Skip to content

Commit

Permalink
standardize the naming of karmada secrets in local up method
Browse files Browse the repository at this point in the history 
Signed-off-by: chaosi-zju <chaosi@zju.edu.cn>
  • Loading branch information
@chaosi-zju
chaosi-zju committed Sep 20, 2024
1 parent ef7d528 commit 6278790
Show file tree
Hide file tree
Showing 18 changed files with 150 additions and 119 deletions.
6 changes: 3 additions & 3 deletions artifacts/agent/karmada-agent.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
imagePullPolicy: {{image_pull_policy}}
command:
- /bin/karmada-agent
- --karmada-kubeconfig=/etc/kubeconfig/karmada-kubeconfig
- --karmada-kubeconfig=/etc/kubeconfig/kubeconfig
- --karmada-context={{karmada_context}}
- --cluster-name={{member_cluster_name}}
- --cluster-api-endpoint={{member_cluster_api_endpoint}}
Expand All @@ -48,9 +48,9 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
- name: karmada-kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: kubeconfig
- name: karmada-kubeconfig
secret:
secretName: karmada-kubeconfig
24 changes: 15 additions & 9 deletions artifacts/deploy/karmada-aggregated-apiserver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,10 @@ spec:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-etcd-cert
mountPath: /etc/etcd/pki
readOnly: true
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
Expand All @@ -37,11 +40,11 @@ spec:
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
- --etcd-keyfile=/etc/karmada/pki/etcd-client.key
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
- --etcd-cafile=/etc/etcd/pki/etcd-ca.crt
- --etcd-certfile=/etc/etcd/pki/etcd-client.crt
- --etcd-keyfile=/etc/etcd/pki/etcd-client.key
- --tls-cert-file=/etc/karmada/pki/karmada-server.crt
- --tls-private-key-file=/etc/karmada/pki/karmada-server.key
- --audit-log-path=-
- --audit-log-maxage=0
- --audit-log-maxbackup=0
Expand All @@ -68,10 +71,13 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-etcd-cert
secret:
secretName: karmada-etcd-cert
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
---
apiVersion: v1
kind: Service
Expand Down
22 changes: 14 additions & 8 deletions artifacts/deploy/karmada-apiserver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,17 @@ spec:
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/karmada/pki/ca.crt
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
- --etcd-keyfile=/etc/karmada/pki/etcd-client.key
- --etcd-cafile=/etc/etcd/pki/etcd-ca.crt
- --etcd-certfile=/etc/etcd/pki/etcd-client.crt
- --etcd-keyfile=/etc/etcd/pki/etcd-client.key
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --bind-address=0.0.0.0
- --disable-admission-plugins=StorageObjectInUseProtection,ServiceAccount
- --runtime-config=
- --secure-port=5443
- --service-account-issuer=https://kubernetes.default.svc.cluster.local
- --service-account-key-file=/etc/karmada/pki/karmada.key
- --service-account-signing-key-file=/etc/karmada/pki/karmada.key
- --service-account-key-file=/etc/karmada/pki/karmada-client.key
- --service-account-signing-key-file=/etc/karmada/pki/karmada-client.key
- --service-cluster-ip-range=10.96.0.0/12
- --proxy-client-cert-file=/etc/karmada/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/karmada/pki/front-proxy-client.key
Expand All @@ -57,8 +57,8 @@ spec:
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --tls-cert-file=/etc/karmada/pki/apiserver.crt
- --tls-private-key-file=/etc/karmada/pki/apiserver.key
- --tls-cert-file=/etc/karmada/pki/karmada-server.crt
- --tls-private-key-file=/etc/karmada/pki/karmada-server.key
- --tls-min-version=VersionTLS13
name: karmada-apiserver
image: registry.k8s.io/kube-apiserver:{{karmada_apiserver_version}}
Expand Down Expand Up @@ -91,6 +91,9 @@ spec:
- mountPath: /etc/karmada/pki
name: karmada-certs
readOnly: true
- mountPath: /etc/etcd/pki
name: karmada-etcd-cert
readOnly: true
dnsPolicy: ClusterFirstWithHostNet
enableServiceLinks: true
