Merge pull request #4063 from chaosi-zju/operator
remove insecureSkipTLSVerify in operator
This commit is contained in:
karmada-bot
GitHub
commit
f2c7d0b806
|
|
@ -410,9 +410,8 @@ func generateClusterInControllerPlane(opts util.ClusterRegisterOption) (*cluster
|
||||||
cluster.Spec.Region = opts.ClusterRegion
|
cluster.Spec.Region = opts.ClusterRegion
|
||||||
}
|
}
|
||||||
|
|
||||||
if opts.ClusterConfig.TLSClientConfig.Insecure {
|
cluster.Spec.InsecureSkipTLSVerification = opts.ClusterConfig.TLSClientConfig.Insecure
|
||||||
cluster.Spec.InsecureSkipTLSVerification = true
|
|
||||||
}
|
|
||||||
if opts.ClusterConfig.Proxy != nil {
|
if opts.ClusterConfig.Proxy != nil {
|
||||||
url, err := opts.ClusterConfig.Proxy(nil)
|
url, err := opts.ClusterConfig.Proxy(nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,8 @@ spec:
|
||||||
- --authentication-kubeconfig=/etc/karmada/kubeconfig
|
- --authentication-kubeconfig=/etc/karmada/kubeconfig
|
||||||
- --authorization-kubeconfig=/etc/karmada/kubeconfig
|
- --authorization-kubeconfig=/etc/karmada/kubeconfig
|
||||||
- --client-ca-file=/etc/karmada/pki/ca.crt
|
- --client-ca-file=/etc/karmada/pki/ca.crt
|
||||||
|
- --tls-cert-file=/etc/karmada/pki/karmada.crt
|
||||||
|
- --tls-private-key-file=/etc/karmada/pki/karmada.key
|
||||||
- --audit-log-path=-
|
- --audit-log-path=-
|
||||||
- --audit-log-maxage=0
|
- --audit-log-maxage=0
|
||||||
- --audit-log-maxbackup=0
|
- --audit-log-maxbackup=0
|
||||||
|
|
|
||||||
|
|
@ -30,21 +30,23 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// EnsureAggregatedAPIService creates aggregated APIService and a service
|
// EnsureAggregatedAPIService creates aggregated APIService and a service
|
||||||
func EnsureAggregatedAPIService(aggregatorClient *aggregator.Clientset, client clientset.Interface, name, namespace string) error {
|
func EnsureAggregatedAPIService(aggregatorClient *aggregator.Clientset, client clientset.Interface, name, namespace, caBundle string) error {
|
||||||
if err := aggregatedApiserverService(client, name, namespace); err != nil {
|
if err := aggregatedApiserverService(client, name, namespace); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
return aggregatedAPIService(aggregatorClient, name, namespace)
|
return aggregatedAPIService(aggregatorClient, name, namespace, caBundle)
|
||||||
}
|
}
|
||||||
|
|
||||||
func aggregatedAPIService(client *aggregator.Clientset, name, namespace string) error {
|
func aggregatedAPIService(client *aggregator.Clientset, name, namespace, caBundle string) error {
|
||||||
apiServiceBytes, err := util.ParseTemplate(KarmadaAggregatedAPIService, struct {
|
apiServiceBytes, err := util.ParseTemplate(KarmadaAggregatedAPIService, struct {
|
||||||
Namespace string
|
Namespace string
|
||||||
ServiceName string
|
ServiceName string
|
||||||
|
CABundle string
|
||||||
}{
|
}{
|
||||||
Namespace: namespace,
|
Namespace: namespace,
|
||||||
ServiceName: util.KarmadaAggregatedAPIServerName(name),
|
ServiceName: util.KarmadaAggregatedAPIServerName(name),
|
||||||
|
CABundle: caBundle,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error when parsing AggregatedApiserver APIService template: %w", err)
|
return fmt.Errorf("error when parsing AggregatedApiserver APIService template: %w", err)
|
||||||
|
|
@ -79,15 +81,15 @@ func aggregatedApiserverService(client clientset.Interface, name, namespace stri
|
||||||
}
|
}
|
||||||
|
|
||||||
// EnsureMetricsAdapterAPIService creates APIService and a service for karmada-metrics-adapter
|
// EnsureMetricsAdapterAPIService creates APIService and a service for karmada-metrics-adapter
|
||||||
func EnsureMetricsAdapterAPIService(aggregatorClient *aggregator.Clientset, client clientset.Interface, name, namespace string) error {
|
func EnsureMetricsAdapterAPIService(aggregatorClient *aggregator.Clientset, client clientset.Interface, name, namespace, caBundle string) error {
|
||||||
if err := karmadaMetricsAdapterService(client, name, namespace); err != nil {
|
if err := karmadaMetricsAdapterService(client, name, namespace); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
return karmadaMetricsAdapterAPIService(aggregatorClient, name, namespace)
|
return karmadaMetricsAdapterAPIService(aggregatorClient, name, namespace, caBundle)
|
||||||
}
|
}
|
||||||
|
|
||||||
func karmadaMetricsAdapterAPIService(client *aggregator.Clientset, name, namespace string) error {
|
func karmadaMetricsAdapterAPIService(client *aggregator.Clientset, name, namespace, caBundle string) error {
|
||||||
for _, gv := range constants.KarmadaMetricsAdapterAPIServices {
|
for _, gv := range constants.KarmadaMetricsAdapterAPIServices {
|
||||||
// The APIService name to metrics adapter is "$version.$group"
|
// The APIService name to metrics adapter is "$version.$group"
