From edd0fe6080d06c83f87c52e26f7bfe6a6b50c7f4 Mon Sep 17 00:00:00 2001 From: zhzhuang-zju Date: Sat, 19 Oct 2024 16:55:17 +0800 Subject: [PATCH] Redact sensitive information from the karmadactl init command output Signed-off-by: zhzhuang-zju --- pkg/karmadactl/cmdinit/karmada/deploy.go | 33 ------------------- pkg/karmadactl/cmdinit/kubernetes/deploy.go | 8 +---- pkg/karmadactl/cmdinit/utils/examples.go | 16 +++++---- pkg/karmadactl/cmdinit/utils/examples_test.go | 2 +- 4 files changed, 12 insertions(+), 47 deletions(-) diff --git a/pkg/karmadactl/cmdinit/karmada/deploy.go b/pkg/karmadactl/cmdinit/karmada/deploy.go index 899adfead9cf..65cea44e35a5 100644 --- a/pkg/karmadactl/cmdinit/karmada/deploy.go +++ b/pkg/karmadactl/cmdinit/karmada/deploy.go @@ -47,7 +47,6 @@ import ( "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/utils" "github.com/karmada-io/karmada/pkg/karmadactl/util" "github.com/karmada-io/karmada/pkg/karmadactl/util/apiclient" - tokenutil "github.com/karmada-io/karmada/pkg/karmadactl/util/bootstraptoken" ) const ( @@ -128,38 +127,6 @@ func InitKarmadaResources(dir, caBase64, systemNamespace string) error { return nil } -// InitKarmadaBootstrapToken create initial bootstrap token -func InitKarmadaBootstrapToken(dir string) (string, error) { - restConfig, err := apiclient.RestConfig("", filepath.Join(dir, options.KarmadaKubeConfigName)) - if err != nil { - return "", err - } - - clientSet, err := apiclient.NewClientSet(restConfig) - if err != nil { - return "", err - } - // Create initial bootstrap token - klog.Info("Initialize karmada bootstrap token") - bootstrapToken, err := tokenutil.GenerateRandomBootstrapToken(&metav1.Duration{Duration: tokenutil.DefaultTokenDuration}, "", tokenutil.DefaultGroups, tokenutil.DefaultUsages) - if err != nil { - return "", err - } - - if err := tokenutil.CreateNewToken(clientSet, bootstrapToken); err != nil { - return "", err - } - - tokenStr := bootstrapToken.Token.ID + "." + bootstrapToken.Token.Secret - - registerCommand, err := tokenutil.GenerateRegisterCommand(filepath.Join(dir, options.KarmadaKubeConfigName), "", tokenStr, "") - if err != nil { - return "", fmt.Errorf("failed to get register command, err: %w", err) - } - - return registerCommand, nil -} - func createExtraResources(clientSet *kubernetes.Clientset, dir string) error { // grant view clusterrole with karmada resource permission if err := grantKarmadaPermissionToViewClusterRole(clientSet); err != nil { diff --git a/pkg/karmadactl/cmdinit/kubernetes/deploy.go b/pkg/karmadactl/cmdinit/kubernetes/deploy.go index e8ca39aa8647..827a6d1ea04e 100644 --- a/pkg/karmadactl/cmdinit/kubernetes/deploy.go +++ b/pkg/karmadactl/cmdinit/kubernetes/deploy.go @@ -599,18 +599,12 @@ func (i *CommandInitOption) RunInit(parentCommand string) error { return err } - // Create bootstrap token in karmada - registerCommand, err := karmada.InitKarmadaBootstrapToken(i.KarmadaDataPath) - if err != nil { - return err - } - // install karmada Component if err := i.initKarmadaComponent(); err != nil { return err } - utils.GenExamples(i.KarmadaDataPath, parentCommand, registerCommand) + utils.GenExamples(i.KarmadaDataPath, parentCommand) return nil } diff --git a/pkg/karmadactl/cmdinit/utils/examples.go b/pkg/karmadactl/cmdinit/utils/examples.go index 486b92500b92..22bc1b4bb2da 100644 --- a/pkg/karmadactl/cmdinit/utils/examples.go +++ b/pkg/karmadactl/cmdinit/utils/examples.go @@ -168,7 +168,7 @@ spec: ) // GenExamples Generate sample files -func GenExamples(path, parentCommand, printRegisterCommand string) { +func GenExamples(path, parentCommand string) { karmadaAgentStr := fmt.Sprintf(karmadaAgent, options.ClusterName) if err := BytesToFile(path, "karmada-agent.yaml", []byte(karmadaAgentStr)); err != nil { klog.Warning(err) @@ -206,11 +206,15 @@ Step 2: Show members of karmada Register cluster with 'Pull' mode -Step 1: Use "%[2]s register" command to register the cluster to Karmada control plane. "--cluster-name" is set to cluster of current-context by default. -(In member cluster)~# %[2]s%[3]s +Step 1: Create bootstrap tokens and get the full '%[2]s register' flag needed to register the member cluster using the token. +(In karmada)~# %[2]s token create --print-register-command --kubeconfig %[1]s/karmada-apiserver.config +%[2]s register [karmada-apiserver-endpoint] --token [token] --discovery-token-ca-cert-hash [ca-cert-hash] -Step 2: Show members of karmada -(In karmada)~# kubectl --kubeconfig %[1]s/karmada-apiserver.config get clusters +Step 2: Use the output result from step 1 to register the cluster to Karmada control plane. "--cluster-name" is set to cluster of current-context by default. +(In member cluster)~# %[2]s register [karmada-apiserver-endpoint] --token [token] --discovery-token-ca-cert-hash [ca-cert-hash] + +Step 3: Show members of karmada +(In karmada)~# karmadactl --kubeconfig %[1]s/karmada-apiserver.config get clusters -`, path, parentCommand, printRegisterCommand) +`, path, parentCommand) } diff --git a/pkg/karmadactl/cmdinit/utils/examples_test.go b/pkg/karmadactl/cmdinit/utils/examples_test.go index f5f171329c82..947be2a0793a 100644 --- a/pkg/karmadactl/cmdinit/utils/examples_test.go +++ b/pkg/karmadactl/cmdinit/utils/examples_test.go @@ -19,5 +19,5 @@ package utils import "testing" func TestGenExamples(_ *testing.T) { - GenExamples("/tmp", "kubectl karmada", " register") + GenExamples("/tmp", "kubectl karmada") }