From 765d7fdf19cd3414d5a0bbc5db0e9b07e21d878f Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 5 Feb 2024 13:28:21 +0100 Subject: [PATCH] Allow overriding secretKey for kubeadm kubeconfig During reconciliation, the bootstrap provider copies the content from the secret provided by Kamaji, named `-admin-kubeconfig` into a `cluster-info` configmap of tenant cluster, which then used by kubeadm to join nodes. This change introduces a new annotation, `kamaji.clastix.io/kubeconfig-secret-key`, for the TenantControlPlane resource. This annotation instructs kamaji to read the kubeconfig from a specific key (the default one is super-admin.conf). Example: ``` kamaji.clastix.io/kubeconfig-secret-key: super-admin.svc ``` This will instruct the system to use `super-admin.svc` a kubeconfig with a local service FQDN (introduced by https://github.com/clastix/kamaji/pull/403). Signed-off-by: Andrei Kvapil --- internal/utilities/tenant_client.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/internal/utilities/tenant_client.go b/internal/utilities/tenant_client.go index 1531e98c..c3440641 100644 --- a/internal/utilities/tenant_client.go +++ b/internal/utilities/tenant_client.go @@ -44,7 +44,13 @@ func GetTenantKubeconfig(ctx context.Context, client client.Client, tenantContro return nil, err } - return DecodeKubeconfig(*secretKubeconfig, kubeadmconstants.SuperAdminKubeConfigFileName) + secretKey := kubeadmconstants.SuperAdminKubeConfigFileName + v, ok := tenantControlPlane.GetAnnotations()["kamaji.clastix.io/kubeconfig-secret-key"] + if ok && v != "" { + secretKey = v + } + + return DecodeKubeconfig(*secretKubeconfig, secretKey) } func GetRESTClientConfig(ctx context.Context, client client.Client, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) (*restclient.Config, error) {