Standardize the naming of karmada secrets in karmadactl method

seanlaii · seanlaii · commit 63e155002bc2 · 2025-03-15T14:15:55.000-04:00
Signed-off-by: wei-chenglai &lt;qazwsx0939059006@gmail.com&gt;
diff --git a/pkg/karmadactl/addons/descheduler/manifests.go b/pkg/karmadactl/addons/descheduler/manifests.go
@@ -49,9 +49,9 @@ spec:
             - --metrics-bind-address=0.0.0.0:8080
             - --health-probe-bind-address=0.0.0.0:10358
             - --leader-elect-resource-namespace={{ .Namespace }}
-            - --scheduler-estimator-ca-file=/etc/karmada/pki/ca.crt
-            - --scheduler-estimator-cert-file=/etc/karmada/pki/karmada.crt
-            - --scheduler-estimator-key-file=/etc/karmada/pki/karmada.key
+            - --scheduler-estimator-ca-file=/etc/karmada/pki//etc/karmada/pki/scheduler-estimator-client/ca.crt
+            - --scheduler-estimator-cert-file=/etc/karmada/pki/scheduler-estimator-client/tls.crt
+            - --scheduler-estimator-key-file=/etc/karmada/pki/scheduler-estimator-client/tls.key
             - --v=4
           livenessProbe:
             httpGet:
@@ -69,16 +69,16 @@ spec:
           volumeMounts:
             - name: karmada-config
               mountPath: /etc/karmada/config
-            - name: k8s-certs
-              mountPath: /etc/karmada/pki
+            - name: scheduler-estimator-client-cert
+              mountPath: /etc/karmada/pki/scheduler-estimator-client
               readOnly: true
       volumes:
         - name: karmada-config
           secret:
             secretName: karmada-descheduler-config
-        - name: k8s-certs
+        - name: scheduler-estimator-client-cert
           secret:
-            secretName: karmada-cert
+            secretName: karmada-descheduler-scheduler-estimator-client-cert
 `
 
 // DeploymentReplace is a struct to help to concrete
diff --git a/pkg/karmadactl/addons/estimator/manifests.go b/pkg/karmadactl/addons/estimator/manifests.go
@@ -49,9 +49,9 @@ spec:
             - /bin/karmada-scheduler-estimator
             - --kubeconfig=/etc/{{ .MemberClusterName}}-kubeconfig
             - --cluster-name={{ .MemberClusterName}}
-            - --grpc-auth-cert-file=/etc/karmada/pki/karmada.crt
-            - --grpc-auth-key-file=/etc/karmada/pki/karmada.key
-            - --grpc-client-ca-file=/etc/karmada/pki/ca.crt
+            - --grpc-auth-cert-file=/etc/karmada/pki/server/tls.crt
+            - --grpc-auth-key-file=/etc/karmada/pki/server/tls.key
+            - --grpc-client-ca-file=/etc/karmada/pki/server/ca.crt
             - --metrics-bind-address=0.0.0.0:8080
             - --health-probe-bind-address=0.0.0.0:10351
           livenessProbe:
@@ -68,16 +68,15 @@ spec:
               name: metrics
               protocol: TCP
           volumeMounts:
-            - name: k8s-certs
-              mountPath: /etc/karmada/pki
-              readOnly: true
+            - name: server-cert
+              mountPath: /etc/karmada/pki/server
             - name: member-kubeconfig
               subPath: {{ .MemberClusterName}}-kubeconfig
               mountPath: /etc/{{ .MemberClusterName}}-kubeconfig
       volumes:
-        - name: k8s-certs
+        - name: server-cert
           secret:
-            secretName: karmada-cert
+            secretName: karmada-scheduler-estimator-cert
         - name: member-kubeconfig
           secret:
             secretName: {{ .MemberClusterName}}-kubeconfig
diff --git a/pkg/karmadactl/addons/metricsadapter/manifests.go b/pkg/karmadactl/addons/metricsadapter/manifests.go
@@ -50,9 +50,9 @@ spec:
             - --kubeconfig=/etc/karmada/config/karmada.config
             - --authentication-kubeconfig=/etc/karmada/config/karmada.config
             - --authorization-kubeconfig=/etc/karmada/config/karmada.config
-            - --client-ca-file=/etc/karmada/pki/ca.crt
-            - --tls-cert-file=/etc/karmada/pki/karmada.crt
-            - --tls-private-key-file=/etc/karmada/pki/karmada.key
+            - --client-ca-file=/etc/karmada/pki/server/ca.crt
+            - --tls-cert-file=/etc/karmada/pki/server/tls.crt
+            - --tls-private-key-file=/etc/karmada/pki/server/tls.key
             - --audit-log-path=-
             - --audit-log-maxage=0
             - --audit-log-maxbackup=0
@@ -81,16 +81,15 @@ spec:
           volumeMounts:
             - name: karmada-config
               mountPath: /etc/karmada/config
-            - name: k8s-certs
-              mountPath: /etc/karmada/pki
-              readOnly: true
+            - name: server-cert
+              mountPath: /etc/karmada/pki/server
       volumes:
         - name: karmada-config
           secret:
             secretName: karmada-metrics-adapter-config
-        - name: k8s-certs
+        - name: server-cert
           secret:
-            secretName: karmada-cert
+            secretName: karmada-metrics-adapter-cert
 `
 
 	karmadaMetricsAdapterService = `
diff --git a/pkg/karmadactl/addons/metricsadapter/metricsadapter.go b/pkg/karmadactl/addons/metricsadapter/metricsadapter.go
@@ -37,6 +37,7 @@ import (
 	addonutils "github.com/karmada-io/karmada/pkg/karmadactl/addons/utils"
 	initkarmada "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/karmada"
 	"github.com/karmada-io/karmada/pkg/karmadactl/options"
+	"github.com/karmada-io/karmada/pkg/karmadactl/util"
 	cmdutil "github.com/karmada-io/karmada/pkg/karmadactl/util"
 	"github.com/karmada-io/karmada/pkg/util/names"
 )
@@ -190,9 +191,10 @@ func installComponentsOnKarmadaControlPlane(opts *addoninit.CommandAddonsEnableO
 	}
 
 	caCertName := fmt.Sprintf("%s.crt", options.CaCertAndKeyName)
-	karmadaCerts, err := opts.KubeClientSet.CoreV1().Secrets(opts.Namespace).Get(context.TODO(), options.KarmadaCertsName, metav1.GetOptions{})
+	certSecretName := util.GetComponentCertName(names.KarmadaMetricsAdapterComponentName)
+	karmadaCerts, err := opts.KubeClientSet.CoreV1().Secrets(opts.Namespace).Get(context.TODO(), certSecretName, metav1.GetOptions{})
 	if err != nil {
-		return fmt.Errorf("error when getting Secret %s/%s, which is used to fetch CaCert for building APIService: %+v", opts.Namespace, options.KarmadaCertsName, err)
+		return fmt.Errorf("error when getting Secret %s/%s, which is used to fetch CaCert for building APIService: %+v", opts.Namespace, certSecretName, err)
 	}
 
 	aaService := &corev1.Service{}
diff --git a/pkg/karmadactl/addons/search/manifests.go b/pkg/karmadactl/addons/search/manifests.go
@@ -50,11 +50,11 @@ spec:
             - --authentication-kubeconfig=/etc/karmada/config/karmada.config
             - --authorization-kubeconfig=/etc/karmada/config/karmada.config
             - --etcd-servers={{ .ETCDSevers }}
-            - --etcd-cafile=/etc/karmada/pki/etcd-ca.crt
-            - --etcd-certfile=/etc/karmada/pki/etcd-client.crt
-            - --etcd-keyfile=/etc/karmada/pki/etcd-client.key
-            - --tls-cert-file=/etc/karmada/pki/karmada.crt
-            - --tls-private-key-file=/etc/karmada/pki/karmada.key
+            - --etcd-cafile=/etc/karmada/pki/etcd-client/ca.crt
+            - --etcd-certfile=/etc/karmada/pki/etcd-client/tls.crt
+            - --etcd-keyfile=/etc/karmada/pki/etcd-client/tls.key
+            - --tls-cert-file=/etc/karmada/pki/server/tls.crt
+            - --tls-private-key-file=/etc/karmada/pki/server/tls.key
             - --tls-min-version=VersionTLS13
             - --audit-log-path=-
             - --audit-log-maxage=0
@@ -75,16 +75,21 @@ spec:
           volumeMounts:
             - name: karmada-config
               mountPath: /etc/karmada/config
-            - name: k8s-certs
-              mountPath: /etc/karmada/pki
+            - name: server-cert
+              mountPath: /etc/karmada/pki/server
               readOnly: true
+            - name: etcd-client-cert
+              mountPath: /etc/karmada/pki/etcd-client
       volumes:
         - name: karmada-config
           secret:
             secretName: karmada-search-config
-        - name: k8s-certs
+        - name: server-cert
           secret:
-            secretName: karmada-cert
+            secretName: karmada-search-cert
+        - name: etcd-client-cert
+          secret:
+            secretName: karmada-search-etcd-client-cert
 `
 
 	karmadaSearchService = `
diff --git a/pkg/karmadactl/addons/search/search.go b/pkg/karmadactl/addons/search/search.go
@@ -38,6 +38,7 @@ import (
 	addonutils "github.com/karmada-io/karmada/pkg/karmadactl/addons/utils"
 	initkarmada "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/karmada"
 	"github.com/karmada-io/karmada/pkg/karmadactl/options"
+	"github.com/karmada-io/karmada/pkg/karmadactl/util"
 	cmdutil "github.com/karmada-io/karmada/pkg/karmadactl/util"
 	"github.com/karmada-io/karmada/pkg/util/names"
 )
@@ -203,9 +204,10 @@ func installComponentsOnKarmadaControlPlane(opts *addoninit.CommandAddonsEnableO
 	}
 
 	caCertName := fmt.Sprintf("%s.crt", options.CaCertAndKeyName)
-	karmadaCerts, err := opts.KubeClientSet.CoreV1().Secrets(opts.Namespace).Get(context.TODO(), options.KarmadaCertsName, metav1.GetOptions{})
+	certSecretName := util.GetComponentCertName(names.KarmadaSearchComponentName)
+	karmadaCerts, err := opts.KubeClientSet.CoreV1().Secrets(opts.Namespace).Get(context.TODO(), certSecretName, metav1.GetOptions{})
 	if err != nil {
-		return fmt.Errorf("error when getting Secret %s/%s, which is used to fetch CaCert for building APIService: %+v", opts.Namespace, options.KarmadaCertsName, err)
+		return fmt.Errorf("error when getting Secret %s/%s, which is used to fetch CaCert for building APIService: %+v", opts.Namespace, certSecretName, err)
 	}
 
 	aaService := &corev1.Service{}
diff --git a/pkg/karmadactl/cmdinit/kubernetes/deployments.go b/pkg/karmadactl/cmdinit/kubernetes/deployments.go
diff --git a/pkg/karmadactl/util/global.go b/pkg/karmadactl/util/global.go
diff --git a/pkg/util/names/names.go b/pkg/util/names/names.go

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ import (`
`37`	`37`	`addonutils "github.com/karmada-io/karmada/pkg/karmadactl/addons/utils"`
`38`	`38`	`initkarmada "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/karmada"`
`39`	`39`	`"github.com/karmada-io/karmada/pkg/karmadactl/options"`
	`40`	`+ "github.com/karmada-io/karmada/pkg/karmadactl/util"`
`40`	`41`	`cmdutil "github.com/karmada-io/karmada/pkg/karmadactl/util"`
`41`	`42`	`"github.com/karmada-io/karmada/pkg/util/names"`
`42`	`43`	`)`
`@@ -190,9 +191,10 @@ func installComponentsOnKarmadaControlPlane(opts *addoninit.CommandAddonsEnableO`
`190`	`191`	`}`
`191`	`192`
`192`	`193`	`caCertName := fmt.Sprintf("%s.crt", options.CaCertAndKeyName)`
`193`		`- karmadaCerts, err := opts.KubeClientSet.CoreV1().Secrets(opts.Namespace).Get(context.TODO(), options.KarmadaCertsName, metav1.GetOptions{})`
	`194`	`+ certSecretName := util.GetComponentCertName(names.KarmadaMetricsAdapterComponentName)`
	`195`	`+ karmadaCerts, err := opts.KubeClientSet.CoreV1().Secrets(opts.Namespace).Get(context.TODO(), certSecretName, metav1.GetOptions{})`
`194`	`196`	`if err != nil {`
`195`		`- return fmt.Errorf("error when getting Secret %s/%s, which is used to fetch CaCert for building APIService: %+v", opts.Namespace, options.KarmadaCertsName, err)`
	`197`	`+ return fmt.Errorf("error when getting Secret %s/%s, which is used to fetch CaCert for building APIService: %+v", opts.Namespace, certSecretName, err)`
`196`	`198`	`}`
`197`	`199`
`198`	`200`	`aaService := &corev1.Service{}`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ import (`
`38`	`38`	`addonutils "github.com/karmada-io/karmada/pkg/karmadactl/addons/utils"`
`39`	`39`	`initkarmada "github.com/karmada-io/karmada/pkg/karmadactl/cmdinit/karmada"`
`40`	`40`	`"github.com/karmada-io/karmada/pkg/karmadactl/options"`
	`41`	`+ "github.com/karmada-io/karmada/pkg/karmadactl/util"`
`41`	`42`	`cmdutil "github.com/karmada-io/karmada/pkg/karmadactl/util"`
`42`	`43`	`"github.com/karmada-io/karmada/pkg/util/names"`
`43`	`44`	`)`
`@@ -203,9 +204,10 @@ func installComponentsOnKarmadaControlPlane(opts *addoninit.CommandAddonsEnableO`
`203`	`204`	`}`
`204`	`205`
`205`	`206`	`caCertName := fmt.Sprintf("%s.crt", options.CaCertAndKeyName)`
`206`		`- karmadaCerts, err := opts.KubeClientSet.CoreV1().Secrets(opts.Namespace).Get(context.TODO(), options.KarmadaCertsName, metav1.GetOptions{})`
	`207`	`+ certSecretName := util.GetComponentCertName(names.KarmadaSearchComponentName)`
	`208`	`+ karmadaCerts, err := opts.KubeClientSet.CoreV1().Secrets(opts.Namespace).Get(context.TODO(), certSecretName, metav1.GetOptions{})`
`207`	`209`	`if err != nil {`
`208`		`- return fmt.Errorf("error when getting Secret %s/%s, which is used to fetch CaCert for building APIService: %+v", opts.Namespace, options.KarmadaCertsName, err)`
	`210`	`+ return fmt.Errorf("error when getting Secret %s/%s, which is used to fetch CaCert for building APIService: %+v", opts.Namespace, certSecretName, err)`
`209`	`211`	`}`
`210`	`212`
`211`	`213`	`aaService := &corev1.Service{}`