mirror of
https://github.com/ysoftdevs/gardener-extension-shoot-fleet-agent.git
synced 2026-01-11 22:41:09 +01:00
Make fleet use the new kubeconfig secrets (fetched via token requestor flow) to access shoot clusters
This commit is contained in:
Martin Šalata
@@ -2,4 +2,4 @@ apiVersion: v1
|
||||
appVersion: "1.0"
|
||||
description: A Helm chart for the Gardener Shoot Fleet Agent extension.
|
||||
name: gardener-extension-shoot-fleet-agent
|
||||
version: 0.3.3
|
||||
version: 0.3.5
|
||||
|
||||
@@ -5,10 +5,10 @@ metadata:
|
||||
name: extension-shoot-fleet-agent
|
||||
type: helm
|
||||
providerConfig:
|
||||
chart: H4sIAAAAAAAAA+0caW/bRjafBfg/zMpbJClC6rAkt1pksaqspkbjA5brolgsghE5ktiQHO4MKUdNur993xy8JOq0Iye7fGhjco43b97Mu2YeNcHMJj5hBvkQEp871Df4lNLQGLuEhAaeED+sPXsY1AFO2235F2Dxr3xunLQazXaz0xHljU7n9PQZaj9w3K0g4iFmCD1jMOl17TbVf6Uw2Wb9zSlxPWfiU0b2GUMscKfVWrn+7XYrv/7NRv2k/QzVH3uyRfB/vv7H6BqHIWE+RyFFao3R/ZT4aBQ5ru34ExRg6z3sA24eVY7R7dThiEdBQFkID7AxXDRx6Qh5OLSm0PwVYsTFoTMj0DGcZsqxbwsMPplANfXRi4CRsfOB2OjegYZ/eWmiK9+dI+rLroIoFBCGXMcnMLZ5Nnw3DIE8gaRPPQ9Q3PWHyHYYh9qJE9bUHzUJeB79wWrqT1I0ndTkv0kBn/m1DMIRzDUK0NhxCSD91uT3gfgzwu/Fn9ATb/8R7e8wc2jE0fnZQIweMPo7sUJ4cmyCa7oxFELJjFvUJlD21GtdBFvJf3+KWWjOsefuNcYm+W+2Txbkv95ptkr5PwTgwLkjTKx7F80aFRwEyevzWcOsmy3jbHCHnldswi3mBKGs6qGfwCIgS+wLNKYMhVOC3uithIZiA6EfxQZCPbGBULK5zIqPPdJF22y7yiympG6emCdfpPh89bCV/NvUMid07zE2yH9TGPu8/3d6enpSyv8hoFYD0xfMwUJOQ/TCeoma9cb3aNi7RsMBAsHGvnzBYzCJDg4JsqgXYH9uoh5YftmNg8XnhM2IbSr3QFhPBH9dx4ItBfY98m2idEQPnAn4M6Tj8B6Dp/FWNXmFZiZqgpqwSBAizJFPQ+hHoQu7dzhg82X3t+f9wSUQJkY4qtRq4v8YR8EwCXat01DTrKMXokFVV1Vf/k3imNMIPJW5GBdFMF6YzEPTBASImQMPfIsohyVMRzAlkt80EjoKMbTH0COAt3G2JcJhQriEaRgG3Vrt/v7exJJqk7JJTbOO1/SMDaA86feLD96J4Pq/I4fBvEdzBHobuuAREOzie7lwE0agTjh1Prpn4BYJH4xrxks8tsND5oyiMMe7mFBgQLYBcA/2QrU3ROfDKvqhNzwfvpJYfj2//enql1v0a+/mpnd5ez4Yoqsb1L+6PDu/Pb+6hLcfUe/yN/Tz+eXZK0QcsabAVXD+YA5AqCO4CntHIhsSkiMiti08IJYzdiyYnT+JQCuhCQXz4Ev/lDDP4WJ9ufIxAY/reE4o3Uy+PDUYSjSa0O5EqD6xq02zBv9NwfurxWWGRf2QUdcF5cjIRLBCIjT5FK1RlsjUyO4GN0OYv34jHzDMk9RWIRXOFRrEaLtLaBXJ4KxLX1xbXuKLFecoOxPtm0vO6ULBJDF9izIGTipKaUA5Go4qQRb9l+mwlvCosJX9DwnsXdhcfL+ToJ3Pf8D/P22X5z+HgB3X/x0E/KBvuRkG28eCm/y/Vmvx/Oek2Sz9v4PAx48GssnY8cEnEqFZFRl//nlU2WZbHFVEZ+Lbqot6jXHJFmBoxs5EozQM46iSDTeXEBrCiwQTbSaDclOhMGN6TMulkV2bNbAbTHHjqPLe8e2uijVlqNmX7Y8gXB3jyNWv3aMKQu+jEVHYuujjR2TeYTci3JTjX2AfKGBm2gYJksWEnHFxUxePiMtlM4TUy2q8uvEncMd+E4b+EwLPxRbeQisZSDBy06BihTgYaaLHTd5XD53vsu1A+jyrn/IiV7J6uHzHggk3C+mIn9VbsoscD5Dq/YOQJniK+bU8OURVPsXNdqdbTWiRHcwQT1DaJWCOH45R9Rv+j2/4YlNGAsqdkLL5WhyweqQQZXd/lCunH88eRqHguM8tF3OuD0M0MzQrOPGgvC9CMgimqn9/jRpmo2XUgaQ+RBMjiNlCB8b/Gfa1ljvzjRPG4ZBExSHmsCMXnETz/XdAKgXp0lSJSa8apfHwUUYkxNmhVjaMhT2nb9YoH5dgcPmJCxsRCHBszbQ1usxQXYy4Tw79U+vozwk72n+lHD0cGHJLz4BblBkiFBMhJik+I950/tupN/L2/6Reb9dL+38IWDACclXv5KpexYsqNVP+nDi2u0rNX+DgqOKBMNs4xN3YLkkb4fiWG9mJb2ECruKdU2DNbkAYMUTrlwtGTxtb8YjEwYe02swnIZHqYt3Yq/o4PuwCv2hg2SmZlySdv8vv9y76JNTFeh5+QisM/hOv/47yb5PApXMPCne4Dtog/+3TenvR/z8t5f8wsOSVg3DwWirhZ8mCF4r4dnHC44r2tmMiJNIWTD6tyeOsXTrurCHE+aQkm5GZIzD/5HDhAb4V55BdVFdV8ow2Hybowj6NQDcoJnDphFCm2SAv0N9mGfMYrNljjgjFeiCmLLsfJErfp/rUNSlDCBw66z2PvBonFiMxLTrWMzIhWaKwc8GjCbpT+fmAI9HhAra1XUuEpF5MyqdCq5Qj64X0+tFfzVvNBvMH4M+1SHKobuUYVV9umEwcBqgSN7/mj7Pqe607Qsn+FhDHJX0Rl1zuTIJe+Z5liU2/e39xfI3Bz2cpb4wd1ZECuVL5nacDTjO3NLLwOnLdawqyOs/Jr4rsgqQyv+Go52HQommJgWq70WggQ4vI6xoJrVpOePSuk5sr38XDH0Q3K2JMRDdMnGpYIqnldYb29B5APuvGw7lv8dw0BMIpwW44lRK0O/JM540D2Q4XlxqZ25ccWl3dT2tBon6njo+qr6pLyFSaj0EDoq44jFRDraJVdbmKe/SSDkvIF0JGw7FfZ7fSchCa31XEn+U2htrBbwe9s8HNu8HbQV/cnr277F0Mhte9/iBtitBMkP0jo143W4rQ2CGufUPGC8W6QmiqbqK004Oh/RVqTPT5Re/N4A4ovrp5d3U3uPn15vx2meAuUoY44z/XCh3qdUpxiUhGOI2YRfI7KSntStdcn0It9/mEQuZ4qXfeqG9QyjAX6kYeuRC6ixcsYJF1y7LCEx3VUiwLdLYhg/0j8uG6QGL0CIu0wdStonFpybalMc83xbVljb2eXcpjyG1nVXS5MKXVZ8l5lLsxb2fWWXE8nCN5ZUS6LhiOQR9kX1AbcLSa9exMYhY/wP/fMf5TpRmzs80Ym85/TuqnC/EfPJf3PweB4nOdoRSywohvN5nbKu5LRsjsqw0BwajTIr4Vq+8nP0X5emFH+c9dSWyrADbKf6ezKP+t0zL//yCQlf+sxBXfPSkPVumI62wU+IDDIe0bNpJckKOK+KAAu2fK8sW+RS4BuRqPjiSByznIyZAF98xm9am5/uXAjvLPRtjSDSzCUo2/VhNsvP9pLsp/p9k4LeX/ELB0/itW2MRROAXx+kPlBWauhfW1jwtcI+yGiizcdT4CX0jc6G4483jk89+9jrqWO3kyt8E2RvN8t6Ha/LIni1wZ3RjQ33nDaBSoaRioWlWHv2lAKktVHMNlJejXUVLxbfWQiZd7yP/OHwJtkP8WyP2C/DdbZf7/YeCzyP+2EvrVXveslvaVqq9ICViKj1y92T4XR6nM5os6YUJC9eA6XD/di1uhIgKSMbYYXyu2pLhQFz1wjmnjxfcasDiMdpiseAzSxyiAbUe2V7lJLPog/sJ7Zv5KNArXFpaWenGpzExywpgNhYODPcDq7CedW2bKBUu9SlTX7DVGXcKXSkYg1o4/0RWZNouV+xAu9zZI0C5rVU3u05SFXDCY8EpmIL6ZSmmKk/eA2ot1WN03rbC4BYSJm/Bi4tIsiGVsj8MVi4IecPxNiyrV0tLCxCM/Atq4Rh7Y6NrtLjmyBGWnn/AnlrAHGqAf1O78P7VDwID4vide6zUcFM0KLPhu7OLRSGT4KvMXHxdmb3R35/9Wp4RP7Sn9b8KO/n9el24ZCWyK/9v1pfO/9mkZ/x8EltRv9hIgL9Vl+tdKPfzUq7g/7Cj/swDv/jsgG+S/0eosfv/XPCnzPw8DCxfiYn3VV8X2YtZ3FTwKyi28/A1HsxqrDGgcOtDkmto93ZqwvTWHAdRsrT2SDLWCGcVebC5FK1+olU6SWyZLnVzCQlKnkg+ef/s8vaf3HL/nuvSeZJO9AF0QSZqTT/Wrq8kyUxwm9BPf38fdqmtms9gtm/ohUjQ9yuZ70aC67kOG7rn8qRNCIGsQAKQpSoWZx6JiOfs4zaTYVpGrsCO3vqpIJVNkEsDEfLKtzbTdl5Wu/+iwlf6fKS7t+wNQG/T/iUj2WPz9t06j1P+HAJUDq/Rh/NliF83F74SoW1gT/xExYjGh7rcVvBBPukg6DPI1yKTO9tx7POfig738oYPQMdBc61upN6vtuiePVxItVu20LhxZJH/fY0PjRvM72fqoAuItm2rLlmarHRdZgeNlfX6cavNGve6lRfFgcqwtdE5VmEVJUybnNM59yebFAkpRujIbtYvG2OVyEpns2tSKLeE6qmS/01Wz0rllOu9GZWnKY5/st9LHIzC2Mt0GZmBnqsQv20ic+hyZxSeKIu+ZcKCLkYxXDxyj8vYeu7pbP27ObN1owdrH5+PQNf2M+V7g1b8uljQQH1vAkDHG/s0ZouqYQk5Uf5Wc/oxMPNVjkc2e/bBZFsG6znVxXPBgnogMhQRrjkMa/w5syiNLMDwy5wpH8ebyR5k+D3eyqB+HRVmMn5lP+aGOKsuZ6l30z3+JmmNUlHcqPyMUFKqcaM3afJ6sYpvyh9RklPa6yejuiRNOo5EJ7Ev0dW1V76zOJ5E5WVDzejZp1mf800V6+WI0Ut9X62bT/P6gl9cllFBCCSWUUEIJJZRQQgkllFBCCSWUUEIJJZRQQgkllFBCCSWUUIKE/wKJB60LAHgAAA==
|
||||
chart: H4sIAAAAAAAAA+0caW/bRjafBfg/zMpbJClC6rAkt1pksaqspkbjA5brolgsghE5ktiQHO4MKUdNur993xy8JOq0Iye7fGhjco43b97Mu2YeNcHMJj5hBvkQEp871Df4lNLQGLuEhAaeED+sPXsY1AFO2235F2Dxr3xunLQazXaz0xHljU7n9PQZaj9w3K0g4iFmCD1jMOl17TbVf6Uw2Wb9zSlxPWfiU0b2GUMscKfVWrn+7XYrv/7NRv2k/QzVH3uyRfB/vv7H6BqHIWE+RyFFao3R/ZT4aBQ5ru34ExRg6z3sA24eVY7R7dThiEdBQFkID7AxXDRx6Qh5OLSm0PwVYsTFoTMj0DGcZsqxbwsMPplANfXRi4CRsfOB2OjegYZ/eWmiK9+dI+rLroIoFBCGXMcnMLZ5Nnw3DIE8gaRPPQ9Q3PWHyHYYh9qJE9bUHzUJeB79wWrqT1I0ndTkv0kBn/m1DMIRzDUK0NhxCSD91uT3gfgzwu/Fn9ATb/8R7e8wc2jE0fnZQIweMPo7sUJ4cmyCa7oxFELJjFvUJlD21GtdBFvJf3+KWWjOsefuNcYm+W+2Txbkv95ptkr5PwTgwLkjTKx7F80aFRwEyevzWcOsmx3jbHCHnldswi3mBKGs6qGfwCIgS+wLNKYMhVOC3uithIZiA6EfxQZCPbGBULK5zIqPPdJF22y7yiympG6emO0vUny+ethK/m1qmRO69xgb5L8pjH3e/zs9PT0p5f8QUKuB6QvmYCGnIXphvUTNeuN7NOxdo+EAgWBjX77gMZhEB4cEWdQLsD83UQ8sv+zGweJzwmbENpV7IKwngr+uY8GWAvse+TZROqIHzgT8GdJxeI/B03irmrxCMxM1QU1YJAgR5sinIfSj0IXdOxyw+bL72/P+4BIIEyMcVWo18X+Mo2CYBLvWaahp1tEL0aCqq6ov/yZxzGkEnspcjIsiGC9M5qFpAgLEzIEHvkWUwxKmI5gSyW8aCR2FGNpj6BHA2zjbEuEwIVzCNAyDbq12f39vYkm1SdmkplnHa3rGBlCe9PvFB+9EcP3fkcNg3qM5Ar0NXfAICHbxvVy4CSNQJ5w6H90zcIuED8Y14yUe2+Ehc0ZRmONdTCgwINsAuAd7odobovNhFf3QG54PX0ksv57f/nT1yy36tXdz07u8PR8M0dUN6l9dnp3fnl9dwtuPqHf5G/r5/PLsFSKOWFPgKjh/MAcg1BFchb0jkQ0JyRER2xYeEMsZOxbMzp9EoJXQhIJ58KV/SpjncLG+XPmYgMd1PCeUbiZfnhoMJRpNaHciVJ/Y1aZZg/+m4P3V4jLDon7IqOuCcmRkIlghEZp8itYoS2RqZHeDmyHMX7+RDxjmSWqrkArnCg1itN0ltIpkcNalL64tL/HFinOUnYn2zSXndKFgkpi+RRkDJxWlNKAcDUeVIIv+y3RYS3hU2Mr+hwT2Lmwuvt9J0M7nP+D/n7bL859DwI7r/w4CftC33AyD7WPBTf5fq7V4/nPSbJb+30Hg40cD2WTs+OATidCsiow//zyqbLMtjiqiM/Ft1UW9xrhkCzA0Y2eiURqGcVTJhptLCA3hRYKJNpNBualQmDE9puXSyK7NGtgNprhxVHnv+HZXxZoy1OzL9kcQro5x5OrX7lEFoffRiChsXfTxIzLvsBsRbsrxL7APFDAzbYMEyWJCzri4qYtHxOWyGULqZTVe3fgTuGO/CUP/CYHnYgtvoZUMJBi5aVCxQhyMNNHjJu+rh8532XYgfZ7VT3mRK1k9XL5jwYSbhXTEz+ot2UWOB0j1/kFIEzzF/FqeHKIqn+Jmu9OtJrTIDmaIJyjtEjDHD8eo+g3/xzd8sSkjAeVOSNl8LQ5YPVKIsrs/ypXTj2cPo1Bw3OeWiznXhyGaGZoVnHhQ3hchGQRT1b+/Rg2z0TLqQFIfookRxGyhA+P/DPtay535xgnjcEii4hBz2JELTqL5/jsglYJ0aarEpFeN0nj4KCMS4uxQKxvGwp7TN2uUj0swuPzEhY0IBDi2ZtoaXWaoLkbcJ4f+qXX054Qd7b9Sjh4ODLmlZ8AtygwRiokQkxSfEW86/+3UG3n7f1Kvt+ul/T8ELBgBuap3clWv4kWVmil/ThzbXaXmL3BwVPFAmG0c4m5sl6SNcHzLjezEtzABV/HOKbBmNyCMGKL1ywWjp42teETi4ENabeaTkEh1sW7sVX0cH3aBXzSw7JTMS5LO3+X3exd9EupiPQ8/oRUG/4nXf0f5t0ng0rkHhTtcB22Q//Zpvb3o/5+W8n8YWPLKQTh4LZXws2TBC0V8uzjhcUV72zEREmkLJp/W5HHWLh131hDifFKSzcjMEZh/crjwAN+Kc8guqqsqeUabDxN0YZ9GoBsUE7h0QijTbJAX6G+zjHkM1uwxR4RiPRBTlt0PEqXvU33qmpQhBA6d9Z5HXo0Ti5GYFh3rGZmQLFHYueDRBN2p/HzAkehwAdvariVCUi8m5VOhVcqR9UJ6/eiv5q1mg/kD8OdaJDlUt3KMqi83TCYOA1SJm1/zx1n1vdYdoWR/C4jjkr6ISy53JkGvfM+yxKbfvb84vsbg57OUN8aO6kiBXKn8ztMBp5lbGll4HbnuNQVZnefkV0V2QVKZ33DU8zBo0bTEQLXdaDSQoUXkdY2EVi0nPHrXyc2V7+LhD6KbFTEmohsmTjUskdTyOkN7eg8gn3Xj4dy3eG4aAuGUYDecSgnaHXmm88aBbIeLS43M7UsOra7up7UgUb9Tx0fVV9UlZCrNx6ABUVccRqqhVtGqulzFPXpJhyXkCyGj4divs1tpOQjN7yriz3IbQ+3gt4Pe2eDm3eDtoC9uz95d9i4Gw+tef5A2RWgmyP6RUa+bLUVo7BDXviHjhWJdITRVN1Ha6cHQ/go1Jvr8ovdmcAcUX928u7ob3Px6c367THAXKUOc8Z9rhQ71OqW4RCQjnEbMIvmdlJR2pWuuT6GW+3xCIXO81Dtv1DcoZZgLdSOPXAjdxQsWsMi6ZVnhiY5qKZYFOtuQwf4R+XBdIDF6