(p.karmada.GetNamespace()).Get(context.TODO(), util.AdminKubeconfigSecretName(p.karmada.GetName()), metav1.GetOptions{})
|
secret, err := remoteClient.CoreV1().Secrets(p.karmada.GetNamespace()).Get(context.TODO(), util.AdminKarmadaConfigSecretName(p.karmada.GetName()), metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
@ -167,7 +167,7 @@ func (p *Planner) afterRunJob() error {
|
||||||
_, err = localClusterClient.CoreV1().Secrets(p.karmada.GetNamespace()).Create(context.TODO(), &corev1.Secret{
|
_, err = localClusterClient.CoreV1().Secrets(p.karmada.GetNamespace()).Create(context.TODO(), &corev1.Secret{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Namespace: p.karmada.GetNamespace(),
|
Namespace: p.karmada.GetNamespace(),
|
||||||
Name: util.AdminKubeconfigSecretName(p.karmada.GetName()),
|
Name: util.AdminKarmadaConfigSecretName(p.karmada.GetName()),
|
||||||
},
|
},
|
||||||
Data: secret.Data,
|
Data: secret.Data,
|
||||||
}, metav1.CreateOptions{})
|
}, metav1.CreateOptions{})
|
||||||
|
|
@ -178,7 +178,7 @@ func (p *Planner) afterRunJob() error {
|
||||||
|
|
||||||
p.karmada.Status.SecretRef = &operatorv1alpha1.LocalSecretReference{
|
p.karmada.Status.SecretRef = &operatorv1alpha1.LocalSecretReference{
|
||||||
Namespace: p.karmada.GetNamespace(),
|
Namespace: p.karmada.GetNamespace(),
|
||||||
Name: util.AdminKubeconfigSecretName(p.karmada.GetName()),
|
Name: util.AdminKarmadaConfigSecretName(p.karmada.GetName()),
|
||||||
}
|
}
|
||||||
p.karmada.Status.APIServerService = &operatorv1alpha1.APIServerService{
|
p.karmada.Status.APIServerService = &operatorv1alpha1.APIServerService{
|
||||||
Name: util.KarmadaAPIServerName(p.karmada.GetName()),
|
Name: util.KarmadaAPIServerName(p.karmada.GetName()),
|
||||||
|
|
|
||||||
|
|
@ -244,7 +244,7 @@ func TestAfterRunJob(t *testing.T) {
|
||||||
config: &rest.Config{},
|
config: &rest.Config{},
|
||||||
action: InitAction,
|
action: InitAction,
|
||||||
verify: func(karmada *operatorv1alpha1.Karmada, planner *Planner, action Action) error {
|
verify: func(karmada *operatorv1alpha1.Karmada, planner *Planner, action Action) error {
|
||||||
secretRefNameExpected := util.AdminKubeconfigSecretName(karmada.GetName())
|
secretRefNameExpected := util.AdminKarmadaConfigSecretName(karmada.GetName())
|
||||||
if planner.karmada.Status.SecretRef == nil {
|
if planner.karmada.Status.SecretRef == nil {
|
||||||
return fmt.Errorf("expected SecretRef to be set, but got nil")
|
return fmt.Errorf("expected SecretRef to be set, but got nil")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -125,7 +125,7 @@ func installKarmadaAggregatedAPIServer(client clientset.Interface, cfg *operator
|
||||||
Namespace: namespace,
|
Namespace: namespace,
|
||||||
Image: cfg.Image.Name(),
|
Image: cfg.Image.Name(),
|
||||||
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
||||||
KubeconfigSecret: util.AdminKubeconfigSecretName(name),
|
KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaAggregatedAPIServerName(name)),
|
||||||
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
||||||
Replicas: cfg.Replicas,
|
Replicas: cfg.Replicas,
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -423,7 +423,7 @@ func verifyAggregatedAPIServerDeploymentAdditionalDetails(featureGates map[strin
|
||||||
for _, volume := range deployment.Spec.Template.Spec.Volumes {
|
for _, volume := range deployment.Spec.Template.Spec.Volumes {
|
||||||
extractedSecrets = append(extractedSecrets, volume.Secret.SecretName)
|
extractedSecrets = append(extractedSecrets, volume.Secret.SecretName)
|
||||||
}
|
}
|
||||||
expectedSecrets := []string{util.AdminKubeconfigSecretName(expectedDeploymentName), util.KarmadaCertSecretName(expectedDeploymentName), util.EtcdCertSecretName(expectedDeploymentName)}
|
expectedSecrets := []string{util.ComponentKarmadaConfigSecretName(util.KarmadaAggregatedAPIServerName(expectedDeploymentName)), util.KarmadaCertSecretName(expectedDeploymentName), util.EtcdCertSecretName(expectedDeploymentName)}
|
||||||
for _, expectedSecret := range expectedSecrets {
|
for _, expectedSecret := range expectedSecrets {
|
||||||
if !contains(extractedSecrets, expectedSecret) {
|
if !contains(extractedSecrets, expectedSecret) {
|
||||||
return fmt.Errorf("expected secret '%s' not found in extracted secrets", expectedSecret)
|
return fmt.Errorf("expected secret '%s' not found in extracted secrets", expectedSecret)
|
||||||
|
|
|
||||||
|
|
@ -162,9 +162,9 @@ spec:
|
||||||
imagePullPolicy: {{ .ImagePullPolicy }}
|
imagePullPolicy: {{ .ImagePullPolicy }}
|
||||||
command:
|
command:
|
||||||
- /bin/karmada-aggregated-apiserver
|
- /bin/karmada-aggregated-apiserver
|
||||||
- --kubeconfig=/etc/karmada/kubeconfig
|
- --kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --authentication-kubeconfig=/etc/karmada/kubeconfig
|
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --authorization-kubeconfig=/etc/karmada/kubeconfig
|
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --tls-cert-file=/etc/karmada/pki/karmada.crt
|
- --tls-cert-file=/etc/karmada/pki/karmada.crt
|
||||||
- --tls-private-key-file=/etc/karmada/pki/karmada.key
|
- --tls-private-key-file=/etc/karmada/pki/karmada.key
|
||||||
- --tls-min-version=VersionTLS13
|
- --tls-min-version=VersionTLS13
|
||||||
|
|
@ -172,14 +172,13 @@ spec:
|
||||||
- --audit-log-maxage=0
|
- --audit-log-maxage=0
|
||||||
- --audit-log-maxbackup=0
|
- --audit-log-maxbackup=0
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /etc/karmada/kubeconfig
|
- name: karmada-config
|
||||||
name: kubeconfig
|
mountPath: /etc/karmada/config
|
||||||
subPath: kubeconfig
|
|
||||||
- mountPath: /etc/karmada/pki
|
- mountPath: /etc/karmada/pki
|
||||||
name: apiserver-cert
|
name: apiserver-cert
|
||||||
readOnly: true
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KubeconfigSecret }}
|
secretName: {{ .KubeconfigSecret }}
|
||||||
- name: apiserver-cert
|
- name: apiserver-cert
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,7 @@ func getKubeControllerManagerManifest(name, namespace string, cfg *operatorv1alp
|
||||||
Image: cfg.Image.Name(),
|
Image: cfg.Image.Name(),
|
||||||
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
||||||
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
||||||
KubeconfigSecret: util.AdminKubeconfigSecretName(name),
|
KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KubeControllerManagerName(name)),
|
||||||
Replicas: cfg.Replicas,
|
Replicas: cfg.Replicas,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -122,7 +122,7 @@ func getKarmadaControllerManagerManifest(name, namespace string, featureGates ma
|
||||||
SystemNamespace: constants.KarmadaSystemNamespace,
|
SystemNamespace: constants.KarmadaSystemNamespace,
|
||||||
Image: cfg.Image.Name(),
|
Image: cfg.Image.Name(),
|
||||||
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
||||||
KubeconfigSecret: util.AdminKubeconfigSecretName(name),
|
KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaControllerManagerName(name)),
|
||||||
Replicas: cfg.Replicas,
|
Replicas: cfg.Replicas,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -151,7 +151,7 @@ func getKarmadaSchedulerManifest(name, namespace string, featureGates map[string
|
||||||
SystemNamespace: constants.KarmadaSystemNamespace,
|
SystemNamespace: constants.KarmadaSystemNamespace,
|
||||||
Image: cfg.Image.Name(),
|
Image: cfg.Image.Name(),
|
||||||
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
||||||
KubeconfigSecret: util.AdminKubeconfigSecretName(name),
|
KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaSchedulerName(name)),
|
||||||
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
||||||
Replicas: cfg.Replicas,
|
Replicas: cfg.Replicas,
|
||||||
})
|
})
|
||||||
|
|
@ -181,7 +181,7 @@ func getKarmadaDeschedulerManifest(name, namespace string, featureGates map[stri
|
||||||
SystemNamespace: constants.KarmadaSystemNamespace,
|
SystemNamespace: constants.KarmadaSystemNamespace,
|
||||||
Image: cfg.Image.Name(),
|
Image: cfg.Image.Name(),
|
||||||
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
||||||
KubeconfigSecret: util.AdminKubeconfigSecretName(name),
|
KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaDeschedulerName(name)),
