Skip to content

SSH Key Namespace #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vknabel merged 1 commit into from
Jan 7, 2026
Merged

SSH Key Namespace #79

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ func main() {
shootTokenSecret string
shootTokenPath string
sshKeySecret string
sshKeySecretNamespace string
namespace string
gracefulShutdownTimeout time.Duration
reconcileInterval time.Duration
Expand All @@ -72,7 +73,7 @@ func main() {
flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
"Enable leader election for controller manager. "+
"Enabling this will ensure there is only one active controller manager")
flag.StringVar(&namespace, "namespace", "default", "the namespace this controller is running")
flag.StringVar(&namespace, "namespace", "", "the namespace this controller is running")
flag.DurationVar(&reconcileInterval, "reconcile-interval", 10*time.Minute, "duration after which a resource is getting reconciled at minimum")
flag.DurationVar(&firewallHealthTimeout, "firewall-health-timeout", 20*time.Minute, "duration after a created firewall not getting ready is considered dead")
flag.DurationVar(&createTimeout, "create-timeout", 10*time.Minute, "duration after which a firewall in the creation phase will be recreated")
Expand All @@ -88,10 +89,15 @@ func main() {
flag.StringVar(&shootKubeconfigSecret, "shoot-kubeconfig-secret-name", "", "the secret name of the generic kubeconfig for shoot access")
flag.StringVar(&shootTokenSecret, "shoot-token-secret-name", "", "the secret name of the token for shoot access")
flag.StringVar(&sshKeySecret, "ssh-key-secret-name", "", "the secret name of the ssh key for machine access")
flag.StringVar(&sshKeySecretNamespace, "ssh-key-secret-namespace", "", "the secret name of the ssh key for machine access")
flag.StringVar(&shootTokenPath, "shoot-token-path", "", "the path where to store the token file for shoot access")

flag.Parse()

if sshKeySecretNamespace == "" {
sshKeySecretNamespace = namespace
}

slogHandler, err := controllers.NewLogger(logLevel)
if err != nil {
ctrl.Log.WithName("setup").Error(err, "unable to parse log level")
Expand Down Expand Up @@ -130,6 +136,7 @@ func main() {
LeaderElectionID: "firewall-controller-manager-leader-election",
GracefulShutdownTimeout: &gracefulShutdownTimeout,
})

if err != nil {
log.Fatalf("unable to setup firewall-controller-manager %v", err)
}
Expand Down Expand Up @@ -196,7 +203,7 @@ func main() {
// secret for this controller and expose the access secrets through the firewall
// status resource, which can be read by the firewall-controller
// - the firewall-controller can then create a client from these secrets but
// it has to contiuously update the token file because the token will expire
// it has to continuously update the token file because the token will expire
// - we can re-use the same approach for this controller as well and do not have
// to do any additional mounts for the deployment of the controller
//
Expand Down Expand Up @@ -247,7 +254,7 @@ func main() {
ShootAPIServerURL: shootApiURL,
ShootAccess: externalShootAccess,
SSHKeySecretName: sshKeySecret,
SSHKeySecretNamespace: namespace,
SSHKeySecretNamespace: sshKeySecretNamespace,
ShootAccessHelper: internalShootAccessHelper,
Metal: mclient,
ClusterTag: fmt.Sprintf("%s=%s", tag.ClusterID, clusterID),
Expand Down