diff --git a/hack/deploy-karmada-by-operator.sh b/hack/deploy-karmada-by-operator.sh index e649d75cbc6b..4104e944fbc2 100755 --- a/hack/deploy-karmada-by-operator.sh +++ b/hack/deploy-karmada-by-operator.sh @@ -111,7 +111,7 @@ kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" ap kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" wait --for=condition=Ready --timeout=1000s karmada ${KARMADA_INSTANCE_NAME} -n ${KARMADA_INSTANCE_NAMESPACE} # generate kubeconfig for karmada instance -kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" get secret -n ${KARMADA_INSTANCE_NAMESPACE} ${KARMADA_INSTANCE_NAME}-admin-config -o jsonpath={.data.kubeconfig} | base64 -d > ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config +kubectl --kubeconfig="${HOST_CLUSTER_KUBECONFIG}" --context="${CONTEXT_NAME}" get secret -n ${KARMADA_INSTANCE_NAMESPACE} ${KARMADA_INSTANCE_NAME}-admin-config -o jsonpath='{.data.karmada\.config}' | base64 -d > ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "certificate-authority-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/ca.crt cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "client-certificate-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/karmada.crt cat ~/.kube/${KARMADA_INSTANCE_NAME}-${KARMADA_INSTANCE_NAMESPACE}-tmp-apiserver.config| grep "client-key-data"| awk '{print $2}'| base64 -d > ${CERT_DIR}/karmada.key diff --git a/operator/pkg/controlplane/apiserver/apiserver.go b/operator/pkg/controlplane/apiserver/apiserver.go index 4eb765c7b395..afb037d50e77 100644 --- a/operator/pkg/controlplane/apiserver/apiserver.go +++ b/operator/pkg/controlplane/apiserver/apiserver.go @@ -124,7 +124,7 @@ func installKarmadaAggregatedAPIServer(client clientset.Interface, cfg *operator Namespace: namespace, Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKubeconfigSecretName(util.KarmadaAggregatedAPIServerName(name)), KarmadaCertsSecret: util.KarmadaCertSecretName(name), Replicas: cfg.Replicas, }) diff --git a/operator/pkg/controlplane/apiserver/apiserver_test.go b/operator/pkg/controlplane/apiserver/apiserver_test.go index 6e1446fa7efe..9a92d207636b 100644 --- a/operator/pkg/controlplane/apiserver/apiserver_test.go +++ b/operator/pkg/controlplane/apiserver/apiserver_test.go @@ -415,7 +415,7 @@ func verifyAggregatedAPIServerDeploymentAdditionalDetails(featureGates map[strin for _, volume := range deployment.Spec.Template.Spec.Volumes { extractedSecrets = append(extractedSecrets, volume.Secret.SecretName) } - expectedSecrets := []string{util.AdminKubeconfigSecretName(expectedDeploymentName), util.KarmadaCertSecretName(expectedDeploymentName), util.EtcdCertSecretName(expectedDeploymentName)} + expectedSecrets := []string{util.ComponentKubeconfigSecretName(util.KarmadaAggregatedAPIServerName(expectedDeploymentName)), util.KarmadaCertSecretName(expectedDeploymentName), util.EtcdCertSecretName(expectedDeploymentName)} for _, expectedSecret := range expectedSecrets { if !contains(extractedSecrets, expectedSecret) { return fmt.Errorf("expected secret '%s' not found in extracted secrets", expectedSecret) diff --git a/operator/pkg/controlplane/apiserver/manifests.go b/operator/pkg/controlplane/apiserver/manifests.go index fb1f99c4e0c4..acf1d057a3f2 100644 --- a/operator/pkg/controlplane/apiserver/manifests.go +++ b/operator/pkg/controlplane/apiserver/manifests.go @@ -163,9 +163,9 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-aggregated-apiserver - - --kubeconfig=/etc/karmada/kubeconfig - - --authentication-kubeconfig=/etc/karmada/kubeconfig - - --authorization-kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config + - --authentication-kubeconfig=/etc/karmada/config/karmada.config + - --authorization-kubeconfig=/etc/karmada/config/karmada.config - --tls-cert-file=/etc/karmada/pki/karmada.crt - --tls-private-key-file=/etc/karmada/pki/karmada.key - --tls-min-version=VersionTLS13 @@ -173,14 +173,13 @@ spec: - --audit-log-maxage=0 - --audit-log-maxbackup=0 volumeMounts: - - mountPath: /etc/karmada/kubeconfig - name: kubeconfig - subPath: kubeconfig + - mountPath: /etc/karmada/config + name: karmada-config - mountPath: /etc/karmada/pki name: apiserver-cert readOnly: true volumes: - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} - name: apiserver-cert diff --git a/operator/pkg/controlplane/controlplane.go b/operator/pkg/controlplane/controlplane.go index 693d58bd6770..26377431d8f2 100644 --- a/operator/pkg/controlplane/controlplane.go +++ b/operator/pkg/controlplane/controlplane.go @@ -93,7 +93,7 @@ func getKubeControllerManagerManifest(name, namespace string, cfg *operatorv1alp Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), KarmadaCertsSecret: util.KarmadaCertSecretName(name), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKubeconfigSecretName(util.KubeControllerManagerName(name)), Replicas: cfg.Replicas, }) if err != nil { @@ -121,7 +121,7 @@ func getKarmadaControllerManagerManifest(name, namespace string, featureGates ma SystemNamespace: constants.KarmadaSystemNamespace, Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKubeconfigSecretName(util.KarmadaControllerManagerName(name)), Replicas: cfg.Replicas, }) if err != nil { @@ -149,7 +149,7 @@ func getKarmadaSchedulerManifest(name, namespace string, featureGates map[string SystemNamespace: constants.KarmadaSystemNamespace, Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKubeconfigSecretName(util.KarmadaSchedulerName(name)), KarmadaCertsSecret: util.KarmadaCertSecretName(name), Replicas: cfg.Replicas, }) @@ -178,7 +178,7 @@ func getKarmadaDeschedulerManifest(name, namespace string, featureGates map[stri SystemNamespace: constants.KarmadaSystemNamespace, Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKubeconfigSecretName(util.KarmadaDeschedulerName(name)), KarmadaCertsSecret: util.KarmadaCertSecretName(name), Replicas: cfg.Replicas, }) diff --git a/operator/pkg/controlplane/controlplane_test.go b/operator/pkg/controlplane/controlplane_test.go index 4ccd14df9a04..fe6acebae9a9 100644 --- a/operator/pkg/controlplane/controlplane_test.go +++ b/operator/pkg/controlplane/controlplane_test.go @@ -165,7 +165,7 @@ func TestGetKubeControllerManagerManifest(t *testing.T) { } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKubeconfigSecretName(util.KubeControllerManagerName(name)), util.KarmadaCertSecretName(name), } err = verifySecrets(deployment, expectedSecrets) @@ -222,7 +222,7 @@ func TestGetKarmadaControllerManagerManifest(t *testing.T) { t.Errorf("failed to verify karmada controller manager system namespace: %v", err) } - expectedSecrets := []string{util.AdminKubeconfigSecretName(name)} + expectedSecrets := []string{util.ComponentKubeconfigSecretName(util.KarmadaControllerManagerName(name))} err = verifySecrets(deployment, expectedSecrets) if err != nil { t.Errorf("failed to verify karmada controller manager secrets: %v", err) @@ -279,7 +279,7 @@ func TestGetKarmadaSchedulerManifest(t *testing.T) { } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKubeconfigSecretName(util.KarmadaSchedulerName(name)), util.KarmadaCertSecretName(name), } err = verifySecrets(deployment, expectedSecrets) @@ -338,7 +338,7 @@ func TestGetKarmadaDeschedulerManifest(t *testing.T) { } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKubeconfigSecretName(util.KarmadaDeschedulerName(name)), util.KarmadaCertSecretName(name), } err = verifySecrets(deployment, expectedSecrets) diff --git a/operator/pkg/controlplane/manifests.go b/operator/pkg/controlplane/manifests.go index 08388bae942e..e0ae515b7d7b 100644 --- a/operator/pkg/controlplane/manifests.go +++ b/operator/pkg/controlplane/manifests.go @@ -55,9 +55,9 @@ spec: command: - kube-controller-manager - --allocate-node-cidrs=true - - --kubeconfig=/etc/karmada/kubeconfig - - --authentication-kubeconfig=/etc/karmada/kubeconfig - - --authorization-kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config + - --authentication-kubeconfig=/etc/karmada/config/karmada.config + - --authorization-kubeconfig=/etc/karmada/config/karmada.config - --bind-address=0.0.0.0 - --client-ca-file=/etc/karmada/pki/ca.crt - --cluster-cidr=10.244.0.0/16 @@ -86,14 +86,13 @@ spec: - name: karmada-certs mountPath: /etc/karmada/pki readOnly: true - - name: kubeconfig - mountPath: /etc/karmada/kubeconfig - subPath: kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config volumes: - name: karmada-certs secret: secretName: {{ .KarmadaCertsSecret }} - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` @@ -127,7 +126,7 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-controller-manager - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --metrics-bind-address=:8080 - --cluster-status-update-frequency=10s - --failover-eviction-timeout=30s @@ -148,11 +147,10 @@ spec: name: metrics protocol: TCP volumeMounts: - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config volumes: - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` @@ -187,7 +185,7 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-scheduler - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --metrics-bind-address=0.0.0.0:8080 - --health-probe-bind-address=0.0.0.0:10351 - --enable-scheduler-estimator=true @@ -213,14 +211,13 @@ spec: - name: karmada-certs mountPath: /etc/karmada/pki readOnly: true - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config volumes: - name: karmada-certs secret: secretName: {{ .KarmadaCertsSecret }} - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` @@ -255,7 +252,7 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-descheduler - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --metrics-bind-address=0.0.0.0:8080 - --health-probe-bind-address=0.0.0.0:10358 - --leader-elect-resource-namespace={{ .SystemNamespace }} @@ -280,14 +277,13 @@ spec: - name: karmada-certs mountPath: /etc/karmada/pki readOnly: true - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config volumes: - name: karmada-certs secret: secretName: {{ .KarmadaCertsSecret }} - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` diff --git a/operator/pkg/controlplane/metricsadapter/manifests.go b/operator/pkg/controlplane/metricsadapter/manifests.go index e9212593f712..344057d41846 100644 --- a/operator/pkg/controlplane/metricsadapter/manifests.go +++ b/operator/pkg/controlplane/metricsadapter/manifests.go @@ -47,10 +47,10 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-metrics-adapter - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --metrics-bind-address=:8080 - - --authentication-kubeconfig=/etc/karmada/kubeconfig - - --authorization-kubeconfig=/etc/karmada/kubeconfig + - --authentication-kubeconfig=/etc/karmada/config/karmada.config + - --authorization-kubeconfig=/etc/karmada/config/karmada.config - --client-ca-file=/etc/karmada/pki/ca.crt - --tls-cert-file=/etc/karmada/pki/karmada.crt - --tls-private-key-file=/etc/karmada/pki/karmada.key @@ -59,9 +59,8 @@ spec: - --audit-log-maxage=0 - --audit-log-maxbackup=0 volumeMounts: - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config - name: karmada-cert mountPath: /etc/karmada/pki readOnly: true @@ -87,7 +86,7 @@ spec: requests: cpu: 100m volumes: - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} - name: karmada-cert diff --git a/operator/pkg/controlplane/metricsadapter/metricsadapter.go b/operator/pkg/controlplane/metricsadapter/metricsadapter.go