|
||||||
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
||||||
Replicas: cfg.Replicas,
|
Replicas: cfg.Replicas,
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -167,7 +167,7 @@ func TestGetKubeControllerManagerManifest(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
expectedSecrets := []string{
|
expectedSecrets := []string{
|
||||||
util.AdminKubeconfigSecretName(name),
|
util.ComponentKarmadaConfigSecretName(util.KubeControllerManagerName(name)),
|
||||||
util.KarmadaCertSecretName(name),
|
util.KarmadaCertSecretName(name),
|
||||||
}
|
}
|
||||||
err = verifySecrets(deployment, expectedSecrets)
|
err = verifySecrets(deployment, expectedSecrets)
|
||||||
|
|
@ -226,7 +226,7 @@ func TestGetKarmadaControllerManagerManifest(t *testing.T) {
|
||||||
t.Errorf("failed to verify karmada controller manager system namespace: %v", err)
|
t.Errorf("failed to verify karmada controller manager system namespace: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
expectedSecrets := []string{util.AdminKubeconfigSecretName(name)}
|
expectedSecrets := []string{util.ComponentKarmadaConfigSecretName(util.KarmadaControllerManagerName(name))}
|
||||||
err = verifySecrets(deployment, expectedSecrets)
|
err = verifySecrets(deployment, expectedSecrets)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("failed to verify karmada controller manager secrets: %v", err)
|
t.Errorf("failed to verify karmada controller manager secrets: %v", err)
|
||||||
|
|
@ -285,7 +285,7 @@ func TestGetKarmadaSchedulerManifest(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
expectedSecrets := []string{
|
expectedSecrets := []string{
|
||||||
util.AdminKubeconfigSecretName(name),
|
util.ComponentKarmadaConfigSecretName(util.KarmadaSchedulerName(name)),
|
||||||
util.KarmadaCertSecretName(name),
|
util.KarmadaCertSecretName(name),
|
||||||
}
|
}
|
||||||
err = verifySecrets(deployment, expectedSecrets)
|
err = verifySecrets(deployment, expectedSecrets)
|
||||||
|
|
@ -346,7 +346,7 @@ func TestGetKarmadaDeschedulerManifest(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
expectedSecrets := []string{
|
expectedSecrets := []string{
|
||||||
util.AdminKubeconfigSecretName(name),
|
util.ComponentKarmadaConfigSecretName(util.KarmadaDeschedulerName(name)),
|
||||||
util.KarmadaCertSecretName(name),
|
util.KarmadaCertSecretName(name),
|
||||||
}
|
}
|
||||||
err = verifySecrets(deployment, expectedSecrets)
|
err = verifySecrets(deployment, expectedSecrets)
|
||||||
|
|
|
||||||
|
|
@ -54,9 +54,9 @@ spec:
|
||||||
command:
|
command:
|
||||||
- kube-controller-manager
|
- kube-controller-manager
|
||||||
- --allocate-node-cidrs=true
|
- --allocate-node-cidrs=true
|
||||||
- --kubeconfig=/etc/karmada/kubeconfig
|
- --kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --authentication-kubeconfig=/etc/karmada/kubeconfig
|
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --authorization-kubeconfig=/etc/karmada/kubeconfig
|
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --bind-address=0.0.0.0
|
- --bind-address=0.0.0.0
|
||||||
- --client-ca-file=/etc/karmada/pki/ca.crt
|
- --client-ca-file=/etc/karmada/pki/ca.crt
|
||||||
- --cluster-cidr=10.244.0.0/16
|
- --cluster-cidr=10.244.0.0/16
|
||||||
|
|
@ -85,14 +85,13 @@ spec:
|
||||||
- name: karmada-certs
|
- name: karmada-certs
|
||||||
mountPath: /etc/karmada/pki
|
mountPath: /etc/karmada/pki
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
mountPath: /etc/karmada/kubeconfig
|
mountPath: /etc/karmada/config
|
||||||
subPath: kubeconfig
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: karmada-certs
|
- name: karmada-certs
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KarmadaCertsSecret }}
|
secretName: {{ .KarmadaCertsSecret }}
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KubeconfigSecret }}
|
secretName: {{ .KubeconfigSecret }}
|
||||||
`
|
`
|
||||||
|
|
@ -126,7 +125,7 @@ spec:
|
||||||
imagePullPolicy: {{ .ImagePullPolicy }}
|
imagePullPolicy: {{ .ImagePullPolicy }}
|
||||||
command:
|
command:
|
||||||
- /bin/karmada-controller-manager
|
- /bin/karmada-controller-manager
|
||||||
- --kubeconfig=/etc/karmada/kubeconfig
|
- --kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --metrics-bind-address=:8080
|
- --metrics-bind-address=:8080
|
||||||
- --cluster-status-update-frequency=10s
|
- --cluster-status-update-frequency=10s
|
||||||
- --failover-eviction-timeout=30s
|
- --failover-eviction-timeout=30s
|
||||||
|
|
@ -147,11 +146,10 @@ spec:
|
||||||
name: metrics
|
name: metrics
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
subPath: kubeconfig
|
mountPath: /etc/karmada/config
|
||||||
mountPath: /etc/karmada/kubeconfig
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KubeconfigSecret }}
|
secretName: {{ .KubeconfigSecret }}
|
||||||
`
|
`
|
||||||
|
|
@ -186,7 +184,7 @@ spec:
|
||||||
imagePullPolicy: {{ .ImagePullPolicy }}
|
imagePullPolicy: {{ .ImagePullPolicy }}
|
||||||
command:
|
command:
|
||||||
- /bin/karmada-scheduler
|
- /bin/karmada-scheduler
|
||||||
- --kubeconfig=/etc/karmada/kubeconfig
|
- --kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --metrics-bind-address=0.0.0.0:8080
|
- --metrics-bind-address=0.0.0.0:8080
|
||||||
- --health-probe-bind-address=0.0.0.0:10351
|
- --health-probe-bind-address=0.0.0.0:10351
|
||||||
- --enable-scheduler-estimator=true
|
- --enable-scheduler-estimator=true
|
||||||
|
|
@ -212,14 +210,13 @@ spec:
|
||||||
- name: karmada-certs
|
- name: karmada-certs
|
||||||
mountPath: /etc/karmada/pki
|
mountPath: /etc/karmada/pki
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
subPath: kubeconfig
|
mountPath: /etc/karmada/config
|
||||||
mountPath: /etc/karmada/kubeconfig
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: karmada-certs
|
- name: karmada-certs
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KarmadaCertsSecret }}
|
secretName: {{ .KarmadaCertsSecret }}
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KubeconfigSecret }}
|
secretName: {{ .KubeconfigSecret }}
|
||||||
`
|
`
|
||||||
|
|
@ -254,7 +251,7 @@ spec:
|
||||||
imagePullPolicy: {{ .ImagePullPolicy }}
|
imagePullPolicy: {{ .ImagePullPolicy }}
|
||||||
command:
|
command:
|
||||||
- /bin/karmada-descheduler
|
- /bin/karmada-descheduler
|
||||||
- --kubeconfig=/etc/karmada/kubeconfig
|
- --kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --metrics-bind-address=0.0.0.0:8080
|
- --metrics-bind-address=0.0.0.0:8080
|
||||||
- --health-probe-bind-address=0.0.0.0:10358
|
- --health-probe-bind-address=0.0.0.0:10358
|
||||||
- --leader-elect-resource-namespace={{ .SystemNamespace }}
|
- --leader-elect-resource-namespace={{ .SystemNamespace }}
|
||||||
|
|
@ -279,14 +276,13 @@ spec:
|
||||||
- name: karmada-certs
|
- name: karmada-certs
|
||||||
mountPath: /etc/karmada/pki
|
mountPath: /etc/karmada/pki
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
subPath: kubeconfig
|
mountPath: /etc/karmada/config
|
||||||
mountPath: /etc/karmada/kubeconfig
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: karmada-certs
|
- name: karmada-certs
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KarmadaCertsSecret }}
|
secretName: {{ .KarmadaCertsSecret }}
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KubeconfigSecret }}
|
secretName: {{ .KubeconfigSecret }}
|
||||||
`
|
`
|
||||||
|
|
|
||||||
|
|
@ -47,10 +47,10 @@ spec:
|
||||||
imagePullPolicy: {{ .ImagePullPolicy }}
|
imagePullPolicy: {{ .ImagePullPolicy }}
|
||||||
command:
|
command:
|
||||||
- /bin/karmada-metrics-adapter
|
- /bin/karmada-metrics-adapter
|
||||||
- --kubeconfig=/etc/karmada/kubeconfig
|
- --kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --metrics-bind-address=:8080
|
- --metrics-bind-address=:8080
|
||||||
- --authentication-kubeconfig=/etc/karmada/kubeconfig
|
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --authorization-kubeconfig=/etc/karmada/kubeconfig
|
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --client-ca-file=/etc/karmada/pki/ca.crt
|
- --client-ca-file=/etc/karmada/pki/ca.crt
|
||||||
- --tls-cert-file=/etc/karmada/pki/karmada.crt
|
- --tls-cert-file=/etc/karmada/pki/karmada.crt
|
||||||
- --tls-private-key-file=/etc/karmada/pki/karmada.key
|
- --tls-private-key-file=/etc/karmada/pki/karmada.key
|
||||||
|
|
@ -59,9 +59,8 @@ spec:
|
||||||
- --audit-log-maxage=0
|
- --audit-log-maxage=0
|
||||||
- --audit-log-maxbackup=0
|
- --audit-log-maxbackup=0
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
subPath: kubeconfig
|
mountPath: /etc/karmada/config
|
||||||
mountPath: /etc/karmada/kubeconfig
|
|
||||||
- name: karmada-cert
|
- name: karmada-cert
|
||||||
mountPath: /etc/karmada/pki
|
mountPath: /etc/karmada/pki
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
|
@ -87,7 +86,7 @@ spec:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
volumes:
|
volumes:
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KubeconfigSecret }}
|
secretName: {{ .KubeconfigSecret }}
|
||||||
- name: karmada-cert
|
- name: karmada-cert
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ func installKarmadaMetricAdapter(client clientset.Interface, cfg *operatorv1alph
|
||||||
Image: cfg.Image.Name(),
|
Image: cfg.Image.Name(),
|
||||||
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
||||||
Replicas: cfg.Replicas,
|
Replicas: cfg.Replicas,
|
||||||
KubeconfigSecret: util.AdminKubeconfigSecretName(name),
|
KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaMetricsAdapterName(name)),
|
||||||
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -221,7 +221,7 @@ func verifyDeploymentDetails(deployment *appsv1.Deployment, replicas int32, imag
|
||||||
extractedSecrets = append(extractedSecrets, volume.Secret.SecretName)
|
extractedSecrets = append(extractedSecrets, volume.Secret.SecretName)
|
||||||
}
|
}
|
||||||
expectedSecrets := []string{
|
expectedSecrets := []string{
|
||||||
util.AdminKubeconfigSecretName(name),
|
util.ComponentKarmadaConfigSecretName(util.KarmadaMetricsAdapterName(name)),
|
||||||
util.KarmadaCertSecretName(name),
|
util.KarmadaCertSecretName(name),
|
||||||
}
|
}
|
||||||
for _, expectedSecret := range expectedSecrets {
|
for _, expectedSecret := range expectedSecrets {
|
||||||
|
|
|
||||||
|
|
@ -49,14 +49,13 @@ spec:
|
||||||
- name: k8s-certs
|
- name: k8s-certs
|
||||||
mountPath: /etc/karmada/pki
|
mountPath: /etc/karmada/pki
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
subPath: kubeconfig
|
mountPath: /etc/karmada/config
|
||||||
mountPath: /etc/kubeconfig
|
|
||||||
command:
|
command:
|
||||||
- /bin/karmada-search
|
- /bin/karmada-search
|
||||||
- --kubeconfig=/etc/kubeconfig
|
- --kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --authentication-kubeconfig=/etc/kubeconfig
|
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --authorization-kubeconfig=/etc/kubeconfig
|
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --tls-cert-file=/etc/karmada/pki/karmada.crt
|
- --tls-cert-file=/etc/karmada/pki/karmada.crt
|
||||||
- --tls-private-key-file=/etc/karmada/pki/karmada.key
|
- --tls-private-key-file=/etc/karmada/pki/karmada.key
|
||||||
- --tls-min-version=VersionTLS13
|
- --tls-min-version=VersionTLS13
|
||||||
|
|
@ -79,7 +78,7 @@ spec:
|
||||||
- name: k8s-certs
|
- name: k8s-certs
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KarmadaCertsSecret }}
|
secretName: {{ .KarmadaCertsSecret }}
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KubeconfigSecret }}
|
secretName: {{ .KubeconfigSecret }}
|
||||||
`
|
`
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@ func installKarmadaSearch(client clientset.Interface, cfg *operatorv1alpha1.Karm
|
||||||
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
||||||
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
KarmadaCertsSecret: util.KarmadaCertSecretName(name),
|
||||||
Replicas: cfg.Replicas,
|
Replicas: cfg.Replicas,
|
||||||
KubeconfigSecret: util.AdminKubeconfigSecretName(name),
|
KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaSearchName(name)),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error when parsing KarmadaSearch Deployment template: %w", err)
|
return fmt.Errorf("error when parsing KarmadaSearch Deployment template: %w", err)
|
||||||
|
|
|
||||||
|
|
@ -242,7 +242,7 @@ func verifySecrets(deployment *appsv1.Deployment, name string) error {
|
||||||
extractedSecrets = append(extractedSecrets, volume.Secret.SecretName)
|
extractedSecrets = append(extractedSecrets, volume.Secret.SecretName)
|
||||||
}
|
}
|
||||||
expectedSecrets := []string{
|
expectedSecrets := []string{
|
||||||
util.AdminKubeconfigSecretName(name),
|
util.ComponentKarmadaConfigSecretName(util.KarmadaSearchName(name)),
|
||||||
util.KarmadaCertSecretName(name),
|
util.KarmadaCertSecretName(name),
|
||||||
}
|
}
|
||||||
for _, expectedSecret := range expectedSecrets {
|
for _, expectedSecret := range expectedSecrets {
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,7 @@ spec:
|
||||||
imagePullPolicy: {{ .ImagePullPolicy }}
|
imagePullPolicy: {{ .ImagePullPolicy }}
|
||||||
command:
|
command:
|
||||||
- /bin/karmada-webhook
|
- /bin/karmada-webhook
|
||||||
- --kubeconfig=/etc/karmada/kubeconfig
|
- --kubeconfig=/etc/karmada/config/karmada.config
|
||||||
- --bind-address=0.0.0.0
|
- --bind-address=0.0.0.0
|
||||||
- --metrics-bind-address=:8080
|
- --metrics-bind-address=:8080
|
||||||
- --default-not-ready-toleration-seconds=30
|
- --default-not-ready-toleration-seconds=30
|
||||||
|
|
@ -61,9 +61,8 @@ spec:
|
||||||
name: metrics
|
name: metrics
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
subPath: kubeconfig
|
mountPath: /etc/karmada/config
|
||||||
mountPath: /etc/karmada/kubeconfig
|
|
||||||
- name: cert
|
- name: cert
|
||||||
mountPath: /var/serving-cert
|
mountPath: /var/serving-cert
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
|
@ -73,7 +72,7 @@ spec:
|
||||||
port: 8443
|
port: 8443
|
||||||
scheme: HTTPS
|
scheme: HTTPS
|
||||||
volumes:
|
volumes:
|
||||||
- name: kubeconfig
|
- name: karmada-config
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .KubeconfigSecret }}
|
secretName: {{ .KubeconfigSecret }}
|
||||||
- name: cert
|
- name: cert
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ func installKarmadaWebhook(client clientset.Interface, cfg *operatorv1alpha1.Kar
|
||||||
Image: cfg.Image.Name(),
|
Image: cfg.Image.Name(),
|
||||||
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
ImagePullPolicy: string(cfg.ImagePullPolicy),
|
||||||
Replicas: cfg.Replicas,
|
Replicas: cfg.Replicas,
|
||||||
KubeconfigSecret: util.AdminKubeconfigSecretName(name),
|
KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaWebhookName(name)),
|
||||||
WebhookCertsSecret: util.WebhookCertSecretName(name),
|
WebhookCertsSecret: util.WebhookCertSecretName(name),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -232,7 +232,7 @@ func verifySecrets(deployment *appsv1.Deployment, name string) error {
|
||||||
extractedSecrets = append(extractedSecrets, volume.Secret.SecretName)
|
extractedSecrets = append(extractedSecrets, volume.Secret.SecretName)
|
||||||
}
|
}
|
||||||
expectedSecrets := []string{
|
expectedSecrets := []string{
|
||||||
util.AdminKubeconfigSecretName(name),
|
util.ComponentKarmadaConfigSecretName(util.KarmadaWebhookName(name)),
|
||||||
util.WebhookCertSecretName(name),
|
util.WebhookCertSecretName(name),
|
||||||
}
|
}
|
||||||
for _, expectedSecret := range expectedSecrets {
|
for _, expectedSecret := range expectedSecrets {
|
||||||
|
|
|
||||||
|
|
@ -39,20 +39,40 @@ func NewCleanupKubeconfigTask() workflow.Task {
|
||||||
func runCleanupKubeconfig(r workflow.RunData) error {
|
func runCleanupKubeconfig(r workflow.RunData) error {
|
||||||
data, ok := r.(DeInitData)
|
data, ok := r.(DeInitData)
|
||||||
if !ok {
|
if !ok {
|
||||||
return errors.New("cleanup-kubeconfig task invoked with an invalid data struct")
|
return errors.New("cleanup-karmada-config task invoked with an invalid data struct")
|
||||||
}
|
}
|
||||||
|
|
||||||
klog.V(4).InfoS("[cleanup-kubeconfig] Running cleanup-kubeconfig task", "karmada", klog.KObj(data))
|
klog.V(4).InfoS("[cleanup-karmada-config] Running cleanup-karmada-config task", "karmada", klog.KObj(data))
|
||||||
|
|
||||||
|
secretNames := generateComponentKubeconfigSecretNames(data)
|
||||||
|
|
||||||
|
for _, secretName := range secretNames {
|
||||||
