diff --git a/hack/deploy-karmada-by-operator.sh b/hack/deploy-karmada-by-operator.sh index e649d75cbc6b..4104e944fbc2 100755 --- a/hack/deploy-karmada-by-operator.sh +++ b/hack/deploy-karmada-by-operator.sh @@ -111,7 +111,7 @@ kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" ap kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" wait --for=condition=Ready --timeout=1000s karmada ${KARMADA_INSTANCE_NAME} -n ${KARMADA_INSTANCE_NAMESPACE} # generate kubeconfig for karmada instance -kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" get secret -n ${KARMADA_INSTANCE_NAMESPACE} ${KARMADA_INSTANCE_NAME}-admin-config -o jsonpath={.data.kubeconfig} | base64 -d > ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config +kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" get secret -n ${KARMADA_INSTANCE_NAMESPACE} ${KARMADA_INSTANCE_NAME}-admin-config -o jsonpath='{.data.karmada\.config}' | base64 -d > ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "certificate-authority-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/ca.crt cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "client-certificate-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/karmada.crt cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "client-key-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/karmada.key diff --git a/operator/pkg/controller/karmada/planner.go b/operator/pkg/controller/karmada/planner.go index c6418d8331ee..b37fb7a59c7c 100644 --- a/operator/pkg/controller/karmada/planner.go +++ b/operator/pkg/controller/karmada/planner.go @@ -159,7 +159,7 @@ func (p *Planner) afterRunJob() error { return fmt.Errorf("error when creating cluster client to install karmada, err: %w", err) } - secret, err := remoteClient.CoreV1().Secrets(p.karmada.GetNamespace()).Get(context.TODO(), util.AdminKubeconfigSecretName(p.karmada.GetName()), metav1.GetOptions{}) + secret, err := remoteClient.CoreV1().Secrets(p.karmada.GetNamespace()).Get(context.TODO(), util.AdminKarmadaConfigSecretName(p.karmada.GetName()), metav1.GetOptions{}) if err != nil { return err } @@ -167,7 +167,7 @@ func (p *Planner) afterRunJob() error { _, err = localClusterClient.CoreV1().Secrets(p.karmada.GetNamespace()).Create(context.TODO(), &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Namespace: p.karmada.GetNamespace(), - Name: util.AdminKubeconfigSecretName(p.karmada.GetName()), + Name: util.AdminKarmadaConfigSecretName(p.karmada.GetName()), }, Data: secret.Data, }, metav1.CreateOptions{}) @@ -178,7 +178,7 @@ func (p *Planner) afterRunJob() error { p.karmada.Status.SecretRef = &operatorv1alpha1.LocalSecretReference{ Namespace: p.karmada.GetNamespace(), - Name: util.AdminKubeconfigSecretName(p.karmada.GetName()), + Name: util.AdminKarmadaConfigSecretName(p.karmada.GetName()), } p.karmada.Status.APIServerService = &operatorv1alpha1.APIServerService{ Name: util.KarmadaAPIServerName(p.karmada.GetName()), diff --git a/operator/pkg/controller/karmada/planner_test.go b/operator/pkg/controller/karmada/planner_test.go index 0f564304cc7c..78c256798803 100644 --- a/operator/pkg/controller/karmada/planner_test.go +++ b/operator/pkg/controller/karmada/planner_test.go @@ -244,7 +244,7 @@ func TestAfterRunJob(t *testing.T) { config: &rest.Config{}, action: InitAction, verify: func(karmada *operatorv1alpha1.Karmada, planner *Planner, action Action) error { - secretRefNameExpected := util.AdminKubeconfigSecretName(karmada.GetName()) + secretRefNameExpected := util.AdminKarmadaConfigSecretName(karmada.GetName()) if planner.karmada.Status.SecretRef == nil { return fmt.Errorf("expected SecretRef to be set, but got nil") } diff --git a/operator/pkg/controlplane/apiserver/apiserver.go b/operator/pkg/controlplane/apiserver/apiserver.go index 8df1e001e63e..417ad81eab0a 100644 --- a/operator/pkg/controlplane/apiserver/apiserver.go +++ b/operator/pkg/controlplane/apiserver/apiserver.go @@ -125,7 +125,7 @@ func installKarmadaAggregatedAPIServer(client clientset.Interface, cfg *operator Namespace: namespace, Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaAggregatedAPIServerName(name)), KarmadaCertsSecret: util.KarmadaCertSecretName(name), Replicas: cfg.Replicas, }) diff --git a/operator/pkg/controlplane/apiserver/apiserver_test.go b/operator/pkg/controlplane/apiserver/apiserver_test.go index 9ba1e1daaad3..2fa2551405f5 100644 --- a/operator/pkg/controlplane/apiserver/apiserver_test.go +++ b/operator/pkg/controlplane/apiserver/apiserver_test.go @@ -423,7 +423,7 @@ func verifyAggregatedAPIServerDeploymentAdditionalDetails(featureGates map[strin for _, volume := range deployment.Spec.Template.Spec.Volumes { extractedSecrets = append(extractedSecrets, volume.Secret.SecretName) } - expectedSecrets := []string{util.AdminKubeconfigSecretName(expectedDeploymentName), util.KarmadaCertSecretName(expectedDeploymentName), util.EtcdCertSecretName(expectedDeploymentName)} + expectedSecrets := []string{util.ComponentKarmadaConfigSecretName(util.KarmadaAggregatedAPIServerName(expectedDeploymentName)), util.KarmadaCertSecretName(expectedDeploymentName), util.EtcdCertSecretName(expectedDeploymentName)} for _, expectedSecret := range expectedSecrets { if !contains(extractedSecrets, expectedSecret) { return fmt.Errorf("expected secret '%s' not found in extracted secrets", expectedSecret) diff --git a/operator/pkg/controlplane/apiserver/manifests.go b/operator/pkg/controlplane/apiserver/manifests.go index ac8eb7b4ad59..af0e1fe35ff9 100644 --- a/operator/pkg/controlplane/apiserver/manifests.go +++ b/operator/pkg/controlplane/apiserver/manifests.go @@ -162,9 +162,9 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-aggregated-apiserver - - --kubeconfig=/etc/karmada/kubeconfig - - --authentication-kubeconfig=/etc/karmada/kubeconfig - - --authorization-kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config + - --authentication-kubeconfig=/etc/karmada/config/karmada.config + - --authorization-kubeconfig=/etc/karmada/config/karmada.config - --tls-cert-file=/etc/karmada/pki/karmada.crt - --tls-private-key-file=/etc/karmada/pki/karmada.key - --tls-min-version=VersionTLS13 @@ -172,14 +172,13 @@ spec: - --audit-log-maxage=0 - --audit-log-maxbackup=0 volumeMounts: - - mountPath: /etc/karmada/kubeconfig - name: kubeconfig - subPath: kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config - mountPath: /etc/karmada/pki name: apiserver-cert readOnly: true volumes: - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} - name: apiserver-cert diff --git a/operator/pkg/controlplane/controlplane.go b/operator/pkg/controlplane/controlplane.go index 7adeade09c97..265bdfba22f2 100644 --- a/operator/pkg/controlplane/controlplane.go +++ b/operator/pkg/controlplane/controlplane.go @@ -93,7 +93,7 @@ func getKubeControllerManagerManifest(name, namespace string, cfg *operatorv1alp Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), KarmadaCertsSecret: util.KarmadaCertSecretName(name), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KubeControllerManagerName(name)), Replicas: cfg.Replicas, }) if err != nil { @@ -122,7 +122,7 @@ func getKarmadaControllerManagerManifest(name, namespace string, featureGates ma SystemNamespace: constants.KarmadaSystemNamespace, Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaControllerManagerName(name)), Replicas: cfg.Replicas, }) if err != nil { @@ -151,7 +151,7 @@ func getKarmadaSchedulerManifest(name, namespace string, featureGates map[string SystemNamespace: constants.KarmadaSystemNamespace, Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaSchedulerName(name)), KarmadaCertsSecret: util.KarmadaCertSecretName(name), Replicas: cfg.Replicas, }) @@ -181,7 +181,7 @@ func getKarmadaDeschedulerManifest(name, namespace string, featureGates map[stri SystemNamespace: constants.KarmadaSystemNamespace, Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaDeschedulerName(name)), KarmadaCertsSecret: util.KarmadaCertSecretName(name), Replicas: cfg.Replicas, }) diff --git a/operator/pkg/controlplane/controlplane_test.go b/operator/pkg/controlplane/controlplane_test.go index 105c917429f8..afc6b5b01dfa 100644 --- a/operator/pkg/controlplane/controlplane_test.go +++ b/operator/pkg/controlplane/controlplane_test.go @@ -167,7 +167,7 @@ func TestGetKubeControllerManagerManifest(t *testing.T) { } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKarmadaConfigSecretName(util.KubeControllerManagerName(name)), util.KarmadaCertSecretName(name), } err = verifySecrets(deployment, expectedSecrets) @@ -226,7 +226,7 @@ func TestGetKarmadaControllerManagerManifest(t *testing.T) { t.Errorf("failed to verify karmada controller manager system namespace: %v", err) } - expectedSecrets := []string{util.AdminKubeconfigSecretName(name)} + expectedSecrets := []string{util.ComponentKarmadaConfigSecretName(util.KarmadaControllerManagerName(name))} err = verifySecrets(deployment, expectedSecrets) if err != nil { t.Errorf("failed to verify karmada controller manager secrets: %v", err) @@ -285,7 +285,7 @@ func TestGetKarmadaSchedulerManifest(t *testing.T) { } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKarmadaConfigSecretName(util.KarmadaSchedulerName(name)), util.KarmadaCertSecretName(name), } err = verifySecrets(deployment, expectedSecrets) @@ -346,7 +346,7 @@ func TestGetKarmadaDeschedulerManifest(t *testing.T) { } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKarmadaConfigSecretName(util.KarmadaDeschedulerName(name)), util.KarmadaCertSecretName(name), } err = verifySecrets(deployment, expectedSecrets) diff --git a/operator/pkg/controlplane/manifests.go b/operator/pkg/controlplane/manifests.go index cf48451a521c..71ba2ca7bd9f 100644 --- a/operator/pkg/controlplane/manifests.go +++ b/operator/pkg/controlplane/manifests.go @@ -54,9 +54,9 @@ spec: command: - kube-controller-manager - --allocate-node-cidrs=true - - --kubeconfig=/etc/karmada/kubeconfig - - --authentication-kubeconfig=/etc/karmada/kubeconfig - - --authorization-kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config + - --authentication-kubeconfig=/etc/karmada/config/karmada.config + - --authorization-kubeconfig=/etc/karmada/config/karmada.config - --bind-address=0.0.0.0 - --client-ca-file=/etc/karmada/pki/ca.crt - --cluster-cidr=10.244.0.0/16 @@ -85,14 +85,13 @@ spec: - name: karmada-certs mountPath: /etc/karmada/pki readOnly: true - - name: kubeconfig - mountPath: /etc/karmada/kubeconfig - subPath: kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config volumes: - name: karmada-certs secret: secretName: {{ .KarmadaCertsSecret }} - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` @@ -126,7 +125,7 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-controller-manager - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --metrics-bind-address=:8080 - --cluster-status-update-frequency=10s - --failover-eviction-timeout=30s @@ -147,11 +146,10 @@ spec: name: metrics protocol: TCP volumeMounts: - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config volumes: - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` @@ -186,7 +184,7 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-scheduler - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --metrics-bind-address=0.0.0.0:8080 - --health-probe-bind-address=0.0.0.0:10351 - --enable-scheduler-estimator=true @@ -212,14 +210,13 @@ spec: - name: karmada-certs mountPath: /etc/karmada/pki readOnly: true - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config volumes: - name: karmada-certs secret: secretName: {{ .KarmadaCertsSecret }} - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` @@ -254,7 +251,7 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-descheduler - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --metrics-bind-address=0.0.0.0:8080 - --health-probe-bind-address=0.0.0.0:10358 - --leader-elect-resource-namespace={{ .SystemNamespace }} @@ -279,14 +276,13 @@ spec: - name: karmada-certs mountPath: /etc/karmada/pki readOnly: true - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config volumes: - name: karmada-certs secret: secretName: {{ .KarmadaCertsSecret }} - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` diff --git a/operator/pkg/controlplane/metricsadapter/manifests.go b/operator/pkg/controlplane/metricsadapter/manifests.go index e9212593f712..344057d41846 100644 --- a/operator/pkg/controlplane/metricsadapter/manifests.go +++ b/operator/pkg/controlplane/metricsadapter/manifests.go @@ -47,10 +47,10 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-metrics-adapter - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --metrics-bind-address=:8080 - - --authentication-kubeconfig=/etc/karmada/kubeconfig - - --authorization-kubeconfig=/etc/karmada/kubeconfig + - --authentication-kubeconfig=/etc/karmada/config/karmada.config + - --authorization-kubeconfig=/etc/karmada/config/karmada.config - --client-ca-file=/etc/karmada/pki/ca.crt - --tls-cert-file=/etc/karmada/pki/karmada.crt - --tls-private-key-file=/etc/karmada/pki/karmada.key @@ -59,9 +59,8 @@ spec: - --audit-log-maxage=0 - --audit-log-maxbackup=0 volumeMounts: - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config - name: karmada-cert mountPath: /etc/karmada/pki readOnly: true @@ -87,7 +86,7 @@ spec: requests: cpu: 100m volumes: - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} - name: karmada-cert diff --git a/operator/pkg/controlplane/metricsadapter/metricsadapter.go b/operator/pkg/controlplane/metricsadapter/metricsadapter.go index a50ad1275787..63c9b0e4fd16 100644 --- a/operator/pkg/controlplane/metricsadapter/metricsadapter.go +++ b/operator/pkg/controlplane/metricsadapter/metricsadapter.go @@ -51,7 +51,7 @@ func installKarmadaMetricAdapter(client clientset.Interface, cfg *operatorv1alph Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), Replicas: cfg.Replicas, - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaMetricsAdapterName(name)), KarmadaCertsSecret: util.KarmadaCertSecretName(name), }) if err != nil { diff --git a/operator/pkg/controlplane/metricsadapter/metricsadapter_test.go b/operator/pkg/controlplane/metricsadapter/metricsadapter_test.go index e223124e28c9..43821c482c50 100644 --- a/operator/pkg/controlplane/metricsadapter/metricsadapter_test.go +++ b/operator/pkg/controlplane/metricsadapter/metricsadapter_test.go @@ -221,7 +221,7 @@ func verifyDeploymentDetails(deployment *appsv1.Deployment, replicas int32, imag extractedSecrets = append(extractedSecrets, volume.Secret.SecretName) } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKarmadaConfigSecretName(util.KarmadaMetricsAdapterName(name)), util.KarmadaCertSecretName(name), } for _, expectedSecret := range expectedSecrets { diff --git a/operator/pkg/controlplane/search/manifests.go b/operator/pkg/controlplane/search/manifests.go index 2990ba1fae99..25b2f5473d8a 100644 --- a/operator/pkg/controlplane/search/manifests.go +++ b/operator/pkg/controlplane/search/manifests.go @@ -49,14 +49,13 @@ spec: - name: k8s-certs mountPath: /etc/karmada/pki readOnly: true - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config command: - /bin/karmada-search - - --kubeconfig=/etc/kubeconfig - - --authentication-kubeconfig=/etc/kubeconfig - - --authorization-kubeconfig=/etc/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config + - --authentication-kubeconfig=/etc/karmada/config/karmada.config + - --authorization-kubeconfig=/etc/karmada/config/karmada.config - --tls-cert-file=/etc/karmada/pki/karmada.crt - --tls-private-key-file=/etc/karmada/pki/karmada.key - --tls-min-version=VersionTLS13 @@ -79,7 +78,7 @@ spec: - name: k8s-certs secret: secretName: {{ .KarmadaCertsSecret }} - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` diff --git a/operator/pkg/controlplane/search/search.go b/operator/pkg/controlplane/search/search.go index 8b28f6be95fe..9cb829fa0665 100644 --- a/operator/pkg/controlplane/search/search.go +++ b/operator/pkg/controlplane/search/search.go @@ -53,7 +53,7 @@ func installKarmadaSearch(client clientset.Interface, cfg *operatorv1alpha1.Karm ImagePullPolicy: string(cfg.ImagePullPolicy), KarmadaCertsSecret: util.KarmadaCertSecretName(name), Replicas: cfg.Replicas, - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaSearchName(name)), }) if err != nil { return fmt.Errorf("error when parsing KarmadaSearch Deployment template: %w", err) diff --git a/operator/pkg/controlplane/search/search_test.go b/operator/pkg/controlplane/search/search_test.go index 57edc18842cf..7e889c10a59f 100644 --- a/operator/pkg/controlplane/search/search_test.go +++ b/operator/pkg/controlplane/search/search_test.go @@ -242,7 +242,7 @@ func verifySecrets(deployment *appsv1.Deployment, name string) error { extractedSecrets = append(extractedSecrets, volume.Secret.SecretName) } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKarmadaConfigSecretName(util.KarmadaSearchName(name)), util.KarmadaCertSecretName(name), } for _, expectedSecret := range expectedSecrets { diff --git a/operator/pkg/controlplane/webhook/manifests.go b/operator/pkg/controlplane/webhook/manifests.go index 4e8b0705c689..b19e0bd3f6c0 100644 --- a/operator/pkg/controlplane/webhook/manifests.go +++ b/operator/pkg/controlplane/webhook/manifests.go @@ -47,7 +47,7 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-webhook - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --bind-address=0.0.0.0 - --metrics-bind-address=:8080 - --default-not-ready-toleration-seconds=30 @@ -61,9 +61,8 @@ spec: name: metrics protocol: TCP volumeMounts: - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config - name: cert mountPath: /var/serving-cert readOnly: true @@ -73,7 +72,7 @@ spec: port: 8443 scheme: HTTPS volumes: - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} - name: cert diff --git a/operator/pkg/controlplane/webhook/webhook.go b/operator/pkg/controlplane/webhook/webhook.go index f70c0a1d7bb0..f1eb3c5b9da2 100644 --- a/operator/pkg/controlplane/webhook/webhook.go +++ b/operator/pkg/controlplane/webhook/webhook.go @@ -51,7 +51,7 @@ func installKarmadaWebhook(client clientset.Interface, cfg *operatorv1alpha1.Kar Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), Replicas: cfg.Replicas, - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKarmadaConfigSecretName(util.KarmadaWebhookName(name)), WebhookCertsSecret: util.WebhookCertSecretName(name), }) if err != nil { diff --git a/operator/pkg/controlplane/webhook/webhook_test.go b/operator/pkg/controlplane/webhook/webhook_test.go index 277a1fc8c9d8..2c851135de77 100644 --- a/operator/pkg/controlplane/webhook/webhook_test.go +++ b/operator/pkg/controlplane/webhook/webhook_test.go @@ -232,7 +232,7 @@ func verifySecrets(deployment *appsv1.Deployment, name string) error { extractedSecrets = append(extractedSecrets, volume.Secret.SecretName) } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKarmadaConfigSecretName(util.KarmadaWebhookName(name)), util.WebhookCertSecretName(name), } for _, expectedSecret := range expectedSecrets { diff --git a/operator/pkg/tasks/deinit/kubeconfig.go b/operator/pkg/tasks/deinit/kubeconfig.go index 76d1f2637f43..7f6d15c0b378 100644 --- a/operator/pkg/tasks/deinit/kubeconfig.go +++ b/operator/pkg/tasks/deinit/kubeconfig.go @@ -39,20 +39,40 @@ func NewCleanupKubeconfigTask() workflow.Task { func runCleanupKubeconfig(r workflow.RunData) error { data, ok := r.(DeInitData) if !ok { - return errors.New("cleanup-kubeconfig task invoked with an invalid data struct") + return errors.New("cleanup-karmada-config task invoked with an invalid data struct") } - klog.V(4).InfoS("[cleanup-kubeconfig] Running cleanup-kubeconfig task", "karmada", klog.KObj(data)) + klog.V(4).InfoS("[cleanup-karmada-config] Running cleanup-karmada-config task", "karmada", klog.KObj(data)) - err := apiclient.DeleteSecretIfHasLabels( - data.RemoteClient(), - util.AdminKubeconfigSecretName(data.GetName()), - data.GetNamespace(), - constants.KarmadaOperatorLabel, - ) - if err != nil { - return fmt.Errorf("failed to cleanup karmada kubeconfig, err: %w", err) + secretNames := generateComponentKubeconfigSecretNames(data) + + for _, secretName := range secretNames { + err := apiclient.DeleteSecretIfHasLabels( + data.RemoteClient(), + secretName, + data.GetNamespace(), + constants.KarmadaOperatorLabel, + ) + if err != nil { + return fmt.Errorf("failed to cleanup karmada-config secret '%s', err: %w", secretName, err) + } } return nil } + +func generateComponentKubeconfigSecretNames(data DeInitData) []string { + secretNames := []string{ + util.AdminKarmadaConfigSecretName(data.GetName()), + util.ComponentKarmadaConfigSecretName(util.KarmadaAggregatedAPIServerName(data.GetName())), + util.ComponentKarmadaConfigSecretName(util.KarmadaControllerManagerName(data.GetName())), + util.ComponentKarmadaConfigSecretName(util.KubeControllerManagerName(data.GetName())), + util.ComponentKarmadaConfigSecretName(util.KarmadaSchedulerName(data.GetName())), + util.ComponentKarmadaConfigSecretName(util.KarmadaDeschedulerName(data.GetName())), + util.ComponentKarmadaConfigSecretName(util.KarmadaMetricsAdapterName(data.GetName())), + util.ComponentKarmadaConfigSecretName(util.KarmadaSearchName(data.GetName())), + util.ComponentKarmadaConfigSecretName(util.KarmadaWebhookName(data.GetName())), + } + + return secretNames +} diff --git a/operator/pkg/tasks/deinit/kubeconfig_test.go b/operator/pkg/tasks/deinit/kubeconfig_test.go index 96f54ad870c7..b44ee0f2038f 100644 --- a/operator/pkg/tasks/deinit/kubeconfig_test.go +++ b/operator/pkg/tasks/deinit/kubeconfig_test.go @@ -73,7 +73,7 @@ func TestRunCleanupKubeconfig(t *testing.T) { prep: func(workflow.RunData, *corev1.Secret) error { return nil }, verify: func(workflow.RunData, *corev1.Secret) error { return nil }, wantErr: true, - errMsg: "cleanup-kubeconfig task invoked with an invalid data struct", + errMsg: "cleanup-karmada-config task invoked with an invalid data struct", }, { name: "RunCleanupKubeconfig_DeleteSecretWithKarmadaOperatorLabel_SecretDeleted", @@ -82,7 +82,7 @@ func TestRunCleanupKubeconfig(t *testing.T) { namespace: namespace, remoteClient: fakeclientset.NewSimpleClientset(), }, - secret: helper.NewSecret(namespace, util.AdminKubeconfigSecretName(name), map[string][]byte{}), + secret: helper.NewSecret(namespace, util.AdminKarmadaConfigSecretName(name), map[string][]byte{}), prep: func(rd workflow.RunData, s *corev1.Secret) error { data := rd.