fix: add kube-nest-admission-plugins flag for virtual-cluster operator

Signed-off-by: wangdepeng <wangdepeng_yewu@cmss.chinamobile.com>
OrangeBao · May 31, 2024 · 66125dc · 66125dc
1 parent ac96851
commit 66125dc
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 16 deletions.
diff --git a/cmd/kubenest/operator/app/options/options.go b/cmd/kubenest/operator/app/options/options.go
@@ -24,8 +24,9 @@ type KubernetesOptions struct {
 }
 
 type KubeNestOptions struct {
-	ForceDestroy bool
-	AnpMode      string
+	ForceDestroy     bool
+	AnpMode          string
+	AdmissionPlugins bool
 }
 
 func NewOptions() *Options {
@@ -55,4 +56,5 @@ func (o *Options) AddFlags(flags *pflag.FlagSet) {
 	flags.BoolVar(&o.KosmosJoinController, "kosmos-join-controller", false, "Turn on or off kosmos-join-controller.")
 	flags.BoolVar(&o.KubeNestOptions.ForceDestroy, "kube-nest-force-destroy", false, "Force destroy the node.If it set true.If set to true, Kubernetes will not evict the existing nodes on the node when joining nodes to the tenant's control plane, but will instead force destroy.")
 	flags.StringVar(&o.KubeNestOptions.AnpMode, "kube-nest-anp-mode", "tcp", "kube-apiserver network proxy mode, must be set to tcp or uds. uds mode the replicas for apiserver should be one, and tcp for multi apiserver replicas.")
+	flags.BoolVar(&o.KubeNestOptions.AdmissionPlugins, "kube-nest-admission-plugins", false, "kube-apiserver network disable-admission-plugins, false for - --disable-admission-plugins=License, true for remove the --disable-admission-plugins=License flag .")
 }
diff --git a/pkg/kubenest/controlplane/apiserver.go b/pkg/kubenest/controlplane/apiserver.go
@@ -8,13 +8,14 @@ import (
 	"k8s.io/apimachinery/pkg/util/yaml"
 	clientset "k8s.io/client-go/kubernetes"
 
+	"github.com/kosmos.io/kosmos/cmd/kubenest/operator/app/options"
 	"github.com/kosmos.io/kosmos/pkg/kubenest/constants"
 	"github.com/kosmos.io/kosmos/pkg/kubenest/manifest/controlplane/apiserver"
 	"github.com/kosmos.io/kosmos/pkg/kubenest/util"
 )
 
-func EnsureVirtualClusterAPIServer(client clientset.Interface, name, namespace string, portMap map[string]int32) error {
-	if err := installAPIServer(client, name, namespace, portMap); err != nil {
+func EnsureVirtualClusterAPIServer(client clientset.Interface, name, namespace string, portMap map[string]int32, opt *options.KubeNestOptions) error {
+	if err := installAPIServer(client, name, namespace, portMap, opt); err != nil {
 		return fmt.Errorf("failed to install virtual cluster apiserver, err: %w", err)
 	}
 	return nil
@@ -28,7 +29,7 @@ func DeleteVirtualClusterAPIServer(client clientset.Interface, name, namespace s
 	return nil
 }
 
-func installAPIServer(client clientset.Interface, name, namespace string, portMap map[string]int32) error {
+func installAPIServer(client clientset.Interface, name, namespace string, portMap map[string]int32, opt *options.KubeNestOptions) error {
 	imageRepository, imageVersion := util.GetImageMessage()
 	clusterIp, err := util.GetEtcdServiceClusterIp(namespace, name+constants.EtcdSuffix, client)
 	if err != nil {
@@ -41,6 +42,7 @@ func installAPIServer(client clientset.Interface, name, namespace string, portMa
 		Replicas                                                               int32
 		EtcdListenClientPort                                                   int32
 		ClusterPort                                                            int32
+		AdmissionPlugins                                                       bool
 	}{
 		DeploymentName:            fmt.Sprintf("%s-%s", name, "apiserver"),
 		Namespace:                 namespace,
@@ -53,6 +55,7 @@ func installAPIServer(client clientset.Interface, name, namespace string, portMa
 		Replicas:                  constants.ApiServerReplicas,
 		EtcdListenClientPort:      constants.ApiServerEtcdListenClientPort,
 		ClusterPort:               portMap[constants.ApiServerPortKey],
+		AdmissionPlugins:          opt.AdmissionPlugins,
 	})
 	if err != nil {
 		return fmt.Errorf("error when parsing virtual cluster apiserver deployment template: %w", err)

diff --git a/pkg/kubenest/manifest/controlplane/apiserver/mainfests_deployment.go b/pkg/kubenest/manifest/controlplane/apiserver/mainfests_deployment.go
@@ -90,6 +90,9 @@ spec:
         - --max-mutating-requests-inflight=500
         - --v=4
         - --advertise-address=$(PODIP)
+        {{ if not .AdmissionPlugins }}
+        - --disable-admission-plugins=License
+        {{ end }}
         livenessProbe:
           failureThreshold: 8
           httpGet:
@@ -222,6 +225,9 @@ spec:
         - --v=4
         - --advertise-address=$(PODIP)
         - --egress-selector-config-file=/etc/kubernetes/konnectivity-server-config/{{ .Namespace }}/{{ .Name }}/egress_selector_configuration.yaml
+        {{ if not .AdmissionPlugins }}
+        - --disable-admission-plugins=License
+        {{ end }}
         livenessProbe:
           failureThreshold: 8
           httpGet:

diff --git a/pkg/kubenest/tasks/anp.go b/pkg/kubenest/tasks/anp.go
@@ -3,7 +3,6 @@ package tasks
 import (
 	"context"
 	"fmt"
-	apiclient "github.com/kosmos.io/kosmos/pkg/kubenest/util/api-client"
 	"strings"
 
 	"github.com/pkg/errors"
@@ -21,6 +20,7 @@ import (
 	"github.com/kosmos.io/kosmos/pkg/kubenest/constants"
 	"github.com/kosmos.io/kosmos/pkg/kubenest/manifest/controlplane/apiserver"
 	"github.com/kosmos.io/kosmos/pkg/kubenest/util"
+	apiclient "github.com/kosmos.io/kosmos/pkg/kubenest/util/api-client"
 	"github.com/kosmos.io/kosmos/pkg/kubenest/workflow"
 )
 
@@ -70,17 +70,19 @@ func runAnpServer(r workflow.RunData) error {
 	portMap := data.HostPortMap()
 	// install egress_selector_configuration config map
 	egressSelectorConfig, err := util.ParseTemplate(apiserver.EgressSelectorConfiguration, struct {
-		Namespace       string
-		Name            string
-		AnpMode         string
-		ProxyServerPort int32
-		SvcName         string
+		Namespace        string
+		Name             string
+		AnpMode          string
+		ProxyServerPort  int32
+		SvcName          string
+		AdmissionPlugins bool
 	}{
-		Namespace:       namespace,
-		Name:            name,
-		ProxyServerPort: portMap[constants.ApiServerNetworkProxyServerPortKey],
-		SvcName:         fmt.Sprintf("%s-konnectivity-server.%s.svc.cluster.local", name, namespace),
-		AnpMode:         kubeNestOpt.AnpMode,
+		Namespace:        namespace,
+		Name:             name,
+		ProxyServerPort:  portMap[constants.ApiServerNetworkProxyServerPortKey],
+		SvcName:          fmt.Sprintf("%s-konnectivity-server.%s.svc.cluster.local", name, namespace),
+		AnpMode:          kubeNestOpt.AnpMode,
+		AdmissionPlugins: kubeNestOpt.AdmissionPlugins,
 	})
 	if err != nil {
 		return fmt.Errorf("failed to parse egress_selector_configuration config map template, err: %w", err)

diff --git a/pkg/kubenest/tasks/apiserver.go b/pkg/kubenest/tasks/apiserver.go
@@ -51,6 +51,7 @@ func runVirtualClusterAPIServer(r workflow.RunData) error {
 		data.GetName(),
 		data.GetNamespace(),
 		data.HostPortMap(),
+		data.KubeNestOpt(),
 	)
 	if err != nil {
 		return fmt.Errorf("failed to install virtual cluster apiserver component, err: %w", err)