Proposed Change for Non-Root User Configuration Files

[olariuromeo]

To improve security and follow the same convention used by Kubernetes and other tools, we propose that all Karmada configuration files for non-root users be stored under the HOME/.karmada directory, instead of the current HOME/karmada. This approach keeps configuration files and their subdirectories hidden and protected.

Benefits:

• Security: Configuration files are stored in a hidden directory, reducing the risk of accidental exposure or modification.
• Consistency: Follows a similar structure to other programs like Kubernetes, Go, and Kind, which store their configuration files in hidden directories.

Example:

Instead of referencing the configuration file like this:

export KUBECONFIG=$HOME/karmada-proxy.config

It should be updated to:

export KUBECONFIG=$HOME/.karmada/karmada-proxy.config

Installing Karmada v1.2.0:

When initializing Karmada using kubectl karmada init, the command should be updated as follows:

Old Command:

kubectl karmada init --crds https://github.com/karmada-io/karmada/releases/download/v1.2.0/crds.tar.gz \
--kubeconfig=$HOME/.kube/host.config \
--karmada-data=$HOME/karmada \
--karmada-pki=$HOME/karmada/pki

Updated Command:

kubectl karmada init --crds https://github.com/karmada-io/karmada/releases/download/v1.2.0/crds.tar.gz \
--kubeconfig=$HOME/.kube/host.config \
--karmada-data=$HOME/.karmada \
--karmada-pki=$HOME/.karmada/pki

By adopting this structure, Karmada will align with best practices for configuration management, ensuring both security and consistency across the system.

If everyone agrees with this proposal, I will proceed with the revision and create a pull request to update the documentation accordingly.