Skip to content

Commit

Permalink
standardize the naming of karmada secrets in local up method
Browse files Browse the repository at this point in the history 
Signed-off-by: chaosi-zju <[email protected]>
  • Loading branch information
@chaosi-zju
chaosi-zju committed Sep 5, 2024
1 parent f2bed78 commit 687b770
Show file tree
Hide file tree
Showing 18 changed files with 106 additions and 101 deletions.
6 changes: 3 additions & 3 deletions artifacts/agent/karmada-agent.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
imagePullPolicy: {{image_pull_policy}}
command:
- /bin/karmada-agent
- --karmada-kubeconfig=/etc/kubeconfig/karmada-kubeconfig
- --karmada-kubeconfig=/etc/kubeconfig/kubeconfig
- --karmada-context={{karmada_context}}
- --cluster-name={{member_cluster_name}}
- --cluster-api-endpoint={{member_cluster_api_endpoint}}
Expand All @@ -48,9 +48,9 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
- name: karmada-kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: kubeconfig
- name: karmada-kubeconfig
secret:
secretName: karmada-kubeconfig
12 changes: 6 additions & 6 deletions artifacts/deploy/karmada-aggregated-apiserver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
Expand All @@ -40,8 +40,8 @@ spec:
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
- --etcd-keyfile=/etc/karmada/pki/etcd-client.key
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
- --tls-cert-file=/etc/karmada/pki/karmada-server.crt
- --tls-private-key-file=/etc/karmada/pki/karmada-server.key
- --audit-log-path=-
- --audit-log-maxage=0
- --audit-log-maxbackup=0
Expand All @@ -68,10 +68,10 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
---
apiVersion: v1
kind: Service
Expand Down
10 changes: 5 additions & 5 deletions artifacts/deploy/karmada-apiserver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ spec:
- --runtime-config=
- --secure-port=5443
- --service-account-issuer=https://kubernetes.default.svc.cluster.local
- --service-account-key-file=/etc/karmada/pki/karmada.key
- --service-account-signing-key-file=/etc/karmada/pki/karmada.key
- --service-account-key-file=/etc/karmada/pki/karmada-client.key
- --service-account-signing-key-file=/etc/karmada/pki/karmada-client.key
- --service-cluster-ip-range=10.96.0.0/12
- --proxy-client-cert-file=/etc/karmada/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/karmada/pki/front-proxy-client.key
Expand All @@ -57,8 +57,8 @@ spec:
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --tls-cert-file=/etc/karmada/pki/apiserver.crt
- --tls-private-key-file=/etc/karmada/pki/apiserver.key
- --tls-cert-file=/etc/karmada/pki/karmada-server.crt
- --tls-private-key-file=/etc/karmada/pki/karmada-server.key
- --tls-min-version=VersionTLS13
name: karmada-apiserver
image: registry.k8s.io/kube-apiserver:{{karmada_apiserver_version}}
Expand Down Expand Up @@ -107,7 +107,7 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
secretName: karmada-certs
---
apiVersion: v1
kind: Service
Expand Down
20 changes: 11 additions & 9 deletions artifacts/deploy/karmada-cert-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,24 @@
# karmada-client.crt: mainly used to construct kubeconfig for other components to access karmada-apiserver.
# karmada-server.crt: mainly used as server certificate for karmada components, such as karmada-apiserver, karmada-search, karmada-metrics-adapter, etc.
apiVersion: v1
kind: Secret
metadata:
name: karmada-cert-secret
name: karmada-certs
namespace: karmada-system
type: Opaque
data:
ca.crt: |
{{ca_crt}}
ca.key: |
{{ca_key}}
karmada.crt: |
{{client_crt}}
karmada.key: |
{{client_key}}
apiserver.crt: |
{{apiserver_crt}}
apiserver.key: |
{{apiserver_key}}
karmada-client.crt: |
{{karmada_client_crt}}
karmada-client.key: |
{{karmada_client_key}}
karmada-server.crt: |
{{karmada_server_crt}}
karmada-server.key: |
{{karmada_server_key}}
front-proxy-ca.crt: |
{{front_proxy_ca_crt}}
front-proxy-client.crt: |
Expand Down
6 changes: 3 additions & 3 deletions artifacts/deploy/karmada-controller-manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,10 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: kubeconfig
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
12 changes: 6 additions & 6 deletions artifacts/deploy/karmada-descheduler.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ spec:
- --metrics-bind-address=0.0.0.0:10358
- --health-probe-bind-address=0.0.0.0:10358
- --scheduler-estimator-ca-file=/etc/karmada/pki/ca.crt
- --scheduler-estimator-cert-file=/etc/karmada/pki/karmada.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada.key
- --scheduler-estimator-cert-file=/etc/karmada/pki/karmada-client.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada-client.key
- --v=4
livenessProbe:
httpGet:
Expand All @@ -49,13 +49,13 @@ spec:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
2 changes: 1 addition & 1 deletion artifacts/deploy/karmada-etcd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ spec:
name: etcd-data
- name: etcd-certs
secret:
secretName: karmada-cert-secret
secretName: karmada-certs
---

apiVersion: v1
Expand Down
2 changes: 1 addition & 1 deletion artifacts/deploy/secret.yaml → ...cts/deploy/karmada-kubeconfig-secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,5 @@ stringData:
client-key-data: {{client_key}}
kind: Secret
metadata:
name: kubeconfig
name: karmada-kubeconfig
namespace: karmada-system
12 changes: 6 additions & 6 deletions artifacts/deploy/karmada-metrics-adapter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
Expand All @@ -37,8 +37,8 @@ spec:
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --client-ca-file=/etc/karmada/pki/ca.crt
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
- --tls-cert-file=/etc/karmada/pki/karmada-server.crt
- --tls-private-key-file=/etc/karmada/pki/karmada-server.key
- --audit-log-path=-
- --audit-log-maxage=0
- --audit-log-maxbackup=0
Expand Down Expand Up @@ -67,10 +67,10 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
---
apiVersion: v1
kind: Service
Expand Down
6 changes: 3 additions & 3 deletions artifacts/deploy/karmada-scheduler-estimator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ spec:
- /bin/karmada-scheduler-estimator
- --kubeconfig=/etc/{{member_cluster_name}}-kubeconfig
- --cluster-name={{member_cluster_name}}
- --grpc-auth-cert-file=/etc/karmada/pki/karmada.crt
- --grpc-auth-key-file=/etc/karmada/pki/karmada.key
- --grpc-auth-cert-file=/etc/karmada/pki/karmada-server.crt
- --grpc-auth-key-file=/etc/karmada/pki/karmada-server.key
- --grpc-client-ca-file=/etc/karmada/pki/ca.crt
- --metrics-bind-address=0.0.0.0:10351
- --health-probe-bind-address=0.0.0.0:10351
Expand All @@ -55,7 +55,7 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
secretName: karmada-certs
- name: member-kubeconfig
secret:
secretName: {{member_cluster_name}}-kubeconfig
Expand Down
12 changes: 6 additions & 6 deletions artifacts/deploy/karmada-scheduler.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,20 +44,20 @@ spec:
- --health-probe-bind-address=0.0.0.0:10351
- --enable-scheduler-estimator=true
- --scheduler-estimator-ca-file=/etc/karmada/pki/ca.crt
- --scheduler-estimator-cert-file=/etc/karmada/pki/karmada.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada.key
- --scheduler-estimator-cert-file=/etc/karmada/pki/karmada-client.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada-client.key
- --v=4
volumeMounts:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
12 changes: 6 additions & 6 deletions artifacts/deploy/karmada-search.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
- name: karmada-certs
mountPath: /etc/karmada/pki
readOnly: true
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
Expand All @@ -40,8 +40,8 @@ spec:
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
- --etcd-keyfile=/etc/karmada/pki/etcd-client.key
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
- --tls-cert-file=/etc/karmada/pki/karmada-server.crt
- --tls-private-key-file=/etc/karmada/pki/karmada-server.key
- --audit-log-path=-
- --audit-log-maxage=0
- --audit-log-maxbackup=0
Expand All @@ -61,10 +61,10 @@ spec:
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
---
apiVersion: v1
kind: Service
Expand Down
6 changes: 3 additions & 3 deletions artifacts/deploy/karmada-webhook-cert-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: webhook-cert
name: karmada-webhook-cert
namespace: karmada-system
type: kubernetes.io/tls
data:
tls.crt: |
{{server_certificate}}
{{karmada_server_crt}}
tls.key: |
{{server_key}}
{{karmada_server_key}}
16 changes: 8 additions & 8 deletions artifacts/deploy/karmada-webhook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,32 +31,32 @@ spec:
- --default-not-ready-toleration-seconds=30
- --default-unreachable-toleration-seconds=30
- --secure-port=8443
- --cert-dir=/var/serving-cert
- --cert-dir=/etc/karmada/pki
- --v=4
ports:
- containerPort: 8443
- containerPort: 8080
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
- name: karmada-kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
- name: cert
mountPath: /var/serving-cert
- name: karmada-webhook-cert
mountPath: /etc/karmada/pki
readOnly: true
readinessProbe:
httpGet:
path: /readyz
port: 8443
scheme: HTTPS
volumes:
- name: kubeconfig
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
- name: cert
secretName: karmada-kubeconfig
- name: karmada-webhook-cert
secret:
secretName: webhook-cert
secretName: karmada-webhook-cert
---
apiVersion: v1
kind: Service
Expand Down
10 changes: 5 additions & 5 deletions artifacts/deploy/kube-controller-manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ spec:
- --leader-elect=true
- --node-cidr-mask-size=24
- --root-ca-file=/etc/karmada/pki/ca.crt
- --service-account-private-key-file=/etc/karmada/pki/karmada.key
- --service-account-private-key-file=/etc/karmada/pki/karmada-client.key
- --service-cluster-ip-range=10.96.0.0/12
- --use-service-account-credentials=true
- --v=4
Expand All @@ -74,12 +74,12 @@ spec:
readOnly: true
- mountPath: /etc/kubeconfig
subPath: kubeconfig
name: kubeconfig
name: karmada-kubeconfig
priorityClassName: system-node-critical
volumes:
- name: karmada-certs
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: karmada-certs
- name: karmada-kubeconfig
secret:
secretName: kubeconfig
secretName: karmada-kubeconfig
Loading

0 comments on commit 687b770

Please sign in to comment.