Infrastructure manager
Overview
This project manages the Kyma cluster infrastructure. It's built using the kubebuilder framework.
It's currently responsible for generating and rotating Secrets containing dynamic kubeconfigs.
Prerequisites
- Access to a k8s cluster. You can use k3d to get a local cluster for testing or run against a remote cluster.
- kubectl
Installation
- Clone the project.
git clone https://github.com/kyma-project/infrastructure-manager.git && cd infrastructure-manager/
- Set the
infrastructure-manager
image name.
export IMG=custom-infrastructure-manager:0.0.1
export K3D_CLUSTER_NAME=infrastructure-manager-demo
- Build the project.
make build
- Build the image.
make docker-build
- Push the image to the registry.
k3d
k3d cluster create $K3D_CLUSTER_NAME
k3d image import $IMG -c $K3D_CLUSTER_NAME
Globally available Docker registry
make docker-push
- Deploy.
make deploy
- Create a Secret with the Gardener credentials
export GARDENER_KUBECONFIG_PATH=<kubeconfig file for Gardener project>
make gardener-secret-deploy
Usage
Infrastructure Manager is responsible for creating and rotating Secrets of clusters defined in the GardenerCluster
custom resources (CRs). The sample CR is available here.
Time-based rotation
Secrets are rotated based on kubeconfig-expiration-time
. See Configuration for more details.
Force rotation
It's possible to force the Secret rotation before the time-based rotation kicks in. To do that, add the operator.kyma-project.io/force-kubeconfig-rotation: "true"
annotation to the GardenCluster
CR.
Contributing
See CONTRIBUTING.md
Code of Conduct
See CODE_OF_CONDUCT.md
Licensing
See the LICENSE file