pub async fn run_bootstrap_multi_cluster(
namespace: &str,
service_account: &str,
server_override: Option<&str>,
allow_insecure: bool,
) -> Result<()>Expand description
Run the multi-cluster bootstrap process (bindy bootstrap multi-cluster).
Run this command against the queen-ship (bindy operator) cluster. It creates a
ServiceAccount, namespaced Role (ARecord CRUD + DNSZone read), and RoleBinding
on the queen-ship, generates a kubeconfig for that service account, and writes a
bindy.firestoned.io/remote-kubeconfig Secret manifest to stdout.
Apply the stdout output to the child (workload) cluster where scout runs:
bindy bootstrap mc | kubectl --context=<child-cluster> apply -f -Then configure the scout Deployment with:
BINDY_SCOUT_REMOTE_SECRET=<service-account>-remote-kubeconfig§Arguments
namespace- Namespace on the queen-ship where the SA and Role are createdservice_account- Name of the ServiceAccount to createserver_override- Optional API server URL to use in the kubeconfig instead of the address from KUBECONFIG. Required when the KUBECONFIG address is not reachable from inside the child cluster (e.g.https://172.18.0.3:6443for kind-to-kind).allow_insecure- Opt in to emittinginsecure-skip-tls-verify: truewhen the KUBECONFIG lackscertificate-authority-data. Defaults tofalse; the command refuses rather than silently distributing MITM-susceptible kubeconfigs.
§Errors
Returns error if KUBECONFIG is unreadable, the Kubernetes API calls fail, or a
CA bundle is missing and allow_insecure is false.