hostNetwork: true
Expand All @@ -107,7 +110,10 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
secretName: karmada-certs
- name: karmada-etcd-cert
secret:
secretName: karmada-etcd-cert
---
apiVersion: v1
kind: Service
Expand Down
28 changes: 19 additions & 9 deletions artifacts/deploy/karmada-cert-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,38 @@
# karmada-client.crt: mainly used to construct kubeconfig for other components to access karmada-apiserver.
# karmada-server.crt: mainly used as server certificate for karmada components, such as karmada-apiserver, karmada-search, karmada-metrics-adapter, etc.
apiVersion: v1
kind: Secret
metadata:
name: karmada-cert-secret
name: karmada-certs
namespace: karmada-system
type: Opaque
data:
ca.crt: |
{{ca_crt}}
ca.key: |
{{ca_key}}
karmada.crt: |
{{client_crt}}
karmada.key: |
{{client_key}}
apiserver.crt: |
{{apiserver_crt}}
apiserver.key: |
{{apiserver_key}}
karmada-client.crt: |
{{karmada_client_crt}}
karmada-client.key: |
{{karmada_client_key}}
karmada-server.crt: |
{{karmada_server_crt}}
karmada-server.key: |
{{karmada_server_key}}
front-proxy-ca.crt: |
{{front_proxy_ca_crt}}
front-proxy-client.crt: |
{{front_proxy_client_crt}}
front-proxy-client.key: |
{{front_proxy_client_key}}
---
apiVersion: v1
kind: Secret
metadata:
name: karmada-etcd-cert
namespace: karmada-system
type: Opaque
data:
etcd-ca.crt: |
{{etcd_ca_crt}}
etcd-server.crt: |
Expand Down
6 changes: 3 additions & 3 deletions artifacts/deploy/karmada-controller-manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,10 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: kubeconfig
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
12 changes: 6 additions & 6 deletions artifacts/deploy/karmada-descheduler.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ spec:
- --metrics-bind-address=0.0.0.0:10358
- --health-probe-bind-address=0.0.0.0:10358
- --scheduler-estimator-ca-file=/etc/karmada/pki/ca.crt
- --scheduler-estimator-cert-file=/etc/karmada/pki/karmada.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada.key
- --scheduler-estimator-cert-file=/etc/karmada/pki/karmada-client.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada-client.key
- --v=4
livenessProbe:
httpGet:
Expand All @@ -49,13 +49,13 @@ spec:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
16 changes: 8 additions & 8 deletions artifacts/deploy/karmada-etcd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ spec:
command:
- /bin/sh
- -ec
- 'etcdctl get /registry --prefix --keys-only --endpoints https://127.0.0.1:2379 --cacert /etc/karmada/pki/etcd-ca.crt --cert /etc/karmada/pki/etcd-server.crt --key /etc/karmada/pki/etcd-server.key'
- 'etcdctl get /registry --prefix --keys-only --endpoints https://127.0.0.1:2379 --cacert /etc/etcd/pki/etcd-ca.crt --cert /etc/etcd/pki/etcd-client.crt --key /etc/etcd/pki/etcd-client.key'
failureThreshold: 3
initialDelaySeconds: 600
periodSeconds: 60
Expand All @@ -56,8 +56,8 @@ spec:
volumeMounts:
- mountPath: /var/lib/etcd
name: etcd-data
- mountPath: /etc/karmada/pki
name: etcd-certs
- mountPath: /etc/etcd/pki
name: karmada-etcd-cert
resources:
requests:
cpu: 100m
Expand All @@ -76,10 +76,10 @@ spec:
- etcd0=http://etcd-0.etcd.karmada-system.svc.cluster.local:2380
- --initial-cluster-state
- new
- --cert-file=/etc/karmada/pki/etcd-server.crt
- --cert-file=/etc/etcd/pki/etcd-server.crt
- --client-cert-auth=true
- --key-file=/etc/karmada/pki/etcd-server.key
- --trusted-ca-file=/etc/karmada/pki/etcd-ca.crt
- --key-file=/etc/etcd/pki/etcd-server.key
- --trusted-ca-file=/etc/etcd/pki/etcd-ca.crt
- --data-dir=/var/lib/etcd
- --snapshot-count=10000
# Setting Golang's secure cipher suites as etcd's cipher suites.
Expand All @@ -91,9 +91,9 @@ spec:
path: /var/lib/karmada-etcd
type: DirectoryOrCreate
name: etcd-data
- name: etcd-certs
- name: karmada-etcd-cert
secret:
secretName: karmada-cert-secret
secretName: karmada-etcd-cert
---

