Infrastructure manager

Overview

This project manages the Kyma cluster infrastructure. It's built using the kubebuilder framework.

It's currently responsible for generating and rotating Secrets containing dynamic kubeconfigs.

Prerequisites

Access to a k8s cluster. You can use k3d to get a local cluster for testing or run against a remote cluster.
kubectl

Installation

Clone the project.

git clone https://github.com/kyma-project/infrastructure-manager.git && cd infrastructure-manager/

Set the infrastructure-manager image name.

export IMG=custom-infrastructure-manager:0.0.1
export K3D_CLUSTER_NAME=infrastructure-manager-demo

Build the project.

make build

Build the image.

make docker-build

Push the image to the registry.

k3d

```bash k3d cluster create $K3D_CLUSTER_NAME k3d image import $IMG -c $K3D_CLUSTER_NAME ```

Globally available Docker registry

```bash make docker-push ```

Deploy.

make deploy

Create a Secret with the Gardener credentials

export GARDENER_KUBECONFIG_PATH=<kubeconfig file for Gardener project> 
make gardener-secret-deploy

Usage

Infrastructure Manager is responsible for creating and rotating Secrets of clusters defined in the GardenerCluster custom resources (CRs). The sample CR is available here.

Time-based rotation

Secrets are rotated based on kubeconfig-expiration-time. See Configuration for more details.

Force rotation

It's possible to force the Secret rotation before the time-based rotation kicks in. To do that, add the operator.kyma-project.io/force-kubeconfig-rotation: "true" annotation to the GardenCluster CR.

Contributing

See CONTRIBUTING.md

Code of Conduct

See CODE_OF_CONDUCT.md

Licensing

See the LICENSE file

kyma-project / infrastructure-manager

readme