Skip to content

Commit 294d70a

Browse files
committed
Allow overriding secretKey for kubeadm kubeconfig
During reconciliation, the bootstrap provider copies the content from the secret provided by Kamaji, named `<cluster>-admin-kubeconfig` into a `cluster-info` configmap of tenant cluster, which then used by kubeadm to join nodes. This change introduces a new annotation, `kamaji.clastix.io/kubeconfig-secret-key`, for the TenantControlPlane resource. This annotation instructs kamaji to read the kubeconfig from a specific key (the default one is super-admin.conf). Example: ``` kamaji.clastix.io/kubeconfig-secret-key: super-admin.svc ``` This will instruct the system to use `super-admin.svc` a kubeconfig with a local service FQDN (introduced by #403). Signed-off-by: Andrei Kvapil <[email protected]>
1 parent 197518b commit 294d70a

File tree

2 files changed

+11
-4
lines changed

2 files changed

+11
-4
lines changed

api/v1alpha1/types.go

+4-3
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,10 @@ func (c CGroupDriver) String() string {
2828
}
2929

3030
const (
31-
ServiceTypeLoadBalancer = (ServiceType)(corev1.ServiceTypeLoadBalancer)
32-
ServiceTypeClusterIP = (ServiceType)(corev1.ServiceTypeClusterIP)
33-
ServiceTypeNodePort = (ServiceType)(corev1.ServiceTypeNodePort)
31+
ServiceTypeLoadBalancer = (ServiceType)(corev1.ServiceTypeLoadBalancer)
32+
ServiceTypeClusterIP = (ServiceType)(corev1.ServiceTypeClusterIP)
33+
ServiceTypeNodePort = (ServiceType)(corev1.ServiceTypeNodePort)
34+
KubeconfigSecretKeyAnnotation = "kamaji.clastix.io/kubeconfig-secret-key"
3435
)
3536

3637
// +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer

internal/utilities/tenant_client.go

+7-1
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,13 @@ func GetTenantKubeconfig(ctx context.Context, client client.Client, tenantContro
4444
return nil, err
4545
}
4646

47-
return DecodeKubeconfig(*secretKubeconfig, kubeadmconstants.SuperAdminKubeConfigFileName)
47+
secretKey := kubeadmconstants.SuperAdminKubeConfigFileName
48+
v, ok := tenantControlPlane.GetAnnotations()[kamajiv1alpha1.KubeconfigSecretKeyAnnotation]
49+
if ok && v != "" {
50+
secretKey = v
51+
}
52+
53+
return DecodeKubeconfig(*secretKubeconfig, secretKey)
4854
}
4955

5056
func GetRESTClientConfig(ctx context.Context, client client.Client, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) (*restclient.Config, error) {

0 commit comments

Comments
 (0)