Standardize the naming of karmada config in Karmada Operator #6082
Conversation
karmada-bot
added
kind/feature
karmada-bot
added
the
size/M
|
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #6082 +/- ##
==========================================
- Coverage 48.35% 48.33% -0.02%
==========================================
Files 666 666
Lines 54880 54928 +48
==========================================
+ Hits 26537 26552 +15
- Misses 26618 26650 +32
- Partials 1725 1726 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
seanlaii
changed the title
karmada-bot
added
the
do-not-merge/work-in-progress
|
Hi @chaosi-zju , I found that in |
Yes, that is also our current purpose, we aims to create different secret for each component in format of just like: karmada-aggregated-apiserver-config
karmada-controller-manager-config
karmada-scheduler-config
karmada-descheduler-config
...besides, sorry I missed a point, the content of it should be like: apiVersion: v1
kind: Secret
metadata:
name: ${karmada_instance_name}-${component}-config
namespace: karmada-system
stringData:
karmada.config: |-
xxxx.....pay attention to the sub field |
karmada-bot
added
size/L
Signed-off-by: wei-chenglai <[email protected]>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
seanlaii
changed the title
karmada-bot
removed
the
do-not-merge/work-in-progress
|
Hi @chaosi-zju , please help review the PR when you are available. Thank you! |
| Name: name, | ||
| Labels: constants.KarmadaOperatorLabel, | ||
| }, | ||
| StringData: map[string]string{"karmada.config": configString}, |
There was a problem hiding this comment.
Change to StringData from Data.
| func generateComponentKubeconfigSecrets(data InitData, configString string) []*corev1.Secret { | ||
| var secrets []*corev1.Secret | ||
|
|
||
| secrets = append(secrets, generateKubeconfigSecret(util.AdminKubeconfigSecretName(data.GetName()), data.GetNamespace(), configString)) |
There was a problem hiding this comment.
Still preserve admin-config for https://github.com/karmada-io/karmada/blob/master/operator/pkg/controller/karmada/planner.go#L162-L172.
There was a problem hiding this comment.
Let me understand your intention:
Unlike local up or karmadactl, which allow for direct export of Karmada config to the file system of host machine for user access, the Karmada config generated by the operator can only be stored as secret in cluster, which requires users to manually export it.
As a result, it is essential to retain this admin config for user access?
There was a problem hiding this comment.
it is reasonable
BTW, in that case, our related website doc which teach users how to export karmada config may also need updation
| func generateComponentKubeconfigSecretNames(data DeInitData) []string { | ||
| secretNames := []string{ | ||
| util.AdminKubeconfigSecretName(data.GetName()), | ||
| util.ComponentKubeconfigSecretName(util.KarmadaAggregatedAPIServerName(data.GetName())), | ||
| util.ComponentKubeconfigSecretName(util.KarmadaControllerManagerName(data.GetName())), | ||
| util.ComponentKubeconfigSecretName(util.KubeControllerManagerName(data.GetName())), | ||
| util.ComponentKubeconfigSecretName(util.KarmadaSchedulerName(data.GetName())), | ||
| util.ComponentKubeconfigSecretName(util.KarmadaDeschedulerName(data.GetName())), | ||
| util.ComponentKubeconfigSecretName(util.KarmadaMetricsAdapterName(data.GetName())), | ||
| util.ComponentKubeconfigSecretName(util.KarmadaSearchName(data.GetName())), | ||
| util.ComponentKubeconfigSecretName(util.KarmadaWebhookName(data.GetName())), | ||
| } | ||
|
|
||
| return secretNames | ||
| } |
There was a problem hiding this comment.
Return all potential secrets that need to be cleaned up. DeleteSecretIfHasLabels would ignore the secret if not found.
| - mountPath: /etc/karmada/config | ||
| name: karmada-config |
There was a problem hiding this comment.
just nits, it is better like this:
| - mountPath: /etc/karmada/config | |
| name: karmada-config | |
| - name: karmada-config | |
| mountPath: /etc/karmada/config |
| @@ -44,15 +44,35 @@ func runCleanupKubeconfig(r workflow.RunData) error { | |||
|
|
|||
| klog.V(4).InfoS("[cleanup-kubeconfig] Running cleanup-kubeconfig task", "karmada", klog.KObj(data)) | |||
There was a problem hiding this comment.
| klog.V(4).InfoS("[cleanup-kubeconfig] Running cleanup-kubeconfig task", "karmada", klog.KObj(data)) | |
| klog.V(4).InfoS("[cleanup-karmada-config] Running cleanup-karmada-config task", "karmada", klog.KObj(data)) |
There was a problem hiding this comment.
the above line and function name may also need a modification
| constants.KarmadaOperatorLabel, | ||
| ) | ||
| if err != nil { | ||
| return fmt.Errorf("failed to cleanup karmada kubeconfig secret '%s', err: %w", secretName, err) |
There was a problem hiding this comment.
according to RainbowMango, we prefer using 'karmada config' instead of 'karmada kubeconfig'
it is better to eliminate the term kubeconfig when using karmada config.
| // ComponentKubeconfigSecretName returns secret name of karmada component kubeconfig | ||
| func ComponentKubeconfigSecretName(karmadaComponent string) string { | ||
| return generateResourceName(karmadaComponent, "config") | ||
| } |
There was a problem hiding this comment.
shall we directly name it as ${karmadaComponent}-config?
- Other installation methods do not have logic inner
generateResourceName - In your case, like
util.ComponentKubeconfigSecretName(util.KarmadaSearchName(data.GetName())), the parameterkarmadaComponentactually always has prefixkarmada, the logic innergenerateResourceNameis redundant
What type of PR is this?
/kind feature
/kind cleanup
What this PR does / why we need it:
In karmada, here are two important secrets, which is mount by most karmada components. One is karmada-cert, which contains a series of cert files like ca.crt, apiserver.crt and so on; another is karmada-kubeconfig, which contains a kubeconfig of karmada-apiserver.
However, in different installation methods, we used inconsistent secret naming or file path naming, which can potentially cause some unnecessary problems, detail refer to #5363.
This PR aims to standardize the naming of karmada config in Karmada Operator installation method.
Which issue(s) this PR fixes:
Fixes #6051
Special notes for your reviewer:
Does this PR introduce a user-facing change?: