karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5797 from chaosi-zju/secret-karmadactl-2 

standardize the naming of karmada config in karmadactl method
This commit is contained in:
karmada-bot 2025-01-26 10:18:53 +08:00 committed by GitHub
parent d24b2b9d08 72da42d27b
commit 5599b22bdb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 147 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/karmadactl/addons/descheduler/manifests.go
View File

@ -44,7 +44,7 @@ spec:
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-descheduler
- --kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --metrics-bind-address=0.0.0.0:8080
- --health-probe-bind-address=0.0.0.0:10358
- --leader-elect-resource-namespace={{ .Namespace }}
@ -66,19 +66,18 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: k8s-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: karmada-config
secret:
secretName: karmada-descheduler-config
- name: k8s-certs
secret:
secretName: karmada-cert
- name: kubeconfig
secret:
secretName: kubeconfig
`
// DeploymentReplace is a struct to help to concrete

43
pkg/karmadactl/addons/init/enable_option.go
View File

@ -26,7 +26,7 @@ import (
"k8s.io/klog/v2"
"k8s.io/utils/strings/slices"
cmdinit "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/kubernetes"
"github.com/karmada-io/karmada/pkg/karmadactl/util"
"github.com/karmada-io/karmada/pkg/karmadactl/util/apiclient"
"github.com/karmada-io/karmada/pkg/util/names"
"github.com/karmada-io/karmada/pkg/version"
@ -149,10 +149,17 @@ func (o *CommandAddonsEnableOption) Validate(args []string) error {
}
secretClient := o.KubeClientSet.CoreV1().Secrets(o.Namespace)
_, err = secretClient.Get(context.TODO(), cmdinit.KubeConfigSecretAndMountName, metav1.GetOptions{})
for _, addon := range getEnablingAddons(args) {
if addon.Name == names.KarmadaSchedulerEstimatorComponentName {
// estimator not rely on karmada config secret
continue
}
karmadaConfigSecretName := util.KarmadaConfigName(addon.Name)
_, err = secretClient.Get(context.TODO(), karmadaConfigSecretName, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return fmt.Errorf("secrets `kubeconfig` is not found in namespace %s, please execute karmadactl init to deploy karmada first", o.Namespace)
return fmt.Errorf("secrets `%s` is not found in namespace %s, please execute karmadactl init to deploy karmada first", karmadaConfigSecretName, o.Namespace)
}
}
}
@ -188,21 +195,8 @@ func (o *CommandAddonsEnableOption) Validate(args []string) error {
// Run start enable Karmada addons
func (o *CommandAddonsEnableOption) Run(args []string) error {
var enableAddons = map[string]*Addon{}
// collect enabled addons
for _, item := range args {
if item == "all" {
enableAddons = Addons
break
}
if addon := Addons[item]; addon != nil {
enableAddons[item] = addon
}
}
// enable addons
for name, addon := range enableAddons {
for name, addon := range getEnablingAddons(args) {
klog.Infof("Start to enable addon %s", name)
if err := addon.Enable(o); err != nil {
klog.Errorf("Install addon %s failed", name)
@ -230,3 +224,18 @@ func validAddonNames(addonNames []string) error {
}
return nil
}
func getEnablingAddons(addonNames []string) map[string]*Addon {
var enablingAddons = map[string]*Addon{}
for _, name := range addonNames {
if name == "all" {
enablingAddons = Addons
break
}
if addon := Addons[name]; addon != nil {
enablingAddons[name] = addon
}
}
return enablingAddons
}

25
pkg/karmadactl/addons/metricsadapter/manifests.go
View File

@ -43,19 +43,12 @@ spec:
- name: karmada-metrics-adapter
image: {{ .Image }}
imagePullPolicy: IfNotPresent
volumeMounts:
- name: k8s-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
- /bin/karmada-metrics-adapter
- --kubeconfig=/etc/kubeconfig
- --metrics-bind-address=:8080
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
- --client-ca-file=/etc/karmada/pki/ca.crt
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
@ -84,13 +77,19 @@ spec:
resources:
requests:
cpu: 100m
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: k8s-certs
mountPath: /etc/karmada/pki
readOnly: true
volumes:
- name: karmada-config
secret:
secretName: karmada-metrics-adapter-config
- name: k8s-certs
secret:
secretName: karmada-cert
- name: kubeconfig
secret:
secretName: kubeconfig
`
karmadaMetricsAdapterService = `