index 08b6184fc835..3ac05df4e886 100644 --- a/operator/pkg/controlplane/metricsadapter/metricsadapter.go +++ b/operator/pkg/controlplane/metricsadapter/metricsadapter.go @@ -51,7 +51,7 @@ func installKarmadaMetricAdapter(client clientset.Interface, cfg *operatorv1alph Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), Replicas: cfg.Replicas, - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKubeconfigSecretName(util.KarmadaMetricsAdapterName(name)), KarmadaCertsSecret: util.KarmadaCertSecretName(name), }) if err != nil { diff --git a/operator/pkg/controlplane/metricsadapter/metricsadapter_test.go b/operator/pkg/controlplane/metricsadapter/metricsadapter_test.go index cbfd4a9d3629..20514e80cca1 100644 --- a/operator/pkg/controlplane/metricsadapter/metricsadapter_test.go +++ b/operator/pkg/controlplane/metricsadapter/metricsadapter_test.go @@ -213,7 +213,7 @@ func verifyDeploymentDetails(deployment *appsv1.Deployment, replicas int32, imag extractedSecrets = append(extractedSecrets, volume.Secret.SecretName) } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKubeconfigSecretName(util.KarmadaMetricsAdapterName(name)), util.KarmadaCertSecretName(name), } for _, expectedSecret := range expectedSecrets { diff --git a/operator/pkg/controlplane/search/manifests.go b/operator/pkg/controlplane/search/manifests.go index 2990ba1fae99..25b2f5473d8a 100644 --- a/operator/pkg/controlplane/search/manifests.go +++ b/operator/pkg/controlplane/search/manifests.go @@ -49,14 +49,13 @@ spec: - name: k8s-certs mountPath: /etc/karmada/pki readOnly: true - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config command: - /bin/karmada-search - - --kubeconfig=/etc/kubeconfig - - --authentication-kubeconfig=/etc/kubeconfig - - --authorization-kubeconfig=/etc/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config + - --authentication-kubeconfig=/etc/karmada/config/karmada.config + - --authorization-kubeconfig=/etc/karmada/config/karmada.config - --tls-cert-file=/etc/karmada/pki/karmada.crt - --tls-private-key-file=/etc/karmada/pki/karmada.key - --tls-min-version=VersionTLS13 @@ -79,7 +78,7 @@ spec: - name: k8s-certs secret: secretName: {{ .KarmadaCertsSecret }} - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} ` diff --git a/operator/pkg/controlplane/search/search.go b/operator/pkg/controlplane/search/search.go index e7251d0c8e4e..a48f66b15619 100644 --- a/operator/pkg/controlplane/search/search.go +++ b/operator/pkg/controlplane/search/search.go @@ -53,7 +53,7 @@ func installKarmadaSearch(client clientset.Interface, cfg *operatorv1alpha1.Karm ImagePullPolicy: string(cfg.ImagePullPolicy), KarmadaCertsSecret: util.KarmadaCertSecretName(name), Replicas: cfg.Replicas, - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKubeconfigSecretName(util.KarmadaSearchName(name)), }) if err != nil { return fmt.Errorf("error when parsing KarmadaSearch Deployment template: %w", err) diff --git a/operator/pkg/controlplane/search/search_test.go b/operator/pkg/controlplane/search/search_test.go index fb9e8f731baf..665a02fadfb2 100644 --- a/operator/pkg/controlplane/search/search_test.go +++ b/operator/pkg/controlplane/search/search_test.go @@ -236,7 +236,7 @@ func verifySecrets(deployment *appsv1.Deployment, name string) error { extractedSecrets = append(extractedSecrets, volume.Secret.SecretName) } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKubeconfigSecretName(util.KarmadaSearchName(name)), util.KarmadaCertSecretName(name), } for _, expectedSecret := range expectedSecrets { diff --git a/operator/pkg/controlplane/webhook/manifests.go b/operator/pkg/controlplane/webhook/manifests.go index 4e8b0705c689..b19e0bd3f6c0 100644 --- a/operator/pkg/controlplane/webhook/manifests.go +++ b/operator/pkg/controlplane/webhook/manifests.go @@ -47,7 +47,7 @@ spec: imagePullPolicy: {{ .ImagePullPolicy }} command: - /bin/karmada-webhook - - --kubeconfig=/etc/karmada/kubeconfig + - --kubeconfig=/etc/karmada/config/karmada.config - --bind-address=0.0.0.0 - --metrics-bind-address=:8080 - --default-not-ready-toleration-seconds=30 @@ -61,9 +61,8 @@ spec: name: metrics protocol: TCP volumeMounts: - - name: kubeconfig - subPath: kubeconfig - mountPath: /etc/karmada/kubeconfig + - name: karmada-config + mountPath: /etc/karmada/config - name: cert mountPath: /var/serving-cert readOnly: true @@ -73,7 +72,7 @@ spec: port: 8443 scheme: HTTPS volumes: - - name: kubeconfig + - name: karmada-config secret: secretName: {{ .KubeconfigSecret }} - name: cert diff --git a/operator/pkg/controlplane/webhook/webhook.go b/operator/pkg/controlplane/webhook/webhook.go index 66cddfc159e3..7ecead80b08c 100644 --- a/operator/pkg/controlplane/webhook/webhook.go +++ b/operator/pkg/controlplane/webhook/webhook.go @@ -51,7 +51,7 @@ func installKarmadaWebhook(client clientset.Interface, cfg *operatorv1alpha1.Kar Image: cfg.Image.Name(), ImagePullPolicy: string(cfg.ImagePullPolicy), Replicas: cfg.Replicas, - KubeconfigSecret: util.AdminKubeconfigSecretName(name), + KubeconfigSecret: util.ComponentKubeconfigSecretName(util.KarmadaWebhookName(name)), WebhookCertsSecret: util.WebhookCertSecretName(name), }) if err != nil { diff --git a/operator/pkg/controlplane/webhook/webhook_test.go b/operator/pkg/controlplane/webhook/webhook_test.go index 8d009e3780ef..2efdf01db07b 100644 --- a/operator/pkg/controlplane/webhook/webhook_test.go +++ b/operator/pkg/controlplane/webhook/webhook_test.go @@ -226,7 +226,7 @@ func verifySecrets(deployment *appsv1.Deployment, name string) error { extractedSecrets = append(extractedSecrets, volume.Secret.SecretName) } expectedSecrets := []string{ - util.AdminKubeconfigSecretName(name), + util.ComponentKubeconfigSecretName(util.KarmadaWebhookName(name)), util.WebhookCertSecretName(name), } for _, expectedSecret := range expectedSecrets { diff --git a/operator/pkg/tasks/deinit/kubeconfig.go b/operator/pkg/tasks/deinit/kubeconfig.go index 76d1f2637f43..0295035fa301 100644 --- a/operator/pkg/tasks/deinit/kubeconfig.go +++ b/operator/pkg/tasks/deinit/kubeconfig.go @@ -44,15 +44,35 @@ func runCleanupKubeconfig(r workflow.RunData) error { klog.V(4).InfoS("[cleanup-kubeconfig] Running cleanup-kubeconfig task", "karmada", klog.KObj(data)) - err := apiclient.DeleteSecretIfHasLabels( - data.RemoteClient(), - util.AdminKubeconfigSecretName(data.GetName()), - data.GetNamespace(), - constants.KarmadaOperatorLabel, - ) - if err != nil { - return fmt.Errorf("failed to cleanup karmada kubeconfig, err: %w", err) + secretNames := generateComponentKubeconfigSecretNames(data) + + for _, secretName := range secretNames { + err := apiclient.DeleteSecretIfHasLabels( + data.RemoteClient(), + secretName, + data.GetNamespace(), + constants.KarmadaOperatorLabel, + ) + if err != nil { + return fmt.Errorf("failed to cleanup karmada kubeconfig secret '%s', err: %w", secretName, err) + } } return nil } + +func generateComponentKubeconfigSecretNames(data DeInitData) []string { + secretNames := []string{ + util.AdminKubeconfigSecretName(data.GetName()), + util.ComponentKubeconfigSecretName(util.KarmadaAggregatedAPIServerName(data.GetName())), + util.ComponentKubeconfigSecretName(util.KarmadaControllerManagerName(data.GetName())), + util.ComponentKubeconfigSecretName(util.KubeControllerManagerName(data.GetName())), + util.ComponentKubeconfigSecretName(util.KarmadaSchedulerName(data.GetName())), + util.ComponentKubeconfigSecretName(util.KarmadaDeschedulerName(data.GetName())), + util.ComponentKubeconfigSecretName(util.KarmadaMetricsAdapterName(data.GetName())), + util.ComponentKubeconfigSecretName(util.KarmadaSearchName(data.GetName())), + util.ComponentKubeconfigSecretName(util.KarmadaWebhookName(data.GetName())), + } + + return