-
Notifications
You must be signed in to change notification settings - Fork 829
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When we use karmadactl to initialize the cluster, the specified ca certificate is not supported #5103
Comments
I think this is a reasonable use case that enables specifying each component's certificate. @guozheng-shen Do you mean you want to specify the ETCD certificate? Have you noticed the following options which provided at v1.10?
|
Not specify the ETCD certificate, I want specify root ca, now is |
Yeah, I get it. |
If this issue is approved, I can complete it, as this change has already been made and applied to the production environment in our company's usage. |
Glad to hear that. By the way, as you mentioned, Karmada is already in your production environment, I wonder if your company is present on the adopter list? |
I added two options to karmadactl init, '--ca-cert-path /tmp/ca.crt' and '--ca-key-path /tmp/ca.key', If the options is exists , will directly copy rather then gen new certs。 adopter list is in preparation |
Yeah, I think you can send a PR for this. Thanks in advance.
For the adopter things, all you need is to leave a comment on #4540, the community member will help to get you onboard after that, like karmada-io/community#75. |
i agree with add some new option for it befor we have a karmadactl init configuration file. PR is welcome ! |
I think this feature makes sense, and I'd be interested in reviewing this PR~ |
The adopter list has been submitted by my colleagues |
What would you like to be added:
When we use karmadactl to initialize the cluster, we can use the specified ca certificate
Why is this needed:
We want access multiple karmada cluster using one kubeconfig, but now when we use karmadactl init cluster, it will create new ca certificate every times.
caCert, caKey, err := NewCACertAndKey("karmada")
Our karmada manages many clusters,If karmada is deployed in only one cluster, it is not highly available。So we deployed karmada in two k8s clusters, but using a common etcd cluster。
![image](https://private-user-images.githubusercontent.com/165548992/343585615-cd2579c5-3742-45db-9f9d-39845a24ab33.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjExMzA3MTQsIm5iZiI6MTcyMTEzMDQxNCwicGF0aCI6Ii8xNjU1NDg5OTIvMzQzNTg1NjE1LWNkMjU3OWM1LTM3NDItNDVkYi05ZjlkLTM5ODQ1YTI0YWIzMy5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzE2JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcxNlQxMTQ2NTRaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0wYjk0OGI0NGJiMzIzMDkyZmI3ZTRkMjgyMDc1NDNkZmVlN2ExNjI5ZTU5ZTRmYWUxYzgxNTFiN2NjZjNhMzJlJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.ZLAmaBwteNzxYQsW328wsV15_KkR-CPgGbrt3Vs2g40)
When a cluster is unavailable, we can remove its load in vip。So we need access multiple karmada cluster using one kubeconfig
The text was updated successfully, but these errors were encountered: