github/kamaji
1
0
Fork 0
mirror of https://github.com/clastix/kamaji.git synced 2026-02-14 18:10:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: admin kubeconfig with local service FQDN

Browse Source 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
This commit is contained in:
Dario Tranchitella
2024-01-22 15:22:04 +01:00
parent 1ccc1d1b1e
commit 25dc19f839
1 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
internal/resources/kubeconfig.go
View File

@@ -6,6 +6,7 @@ package resources
import (
"context"
"fmt"
"strings"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -126,6 +127,7 @@ func (r *KubeconfigResource) checksum(caCertificatesSecret *corev1.Secret, kubea
})
}
//nolint:gocognit
func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) controllerutil.MutateFn {
return func() error {
logger := log.FromContext(ctx, "resource", r.GetName())
@@ -186,13 +188,17 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam
v, ok := r.resource.Data[r.KubeConfigFileName]
shouldCreate = len(v) == 0 || !ok
}
//nolint:nestif
if shouldCreate {
crtKeyPair := kubeadm.CertificatePrivateKeyPair{
Certificate: caCertificatesSecret.Data[kubeadmconstants.CACertName],
PrivateKey: caCertificatesSecret.Data[kubeadmconstants.CAKeyName],
}
if r.resource.Data == nil {
r.resource.Data = map[string][]byte{}
}
kubeconfig, kcErr := kubeadm.CreateKubeconfig(r.KubeConfigFileName, crtKeyPair, config)
if kcErr != nil {
logger.Error(kcErr, "cannot create a valid kubeconfig")
@@ -200,11 +206,24 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam
return kcErr
}
if r.resource.Data == nil {
r.resource.Data = map[string][]byte{}
}
r.resource.Data[r.KubeConfigFileName] = kubeconfig
// Adding a kubeconfig useful for the local connections:
// especially for the admin.conf and super-admin.conf, these would use the public IP address.
// However, when running in-cluster agents, it would be beneficial having a local connection
// to avoid unnecessary hops to the LB.
if strings.Contains(r.KubeConfigFileName, "admin") {
key := strings.ReplaceAll(r.KubeConfigFileName, ".conf", ".svc")
config.InitConfiguration.ControlPlaneEndpoint = fmt.Sprintf("%s.%s.svc:%d", tenantControlPlane.Name, tenantControlPlane.Namespace, tenantControlPlane.Spec.NetworkProfile.Port)
kubeconfig, kcErr = kubeadm.CreateKubeconfig(r.KubeConfigFileName, crtKeyPair, config)
if kcErr != nil {
logger.Error(kcErr, "cannot create a valid kubeconfig")
return kcErr
}
r.resource.Data[key] = kubeconfig
}
}
return nil