-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow overriding secretKey for kubeconfig #78
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we could take advantage of constants, it would be much better, wondering why I didn't do from.the beginning.
a1c7eac
to
d57dc5f
Compare
Ah that was just a draft, thanks for your corrections. PR updated and ready for review. |
d57dc5f
to
e005162
Compare
e005162
to
d760af7
Compare
I'm thinking of the use case you're trying to solve, here, also considering the discussion we had on Slack. Don't you think it would be better to have the TenantControlPlane exposed using the I'm a bit worried about the too many knobs we could introduce: although you know what you're doing other users could be able to shoot themselves in the foot, and this is something that must be carefully prevented to ensure the onboarding process works as expected. Happy to chat. |
Sure, it's open for discussion. I suggested using an annotation because this setup might be uncommon. Alternatively, I think we can introduce an option that will be completely understandable to everyone. For example, What do you think? |
Hello. I like this PR. Because I would prefer use super-admin.conf as generic kubeconfig (based on 'system:master' Group to prevent losing access capi to managed kubernetes clusters) |
@kvaps if we get clastix/kamaji#408 merged first, we could reuse the constant defined in the root repository. Overall, LGTM. |
d760af7
to
d89c48c
Compare
@prometherion PR rebased. But now it depends on imported lib, so please review and merge #93 first |
@kvaps merged, please, rebase so we can use the last code base from Kamaji, thanks! |
86ab061
to
19b83d6
Compare
During reconciliation, the control plane provider copies the content from the secret provided by Kamaji, named <cluster>-admin-kubeconfig, into a generic Cluster API secret, <cluster>-kubeconfig, which can then be used by the bootstrap provider and other cluster components. This change introduces a new annotation, kamaji.clastix.io/kubeconfig-secret-key, for the KamajiControlPlane resource. This annotation instructs the control plane provider to read the kubeconfig from a specific key (the default one is admin.conf). Example: ``` kamaji.clastix.io/kubeconfig-secret-key: admin.svc ``` This will instruct the system to use `admin.svc` a kubeconfig with a local service FQDN (introduced by clastix/kamaji#403). Signed-off-by: Andrei Kvapil <[email protected]>
19b83d6
to
eb42e0e
Compare
job is done |
During reconciliation, the control plane provider copies the content from the secret provided by Kamaji, named -admin-kubeconfig, into a generic Cluster API secret, -kubeconfig, which can then be used by the bootstrap provider and other cluster components.
This change introduces a new annotation, kamaji.clastix.io/kubeconfig-secret-key, for the KamajiControlPlane resource. This annotation instructs the control plane provider to read the kubeconfig from a specific key (the default one is admin.conf).
Example:
This will instruct the system to use
super-admin.svc
a kubeconfig with a local service FQDN (introduced by clastix/kamaji#403).And also copy this annotation for TenantControlPlane object (see: clastix/kamaji#408)
requires #93 to get merged first