karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add CA data to local up generated karmada config for enhanced security 

Signed-off-by: chaosi-zju <chaosi@zju.edu.cn>
This commit is contained in:
chaosi-zju 2024-10-24 10:14:51 +08:00
parent f19a4b5281
commit 7cbee99fab
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hack/deploy-karmada.sh
View File

@ -265,7 +265,7 @@ else
fi fi
# write karmada api server config to kubeconfig file # write karmada api server config to kubeconfig file
util::append_client_kubeconfig "${HOST_CLUSTER_KUBECONFIG}" "${CERT_DIR}/client.crt" "${CERT_DIR}/client.key" "${KARMADA_APISERVER_IP}" "${KARMADA_APISERVER_SECURE_PORT}" karmada-apiserver util::append_client_kubeconfig "${HOST_CLUSTER_KUBECONFIG}" "${ROOT_CA_FILE}" "${CERT_DIR}/client.crt" "${CERT_DIR}/client.key" "${KARMADA_APISERVER_IP}" "${KARMADA_APISERVER_SECURE_PORT}" karmada-apiserver
# deploy kube controller manager # deploy kube controller manager
cp "${REPO_ROOT}"/artifacts/deploy/kube-controller-manager.yaml "${TEMP_PATH_APISERVER}"/kube-controller-manager.yaml cp "${REPO_ROOT}"/artifacts/deploy/kube-controller-manager.yaml "${TEMP_PATH_APISERVER}"/kube-controller-manager.yaml

15
hack/util.sh
View File

@ -258,13 +258,14 @@ EOF
# util::append_client_kubeconfig creates a new context including a cluster and a user to the existed kubeconfig file # util::append_client_kubeconfig creates a new context including a cluster and a user to the existed kubeconfig file
function util::append_client_kubeconfig { function util::append_client_kubeconfig {
local kubeconfig_path=$1 local kubeconfig_path=$1
local client_certificate_file=$2 local ca_file=$2
local client_key_file=$3 local client_certificate_file=$3
local api_host=$4 local client_key_file=$4
local api_port=$5 local api_host=$5
local client_id=$6 local api_port=$6
local token=${7:-} local client_id=$7
kubectl config set-cluster "${client_id}" --server=https://"${api_host}:${api_port}" --insecure-skip-tls-verify=true --kubeconfig="${kubeconfig_path}" local token=${8:-}
kubectl config set-cluster "${client_id}" --server=https://"${api_host}:${api_port}" --embed-certs --certificate-authority="${ca_file}" --kubeconfig="${kubeconfig_path}"
kubectl config set-credentials "${client_id}" --token="${token}" --client-certificate="${client_certificate_file}" --client-key="${client_key_file}" --embed-certs=true --kubeconfig="${kubeconfig_path}" kubectl config set-credentials "${client_id}" --token="${token}" --client-certificate="${client_certificate_file}" --client-key="${client_key_file}" --embed-certs=true --kubeconfig="${kubeconfig_path}"
kubectl config set-context "${client_id}" --cluster="${client_id}" --user="${client_id}" --kubeconfig="${kubeconfig_path}" kubectl config set-context "${client_id}" --cluster="${client_id}" --user="${client_id}" --kubeconfig="${kubeconfig_path}"
} }