What would you like to be added:

standardize the naming of karmada secrets across different installation methods.

Why is this needed:

In karmada, here are two important secrets, which is mount by most karmada components. One is karmada-cert, which contains a series of cert files like ca.crt, apiserver.crt and so on; another is karmada-kubeconfig, which contains a kubeconfig of karmada-apiserver.

However, in different installation methods, we used inconsistent secret naming or file path naming, which can potentially cause some unnecessary problems, such as:

• As for secert/karmada-cert, is named karmada-cert-secret in local up method, while named karmada-cert in karmadactl method, which potentially caused:
  • Issue with Missing karmada-cert Secret When Enabling Addons Using karmadactl #5345
  • Encountered issues while installing scheduler estimator #5207
• In secert/karmada-cert, ca cert file is named ca.crt in local up method, while named server-ca.crt in helm method, which potentially caused:
  • Helm installation of scheduler-estimator fails with cert error #5322
• As for secert/karmada-kubeconfig, is named kubeconfig in karmadactl init and local up method, while named karmada-kubeconfig in helm method.
• In helm method, if I install karmada by helm install karmada-xxx ..., it will create a secret naming karmada-xxx-cert. Then if I install the single karmada-scheduler-estimator component by helm install karmada-scheduler-estimator-xxx --set installMode=component ..., the component will look for secret naming karmada-scheduler-estimator-xxx-cert, the name is inconsistent. In this case, since we cannot reuse the same .Release.Name when executing helm install, the secret name is not advised to be prefixed with .Release.Name.

How to do

I advise to standardize the naming of these karmada secrets like below in all installation methods:

• secretName: client-cert
  mountPath: /etc/karmada/pki/client (tls.crt、tls.key、ca.crt)

• secretName: server-cert
  mountPath: /etc/karmada/pki/server (tls.crt、tls.key、ca.crt)

• secretName: front-proxy-client-cert
  mountPath: /etc/karmada/pki/front-proxy-client (tls.crt、tls.key、ca.crt)

• secretName: etcd-client-cert
  mountPath: /etc/karmada/pki/etcd-client (tls.crt、tls.key、ca.crt)

• secretName: etcd-server-cert
  mountPath: /etc/karmada/pki/etcd-server (tls.crt、tls.key、ca.crt)

• secretName: webhook-server-cert
  mountPath: /etc/karmada/pki/webhook-server (tls.crt、tls.key、ca.crt)

• secretName: ca-key-pair
  mountPath: /etc/karmada/pki/ca (tls.crt、tls.key)

• secretName: karmada-config
  mountPath: /etc/karmada/config/karmada.config

Activities

• • local up method: standardize the naming of karmada secrets in local up method #5423
• • helm method: standardize the naming of karmada secrets in helm method #5426
• • karmadactl method: standardize the naming of karmada secrets in karmadactl method #5524
• • karmada operator method: standardize the naming of karmada secrets in operator method #5573