Aggregated Kubernetes API Endpoint
The newly introduced karmada-aggregated-apiserver component aggregates all registered clusters and allows users to access member clusters through Karmada by the proxy endpoint.
For detailed discussion topic, see here.
Here's a quick start.
Quick start
To quickly experience this feature, we experimented with karmada-apiserver certificate.
Step1: Obtain the karmada-apiserver Certificate
For Karmada deployed using hack/local-up-karmada.sh, you can directly copy it from the $HOME/.kube/ directory.
cp $HOME/.kube/karmada.config karmada-apiserver.config
Step2: Grant permission to user system:admin
system:admin is the user for karmada-apiserver certificate. We need to grant the clusters/proxy permission to it explicitly.
Apply the following yaml file:
cluster-proxy-rbac.yaml:
unfold me to see the yaml
kubectl --kubeconfig $HOME/.kube/karmada.config --context karmada-apiserver apply -f cluster-proxy-rbac.yaml
Step3: Access member clusters
Run the below command (replace {clustername} with your actual cluster name):
kubectl --kubeconfig karmada-apiserver.config get --raw /apis/cluster.karmada.io/v1alpha1/clusters/{clustername}/proxy/api/v1/nodes
Or append /apis/cluster.karmada.io/v1alpha1/clusters/{clustername}/proxy to the server address of karmada-apiserver.config, and then you can directly use:
kubectl --kubeconfig karmada-apiserver.config get node
Note: For a member cluster that joins Karmada in pull mode and allows only cluster-to-karmada access, we can deploy apiserver-network-proxy (ANP) to access it.