infrastructure-manager

Infrastructure manager

Overview

This project manages the Kyma cluster infrastructure. It's built using the kubebuilder framework.

It's currently responsible for generating and rotating Secrets containing dynamic kubeconfigs.

Prerequisites

• Access to a k8s cluster. You can use k3d to get a local cluster for testing or run against a remote cluster.
• kubectl

Installation

1. Clone the project.

git clone https://github.com/kyma-project/infrastructure-manager.git && cd infrastructure-manager/

1. Set the infrastructure-manager image name.

export IMG=custom-infrastructure-manager:0.0.1
export K3D_CLUSTER_NAME=infrastructure-manager-demo

1. Build the project.

make build

1. Build the image.

make docker-build

1. Push the image to the registry.

k3d cluster create $K3D_CLUSTER_NAME
k3d image import $IMG -c $K3D_CLUSTER_NAME

make docker-push

1. Deploy.

make deploy

1. Create a Secret with the Gardener credentials

export GARDENER_KUBECONFIG_PATH=<kubeconfig file for Gardener project> 
make gardener-secret-deploy

Usage

Infrastructure Manager is responsible for creating and rotating Secrets of clusters defined in the GardenerCluster custom resources (CRs). The sample CR is available here.

Time-based rotation

Secrets are rotated based on kubeconfig-expiration-time. See Configuration for more details.

Force rotation

It's possible to force the Secret rotation before the time-based rotation kicks in. To do that, add the operator.kyma-project.io/force-kubeconfig-rotation: "true" annotation to the GardenCluster CR.

Contributing

See CONTRIBUTING.md

Code of Conduct

See CODE_OF_CONDUCT.md

Licensing

See the LICENSE file