-
Notifications
You must be signed in to change notification settings - Fork 297
/
kubeconfig.go
60 lines (48 loc) · 2.89 KB
/
kubeconfig.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package kas
import (
"fmt"
hyperv1 "github.com/openshift/hypershift/api/hypershift/v1beta1"
corev1 "k8s.io/api/core/v1"
"github.com/openshift/hypershift/control-plane-operator/controllers/hostedcontrolplane/manifests"
"github.com/openshift/hypershift/control-plane-operator/controllers/hostedcontrolplane/pki"
"github.com/openshift/hypershift/support/config"
"github.com/openshift/hypershift/support/util"
capiv1 "sigs.k8s.io/cluster-api/api/v1beta1"
)
const (
KubeconfigKey = util.KubeconfigKey
)
func ReconcileServiceKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, platformType hyperv1.PlatformType) error {
svcURL := InClusterKASURL(platformType)
return pki.ReconcileKubeConfig(secret, cert, ca, svcURL, "", "service", ownerRef)
}
func ReconcileServiceCAPIKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, capiClusterName string, platformType hyperv1.PlatformType) error {
// The client used by CAPI machine controller expects the kubeconfig to have this key
// https://github.com/kubernetes-sigs/cluster-api/blob/5c85a0a01ee44ecf7c8a3c3fdc867a88af87d73c/util/secret/secret.go#L29-L33
// and to be labeled with cluster.x-k8s.io/cluster-name=<clusterName> so the secret can be cached by the client.
// https://github.com/kubernetes-sigs/cluster-api/blob/8ba3f47b053da8bbf63cf407c930a2ee10bfd754/main.go#L304
if secret.Labels == nil {
secret.Labels = make(map[string]string)
}
secret.Labels[capiv1.ClusterNameLabel] = capiClusterName
return pki.ReconcileKubeConfig(secret, cert, ca, InClusterKASURL(platformType), "value", "capi", ownerRef)
}
func InClusterKASURL(platformType hyperv1.PlatformType) string {
if platformType == hyperv1.IBMCloudPlatform {
return fmt.Sprintf("https://%s:%d", manifests.KubeAPIServerServiceName, config.KASSVCIBMCloudPort)
}
return fmt.Sprintf("https://%s:%d", manifests.KubeAPIServerServiceName, config.KASSVCPort)
}
func InClusterKASReadyURL(platformType hyperv1.PlatformType) string {
return InClusterKASURL(platformType) + "/readyz"
}
func ReconcileLocalhostKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, apiServerPort int32) error {
localhostURL := fmt.Sprintf("https://localhost:%d", apiServerPort)
return pki.ReconcileKubeConfig(secret, cert, ca, localhostURL, "", manifests.KubeconfigScopeLocal, ownerRef)
}
func ReconcileExternalKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, externalURL, secretKey string) error {
return pki.ReconcileKubeConfig(secret, cert, ca, externalURL, secretKey, manifests.KubeconfigScopeExternal, ownerRef)
}
func ReconcileBootstrapKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, externalURL string) error {
return pki.ReconcileKubeConfig(secret, cert, ca, externalURL, "", manifests.KubeconfigScopeBootstrap, ownerRef)
}