err := apiclient.DeleteSecretIfHasLabels(
|
err := apiclient.DeleteSecretIfHasLabels(
|
||||||
data.RemoteClient(),
|
data.RemoteClient(),
|
||||||
util.AdminKubeconfigSecretName(data.GetName()),
|
secretName,
|
||||||
data.GetNamespace(),
|
data.GetNamespace(),
|
||||||
constants.KarmadaOperatorLabel,
|
constants.KarmadaOperatorLabel,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to cleanup karmada kubeconfig, err: %w", err)
|
return fmt.Errorf("failed to cleanup karmada-config secret '%s', err: %w", secretName, err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func generateComponentKubeconfigSecretNames(data DeInitData) []string {
|
||||||
|
secretNames := []string{
|
||||||
|
util.AdminKarmadaConfigSecretName(data.GetName()),
|
||||||
|
util.ComponentKarmadaConfigSecretName(util.KarmadaAggregatedAPIServerName(data.GetName())),
|
||||||
|
util.ComponentKarmadaConfigSecretName(util.KarmadaControllerManagerName(data.GetName())),
|
||||||
|
util.ComponentKarmadaConfigSecretName(util.KubeControllerManagerName(data.GetName())),
|
||||||
|
util.ComponentKarmadaConfigSecretName(util.KarmadaSchedulerName(data.GetName())),
|
||||||
|
util.ComponentKarmadaConfigSecretName(util.KarmadaDeschedulerName(data.GetName())),
|
||||||
|
util.ComponentKarmadaConfigSecretName(util.KarmadaMetricsAdapterName(data.GetName())),
|
||||||
|
util.ComponentKarmadaConfigSecretName(util.KarmadaSearchName(data.GetName())),
|
||||||
|
util.ComponentKarmadaConfigSecretName(util.KarmadaWebhookName(data.GetName())),
|
||||||
|
}
|
||||||
|
|
||||||
|
return secretNames
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ func TestRunCleanupKubeconfig(t *testing.T) {
|
||||||
prep: func(workflow.RunData, *corev1.Secret) error { return nil },
|
prep: func(workflow.RunData, *corev1.Secret) error { return nil },
|
||||||
verify: func(workflow.RunData, *corev1.Secret) error { return nil },
|
verify: func(workflow.RunData, *corev1.Secret) error { return nil },
|
||||||
wantErr: true,
|
wantErr: true,
|
||||||
errMsg: "cleanup-kubeconfig task invoked with an invalid data struct",
|
errMsg: "cleanup-karmada-config task invoked with an invalid data struct",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "RunCleanupKubeconfig_DeleteSecretWithKarmadaOperatorLabel_SecretDeleted",
|
name: "RunCleanupKubeconfig_DeleteSecretWithKarmadaOperatorLabel_SecretDeleted",
|
||||||
|
|
@ -82,7 +82,7 @@ func TestRunCleanupKubeconfig(t *testing.T) {
|
||||||
namespace: namespace,
|
namespace: namespace,
|
||||||
remoteClient: fakeclientset.NewSimpleClientset(),
|
remoteClient: fakeclientset.NewSimpleClientset(),
|
||||||
},
|
},
|
||||||
secret: helper.NewSecret(namespace, util.AdminKubeconfigSecretName(name), map[string][]byte{}),
|
secret: helper.NewSecret(namespace, util.AdminKarmadaConfigSecretName(name), map[string][]byte{}),
|
||||||
prep: func(rd workflow.RunData, s *corev1.Secret) error {
|
prep: func(rd workflow.RunData, s *corev1.Secret) error {
|
||||||
data := rd.(*TestDeInitData)
|
data := rd.(*TestDeInitData)
|
||||||
s.Labels = constants.KarmadaOperatorLabel
|
s.Labels = constants.KarmadaOperatorLabel
|
||||||
|
|
|
||||||
|
|
@ -105,16 +105,13 @@ func runUploadAdminKubeconfig(r workflow.RunData) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = apiclient.CreateOrUpdateSecret(data.RemoteClient(), &corev1.Secret{
|
secretList := generateComponentKubeconfigSecrets(data, string(configBytes))
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
|
||||||
Namespace: data.GetNamespace(),
|
for _, secret := range secretList {
|
||||||
Name: util.AdminKubeconfigSecretName(data.GetName()),
|
err = apiclient.CreateOrUpdateSecret(data.RemoteClient(), secret)
|
||||||
Labels: constants.KarmadaOperatorLabel,
|
|
||||||
},
|
|
||||||
Data: map[string][]byte{"kubeconfig": configBytes},
|
|
||||||
})
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to create secret of kubeconfig, err: %w", err)
|
return fmt.Errorf("failed to create/update karmada-config secret '%s', err: %w", secret.Name, err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// store rest config to RunData.
|
// store rest config to RunData.
|
||||||
|
|
@ -179,6 +176,46 @@ func buildKubeConfigFromSpec(data InitData, serverURL string) (*clientcmdapi.Con
|
||||||
), nil
|
), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func generateKubeconfigSecret(name, namespace, configString string) *corev1.Secret {
|
||||||
|
return &corev1.Secret{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Namespace: namespace,
|
||||||
|
Name: name,
|
||||||
|
Labels: constants.KarmadaOperatorLabel,
|
||||||
|
},
|
||||||
|
StringData: map[string]string{"karmada.config": configString},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func generateComponentKubeconfigSecrets(data InitData, configString string) []*corev1.Secret {
|
||||||
|
var secrets []*corev1.Secret
|
||||||
|
|
||||||
|
secrets = append(secrets, generateKubeconfigSecret(util.AdminKarmadaConfigSecretName(data.GetName()), data.GetNamespace(), configString))
|
||||||
|
|
||||||
|
if data.Components() == nil {
|
||||||
|
return secrets
|
||||||
|
}
|
||||||
|
|
||||||
|
componentList := map[string]interface{}{
|
||||||
|
util.KarmadaAggregatedAPIServerName(data.GetName()): data.Components().KarmadaAggregatedAPIServer,
|
||||||
|
util.KarmadaControllerManagerName(data.GetName()): data.Components().KarmadaControllerManager,
|
||||||
|
util.KubeControllerManagerName(data.GetName()): data.Components().KubeControllerManager,
|
||||||
|
util.KarmadaSchedulerName(data.GetName()): data.Components().KarmadaScheduler,
|
||||||
|
util.KarmadaDeschedulerName(data.GetName()): data.Components().KarmadaDescheduler,
|
||||||
|
util.KarmadaMetricsAdapterName(data.GetName()): data.Components().KarmadaMetricsAdapter,
|
||||||
|
util.KarmadaSearchName(data.GetName()): data.Components().KarmadaSearch,
|
||||||
|
util.KarmadaWebhookName(data.GetName()): data.Components().KarmadaWebhook,
|
||||||
|
}
|
||||||
|
|
||||||
|
for karmadaComponentName, component := range componentList {
|
||||||
|
if component != nil {
|
||||||
|
secrets = append(secrets, generateKubeconfigSecret(util.ComponentKarmadaConfigSecretName(karmadaComponentName), data.GetNamespace(), configString))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return secrets
|
||||||
|
}
|
||||||
|
|
||||||
// NewUploadCertsTask init a Upload-Certs task
|
// NewUploadCertsTask init a Upload-Certs task
|
||||||
func NewUploadCertsTask(karmada *operatorv1alpha1.Karmada) workflow.Task {
|
func NewUploadCertsTask(karmada *operatorv1alpha1.Karmada) workflow.Task {
|
||||||
tasks := []workflow.Task{
|
tasks := []workflow.Task{
|
||||||
|
|
|
||||||
|
|
@ -24,11 +24,16 @@ import (
|
||||||
// Namefunc defines a function to generate resource name according to karmada resource name.
|
// Namefunc defines a function to generate resource name according to karmada resource name.
|
||||||
type Namefunc func(karmada string) string
|
type Namefunc func(karmada string) string
|
||||||
|
|
||||||
// AdminKubeconfigSecretName returns secret name of karmada-admin kubeconfig
|
// AdminKarmadaConfigSecretName returns secret name of karmada-admin karmada-config
|
||||||
func AdminKubeconfigSecretName(karmada string) string {
|
func AdminKarmadaConfigSecretName(karmada string) string {
|
||||||
return generateResourceName(karmada, "admin-config")
|
return generateResourceName(karmada, "admin-config")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ComponentKarmadaConfigSecretName returns secret name of karmada component karmada-config
|
||||||
|
func ComponentKarmadaConfigSecretName(karmadaComponent string) string {
|
||||||
|
return fmt.Sprintf("%s-config", karmadaComponent)
|
||||||
|
}
|
||||||
|
|
||||||
// KarmadaCertSecretName returns secret name of karmada certs
|
// KarmadaCertSecretName returns secret name of karmada certs
|
||||||
func KarmadaCertSecretName(karmada string) string {
|
func KarmadaCertSecretName(karmada string) string {
|
||||||
return generateResourceName(karmada, "cert")
|
return generateResourceName(karmada, "cert")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue