Skip to content

Commit ced34a5

Browse files
kvapsprometherion
authored andcommitted
Allow overriding secretKey for kubeadm kubeconfig
During reconciliation, the bootstrap provider copies the content from the secret provided by Kamaji, named `<cluster>-admin-kubeconfig` into a `cluster-info` configmap of tenant cluster, which then used by kubeadm to join nodes. This change introduces a new annotation, `kamaji.clastix.io/kubeconfig-secret-key`, for the TenantControlPlane resource. This annotation instructs kamaji to read the kubeconfig from a specific key (the default one is super-admin.conf). Example: ``` kamaji.clastix.io/kubeconfig-secret-key: super-admin.svc ``` This will instruct the system to use `super-admin.svc` a kubeconfig with a local service FQDN (introduced by #403). Signed-off-by: Andrei Kvapil <[email protected]>
1 parent 1311220 commit ced34a5

File tree

2 files changed

+11
-4
lines changed

2 files changed

+11
-4
lines changed

api/v1alpha1/types.go

+4-3
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,10 @@ func (c CGroupDriver) String() string {
2828
}
2929

3030
const (
31-
ServiceTypeLoadBalancer = (ServiceType)(corev1.ServiceTypeLoadBalancer)
32-
ServiceTypeClusterIP = (ServiceType)(corev1.ServiceTypeClusterIP)
33-
ServiceTypeNodePort = (ServiceType)(corev1.ServiceTypeNodePort)
31+
ServiceTypeLoadBalancer = (ServiceType)(corev1.ServiceTypeLoadBalancer)
32+
ServiceTypeClusterIP = (ServiceType)(corev1.ServiceTypeClusterIP)
33+
ServiceTypeNodePort = (ServiceType)(corev1.ServiceTypeNodePort)
34+
KubeconfigSecretKeyAnnotation = "kamaji.clastix.io/kubeconfig-secret-key"
3435
)
3536

3637
// +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer

internal/utilities/tenant_client.go

+7-1
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,13 @@ func GetTenantKubeconfig(ctx context.Context, client client.Client, tenantContro
4444
return nil, err
4545
}
4646

47-
return DecodeKubeconfig(*secretKubeconfig, kubeadmconstants.SuperAdminKubeConfigFileName)
47+
secretKey := kubeadmconstants.SuperAdminKubeConfigFileName
48+
v, ok := tenantControlPlane.GetAnnotations()[kamajiv1alpha1.KubeconfigSecretKeyAnnotation]
49+
if ok && v != "" {
50+
secretKey = v
51+
}
52+
53+
return DecodeKubeconfig(*secretKubeconfig, secretKey)
4854
}
4955

5056
func GetRESTClientConfig(ctx context.Context, client client.Client, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) (*restclient.Config, error) {

0 commit comments

Comments
 (0)