Kyma Infrastructure Manager (KIM) manages the Kyma cluster infrastructure. It's built using the kubebuilder framework.
It's responsible for generating and rotating Secrets containing dynamic kubeconfigs.
- Access to a Kubernetes cluster. You can use k3d to get a local cluster for testing or run against a remote cluster.
- kubectl
-
Clone the project.
git clone https://github.com/kyma-project/infrastructure-manager.git && cd infrastructure-manager/
-
Set the
infrastructure-managerimage name.export IMG=custom-infrastructure-manager:0.0.1 export K3D_CLUSTER_NAME=infrastructure-manager-demo
-
Build the project.
make build
-
Build the image.
make docker-build
-
Push the image to the registry.
k3d
k3d cluster create $K3D_CLUSTER_NAME k3d image import $IMG -c $K3D_CLUSTER_NAME
Globally available Docker registry
make docker-push
-
Deploy.
make deploy
-
Create a Secret with the Gardener credentials.
export GARDENER_KUBECONFIG_PATH=<kubeconfig file for Gardener project> make gardener-secret-deploy
KIM is responsible for creating and rotating Secrets of clusters defined in the GardenerCluster custom resources (CRs). The sample CR is available in this YAML file.
Secrets are rotated based on kubeconfig-expiration-time. For more information, see Configuration.
It's possible to force the Secret rotation before the time-based rotation kicks in. To do that, add the operator.kyma-project.io/force-kubeconfig-rotation: "true" annotation to the GardenCluster CR.
See CONTRIBUTING.md
See the LICENSE file