hEXaYOpW0bi0ZNvSmOeb4tqyxl7PLuUx5LazKrpcmNLqs+Q8yt2YtzPrrDgezpG8MiJdFwzHoA+yL6gNOFrNenYmMYsf4P/vGP+p0ozZ2WaMTec/J/XThfgPnsv7n4NA8bnOUApZYcS3m8xtFfclI2T21YaAYNRpEd+K1feTn6J8vbCj/OeuJLZVABvlv9NZlP/WaZn/fxDIyn9W4orvnpQHq3TEdTYKfMDhkPYNG0kuyFFFfFCA3TNl+WLfIpeAXI1HR5LA5RzkZMiCe2az+tRc/3JgR/lnI2zpBhZhqcZfqwk23v80F+W/02yclvJ/CFg6/xUrbOIonIJ4/aHyAjPXwvraxwWuEXZDRRbuOh+BLyRudDeceTzy+e9eR13LnTyZ22Abo3m+21BtftmTRa6Mbgzo77xhNArUNAxUrarD3zQglaUqjuGyEvTrKKn4tnrIxMs95H/nD4E2yH8L5H5B/putMv//MPBZ5H9bCf1qr3tWS/tK1VekBCzFR67ebJ+Lo1Rm80WdMCGhenAdrp/uxa1QEQHJGFuMrxVbUlyoix44x7Tx4nsNWBxGO0xWPAbpYxTAtiPbq9wkFn0Qf+E9M38lGoVrC0tLvbhUZiY5YcyGwsHBHmB19pPOLTPlgqVeJapr9hqjLuFLJSMQa8ef6IpMm8XKfQiXexskaJe1qib3acpCLhhMeCUzEN9MpTTFyXtA7cU6rO6bVljcAsLETXgxcWkWxDK2x+GKRUEPOP6mRZVqaWlh4pEfAW1cIw9sdO12lxxZgrLTT/gTS9gDDdAPanf+n9ohYEB83xOv9RoOimYFFnw3dvFoJDJ8lfmLjwuzN7q783+rU8Kn9pT+N2FH/z+vS7eMBDbF/+360vlf+7SM/w8CS+o3ewmQl+oy/WulHn7qVdwfdpT/WYB3/x2QDfLfaHUWv/9rnpT5n4eBhQtxsb7qq2J7Meu7Ch4F5RZe/oajWY1VBjQOHWhyTe2ebk3Y3prDAGq21h5JhlrBjGIvNpeilS/USifJLZOlTi5hIalTyQfPv32e3tN7jt9zXXpPsslegC6IJM3Jp/rV1WSZKQ4T+onv7+Nu1TWzWeyWTf0QKZoeZfO9aFBd9yFD91z+1AkhkDUIANIUpcLMY1GxnH2cZlJsq8hV2JFbX1WkkikyCWBiPtnWZtruy0rXf3TYSv/PFJf2/QGoDfr/RCR7LP7+W6dR6v9DgMqBVfow/myxi+bid0LULayJ/4gYsZhQ99sKXognXSQdBvkaZFJne+49nnPxwV7+0EHoGGiu9a3Um9V23ZPHK4kWq3ZaF44skr/vsaFxo/mdbH1UAfGWTbVlS7PVjouswPGyPj9OtXmjXvfSongwOdYWOqcqzKKkKZNzGue+ZPNiAaUoXZmN2kVj7HI5iUx2bWrFlnAdVbLf6apZ6dwynXejsjTlsU/2W+njERhbmW4DM7AzVeKXbSROfY7M4hNFkfdMONDFSMarB45ReXuPXd2tHzdntm60YO3j83Homn7GfC/w6l8XSxqIjy1gyBhj/+YMUXVMISeqv0pOf0YmnuqxyGbPftgsi2Bd57o4LngwT0SGQoI1xyGNfwc25ZElGB6Zc4WjeHP5o0yfhztZ1I/DoizGz8yn/FBHleVM9S76579EzTEqyjuVnxEKClVOtGZtPk9WsU35Q2oySnvdZHT3xAmn0cgE9iX6uraqd1bnk8icLKh5PZs06zP+6SK9fDEaqe+rdbNpfn/Qy+sSSiihhBJKKKGEEkoooYQSSiihhBJKKKGEEkoooYQSSiihhBJKKEHCfwFUL/C7AHgAAA==
|
||||
values:
|
||||
image:
|
||||
tag: v1.0.4-DEV
|
||||
tag: v1.0.6-DEV
|
||||
fleetManager:
|
||||
kubeconfig: #base64 encoded kubeconfig of Fleet manager cluster with user that has write access to Cluster and Secret
|
||||
namespace: clusters
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
managed_resource_handler "github.com/ysoftdevs/gardener-extension-shoot-fleet-agent/pkg/controller/managed-resource-handler"
|
||||
@@ -52,14 +53,17 @@ import (
|
||||
const ActuatorName = "shoot-fleet-agent-actuator"
|
||||
|
||||
// KubeconfigSecretName name of secret that holds kubeconfig for Shoot
|
||||
const KubeconfigSecretName = "kubecfg"
|
||||
const KubeconfigSecretName = token_requestor_handler.TokenRequestorSecretName
|
||||
|
||||
// KubeconfigKey key in KubeconfigSecretName secret that holds kubeconfig for Shoot
|
||||
const KubeconfigKey = "kubeconfig"
|
||||
const KubeconfigKey = token_requestor_handler.TokenRequestorSecretKey
|
||||
|
||||
// DefaultConfigKey is the name of default config key.
|
||||
const DefaultConfigKey = "default"
|
||||
|
||||
// FleetClusterSecretDataKey is the key of the data item that holds the kubeconfig for the cluster in fleet
|
||||
const FleetClusterSecretDataKey = "value"
|
||||
|
||||
// NewActuator returns an actuator responsible for Extension resources.
|
||||
func NewActuator(config config.Config) extension.Actuator {
|
||||
logger := log.Log.WithName(ActuatorName)
|
||||
@@ -202,9 +206,22 @@ func (a *actuator) InjectScheme(scheme *runtime.Scheme) error {
|
||||
|
||||
// ReconcileClusterInFleetManager reconciles cluster registration in remote fleet manager
|
||||
func (a *actuator) ReconcileClusterInFleetManager(ctx context.Context, namespace string, cluster *extensions.Cluster, override *config.Config) error {
|
||||
a.logger.Info("Starting with already registered check")
|
||||
labels := prepareLabels(cluster, getProjectConfig(cluster, &a.serviceConfig), getProjectConfig(cluster, override))
|
||||
registered, err := a.getFleetManager(cluster).GetCluster(ctx, buildCrdName(cluster))
|
||||
|
||||
a.logger.Info("Looking up Secret with KubeConfig for given Shoot.", "namespace", namespace, "secretName", KubeconfigSecretName)
|
||||
kubeconfigSecret := &corev1.Secret{}
|
||||
if err := a.client.Get(ctx, kutil.Key(namespace, KubeconfigSecretName), kubeconfigSecret); err != nil {
|
||||
a.logger.Error(err, "Failed to find Secret with kubeconfig for Fleet registration.")
|
||||
return err
|
||||
}
|
||||
|
||||
a.logger.Info("Checking if the fleet cluster already exists")
|
||||
// Check whether we already have an existing cluster
|
||||
_, err := a.getFleetManager(cluster).GetCluster(ctx, buildCrdName(cluster))
|
||||
if err != nil {
|
||||
a.logger.Error(err, "Could not fetch fleet cluster")
|
||||
return err
|
||||
}
|
||||
|
||||
// We cannot find the cluster because of an unknown error
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
@@ -213,46 +230,67 @@ func (a *actuator) ReconcileClusterInFleetManager(ctx context.Context, namespace
|
||||
}
|
||||
|
||||
// We cannot find the cluster because we haven't registered it yet
|
||||
if err != nil && errors.IsNotFound(err) {
|
||||
if errors.IsNotFound(err) {
|
||||
a.logger.Info("Creating fleet cluster", "shoot", cluster.Shoot.Name)
|
||||
return a.registerNewClusterInFleet(ctx, namespace, cluster, labels)
|
||||
return a.registerNewClusterInFleet(ctx, namespace, cluster, labels, kubeconfigSecret.Data[KubeconfigKey])
|
||||
}
|
||||
|
||||
// The cluster we have in fleet is already in the correct state
|
||||
if reflect.DeepEqual(registered.Labels, labels) {
|
||||
a.logger.Info("Cluster already registered - skipping registration", "clientId", registered.Spec.ClientID)
|
||||
return nil
|
||||
}
|
||||
|
||||
a.logger.Info("Updating labels of already registered cluster.", "clientId", registered.Spec.ClientID)
|
||||
return a.updateClusterLabelsInFleet(ctx, registered, cluster, labels)
|
||||
a.logger.Info("Updating existing fleet cluster")
|
||||
return a.updateClusterInFleet(ctx, cluster, labels, kubeconfigSecret.Data[KubeconfigKey])
|
||||
}
|
||||
|
||||
func (a *actuator) updateClusterLabelsInFleet(ctx context.Context, clusterRegistration *fleetv1alpha1.Cluster, cluster *extensions.Cluster, labels map[string]string) error {
|
||||
clusterRegistration.Labels = labels
|
||||
_, err := a.getFleetManager(cluster).UpdateCluster(ctx, clusterRegistration)
|
||||
func (a *actuator) updateClusterInFleet(ctx context.Context, cluster *extensions.Cluster, labels map[string]string, kubeconfig []byte) error {
|
||||
updated := false
|
||||
clusterRegistration, err := a.getFleetManager(cluster).GetCluster(ctx, buildCrdName(cluster))
|
||||
if err != nil {
|
||||
a.logger.Error(err, "Failed to update cluster labels in Fleet registration.", "clusterName", clusterRegistration.Name)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (a *actuator) registerNewClusterInFleet(ctx context.Context, namespace string, cluster *extensions.Cluster, labels map[string]string) error {
|
||||
a.logger.Info("Looking up Secret with KubeConfig for given Shoot.", "namespace", namespace, "secretName", KubeconfigSecretName)
|
||||
secret := &corev1.Secret{}
|
||||
if err := a.client.Get(ctx, kutil.Key(namespace, KubeconfigSecretName), secret); err != nil {
|
||||
a.logger.Error(err, "Failed to find Secret with kubeconfig for Fleet registration.")
|
||||
a.logger.Error(err, "Could not fetch fleet cluster")
|
||||
return err
|
||||
}
|
||||
|
||||
fleetKubeconfigSecret, err := a.getFleetManager(cluster).GetKubeconfigSecret(ctx, buildKubecfgName(cluster))
|
||||
if err != nil {
|
||||
a.logger.Error(err, "Could not fetch fleet kubeconfig secret")
|
||||
return err
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(clusterRegistration.Labels, labels) {
|
||||
a.logger.Info("Cluster labels changed, updating")
|
||||
clusterRegistration.Labels = labels
|
||||
_, err := a.getFleetManager(cluster).UpdateCluster(ctx, clusterRegistration)
|
||||
if err != nil {
|
||||
a.logger.Error(err, "Failed to update cluster labels in Fleet registration.", "clusterName", clusterRegistration.Name)
|
||||
return err
|
||||
}
|
||||
updated = true
|
||||
}
|
||||
|
||||
if bytes.Compare(fleetKubeconfigSecret.Data[FleetClusterSecretDataKey], kubeconfig) != 0 {
|
||||
a.logger.Info("Shoot kubeconfig changed, updating")
|
||||
fleetKubeconfigSecret.Data[FleetClusterSecretDataKey] = kubeconfig
|
||||
_, err := a.getFleetManager(cluster).UpdateKubeconfigSecret(ctx, fleetKubeconfigSecret)
|
||||
if err != nil {
|
||||
a.logger.Error(err, "Failed to update kuebconfig secret in Fleet registration.", "clusterName", clusterRegistration.Name)
|
||||
return err
|
||||
}
|
||||
updated = true
|
||||
}
|
||||
|
||||
if updated {
|
||||
a.logger.Info("Cluster successfully updated.")
|
||||
} else {
|
||||
a.logger.Info("Cluster is already up to date.")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a *actuator) registerNewClusterInFleet(ctx context.Context, namespace string, cluster *extensions.Cluster, labels map[string]string, kubeconfig []byte) error {
|
||||
secretData := make(map[string][]byte)
|
||||
secretData["value"] = secret.Data[KubeconfigKey]
|
||||
a.logger.Info("Loaded kubeconfig from secret", "kubeconfig", secret, "namespace", namespace)
|
||||
secretData[FleetClusterSecretDataKey] = kubeconfig
|
||||
|
||||
const fleetRegisterNamespace = "clusters"
|
||||
kubeconfigSecret := corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "kubecfg-" + buildCrdName(cluster),
|
||||
Name: buildKubecfgName(cluster),
|
||||
Namespace: fleetRegisterNamespace,
|
||||
},
|
||||
Data: secretData,
|
||||
@@ -330,9 +368,14 @@ func getProjectConfig(cluster *extensions.Cluster, serviceConfig *config.Config)
|
||||
return projectConfig
|
||||
}
|
||||
|
||||
// buildCrdName creates a unique name for cluster registration resources in Fleet manager cluster
|
||||
func buildKubecfgName(cluster *extensions.Cluster) string {
|
||||
return fmt.Sprintf("kubecfg-%s", buildCrdName(cluster))
|
||||
}
|
||||
|
||||
// buildCrdName creates a unique name for cluster registration resources in Fleet manager cluster
|
||||
func buildCrdName(cluster *extensions.Cluster) string {
|
||||
return cluster.Seed.Name + "" + cluster.Shoot.Name
|
||||
return fmt.Sprintf("%s%s", cluster.Seed.Name, cluster.Shoot.Name)
|
||||
}
|
||||
|
||||
// isShootedSeedCluster checks if clusters purpose is Infrastructure
|
||||
|
||||
@@ -63,6 +63,16 @@ func (f *FleetManager) GetCluster(ctx context.Context, clusterName string) (*v1a
|
||||
return f.fleetClient.FleetV1alpha1().Clusters(f.namespace).Get(ctx, clusterName, metav1.GetOptions{})
|
||||
}
|
||||
|
||||
// GetKubeconfigSecret registers a clusters kubeconfig secret in remote fleet
|
||||
func (f *FleetManager) GetKubeconfigSecret(ctx context.Context, secretName string) (*corev1.Secret, error) {
|
||||
return f.secretClient.CoreV1().Secrets(f.namespace).Get(ctx, secretName, metav1.GetOptions{})
|
||||
}
|
||||
|
||||
// UpdateKubeconfigSecret updates kubeconfig secret in remote fleet
|
||||
func (f *FleetManager) UpdateKubeconfigSecret(ctx context.Context, secret *corev1.Secret) (*corev1.Secret, error) {
|
||||
return f.secretClient.CoreV1().Secrets(f.namespace).Update(ctx, secret, metav1.UpdateOptions{})
|
||||
}
|
||||
|
||||
// CreateKubeconfigSecret registers a clusters kubeconfig secret in remote fleet
|
||||
func (f *FleetManager) CreateKubeconfigSecret(ctx context.Context, secret *corev1.Secret) (*corev1.Secret, error) {
|
||||
return f.secretClient.CoreV1().Secrets(f.namespace).Create(ctx, secret, metav1.CreateOptions{})
|
||||
|
||||
Reference in New Issue
Block a user