25
pkg/karmadactl/addons/search/manifests.go
View File

@ -43,18 +43,11 @@ spec:
- name: karmada-search
image: {{ .Image }}
imagePullPolicy: IfNotPresent
volumeMounts:
- name: k8s-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
- /bin/karmada-search
- --kubeconfig=/etc/kubeconfig
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
- --etcd-servers={{ .ETCDSevers }}
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
@ -78,13 +71,19 @@ spec:
resources:
requests:
cpu: 100m
volumeMounts:
- name: karmada-config
mountPath: /etc/karmada/config
- name: k8s-certs
mountPath: /etc/karmada/pki
readOnly: true
volumes:
- name: karmada-config
secret:
secretName: karmada-search-config
- name: k8s-certs
secret:
secretName: karmada-cert
- name: kubeconfig
secret:
secretName: kubeconfig
`
karmadaSearchService = `

21
pkg/karmadactl/cmdinit/kubernetes/deploy.go
View File

@ -44,6 +44,7 @@ import (
globaloptions "github.com/karmada-io/karmada/pkg/karmadactl/options"
"github.com/karmada-io/karmada/pkg/karmadactl/util"
"github.com/karmada-io/karmada/pkg/karmadactl/util/apiclient"
"github.com/karmada-io/karmada/pkg/util/names"
"github.com/karmada-io/karmada/pkg/util/validation"
"github.com/karmada-io/karmada/pkg/version"
)
@ -65,6 +66,17 @@ var (
options.FrontProxyClientCertAndKeyName,
}
karmadaConfigList = []string{
util.KarmadaConfigName(names.KarmadaAggregatedAPIServerComponentName),
util.KarmadaConfigName(names.KarmadaControllerManagerComponentName),
util.KarmadaConfigName(names.KubeControllerManagerComponentName),
util.KarmadaConfigName(names.KarmadaSchedulerComponentName),
util.KarmadaConfigName(names.KarmadaDeschedulerComponentName),
util.KarmadaConfigName(names.KarmadaMetricsAdapterComponentName),
util.KarmadaConfigName(names.KarmadaSearchComponentName),
util.KarmadaConfigName(names.KarmadaWebhookComponentName),
}
emptyByteSlice = make([]byte, 0)
externalEtcdCertSpecialization = map[string]func(*CommandInitOption) ([]byte, []byte, error){
options.EtcdCaCertAndKeyName: func(option *CommandInitOption) (cert, key []byte, err error) {
@ -414,7 +426,7 @@ func (i *CommandInitOption) prepareCRD() error {
}
func (i *CommandInitOption) createCertsSecrets() error {
// Create kubeconfig Secret
// Create karmada-config Secret
karmadaServerURL := fmt.Sprintf("https://%s.%s.svc.%s:%v", karmadaAPIServerDeploymentAndServiceName, i.Namespace, i.HostClusterDomain, karmadaAPIServerContainerPort)
config := utils.CreateWithCerts(karmadaServerURL, options.UserName, options.UserName, i.CertAndKeyFileData[fmt.Sprintf("%s.crt", globaloptions.CaCertAndKeyName)],
i.CertAndKeyFileData[fmt.Sprintf("%s.key", options.KarmadaCertAndKeyName)], i.CertAndKeyFileData[fmt.Sprintf("%s.crt", options.KarmadaCertAndKeyName)])
@ -423,10 +435,13 @@ func (i *CommandInitOption) createCertsSecrets() error {
return fmt.Errorf("failure while serializing admin kubeConfig. %v", err)
}
kubeConfigSecret := i.SecretFromSpec(KubeConfigSecretAndMountName, corev1.SecretTypeOpaque, map[string]string{KubeConfigSecretAndMountName: string(configBytes)})
if err = util.CreateOrUpdateSecret(i.KubeClientSet, kubeConfigSecret); err != nil {
for _, karmadaConfigSecretName := range karmadaConfigList {
karmadaConfigSecret := i.SecretFromSpec(karmadaConfigSecretName, corev1.SecretTypeOpaque, map[string]string{util.KarmadaConfigFieldName: string(configBytes)})
if err = util.CreateOrUpdateSecret(i.KubeClientSet, karmadaConfigSecret); err != nil {
return err
}
}
// Create certs Secret
etcdCert := map[string]string{
fmt.Sprintf("%s.crt", options.EtcdCaCertAndKeyName): string(i.CertAndKeyFileData[fmt.Sprintf("%s.crt", options.EtcdCaCertAndKeyName)]),

90
pkg/karmadactl/cmdinit/kubernetes/deployments.go
View File

@ -18,6 +18,7 @@ package kubernetes
import (
"fmt"
"path/filepath"
"strings"
appsv1 "k8s.io/api/apps/v1"
@ -29,6 +30,7 @@ import (
"github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/options"
globaloptions "github.com/karmada-io/karmada/pkg/karmadactl/options"
"github.com/karmada-io/karmada/pkg/karmadactl/util"
"github.com/karmada-io/karmada/pkg/util/names"
)
@ -39,10 +41,9 @@ const (
metricsPortName = "metrics"
defaultMetricsPort = 8080
// KubeConfigSecretAndMountName is the secret and volume mount name of karmada kubeconfig
KubeConfigSecretAndMountName = "kubeconfig"
karmadaCertsVolumeMountPath = "/etc/karmada/pki"
kubeConfigContainerMountPath = "/etc/kubeconfig"
karmadaConfigVolumeName = "karmada-config"
karmadaConfigVolumeMountPath = "/etc/karmada/config"
karmadaAPIServerDeploymentAndServiceName = "karmada-apiserver"
karmadaAPIServerContainerPort = 5443
serviceClusterIP = "10.96.0.0/12"
@ -304,8 +305,9 @@ func (i *CommandInitOption) makeKarmadaKubeControllerManagerDeployment() *appsv1
Command: []string{
"kube-controller-manager",
"--allocate-node-cidrs=true",
"--authentication-kubeconfig=/etc/kubeconfig",
"--authorization-kubeconfig=/etc/kubeconfig",
fmt.Sprintf("--kubeconfig=%s", filepath.Join(karmadaConfigVolumeMountPath, util.KarmadaConfigFieldName)),
fmt.Sprintf("--authentication-kubeconfig=%s", filepath.Join(karmadaConfigVolumeMountPath, util.KarmadaConfigFieldName)),
fmt.Sprintf("--authorization-kubeconfig=%s", filepath.Join(karmadaConfigVolumeMountPath, util.KarmadaConfigFieldName)),
"--bind-address=0.0.0.0",
fmt.Sprintf("--client-ca-file=%s/%s.crt", karmadaCertsVolumeMountPath, globaloptions.CaCertAndKeyName),
"--cluster-cidr=10.244.0.0/16",
@ -313,7 +315,6 @@ func (i *CommandInitOption) makeKarmadaKubeControllerManagerDeployment() *appsv1
fmt.Sprintf("--cluster-signing-cert-file=%s/%s.crt", karmadaCertsVolumeMountPath, globaloptions.CaCertAndKeyName),
fmt.Sprintf("--cluster-signing-key-file=%s/%s.key", karmadaCertsVolumeMountPath, globaloptions.CaCertAndKeyName),
"--controllers=namespace,garbagecollector,serviceaccount-token,ttl-after-finished,bootstrapsigner,tokencleaner,csrcleaner,csrsigning,clusterrole-aggregation",
"--kubeconfig=/etc/kubeconfig",
"--leader-elect=true",
fmt.Sprintf("--leader-elect-resource-namespace=%s", i.Namespace),
"--node-cidr-mask-size=24",
@ -333,10 +334,9 @@ func (i *CommandInitOption) makeKarmadaKubeControllerManagerDeployment() *appsv1
},
VolumeMounts: []corev1.VolumeMount{
{
Name: KubeConfigSecretAndMountName,
Name: karmadaConfigVolumeName,
ReadOnly: true,
MountPath: kubeConfigContainerMountPath,
SubPath: KubeConfigSecretAndMountName,
MountPath: karmadaConfigVolumeMountPath,
},
{
Name: globaloptions.KarmadaCertsName,
@ -348,10 +348,10 @@ func (i *CommandInitOption) makeKarmadaKubeControllerManagerDeployment() *appsv1
},
Volumes: []corev1.Volume{
{
Name: KubeConfigSecretAndMountName,
Name: karmadaConfigVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: KubeConfigSecretAndMountName,
SecretName: util.KarmadaConfigName(names.KubeControllerManagerComponentName),
},
},
},
@ -449,7 +449,7 @@ func (i *CommandInitOption) makeKarmadaSchedulerDeployment() *appsv1.Deployment
