mirror of https://github.com/linkerd/linkerd2.git
Add link credentials secret to linkerd namespace (#11188)
We update the `multicluster link` command to write a credentials secret into the `linkerd` core control plane namespace in addition to writing one into the `linkerd-multicluster` namespace. This is a prerequisite for the destination controller to be able to connect to linked clusters to do remote service discovery. We also update the `multicluster unlink` command so that these credentials secrets are properly deleted when the cluster is unlinked. Signed-off-by: Alex Leong <alex@buoyant.io>
This commit is contained in:
Alex Leong
GitHub
parent
5fe0c0e122
commit
aebc9a434c
|
|
@ -31,6 +31,8 @@ import (
|
||||||
"sigs.k8s.io/yaml"
|
"sigs.k8s.io/yaml"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const clusterNameLabel = "multicluster.linkerd.io/cluster-name"
|
||||||
|
|
||||||
type (
|
type (
|
||||||
linkOptions struct {
|
linkOptions struct {
|
||||||
namespace string
|
namespace string
|
||||||
|
|
@ -178,6 +180,25 @@ A full list of configurable values can be found at https://github.com/linkerd/li
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
destinationCreds := corev1.Secret{
|
||||||
|
Type: k8s.MirrorSecretType,
|
||||||
|
TypeMeta: metav1.TypeMeta{Kind: "Secret", APIVersion: "v1"},
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: fmt.Sprintf("cluster-credentials-%s", opts.clusterName),
|
||||||
|
Namespace: controlPlaneNamespace,
|
||||||
|
Labels: map[string]string{
|
||||||
|
clusterNameLabel: opts.clusterName,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Data: map[string][]byte{
|
||||||
|
k8s.ConfigKeyName: kubeconfig,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
destinationCredsOut, err := yaml.Marshal(destinationCreds)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
gateway, err := k.CoreV1().Services(opts.gatewayNamespace).Get(cmd.Context(), opts.gatewayName, metav1.GetOptions{})
|
gateway, err := k.CoreV1().Services(opts.gatewayNamespace).Get(cmd.Context(), opts.gatewayName, metav1.GetOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
@ -280,6 +301,8 @@ A full list of configurable values can be found at https://github.com/linkerd/li
|
||||||
|
|
||||||
stdout.Write(credsOut)
|
stdout.Write(credsOut)
|
||||||
stdout.Write([]byte("---\n"))
|
stdout.Write([]byte("---\n"))
|
||||||
|
stdout.Write(destinationCredsOut)
|
||||||
|
stdout.Write([]byte("---\n"))
|
||||||
stdout.Write(linkOut)
|
stdout.Write(linkOut)
|
||||||
stdout.Write([]byte("---\n"))
|
stdout.Write([]byte("---\n"))
|
||||||
stdout.Write(serviceMirrorOut)
|
stdout.Write(serviceMirrorOut)
|
||||||
|
|
|
||||||
|
|
@ -89,6 +89,17 @@ func newUnlinkCommand() *cobra.Command {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
selector = fmt.Sprintf("%s=%s", clusterNameLabel, opts.clusterName)
|
||||||
|
destinationCredentials, err := k.CoreV1().Secrets(controlPlaneNamespace).List(cmd.Context(), metav1.ListOptions{LabelSelector: selector})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
for _, secret := range destinationCredentials.Items {
|
||||||
|
resources = append(resources,
|
||||||
|
resource.NewNamespaced(corev1.SchemeGroupVersion.String(), "Secret", secret.Name, secret.Namespace),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
for _, r := range resources {
|
for _, r := range resources {
|
||||||
if err := r.RenderResource(stdout); err != nil {
|
if err := r.RenderResource(stdout); err != nil {
|
||||||
log.Errorf("failed to render resource %s: %s", r.Name, err)
|
log.Errorf("failed to render resource %s: %s", r.Name, err)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue