From f4c8b1ac4d7301886ee5a8918192e9cdf4a9f770 Mon Sep 17 00:00:00 2001 From: Mustafa Elbehery Date: Fri, 12 Jul 2024 22:57:02 +0200 Subject: [PATCH] use in-cluster config --- bindata/etcd/pod.yaml | 28 +++++++++++++++++++++++++ pkg/cmd/backuprestore/backupnoconfig.go | 17 +++++++-------- pkg/operator/etcd_assets/bindata.go | 28 +++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 9 deletions(-) diff --git a/bindata/etcd/pod.yaml b/bindata/etcd/pod.yaml index 5b17bc605b..23fc5b4c5b 100644 --- a/bindata/etcd/pod.yaml +++ b/bindata/etcd/pod.yaml @@ -341,6 +341,11 @@ ${COMPUTED_ENV_VARS} name: backup-dir - mountPath: /etc/kubernetes name: config-dir + - mountPath: /etc/kubernetes/static-pod-certs + name: cert-dir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true hostNetwork: true priorityClassName: system-node-critical tolerations: @@ -371,3 +376,26 @@ ${COMPUTED_ENV_VARS} - hostPath: path: /etc/kubernetes name: config-dir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3600 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt diff --git a/pkg/cmd/backuprestore/backupnoconfig.go b/pkg/cmd/backuprestore/backupnoconfig.go index 0ff868c72a..beb1ac0316 100644 --- a/pkg/cmd/backuprestore/backupnoconfig.go +++ b/pkg/cmd/backuprestore/backupnoconfig.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "io" + "k8s.io/client-go/rest" "slices" backupv1alpha1 "github.com/openshift/api/config/v1alpha1" @@ -11,7 +12,6 @@ import ( prunebackups "github.com/openshift/cluster-etcd-operator/pkg/cmd/prune-backups" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/clientcmd" "k8s.io/klog/v2" "github.com/adhocore/gronx/pkg/tasker" @@ -20,11 +20,10 @@ import ( ) type backupNoConfig struct { - kubeConfig string - schedule string - timeZone string - retention backupv1alpha1.RetentionPolicy - scheduler *tasker.Tasker + schedule string + timeZone string + retention backupv1alpha1.RetentionPolicy + scheduler *tasker.Tasker backupOptions } @@ -93,14 +92,14 @@ func (b *backupNoConfig) Run() error { } func (b *backupNoConfig) getBackupClient() (backupv1client.BackupsGetter, error) { - kubeConfig, err := clientcmd.BuildConfigFromFlags("", b.kubeConfig) + config, err := rest.InClusterConfig() if err != nil { - bErr := fmt.Errorf("error loading kubeconfig: %v", err) + bErr := fmt.Errorf("error loading in-cluster kube client config: %v", err) klog.Error(bErr) return nil, bErr } - backupsClient, err := backupv1client.NewForConfig(kubeConfig) + backupsClient, err := backupv1client.NewForConfig(config) if err != nil { bErr := fmt.Errorf("error creating etcd backups client: %v", err) klog.Error(bErr) diff --git a/pkg/operator/etcd_assets/bindata.go b/pkg/operator/etcd_assets/bindata.go index bc28fa60dc..5904d6d24d 100644 --- a/pkg/operator/etcd_assets/bindata.go +++ b/pkg/operator/etcd_assets/bindata.go @@ -1257,6 +1257,11 @@ ${COMPUTED_ENV_VARS} name: backup-dir - mountPath: /etc/kubernetes name: config-dir + - mountPath: /etc/kubernetes/static-pod-certs + name: cert-dir + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: kube-api-access + readOnly: true hostNetwork: true priorityClassName: system-node-critical tolerations: @@ -1287,6 +1292,29 @@ ${COMPUTED_ENV_VARS} - hostPath: path: /etc/kubernetes name: config-dir + - name: kube-api-access + projected: + defaultMode: 420 + sources: + - serviceAccountToken: + expirationSeconds: 3600 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: openshift-service-ca.crt `) func etcdPodYamlBytes() ([]byte, error) {