karmada
karmada copied to clipboard
karmada-io
Set open cluster-info to distribute root CA certificates
Signed-off-by: lonelyCZ [email protected]
What type of PR is this? /kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes: Part of #2282
Special notes for your reviewer:
[root@master67 karmada]# kubectl get configmap -n kube-public cluster-info -o yaml --kubeconfig /etc/karmada/karmada-apiserver.config
apiVersion: v1
data:
kubeconfig: |
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURDakNDQWZLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFmTVJBd0RnWURWUVFLRXdkcllYSnQKWVdSaE1Rc3dDUVlEVlFRREV3SmpZVEFlRncweU1qQTRNREl3T0RVMk5EZGFGdzB6TWpBM016QXdPRFUyTkRkYQpNQjh4RURBT0JnTlZCQW9UQjJ0aGNtMWhaR0V4Q3pBSkJnTlZCQU1UQW1OaE1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXRkUzF2eEIwQkd0RElBS1kzTDlueHRvVEpJMm5VeDhFRzhoWDd3eFkKVGJRTDNNSGJVUmlieFlTRllzREJXeWJVZ0xwRm5idkwwbDRIcVlQcms0R0VmSUNmSU5Sc3VUd2ErSmFPeUpLeQoraDlZa3dKTEpzYWlYOWtNcTZScU44SjZyQ0IzRVo2SzFkdzYwQVFpRnpxWTRFTUVNV0xEYktpeTFaM1lURmVlClY5b3pVT04ycW9VQzJNbzF0TmduNnNhV2ZMN21xT1RDanNPZFhobmdXUGFwaE9ab29CZHVhT3p2dm9nQzdjYSsKOU5FRmRKWEhHSUhqalJXYjJ5TkwzdFhZK2FFblpUMVdrekg3MjRmWGQxaUdUNE9zSkViYnNpb3dBOStPcUppZgpxUzRJeFl0S0xxT2lsYnEySFVPeUR3WjYyQy9WVTV4cXpQOTducVhlaytCc0dRSURBUUFCbzFFd1R6QU9CZ05WCkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVVMeS9SOGxsU3AvWXoKSHlnNHhTeVB6QXFBRUlVd0RRWURWUjBSQkFZd0JJSUNZMkV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUIxdAp5c0lmQlhJQWxnNFJ6SVRLNjFxb3o3L2xMdklZVEg5M0RiM1pZTzZYMmc0T200T01CNUlIUmxTTU1MQldnakg1CnVDd1AzWThnYmhZaDFNdmFLMHpPUC9neXlSbVpRdU1mYWFyaTU4R0Qzd2xYdC96MFloNUxyNEpBdVdKa3pVZU0KeWRJV0dNbWFpdWcxSk40RUowSmx4SWhwbEJGL2tBbUhqdURQNm4zQnFWZ1dlcGY1TWIxRUR5YWYyeHdMa3pyYgo1dkg1alE5bVArU3pSY0gwM3p4R3ZvK1pzUElJMHYyanRNRmo2cWJ3TDNSaTRseG1hSVVOYmtyRTZ1cDlIOWFVCkYveUJoZTIxRlZTMlZPUjF1RUlaYmxjb1BGSHFxZWRQUmNZMUY4Sm5RMjZESjM3VjV3WDlIWjQybEJQSnNmdzUKZTFtK1VFSzVUKzlpMkQ5WnIxND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://10.10.103.67:32443
name: ""
contexts: null
current-context: ""
kind: Config
preferences: {}
users: null
kind: ConfigMap
metadata:
creationTimestamp: "2022-08-02T08:57:36Z"
name: cluster-info
namespace: kube-public
resourceVersion: "255"
uid: 7b15f4bf-84a4-4ae4-b6fa-311db4c80788
[root@master67 karmada]# curl https://10.10.103.67:32443/api/v1/namespaces/kube-public/configmaps/cluster-info -k
{
"kind": "ConfigMap",
"apiVersion": "v1",
"metadata": {
"name": "cluster-info",
"namespace": "kube-public",
"uid": "7b15f4bf-84a4-4ae4-b6fa-311db4c80788",
"resourceVersion": "255",
"creationTimestamp": "2022-08-02T08:57:36Z",
"managedFields": [
{
"manager": "karmadactl",
"operation": "Update",
"apiVersion": "v1",
"time": "2022-08-02T08:57:36Z",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:data": {
".": {},
"f:kubeconfig": {}
}
}
}
]
},
"data": {
"kubeconfig": "apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURDakNDQWZLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFmTVJBd0RnWURWUVFLRXdkcllYSnQKWVdSaE1Rc3dDUVlEVlFRREV3SmpZVEFlRncweU1qQTRNREl3T0RVMk5EZGFGdzB6TWpBM016QXdPRFUyTkRkYQpNQjh4RURBT0JnTlZCQW9UQjJ0aGNtMWhaR0V4Q3pBSkJnTlZCQU1UQW1OaE1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXRkUzF2eEIwQkd0RElBS1kzTDlueHRvVEpJMm5VeDhFRzhoWDd3eFkKVGJRTDNNSGJVUmlieFlTRllzREJXeWJVZ0xwRm5idkwwbDRIcVlQcms0R0VmSUNmSU5Sc3VUd2ErSmFPeUpLeQoraDlZa3dKTEpzYWlYOWtNcTZScU44SjZyQ0IzRVo2SzFkdzYwQVFpRnpxWTRFTUVNV0xEYktpeTFaM1lURmVlClY5b3pVT04ycW9VQzJNbzF0TmduNnNhV2ZMN21xT1RDanNPZFhobmdXUGFwaE9ab29CZHVhT3p2dm9nQzdjYSsKOU5FRmRKWEhHSUhqalJXYjJ5TkwzdFhZK2FFblpUMVdrekg3MjRmWGQxaUdUNE9zSkViYnNpb3dBOStPcUppZgpxUzRJeFl0S0xxT2lsYnEySFVPeUR3WjYyQy9WVTV4cXpQOTducVhlaytCc0dRSURBUUFCbzFFd1R6QU9CZ05WCkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVVMeS9SOGxsU3AvWXoKSHlnNHhTeVB6QXFBRUlVd0RRWURWUjBSQkFZd0JJSUNZMkV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUIxdAp5c0lmQlhJQWxnNFJ6SVRLNjFxb3o3L2xMdklZVEg5M0RiM1pZTzZYMmc0T200T01CNUlIUmxTTU1MQldnakg1CnVDd1AzWThnYmhZaDFNdmFLMHpPUC9neXlSbVpRdU1mYWFyaTU4R0Qzd2xYdC96MFloNUxyNEpBdVdKa3pVZU0KeWRJV0dNbWFpdWcxSk40RUowSmx4SWhwbEJGL2tBbUhqdURQNm4zQnFWZ1dlcGY1TWIxRUR5YWYyeHdMa3pyYgo1dkg1alE5bVArU3pSY0gwM3p4R3ZvK1pzUElJMHYyanRNRmo2cWJ3TDNSaTRseG1hSVVOYmtyRTZ1cDlIOWFVCkYveUJoZTIxRlZTMlZPUjF1RUlaYmxjb1BGSHFxZWRQUmNZMUY4Sm5RMjZESjM3VjV3WDlIWjQybEJQSnNmdzUKZTFtK1VFSzVUKzlpMkQ5WnIxND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=\n server: https://10.10.103.67:32443\n name: \"\"\ncontexts: null\ncurrent-context: \"\"\nkind: Config\npreferences: {}\nusers: null\n"
}
}
Does this PR introduce a user-facing change?:
NONE
I will review it ASAP this week.
No hurry, I plan to demostrate the whole functions(#2282) in next community meeting. We can review the codes after collecting more suggestions.
I'm not familiar with the open cluster-info, seems we set the CA certificates to a configmap named cluster-info, am I right?
The certificate will be used to sign certificates by other system/components, right?
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: RainbowMango
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [RainbowMango]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
