diff --git a/charts/karmada-operator/crds/operator.karmada.io_karmadas.yaml b/charts/karmada-operator/crds/operator.karmada.io_karmadas.yaml index 04b3ee8cc886..e636ddc1f615 100644 --- a/charts/karmada-operator/crds/operator.karmada.io_karmadas.yaml +++ b/charts/karmada-operator/crds/operator.karmada.io_karmadas.yaml @@ -3673,6 +3673,32 @@ spec: type: string type: object type: object + customCertificate: + description: |- + CustomCertificate specifies the configuration to customize the certificates + for Karmada components or control the certificate generation process, such as + the algorithm, validity period, etc. + Currently, it only supports customizing the CA certificate for limited components. + properties: + apiServerCACert: + description: |- + APIServerCACert references a Kubernetes secret containing the CA certificate + for component karmada-apiserver. + The secret must contain the following data keys: + - tls.crt: The TLS certificate. + - tls.key: The TLS private key. + If specified, this CA will be used to issue client certificates for + all components that access the APIServer as clients. + properties: + name: + description: Name is the name of resource being referenced. + type: string + namespace: + description: Namespace is the namespace for the resource being + referenced. + type: string + type: object + type: object featureGates: additionalProperties: type: boolean diff --git a/operator/config/crds/operator.karmada.io_karmadas.yaml b/operator/config/crds/operator.karmada.io_karmadas.yaml index 04b3ee8cc886..e636ddc1f615 100644 --- a/operator/config/crds/operator.karmada.io_karmadas.yaml +++ b/operator/config/crds/operator.karmada.io_karmadas.yaml @@ -3673,6 +3673,32 @@ spec: type: string type: object type: object + customCertificate: + description: |- + CustomCertificate specifies the configuration to customize the certificates + for Karmada components or control the certificate generation process, such as + the algorithm, validity period, etc. + Currently, it only supports customizing the CA certificate for limited components. + properties: + apiServerCACert: + description: |- + APIServerCACert references a Kubernetes secret containing the CA certificate + for component karmada-apiserver. + The secret must contain the following data keys: + - tls.crt: The TLS certificate. + - tls.key: The TLS private key. + If specified, this CA will be used to issue client certificates for + all components that access the APIServer as clients. + properties: + name: + description: Name is the name of resource being referenced. + type: string + namespace: + description: Namespace is the namespace for the resource being + referenced. + type: string + type: object + type: object featureGates: additionalProperties: type: boolean diff --git a/operator/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go b/operator/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go index c57aca85c33c..4bdec62a012f 100644 --- a/operator/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go +++ b/operator/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go @@ -106,6 +106,27 @@ func (in *CommonSettings) DeepCopy() *CommonSettings { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomCertificate) DeepCopyInto(out *CustomCertificate) { + *out = *in + if in.APIServerCACert != nil { + in, out := &in.APIServerCACert, &out.APIServerCACert + *out = new(LocalSecretReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomCertificate. +func (in *CustomCertificate) DeepCopy() *CustomCertificate { + if in == nil { + return nil + } + out := new(CustomCertificate) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Etcd) DeepCopyInto(out *Etcd) { *out = *in @@ -637,6 +658,11 @@ func (in *KarmadaSpec) DeepCopyInto(out *KarmadaSpec) { *out = new(CRDTarball) (*in).DeepCopyInto(*out) } + if in.CustomCertificate != nil { + in, out := &in.CustomCertificate, &out.CustomCertificate + *out = new(CustomCertificate) + (*in).DeepCopyInto(*out) + } return } diff --git a/operator/pkg/init.go b/operator/pkg/init.go index a13a0f8ebb48..4e4ebae40baf 100644 --- a/operator/pkg/init.go +++ b/operator/pkg/init.go @@ -167,18 +167,19 @@ func newRunData(opt *InitOptions) (*initData, error) { } return &initData{ - name: opt.Name, - namespace: opt.Namespace, - karmadaVersion: version, - controlplaneAddress: address, - remoteClient: remoteClient, - CRDTarball: opt.CRDTarball, - karmadaDataDir: opt.KarmadaDataDir, - privateRegistry: privateRegistry, - components: opt.Karmada.Spec.Components, - featureGates: opt.Karmada.Spec.FeatureGates, - dnsDomain: *opt.Karmada.Spec.HostCluster.Networking.DNSDomain, - CertStore: certs.NewCertStore(), + name: opt.Name, + namespace: opt.Namespace, + karmadaVersion: version, + controlplaneAddress: address, + remoteClient: remoteClient, + CRDTarball: opt.CRDTarball, + CustomCertificateConfig: opt.CustomCertificateConfig, + karmadaDataDir: opt.KarmadaDataDir, + privateRegistry: privateRegistry, + components: opt.Karmada.Spec.Components, + featureGates: opt.Karmada.Spec.FeatureGates, + dnsDomain: *opt.Karmada.Spec.HostCluster.Networking.DNSDomain, + CertStore: certs.NewCertStore(), }, nil } @@ -284,6 +285,9 @@ func NewInitOptWithKarmada(karmada *operatorv1alpha1.Karmada) InitOpt { if karmada.Spec.CRDTarball != nil { o.CRDTarball = *karmada.Spec.CRDTarball } + if karmada.Spec.CustomCertificate != nil { + o.CustomCertificateConfig = *karmada.Spec.CustomCertificate + } } } diff --git a/operator/pkg/tasks/init/test_helpers.go b/operator/pkg/tasks/init/test_helpers.go index e480b5ff8584..17f89722920b 100644 --- a/operator/pkg/tasks/init/test_helpers.go +++ b/operator/pkg/tasks/init/test_helpers.go @@ -46,18 +46,19 @@ func (m *MyTestData) Get() string { // TestInitData contains the configuration and state required to initialize Karmada components. type TestInitData struct { - Name string - Namespace string - ControlplaneConfigREST *rest.Config - DataDirectory string - CrdTarballArchive operatorv1alpha1.CRDTarball - KarmadaVersionRelease string - ComponentsUnits *operatorv1alpha1.KarmadaComponents - FeatureGatesOptions map[string]bool - RemoteClientConnector clientset.Interface - KarmadaClientConnector clientset.Interface - ControlplaneAddr string - Certs []*certs.KarmadaCert + Name string + Namespace string + ControlplaneConfigREST *rest.Config + DataDirectory string + CrdTarballArchive operatorv1alpha1.CRDTarball + CustomCertificateConfig operatorv1alpha1.CustomCertificate + KarmadaVersionRelease string + ComponentsUnits *operatorv1alpha1.KarmadaComponents + FeatureGatesOptions map[string]bool + RemoteClientConnector clientset.Interface + KarmadaClientConnector clientset.Interface + ControlplaneAddr string + Certs []*certs.KarmadaCert } // Ensure TestInitData implements InitData interface at compile time. @@ -108,6 +109,10 @@ func (t *TestInitData) CrdTarball() operatorv1alpha1.CRDTarball { return t.CrdTarballArchive } +func (t *TestInitData) CustomCertificate() operatorv1alpha1.CustomCertificate { + return t.CustomCertificateConfig +} + // KarmadaVersion returns the version of Karmada being used. func (t *TestInitData) KarmadaVersion() string { return t.KarmadaVersionRelease