This project manages the Kyma cluster infrastructure. It's built using the kubebuilder framework.
It's currently responsible for generating and rotating Secrets containing dynamic kubeconfigs.
- Access to a k8s cluster. You can use k3d to get a local cluster for testing or run against a remote cluster.
- kubectl
- Clone the project.
git clone https://github.com/kyma-project/infrastructure-manager.git && cd infrastructure-manager/- Set the
infrastructure-managerimage name.
export IMG=custom-infrastructure-manager:0.0.1
export K3D_CLUSTER_NAME=infrastructure-manager-demo- Build the project.
make build- Build the image.
make docker-build- Push the image to the registry.
k3d
k3d cluster create $K3D_CLUSTER_NAME
k3d image import $IMG -c $K3D_CLUSTER_NAMEGlobally available Docker registry
make docker-push- Deploy.
make deploy- Create a Secret with the Gardener credentials
export GARDENER_KUBECONFIG_PATH=<kubeconfig file for Gardener project>
make gardener-secret-deployInfrastructure Manager is responsible for creating and rotating Secrets of clusters defined in the GardenerCluster custom resources (CRs). The sample CR is available here.
Secrets are rotated based on kubeconfig-expiration-time. See Configuration for more details.
It's possible to force the Secret rotation before the time-based rotation kicks in. To do that, add the operator.kyma-project.io/force-kubeconfig-rotation: "true" annotation to the GardenCluster CR.
See CONTRIBUTING.md
See the LICENSE file