(*TestDeInitData) s.Labels = constants.KarmadaOperatorLabel diff --git a/operator/pkg/tasks/init/upload.go b/operator/pkg/tasks/init/upload.go index 8506acef8a4e..4cc0936fc6f1 100644 --- a/operator/pkg/tasks/init/upload.go +++ b/operator/pkg/tasks/init/upload.go @@ -105,16 +105,13 @@ func runUploadAdminKubeconfig(r workflow.RunData) error { return err } - err = apiclient.CreateOrUpdateSecret(data.RemoteClient(), &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: data.GetNamespace(), - Name: util.AdminKubeconfigSecretName(data.GetName()), - Labels: constants.KarmadaOperatorLabel, - }, - Data: map[string][]byte{"kubeconfig": configBytes}, - }) - if err != nil { - return fmt.Errorf("failed to create secret of kubeconfig, err: %w", err) + secretList := generateComponentKubeconfigSecrets(data, string(configBytes)) + + for _, secret := range secretList { + err = apiclient.CreateOrUpdateSecret(data.RemoteClient(), secret) + if err != nil { + return fmt.Errorf("failed to create/update karmada-config secret '%s', err: %w", secret.Name, err) + } } // store rest config to RunData. @@ -179,6 +176,46 @@ func buildKubeConfigFromSpec(data InitData, serverURL string) (*clientcmdapi.Con ), nil } +func generateKubeconfigSecret(name, namespace, configString string) *corev1.Secret { + return &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace, + Name: name, + Labels: constants.KarmadaOperatorLabel, + }, + StringData: map[string]string{"karmada.config": configString}, + } +} + +func generateComponentKubeconfigSecrets(data InitData, configString string) []*corev1.Secret { + var secrets []*corev1.Secret + + secrets = append(secrets, generateKubeconfigSecret(util.AdminKarmadaConfigSecretName(data.GetName()), data.GetNamespace(), configString)) + + if data.Components() == nil { + return secrets + } + + componentList := map[string]interface{}{ + util.KarmadaAggregatedAPIServerName(data.GetName()): data.Components().KarmadaAggregatedAPIServer, + util.KarmadaControllerManagerName(data.GetName()): data.Components().KarmadaControllerManager, + util.KubeControllerManagerName(data.GetName()): data.Components().KubeControllerManager, + util.KarmadaSchedulerName(data.GetName()): data.Components().KarmadaScheduler, + util.KarmadaDeschedulerName(data.GetName()): data.Components().KarmadaDescheduler, + util.KarmadaMetricsAdapterName(data.GetName()): data.Components().KarmadaMetricsAdapter, + util.KarmadaSearchName(data.GetName()): data.Components().KarmadaSearch, + util.KarmadaWebhookName(data.GetName()): data.Components().KarmadaWebhook, + } + + for karmadaComponentName, component := range componentList { + if component != nil { + secrets = append(secrets, generateKubeconfigSecret(util.ComponentKarmadaConfigSecretName(karmadaComponentName), data.GetNamespace(), configString)) + } + } + + return secrets +} + // NewUploadCertsTask init a Upload-Certs task func NewUploadCertsTask(karmada *operatorv1alpha1.Karmada) workflow.Task { tasks := []workflow.Task{ diff --git a/operator/pkg/util/naming.go b/operator/pkg/util/naming.go index dbbecab7a70e..6ba6f16d2b88 100644 --- a/operator/pkg/util/naming.go +++ b/operator/pkg/util/naming.go @@ -24,11 +24,16 @@ import ( // Namefunc defines a function to generate resource name according to karmada resource name. type Namefunc func(karmada string) string -// AdminKubeconfigSecretName returns secret name of karmada-admin kubeconfig -func AdminKubeconfigSecretName(karmada string) string { +// AdminKarmadaConfigSecretName returns secret name of karmada-admin karmada-config +func AdminKarmadaConfigSecretName(karmada string) string { return generateResourceName(karmada, "admin-config") } +// ComponentKarmadaConfigSecretName returns secret name of karmada component karmada-config +func ComponentKarmadaConfigSecretName(karmadaComponent string) string { + return fmt.Sprintf("%s-config", karmadaComponent) +} + // KarmadaCertSecretName returns secret name of karmada certs func KarmadaCertSecretName(karmada string) string { return generateResourceName(karmada, "cert")