cmd/cl-adm: Introduce cl-secret.yaml and cl-instance.yaml
#260
Conversation
kfirtoledo
force-pushed
the
operator_cl_adm
branch
from
7043ca0 to
f418bed
Compare
kfirtoledo
force-pushed
the
operator_cl_adm
branch
from
f418bed to
55679bb
Compare
pkg/bootstrap/platform/k8s.go
Outdated
| - kind: ServiceAccount | ||
| name: default | ||
| namespace: default` | ||
| operatorTemplate = `apiVersion: clusterlink.net/v1alpha1 |
There was a problem hiding this comment.
Will this yaml be appended to others? Perhaps it's best to prepend with ---?
There was a problem hiding this comment.
It is stand-alone and just for the operator. If in the future, for some reason we decide to do that, we can add it.
| const ( | ||
| k8sTemplate = `--- | ||
| certsTemplate = `--- | ||
| apiVersion: v1 |
There was a problem hiding this comment.
Since there is no namespace, won't everything be deployed into default? Is that what we need at this time (i.e., can change the namespace later on)?
There was a problem hiding this comment.
Yes in the future it will be in the clusterlink namespace
| } | ||
|
|
||
| var certConfig bytes.Buffer | ||
| t := template.Must(template.New("").Parse(certsTemplate)) |
There was a problem hiding this comment.
IIUC, all secrets are added as inlined byte arrays (base64 of the cert). Have you considered using k8s object references instead, so that the actual credentials are in secrets?
There was a problem hiding this comment.
As we spoke secrets are not part of the operator, but part of the controlplane/dataplane we can open an issue about that. (@orozery)
There was a problem hiding this comment.
yes - please do open an issue. If the secret are added as independent object (which I think they should be since that would allow for easier rotation by existing tools), then we should track this incomplete item
kfirtoledo
force-pushed
the
operator_cl_adm
branch
from
55679bb to
927bce5
Compare
kfirtoledo
changed the title
cl-secret.yaml and clusterlink.yamlcl-secret.yaml and cl-instance.yaml
kfirtoledo
force-pushed
the
operator_cl_adm
branch
2 times, most recently
from
06e4686 to
e176cb8
Compare
elevran
left a comment
elevran
left a comment
There was a problem hiding this comment.
note the request to open an issue and handle secret as ObjectReference and not embedded byte array
kfirtoledo
force-pushed
the
operator_cl_adm
branch
from
e176cb8 to
82b0ba6
Compare
Add support to: 1. Create `cl-secret.yaml` that contains all the certificates for the controlplane and dataplane. 2. Create `clusterlink.yaml` that use to deploy the ClusterLink project via the operator. Signed-off-by: Kfir Toledo <[email protected]>
kfirtoledo
force-pushed
the
operator_cl_adm
branch
from
82b0ba6 to
b5ec6cb
Compare
3 participants
Add support to:
cl-secret.yamlthat contains all the certificates for the controlplane and dataplane.cl-instance.yamlthat use to deploy the ClusterLink project via the operator.