search

karmada-io / karmada

Open, Multi-Cloud, Multi-Cluster Kubernetes Orchestration
https://karmada.io
Apache License 2.0
4.49k stars 888 forks source link

Issue with Missing `karmada-cert` Secret When Enabling Addons Using `karmadactl` #5345

Open mohamedawnallah opened 3 months ago

mohamedawnallah commented 3 months ago

Please provide an in-depth description of the question you have:

I am encountering an issue while using the hack/local-up-karmada.sh script. The following secrets are generated in the karmada-system namespace within the karmada-host context:

karmada@dev:~$ kubectl get secret -n karmada-system --context karmada-host
NAME                  TYPE                DATA   AGE
karmada-cert-secret   Opaque              14     38m
kubeconfig            Opaque              1      38m
member1-kubeconfig    Opaque              1      37m
member2-kubeconfig    Opaque              1      37m
member3-kubeconfig    Opaque              1      37m
webhook-cert          kubernetes.io/tls   2      38m

When I run the following command:

karmadactl addons enable all -n karmada-system --context karmada-host --karmada-kubeconfig "$KUBECONFIG"

It fails because it expects a karmada-cert secret to exist in the karmada-system namespace within the karmada-host context. This expectation is set in pkg/karmadactl/options/global.go. Here is the full trace for this error:

[FAILED] Unexpected error:
      <exec.CodeExitError>:
      error running /home/karmada/go/bin/karmadactl --kubeconfig=/home/karmada/.kube/karmada.config --namespace=karmada-system addons enable all --karmada-kubeconfig /home/karmada/.kube/karmada.config --context karmada-host:
      Command stdout:

      stderr:
      I0810 01:18:00.024199  641766 enable_option.go:205] Start to enable addon karmada-metrics-adapter
      W0810 01:18:00.037006  641766 idempotency.go:44] Service karmada-metrics-adapter is existed, creation process will skip
      I0810 01:18:00.037023  641766 metricsadapter.go:152] Install karmada metrics adapter service on host cluster successfully
      I0810 01:18:01.057523  641766 metricsadapter.go:176] Install karmada metrics adapter deployment on host cluster successfully
      E0810 01:18:01.059581  641766 enable_option.go:207] Install addon karmada-metrics-adapter failed
      error: error when getting Secret karmada-system/karmada-cert, which is used to fetch CaCert for building APIService: secrets "karmada-cert" not found

What do you think about this question?

Since karmada-cert-secret and karmada-cert contain the same data, why not use just one secret instead of duplicating it?

Additional Context:

I was working on this e2e PR #5313 for the karmadactl addons command and had to copy the karmada-cert-secret to karmada-cert with the same content just for the karmadactl addons enable all command to work.

Environment:

liangyuanpeng commented 3 months ago

/cc @zhzhuang-zju @chaosi-zju

I remember there was an issue hoping to unify the cert path in all installation methods.

chaosi-zju commented 3 months ago

I remember there was an issue hoping to unify the cert path in all installation methods.

yes, we mentioned this problem in https://github.com/karmada-io/karmada/issues/5207#issuecomment-2230735165.

yet, not to unify the cert path, but to unify the secret name between different installation method.

however, since https://github.com/karmada-io/karmada/issues/5207#issuecomment-2230781857 here didn't think this is a problem, I didn't create a separate issue specifically to track it.