secretNames +} diff --git a/operator/pkg/tasks/init/upload.go b/operator/pkg/tasks/init/upload.go index 8506acef8a4e..66ebb47fd2a1 100644 --- a/operator/pkg/tasks/init/upload.go +++ b/operator/pkg/tasks/init/upload.go @@ -105,16 +105,13 @@ func runUploadAdminKubeconfig(r workflow.RunData) error { return err } - err = apiclient.CreateOrUpdateSecret(data.RemoteClient(), &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: data.GetNamespace(), - Name: util.AdminKubeconfigSecretName(data.GetName()), - Labels: constants.KarmadaOperatorLabel, - }, - Data: map[string][]byte{"kubeconfig": configBytes}, - }) - if err != nil { - return fmt.Errorf("failed to create secret of kubeconfig, err: %w", err) + secretList := generateComponentKubeconfigSecrets(data, string(configBytes)) + + for _, secret := range secretList { + err = apiclient.CreateOrUpdateSecret(data.RemoteClient(), secret) + if err != nil { + return fmt.Errorf("failed to create/update kubeconfig secret '%s', err: %w", secret.Name, err) + } } // store rest config to RunData. @@ -179,6 +176,46 @@ func buildKubeConfigFromSpec(data InitData, serverURL string) (*clientcmdapi.Con ), nil } +func generateKubeconfigSecret(name, namespace, configString string) *corev1.Secret { + return &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace, + Name: name, + Labels: constants.KarmadaOperatorLabel, + }, + StringData: map[string]string{"karmada.config": configString}, + } +} + +func generateComponentKubeconfigSecrets(data InitData, configString string) []*corev1.Secret { + var secrets []*corev1.Secret + + secrets = append(secrets, generateKubeconfigSecret(util.AdminKubeconfigSecretName(data.GetName()), data.GetNamespace(), configString)) + + if data.Components() == nil { + return secrets + } + + componentList := map[string]interface{}{ + util.KarmadaAggregatedAPIServerName(data.GetName()): data.Components().KarmadaAggregatedAPIServer, + util.KarmadaControllerManagerName(data.GetName()): data.Components().KarmadaControllerManager, + util.KubeControllerManagerName(data.GetName()): data.Components().KubeControllerManager, + util.KarmadaSchedulerName(data.GetName()): data.Components().KarmadaScheduler, + util.KarmadaDeschedulerName(data.GetName()): data.Components().KarmadaDescheduler, + util.KarmadaMetricsAdapterName(data.GetName()): data.Components().KarmadaMetricsAdapter, + util.KarmadaSearchName(data.GetName()): data.Components().KarmadaSearch, + util.KarmadaWebhookName(data.GetName()): data.Components().KarmadaWebhook, + } + + for karmadaComponentName, component := range componentList { + if component != nil { + secrets = append(secrets, generateKubeconfigSecret(util.ComponentKubeconfigSecretName(karmadaComponentName), data.GetNamespace(), configString)) + } + } + + return secrets +} + // NewUploadCertsTask init a Upload-Certs task func NewUploadCertsTask(karmada *operatorv1alpha1.Karmada) workflow.Task { tasks := []workflow.Task{ diff --git a/operator/pkg/util/naming.go b/operator/pkg/util/naming.go index dbbecab7a70e..a4122f06f796 100644 --- a/operator/pkg/util/naming.go +++ b/operator/pkg/util/naming.go @@ -29,6 +29,11 @@ func AdminKubeconfigSecretName(karmada string) string { return generateResourceName(karmada, "admin-config") } +// ComponentKubeconfigSecretName returns secret name of karmada component kubeconfig +func ComponentKubeconfigSecretName(karmadaComponent string) string { + return generateResourceName(karmadaComponent, "config") +} + // KarmadaCertSecretName returns secret name of karmada certs func KarmadaCertSecretName(karmada string) string { return generateResourceName(karmada, "cert")