|
||||||
apiServiceName := fmt.Sprintf("%s.%s", gv.Version, gv.Group)
|
apiServiceName := fmt.Sprintf("%s.%s", gv.Version, gv.Group)
|
||||||
|
|
@ -95,12 +97,14 @@ func karmadaMetricsAdapterAPIService(client *aggregator.Clientset, name, namespa
|
||||||
apiServiceBytes, err := util.ParseTemplate(KarmadaMetricsAdapterAPIService, struct {
|
apiServiceBytes, err := util.ParseTemplate(KarmadaMetricsAdapterAPIService, struct {
|
||||||
Name, Namespace string
|
Name, Namespace string
|
||||||
ServiceName, Group, Version string
|
ServiceName, Group, Version string
|
||||||
|
CABundle string
|
||||||
}{
|
}{
|
||||||
Name: apiServiceName,
|
Name: apiServiceName,
|
||||||
Namespace: namespace,
|
Namespace: namespace,
|
||||||
Group: gv.Group,
|
Group: gv.Group,
|
||||||
Version: gv.Version,
|
Version: gv.Version,
|
||||||
ServiceName: util.KarmadaMetricsAdapterName(name),
|
ServiceName: util.KarmadaMetricsAdapterName(name),
|
||||||
|
CABundle: caBundle,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error when parsing KarmadaMetricsAdapter APIService %s template: %w", apiServiceName, err)
|
return fmt.Errorf("error when parsing KarmadaMetricsAdapter APIService %s template: %w", apiServiceName, err)
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
group: cluster.karmada.io
|
group: cluster.karmada.io
|
||||||
groupPriorityMinimum: 2000
|
groupPriorityMinimum: 2000
|
||||||
insecureSkipTLSVerify: true
|
caBundle: {{ .CABundle }}
|
||||||
service:
|
service:
|
||||||
name: {{ .ServiceName }}
|
name: {{ .ServiceName }}
|
||||||
namespace: {{ .Namespace }}
|
namespace: {{ .Namespace }}
|
||||||
|
|
@ -45,7 +45,7 @@ spec:
|
||||||
namespace: {{ .Namespace }}
|
namespace: {{ .Namespace }}
|
||||||
group: {{ .Group }}
|
group: {{ .Group }}
|
||||||
version: {{ .Version }}
|
version: {{ .Version }}
|
||||||
insecureSkipTLSVerify: true
|
caBundle: {{ .CABundle }}
|
||||||
groupPriorityMinimum: 100
|
groupPriorityMinimum: 100
|
||||||
versionPriority: 200
|
versionPriority: 200
|
||||||
`
|
`
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
package tasks
|
package tasks
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/base64"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
@ -185,7 +186,13 @@ func runDeployMetricAdapterAPIService(r workflow.RunData) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = apiservice.EnsureMetricsAdapterAPIService(client, data.KarmadaClient(), data.GetName(), data.GetNamespace())
|
cert := data.GetCert(constants.CaCertAndKeyName)
|
||||||
|
if len(cert.CertData()) == 0 {
|
||||||
|
return errors.New("unexpected empty ca cert data for aggregatedAPIService")
|
||||||
|
}
|
||||||
|
caBase64 := base64.StdEncoding.EncodeToString(cert.CertData())
|
||||||
|
|
||||||
|
err = apiservice.EnsureMetricsAdapterAPIService(client, data.KarmadaClient(), data.GetName(), data.GetNamespace(), caBase64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to apply karmada-metrics-adapter APIService resource to karmada controlplane, err: %w", err)
|
return fmt.Errorf("failed to apply karmada-metrics-adapter APIService resource to karmada controlplane, err: %w", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -185,7 +185,13 @@ func runAPIService(r workflow.RunData) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = apiservice.EnsureAggregatedAPIService(client, data.KarmadaClient(), data.GetName(), data.GetNamespace())
|
cert := data.GetCert(constants.CaCertAndKeyName)
|
||||||
|
if len(cert.CertData()) == 0 {
|
||||||
|
return errors.New("unexpected empty ca cert data for aggregatedAPIService")
|
||||||
|
}
|
||||||
|
caBase64 := base64.StdEncoding.EncodeToString(cert.CertData())
|
||||||
|
|
||||||
|
err = apiservice.EnsureAggregatedAPIService(client, data.KarmadaClient(), data.GetName(), data.GetNamespace(), caBase64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to apply aggregated APIService resource to karmada controlplane, err: %w", err)
|
return fmt.Errorf("failed to apply aggregated APIService resource to karmada controlplane, err: %w", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -255,9 +255,7 @@ func generateClusterInControllerPlane(opts util.ClusterRegisterOption) (*cluster
|
||||||
clusterObj.Spec.Region = opts.ClusterRegion
|
clusterObj.Spec.Region = opts.ClusterRegion
|
||||||
}
|
}
|
||||||
|
|
||||||
if opts.ClusterConfig.TLSClientConfig.Insecure {
|
clusterObj.Spec.InsecureSkipTLSVerification = opts.ClusterConfig.TLSClientConfig.Insecure
|
||||||
clusterObj.Spec.InsecureSkipTLSVerification = true
|
|
||||||
}
|
|
||||||
|
|
||||||
if opts.ClusterConfig.Proxy != nil {
|
if opts.ClusterConfig.Proxy != nil {
|
||||||
url, err := opts.ClusterConfig.Proxy(nil)
|
url, err := opts.ClusterConfig.Proxy(nil)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue