Allow overriding secretKey for kubeadm kubeconfig

kvaps · kvaps · commit 6df5b94f534d · 2024-03-05T09:21:40.000+01:00
During reconciliation, the bootstrap provider copies the content from the secret provided by Kamaji, named `<cluster>-admin-kubeconfig` into a `cluster-info` configmap of tenant cluster, which then used by kubeadm to join nodes. This change introduces a new annotation, `kamaji.clastix.io/kubeconfig-secret-key`, for the TenantControlPlane resource. This annotation instructs kamaji to read the kubeconfig from a specific key (the default one is super-admin.conf). Example: ``` kamaji.clastix.io/kubeconfig-secret-key: super-admin.svc ``` This will instruct the system to use `super-admin.svc` a kubeconfig with a local service FQDN (introduced by #403). Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
diff --git a/api/v1alpha1/types.go b/api/v1alpha1/types.go
@@ -28,9 +28,10 @@ func (c CGroupDriver) String() string {
 }
 
 const (
-	ServiceTypeLoadBalancer = (ServiceType)(corev1.ServiceTypeLoadBalancer)
-	ServiceTypeClusterIP    = (ServiceType)(corev1.ServiceTypeClusterIP)
-	ServiceTypeNodePort     = (ServiceType)(corev1.ServiceTypeNodePort)
+	ServiceTypeLoadBalancer       = (ServiceType)(corev1.ServiceTypeLoadBalancer)
+	ServiceTypeClusterIP          = (ServiceType)(corev1.ServiceTypeClusterIP)
+	ServiceTypeNodePort           = (ServiceType)(corev1.ServiceTypeNodePort)
+	KubeConfigSecretKeyAnnotation = "kamaji.clastix.io/kubeconfig-secret-key"
 )
 
 // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer
diff --git a/internal/utilities/tenant_client.go b/internal/utilities/tenant_client.go
@@ -16,6 +16,7 @@ import (
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/clastix/kamaji/api/v1alpha1"
 	kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1"
 )
 
@@ -44,7 +45,13 @@ func GetTenantKubeconfig(ctx context.Context, client client.Client, tenantContro
 		return nil, err
 	}
 
-	return DecodeKubeconfig(*secretKubeconfig, kubeadmconstants.SuperAdminKubeConfigFileName)
+	secretKey := kubeadmconstants.SuperAdminKubeConfigFileName
+	v, ok := tenantControlPlane.GetAnnotations()[v1alpha1.KubeConfigSecretKeyAnnotation]
+	if ok && v != "" {
+		secretKey = v
+	}
+
+	return DecodeKubeconfig(*secretKubeconfig, secretKey)
 }
 
 func GetRESTClientConfig(ctx context.Context, client client.Client, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) (*restclient.Config, error) {

Original file line number	Diff line number	Diff line change
`@@ -28,9 +28,10 @@ func (c CGroupDriver) String() string {`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`const (`
`31`		`- ServiceTypeLoadBalancer = (ServiceType)(corev1.ServiceTypeLoadBalancer)`
`32`		`- ServiceTypeClusterIP = (ServiceType)(corev1.ServiceTypeClusterIP)`
`33`		`- ServiceTypeNodePort = (ServiceType)(corev1.ServiceTypeNodePort)`
	`31`	`+ ServiceTypeLoadBalancer = (ServiceType)(corev1.ServiceTypeLoadBalancer)`
	`32`	`+ ServiceTypeClusterIP = (ServiceType)(corev1.ServiceTypeClusterIP)`
	`33`	`+ ServiceTypeNodePort = (ServiceType)(corev1.ServiceTypeNodePort)`
	`34`	`+ KubeConfigSecretKeyAnnotation = "kamaji.clastix.io/kubeconfig-secret-key"`
`34`	`35`	`)`
`35`	`36`
`36`	`37`	`// +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer`
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ import (`
`16`	`16`	`kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"`
`17`	`17`	`"sigs.k8s.io/controller-runtime/pkg/client"`
`18`	`18`
	`19`	`+ "github.com/clastix/kamaji/api/v1alpha1"`
`19`	`20`	`kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1"`
`20`	`21`	`)`
`21`	`22`
`@@ -44,7 +45,13 @@ func GetTenantKubeconfig(ctx context.Context, client client.Client, tenantContro`
`44`	`45`	`return nil, err`
`45`	`46`	`}`
`46`	`47`
`47`		`- return DecodeKubeconfig(*secretKubeconfig, kubeadmconstants.SuperAdminKubeConfigFileName)`
	`48`	`+ secretKey := kubeadmconstants.SuperAdminKubeConfigFileName`
	`49`	`+ v, ok := tenantControlPlane.GetAnnotations()[v1alpha1.KubeConfigSecretKeyAnnotation]`
	`50`	`+ if ok && v != "" {`
	`51`	`+ secretKey = v`
	`52`	`+ }`
	`53`	`+`
	`54`	`+ return DecodeKubeconfig(*secretKubeconfig, secretKey)`
`48`	`55`	`}`
`49`	`56`
`50`	`57`	`func GetRESTClientConfig(ctx context.Context, client client.Client, tenantControlPlane kamajiv1alpha1.TenantControlPlane) (restclient.Config, error) {`