ImagePullPolicy: corev1.PullPolicy(i.ImagePullPolicy),
Command: []string{
"/bin/karmada-scheduler",
"--kubeconfig=/etc/kubeconfig",
fmt.Sprintf("--kubeconfig=%s", filepath.Join(karmadaConfigVolumeMountPath, util.KarmadaConfigFieldName)),
"--metrics-bind-address=0.0.0.0:8080",
"--health-probe-bind-address=0.0.0.0:10351",
"--enable-scheduler-estimator=true",
@ -470,10 +470,9 @@ func (i *CommandInitOption) makeKarmadaSchedulerDeployment() *appsv1.Deployment
},
VolumeMounts: []corev1.VolumeMount{
{
Name: KubeConfigSecretAndMountName,
Name: karmadaConfigVolumeName,
ReadOnly: true,
MountPath: kubeConfigContainerMountPath,
SubPath: KubeConfigSecretAndMountName,
MountPath: karmadaConfigVolumeMountPath,
},
{
Name: globaloptions.KarmadaCertsName,
@ -485,10 +484,10 @@ func (i *CommandInitOption) makeKarmadaSchedulerDeployment() *appsv1.Deployment
},
Volumes: []corev1.Volume{
{
Name: KubeConfigSecretAndMountName,
Name: karmadaConfigVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: KubeConfigSecretAndMountName,
SecretName: util.KarmadaConfigName(names.KarmadaSchedulerComponentName),
},
},
},
@ -588,7 +587,7 @@ func (i *CommandInitOption) makeKarmadaControllerManagerDeployment() *appsv1.Dep
ImagePullPolicy: corev1.PullPolicy(i.ImagePullPolicy),
Command: []string{
"/bin/karmada-controller-manager",
"--kubeconfig=/etc/kubeconfig",
fmt.Sprintf("--kubeconfig=%s", filepath.Join(karmadaConfigVolumeMountPath, util.KarmadaConfigFieldName)),
"--metrics-bind-address=:8080",
"--health-probe-bind-address=0.0.0.0:10357",
"--cluster-status-update-frequency=10s",
@ -610,20 +609,19 @@ func (i *CommandInitOption) makeKarmadaControllerManagerDeployment() *appsv1.Dep
},
VolumeMounts: []corev1.VolumeMount{
{
Name: KubeConfigSecretAndMountName,
Name: karmadaConfigVolumeName,
ReadOnly: true,
MountPath: kubeConfigContainerMountPath,
SubPath: KubeConfigSecretAndMountName,
MountPath: karmadaConfigVolumeMountPath,
},
},
},
},
Volumes: []corev1.Volume{
{
Name: KubeConfigSecretAndMountName,
Name: karmadaConfigVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: KubeConfigSecretAndMountName,
SecretName: util.KarmadaConfigName(names.KarmadaControllerManagerComponentName),
},
},
},
@ -712,7 +710,7 @@ func (i *CommandInitOption) makeKarmadaWebhookDeployment() *appsv1.Deployment {
ImagePullPolicy: corev1.PullPolicy(i.ImagePullPolicy),
Command: []string{
"/bin/karmada-webhook",
"--kubeconfig=/etc/kubeconfig",
fmt.Sprintf("--kubeconfig=%s", filepath.Join(karmadaConfigVolumeMountPath, util.KarmadaConfigFieldName)),
"--bind-address=0.0.0.0",
"--metrics-bind-address=:8080",
fmt.Sprintf("--secure-port=%v", webhookTargetPort),
@ -733,10 +731,9 @@ func (i *CommandInitOption) makeKarmadaWebhookDeployment() *appsv1.Deployment {
},
VolumeMounts: []corev1.VolumeMount{
{
Name: KubeConfigSecretAndMountName,
Name: karmadaConfigVolumeName,
ReadOnly: true,
MountPath: kubeConfigContainerMountPath,
SubPath: KubeConfigSecretAndMountName,
MountPath: karmadaConfigVolumeMountPath,
},
{
Name: webhookCertsName,
@ -749,10 +746,10 @@ func (i *CommandInitOption) makeKarmadaWebhookDeployment() *appsv1.Deployment {
},
Volumes: []corev1.Volume{
{
Name: KubeConfigSecretAndMountName,
Name: karmadaConfigVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: KubeConfigSecretAndMountName,
SecretName: util.KarmadaConfigName(names.KarmadaWebhookComponentName),
},
},
},
@ -843,9 +840,9 @@ func (i *CommandInitOption) makeKarmadaAggregatedAPIServerDeployment() *appsv1.D
}
command := []string{
"/bin/karmada-aggregated-apiserver",
"--kubeconfig=/etc/kubeconfig",
"--authentication-kubeconfig=/etc/kubeconfig",
"--authorization-kubeconfig=/etc/kubeconfig",
fmt.Sprintf("--kubeconfig=%s", filepath.Join(karmadaConfigVolumeMountPath, util.KarmadaConfigFieldName)),
fmt.Sprintf("--authentication-kubeconfig=%s", filepath.Join(karmadaConfigVolumeMountPath, util.KarmadaConfigFieldName)),
fmt.Sprintf("--authorization-kubeconfig=%s", filepath.Join(karmadaConfigVolumeMountPath, util.KarmadaConfigFieldName)),
fmt.Sprintf("--etcd-servers=%s", etcdServers),
fmt.Sprintf("--etcd-cafile=%s/%s.crt", karmadaCertsVolumeMountPath, options.EtcdCaCertAndKeyName),
fmt.Sprintf("--etcd-certfile=%s/%s.crt", karmadaCertsVolumeMountPath, options.EtcdClientCertAndKeyName),
@ -887,19 +884,6 @@ func (i *CommandInitOption) makeKarmadaAggregatedAPIServerDeployment() *appsv1.D
Image: i.karmadaAggregatedAPIServerImage(),
ImagePullPolicy: corev1.PullPolicy(i.ImagePullPolicy),
Command: command,
VolumeMounts: []corev1.VolumeMount{
{
Name: KubeConfigSecretAndMountName,
ReadOnly: true,
MountPath: kubeConfigContainerMountPath,
SubPath: KubeConfigSecretAndMountName,
},
{
Name: globaloptions.KarmadaCertsName,
ReadOnly: true,
MountPath: karmadaCertsVolumeMountPath,
},
},
ReadinessProbe: readinesProbe,
LivenessProbe: livenesProbe,
Resources: corev1.ResourceRequirements{
@ -907,14 +891,26 @@ func (i *CommandInitOption) makeKarmadaAggregatedAPIServerDeployment() *appsv1.D
corev1.ResourceCPU: resource.MustParse("100m"),
},
},
VolumeMounts: []corev1.VolumeMount{
{
Name: karmadaConfigVolumeName,
ReadOnly: true,
MountPath: karmadaConfigVolumeMountPath,
},
{
Name: globaloptions.KarmadaCertsName,
ReadOnly: true,
MountPath: karmadaCertsVolumeMountPath,
},
},
},
},
Volumes: []corev1.Volume{
{
Name: KubeConfigSecretAndMountName,
Name: karmadaConfigVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: KubeConfigSecretAndMountName,
SecretName: util.KarmadaConfigName(names.KarmadaAggregatedAPIServerComponentName),
},
},
},

27
pkg/karmadactl/util/global.go Normal file
View File

@ -0,0 +1,27 @@
/*
Copyright 2022 The Karmada Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package util
const (
// KarmadaConfigFieldName the field stores karmada config in karmada config secret
KarmadaConfigFieldName = "karmada.config"
)
// KarmadaConfigName returns the name of karmada config secret
func KarmadaConfigName(component string) string {
return component + "-config"
}

3
pkg/util/names/names.go
View File

@ -65,6 +65,9 @@ const (
// KarmadaControllerManagerComponentName is the name of the Karmada Controller Manager component.
KarmadaControllerManagerComponentName = "karmada-controller-manager"
// KubeControllerManagerComponentName is the name of the Kube Controller Manager component.
KubeControllerManagerComponentName = "kube-controller-manager"
)
// ExecutionSpacePrefix is the prefix of execution space