apiVersion: v1
Expand Down
6 changes: 3 additions & 3 deletions artifacts/deploy/secret.yaml → ...cts/deploy/karmada-kubeconfig-secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ stringData:
users:
- name: kind-karmada
user:
client-certificate-data: {{client_crt}}
client-key-data: {{client_key}}
client-certificate-data: {{karmada_client_crt}}
client-key-data: {{karmada_client_key}}
kind: Secret
metadata:
name: kubeconfig
name: karmada-kubeconfig
namespace: karmada-system
12 changes: 6 additions & 6 deletions artifacts/deploy/karmada-metrics-adapter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
Expand All @@ -37,8 +37,8 @@ spec:
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --client-ca-file=/etc/karmada/pki/ca.crt
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
- --tls-cert-file=/etc/karmada/pki/karmada-server.crt
- --tls-private-key-file=/etc/karmada/pki/karmada-server.key
- --audit-log-path=-
- --audit-log-maxage=0
- --audit-log-maxbackup=0
Expand Down Expand Up @@ -67,10 +67,10 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
---
apiVersion: v1
kind: Service
Expand Down
6 changes: 3 additions & 3 deletions artifacts/deploy/karmada-scheduler-estimator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ spec:
- /bin/karmada-scheduler-estimator
- --kubeconfig=/etc/{{member_cluster_name}}-kubeconfig
- --cluster-name={{member_cluster_name}}
- --grpc-auth-cert-file=/etc/karmada/pki/karmada.crt
- --grpc-auth-key-file=/etc/karmada/pki/karmada.key
- --grpc-auth-cert-file=/etc/karmada/pki/karmada-server.crt
- --grpc-auth-key-file=/etc/karmada/pki/karmada-server.key
- --grpc-client-ca-file=/etc/karmada/pki/ca.crt
- --metrics-bind-address=0.0.0.0:10351
- --health-probe-bind-address=0.0.0.0:10351
Expand All @@ -55,7 +55,7 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
secretName: karmada-certs
- name: member-kubeconfig
secret:
secretName: {{member_cluster_name}}-kubeconfig
Expand Down
12 changes: 6 additions & 6 deletions artifacts/deploy/karmada-scheduler.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,20 +44,20 @@ spec:
- --health-probe-bind-address=0.0.0.0:10351
- --enable-scheduler-estimator=true
- --scheduler-estimator-ca-file=/etc/karmada/pki/ca.crt
- --scheduler-estimator-cert-file=/etc/karmada/pki/karmada.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada.key
- --scheduler-estimator-cert-file=/etc/karmada/pki/karmada-client.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada-client.key
- --v=4
volumeMounts:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
24 changes: 15 additions & 9 deletions artifacts/deploy/karmada-search.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,10 @@ spec:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-etcd-cert
mountPath: /etc/etcd/pki
readOnly: true
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
Expand All @@ -37,11 +40,11 @@ spec:
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
- --etcd-keyfile=/etc/karmada/pki/etcd-client.key
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
- --etcd-cafile=/etc/etcd/pki/etcd-ca.crt
- --etcd-certfile=/etc/etcd/pki/etcd-client.crt
- --etcd-keyfile=/etc/etcd/pki/etcd-client.key
- --tls-cert-file=/etc/karmada/pki/karmada-server.crt
- --tls-private-key-file=/etc/karmada/pki/karmada-server.key
- --audit-log-path=-
- --audit-log-maxage=0
- --audit-log-maxbackup=0
Expand All @@ -61,10 +64,13 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-etcd-cert
secret:
secretName: karmada-etcd-cert
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
---
apiVersion: v1
kind: Service
Expand Down
Loading

0 comments on commit 6278790

Please sign in to comment.