Skip to content

Commit

Permalink
standardize the naming of karmada secrets in local up method
Browse files Browse the repository at this point in the history 
Signed-off-by: chaosi-zju <[email protected]>
  • Loading branch information
@chaosi-zju
chaosi-zju committed Oct 9, 2024
1 parent 52a5b4c commit 28fca6b
Show file tree
Hide file tree
Showing 19 changed files with 335 additions and 249 deletions.
10 changes: 5 additions & 5 deletions artifacts/agent/karmada-agent.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
imagePullPolicy: {{image_pull_policy}}
command:
- /bin/karmada-agent
- --karmada-kubeconfig=/etc/kubeconfig/karmada-kubeconfig
- --karmada-kubeconfig=/etc/karmada/config/karmada.config
- --karmada-context={{karmada_context}}
- --cluster-name={{member_cluster_name}}
- --cluster-api-endpoint={{member_cluster_api_endpoint}}
Expand All @@ -48,9 +48,9 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
mountPath: /etc/kubeconfig
- name: karmada-config
mountPath: /etc/karmada/config
volumes:
- name: kubeconfig
- name: karmada-config
secret:
secretName: karmada-kubeconfig
secretName: karmada-config
40 changes: 23 additions & 17 deletions artifacts/deploy/karmada-aggregated-apiserver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,23 +25,26 @@ spec:
image: docker.io/karmada/karmada-aggregated-apiserver:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: karmada-certs
mountPath: /etc/karmada/pki
- name: server-cert
mountPath: /etc/karmada/pki/server
readOnly: true
- name: etcd-client-cert
mountPath: /etc/karmada/pki/etcd-client
readOnly: true
- name: karmada-config
mountPath: /etc/karmada/config
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
- /bin/karmada-aggregated-apiserver
- --kubeconfig=/etc/kubeconfig
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
- --etcd-keyfile=/etc/karmada/pki/etcd-client.key
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
- --etcd-cafile=/etc/karmada/pki/etcd-client/ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client/tls.crt
- --etcd-keyfile=/etc/karmada/pki/etcd-client/tls.key
- --tls-cert-file=/etc/karmada/pki/server/tls.crt
- --tls-private-key-file=/etc/karmada/pki/server/tls.key
- --audit-log-path=-
- --audit-log-maxage=0
- --audit-log-maxbackup=0
Expand All @@ -66,12 +69,15 @@ spec:
periodSeconds: 10
timeoutSeconds: 15
volumes:
- name: karmada-certs
- name: server-cert
secret:
secretName: server-cert
- name: etcd-client-cert
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: etcd-client-cert
- name: karmada-config
secret:
secretName: kubeconfig
secretName: karmada-config
---
apiVersion: v1
kind: Service
Expand Down
45 changes: 30 additions & 15 deletions artifacts/deploy/karmada-apiserver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,29 +36,29 @@ spec:
- kube-apiserver
- --allow-privileged=true
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/karmada/pki/ca.crt
- --client-ca-file=/etc/karmada/pki/server/ca.crt
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client.crt
- --etcd-keyfile=/etc/karmada/pki/etcd-client.key
- --etcd-cafile=/etc/karmada/pki/etcd-client/ca.crt
- --etcd-certfile=/etc/karmada/pki/etcd-client/tls.crt
- --etcd-keyfile=/etc/karmada/pki/etcd-client/tls.key
- --etcd-servers=https://etcd-client.karmada-system.svc.cluster.local:2379
- --bind-address=0.0.0.0
- --disable-admission-plugins=StorageObjectInUseProtection,ServiceAccount
- --runtime-config=
- --secure-port=5443
- --service-account-issuer=https://kubernetes.default.svc.cluster.local
- --service-account-key-file=/etc/karmada/pki/karmada.key
- --service-account-signing-key-file=/etc/karmada/pki/karmada.key
- --service-account-key-file=/etc/karmada/pki/server/tls.key
- --service-account-signing-key-file=/etc/karmada/pki/server/tls.key
- --service-cluster-ip-range=10.96.0.0/12
- --proxy-client-cert-file=/etc/karmada/pki/front-proxy-client.crt
- --proxy-client-key-file=/etc/karmada/pki/front-proxy-client.key
- --proxy-client-cert-file=/etc/karmada/pki/front-proxy-client/tls.crt
- --proxy-client-key-file=/etc/karmada/pki/front-proxy-client/tls.key
- --requestheader-allowed-names=front-proxy-client
- --requestheader-client-ca-file=/etc/karmada/pki/front-proxy-ca.crt
- --requestheader-client-ca-file=/etc/karmada/pki/front-proxy-client/ca.crt
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --tls-cert-file=/etc/karmada/pki/apiserver.crt
- --tls-private-key-file=/etc/karmada/pki/apiserver.key
- --tls-cert-file=/etc/karmada/pki/server/tls.crt
- --tls-private-key-file=/etc/karmada/pki/server/tls.key
- --tls-min-version=VersionTLS13
name: karmada-apiserver
image: registry.k8s.io/kube-apiserver:{{karmada_apiserver_version}}
Expand Down Expand Up @@ -88,8 +88,14 @@ spec:
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/karmada/pki
name: karmada-certs
- mountPath: /etc/karmada/pki/server
name: server-cert
readOnly: true
- mountPath: /etc/karmada/pki/front-proxy-client
name: front-proxy-client-cert
readOnly: true
- mountPath: /etc/karmada/pki/etcd-client
name: etcd-client-cert
readOnly: true
dnsPolicy: ClusterFirstWithHostNet
enableServiceLinks: true
Expand All @@ -105,9 +111,18 @@ spec:
- effect: NoExecute
operator: Exists
volumes:
- name: karmada-certs
- name: server-cert
secret:
secretName: server-cert
- name: client-cert
secret:
secretName: client-cert
- name: front-proxy-client-cert
secret:
secretName: front-proxy-client-cert
- name: etcd-client-cert
secret:
secretName: karmada-cert-secret
secretName: etcd-client-cert
---
apiVersion: v1
kind: Service
Expand Down
35 changes: 0 additions & 35 deletions artifacts/deploy/karmada-cert-secret.yaml
View file

This file was deleted.

11 changes: 5 additions & 6 deletions artifacts/deploy/karmada-controller-manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-controller-manager
- --kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --metrics-bind-address=:8080
- --cluster-status-update-frequency=10s
- --failover-eviction-timeout=30s
Expand All @@ -47,10 +47,9 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
- name: karmada-config
mountPath: /etc/karmada/config
volumes:
- name: kubeconfig
- name: karmada-config
secret:
secretName: kubeconfig
secretName: karmada-config
26 changes: 13 additions & 13 deletions artifacts/deploy/karmada-descheduler.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@ spec:
imagePullPolicy: IfNotPresent
command:
- /bin/karmada-descheduler
- --kubeconfig=/etc/kubeconfig
- --kubeconfig=/etc/karmada/config/karmada.config
- --metrics-bind-address=0.0.0.0:8080
- --health-probe-bind-address=0.0.0.0:10358
- --scheduler-estimator-ca-file=/etc/karmada/pki/ca.crt
- --scheduler-estimator-cert-file=/etc/karmada/pki/karmada.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/karmada.key
- --scheduler-estimator-ca-file=/etc/karmada/pki/client/ca.crt
- --scheduler-estimator-cert-file=/etc/karmada/pki/client/tls.crt
- --scheduler-estimator-key-file=/etc/karmada/pki/client/tls.key
- --v=4
livenessProbe:
httpGet:
Expand All @@ -46,16 +46,16 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: karmada-certs
mountPath: /etc/karmada/pki
- name: client-cert
mountPath: /etc/karmada/pki/client
readOnly: true
- name: karmada-config
mountPath: /etc/karmada/config/
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
volumes:
- name: karmada-certs
- name: client-cert
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: client-cert
- name: karmada-config
secret:
secretName: kubeconfig
secretName: karmada-config
21 changes: 13 additions & 8 deletions artifacts/deploy/karmada-etcd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ spec:
command:
- /bin/sh
- -ec
- 'etcdctl get /registry --prefix --keys-only --endpoints https://127.0.0.1:2379 --cacert /etc/karmada/pki/etcd-ca.crt --cert /etc/karmada/pki/etcd-server.crt --key /etc/karmada/pki/etcd-server.key'
- 'etcdctl get /registry --prefix --keys-only --endpoints https://127.0.0.1:2379 --cacert /etc/karmada/pki/etcd-client/ca.crt --cert /etc/karmada/pki/etcd-client/tls.crt --key /etc/karmada/pki/etcd-client/tls.key'
failureThreshold: 3
initialDelaySeconds: 600
periodSeconds: 60
Expand All @@ -56,8 +56,10 @@ spec:
volumeMounts:
- mountPath: /var/lib/etcd
name: etcd-data
- mountPath: /etc/karmada/pki
name: etcd-certs
- mountPath: /etc/karmada/pki/etcd-server/
name: etcd-server-cert
- mountPath: /etc/karmada/pki/etcd-client/
name: etcd-client-cert
resources:
requests:
cpu: 100m
Expand All @@ -76,10 +78,10 @@ spec:
- etcd0=http://etcd-0.etcd.karmada-system.svc.cluster.local:2380
- --initial-cluster-state
- new
- --cert-file=/etc/karmada/pki/etcd-server.crt
- --cert-file=/etc/karmada/pki/etcd-server/tls.crt
- --client-cert-auth=true
- --key-file=/etc/karmada/pki/etcd-server.key
- --trusted-ca-file=/etc/karmada/pki/etcd-ca.crt
- --key-file=/etc/karmada/pki/etcd-server/tls.key
- --trusted-ca-file=/etc/karmada/pki/etcd-server/ca.crt
- --data-dir=/var/lib/etcd
- --snapshot-count=10000
# Setting Golang's secure cipher suites as etcd's cipher suites.
Expand All @@ -91,9 +93,12 @@ spec:
path: /var/lib/karmada-etcd
type: DirectoryOrCreate
name: etcd-data
- name: etcd-certs
- name: etcd-server-cert
secret:
secretName: karmada-cert-secret
secretName: etcd-server-cert
- name: etcd-client-cert
secret:
secretName: etcd-client-cert
---

apiVersion: v1
Expand Down
30 changes: 15 additions & 15 deletions artifacts/deploy/karmada-metrics-adapter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,20 +25,20 @@ spec:
image: docker.io/karmada/karmada-metrics-adapter:latest
imagePullPolicy: IfNotPresent
volumeMounts:
- name: karmada-certs
mountPath: /etc/karmada/pki
- name: server-cert
mountPath: /etc/karmada/pki/server
readOnly: true
- name: karmada-config
mountPath: /etc/karmada/config
readOnly: true
- name: kubeconfig
subPath: kubeconfig
mountPath: /etc/kubeconfig
command:
- /bin/karmada-metrics-adapter
- --kubeconfig=/etc/kubeconfig
- --authentication-kubeconfig=/etc/kubeconfig
- --authorization-kubeconfig=/etc/kubeconfig
- --client-ca-file=/etc/karmada/pki/ca.crt
- --tls-cert-file=/etc/karmada/pki/karmada.crt
- --tls-private-key-file=/etc/karmada/pki/karmada.key
- --kubeconfig=/etc/karmada/config/karmada.config
- --authentication-kubeconfig=/etc/karmada/config/karmada.config
- --authorization-kubeconfig=/etc/karmada/config/karmada.config
- --client-ca-file=/etc/karmada/pki/server/ca.crt
- --tls-cert-file=/etc/karmada/pki/server/tls.crt
- --tls-private-key-file=/etc/karmada/pki/server/tls.key
- --audit-log-path=-
- --audit-log-maxage=0
- --audit-log-maxbackup=0
Expand All @@ -65,12 +65,12 @@ spec:
requests:
cpu: 100m
volumes:
- name: karmada-certs
- name: server-cert
secret:
secretName: karmada-cert-secret
- name: kubeconfig
secretName: server-cert
- name: karmada-config
secret:
secretName: kubeconfig
secretName: karmada-config
---
apiVersion: v1
kind: Service
Expand Down
14 changes: 7 additions & 7 deletions artifacts/deploy/karmada-scheduler-estimator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ spec:
- /bin/karmada-scheduler-estimator
- --kubeconfig=/etc/{{member_cluster_name}}-kubeconfig
- --cluster-name={{member_cluster_name}}
- --grpc-auth-cert-file=/etc/karmada/pki/karmada.crt
- --grpc-auth-key-file=/etc/karmada/pki/karmada.key
- --grpc-client-ca-file=/etc/karmada/pki/ca.crt
- --grpc-auth-cert-file=/etc/karmada/pki/server/tls.crt
- --grpc-auth-key-file=/etc/karmada/pki/server/tls.key
- --grpc-client-ca-file=/etc/karmada/pki/server/ca.crt
- --metrics-bind-address=0.0.0.0:8080
- --health-probe-bind-address=0.0.0.0:10351
livenessProbe:
Expand All @@ -46,16 +46,16 @@ spec:
name: metrics
protocol: TCP
volumeMounts:
- name: karmada-certs
mountPath: /etc/karmada/pki
- name: server-cert
mountPath: /etc/karmada/pki/server
readOnly: true
- name: member-kubeconfig
subPath: {{member_cluster_name}}-kubeconfig
mountPath: /etc/{{member_cluster_name}}-kubeconfig
volumes:
- name: karmada-certs
- name: server-cert
secret:
secretName: karmada-cert-secret
secretName: server-cert
- name: member-kubeconfig
secret:
secretName: {{member_cluster_name}}-kubeconfig
Expand Down
Loading

0 comments on commit 28fca6b

Please sign in to comment.