From 820d5b0149bc45a6097e0555b88a662fd3737bb2 Mon Sep 17 00:00:00 2001 From: DangPeng Liu Date: Wed, 19 Oct 2022 14:17:03 +0800 Subject: [PATCH] fix conversion webhook in hosted mode (#280) Signed-off-by: ldpliu Signed-off-by: ldpliu --- README.md | 16 +- ...ment.io_managedclustersets.crd-hosted.yaml | 146 ++++++++++++++++++ ...nager-registration-webhook-deployment.yaml | 2 + .../clustermanager_controller.go | 11 +- 4 files changed, 165 insertions(+), 10 deletions(-) create mode 100644 manifests/cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclustersets.crd-hosted.yaml diff --git a/README.md b/README.md index 302227867..ce03d03dd 100644 --- a/README.md +++ b/README.md @@ -116,13 +116,13 @@ We mainly provide deployment in two scenarios: apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane - extraPortMappings: - - containerPort: 30443 - hostPort: 30443 - protocol: TCP - - containerPort: 31443 - hostPort: 31443 - protocol: TCP + extraPortMappings: + - containerPort: 30443 + hostPort: 30443 + protocol: TCP + - containerPort: 31443 + hostPort: 31443 + protocol: TCP EOF kind create cluster --name managed ``` @@ -136,7 +136,7 @@ We mainly provide deployment in two scenarios: 3. Get the `EXTERNAL_HUB_KUBECONFIG` kubeconfig. ```shell - kind get kubeconfig --name kind-hub --internal > ./.external-hub-kubeconfig + kind get kubeconfig --name hub --internal > ./.external-hub-kubeconfig ``` 4. Switch to management cluster and deploy hub components. diff --git a/manifests/cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclustersets.crd-hosted.yaml b/manifests/cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclustersets.crd-hosted.yaml new file mode 100644 index 000000000..a543045ff --- /dev/null +++ b/manifests/cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclustersets.crd-hosted.yaml @@ -0,0 +1,146 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: managedclustersets.cluster.open-cluster-management.io +spec: + group: cluster.open-cluster-management.io + names: + kind: ManagedClusterSet + listKind: ManagedClusterSetList + plural: managedclustersets + shortNames: + - mclset + - mclsets + singular: managedclusterset + scope: Cluster + preserveUnknownFields: false + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="ClusterSetEmpty")].status + name: Empty + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: "ManagedClusterSet defines a group of ManagedClusters that user's workload can run on. A workload can be defined to deployed on a ManagedClusterSet, which mean: 1. The workload can run on any ManagedCluster in the ManagedClusterSet 2. The workload cannot run on any ManagedCluster outside the ManagedClusterSet 3. The service exposed by the workload can be shared in any ManagedCluster in the ManagedClusterSet \n In order to assign a ManagedCluster to a certian ManagedClusterSet, add a label with name `cluster.open-cluster-management.io/clusterset` on the ManagedCluster to refers to the ManagedClusterSet. User is not allow to add/remove this label on a ManagedCluster unless they have a RBAC rule to CREATE on a virtual subresource of managedclustersets/join. In order to update this label, user must have the permission on both the old and new ManagedClusterSet." + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the attributes of the ManagedClusterSet + type: object + default: + clusterSelector: + selectorType: LegacyClusterSetLabel + properties: + clusterSelector: + description: ClusterSelector represents a selector of ManagedClusters + type: object + default: + selectorType: LegacyClusterSetLabel + properties: + labelSelector: + description: LabelSelector define the general labelSelector which clusterset will use to select target managedClusters + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + selectorType: + description: SelectorType could only be "LegacyClusterSetLabel" or "LabelSelector" "LegacyClusterSetLabel" means to use label "cluster.open-cluster-management.io/clusterset:"" to select target clusters. "LabelSelector" means use labelSelector to select target managedClusters + type: string + default: LegacyClusterSetLabel + enum: + - LegacyClusterSetLabel + - LabelSelector + status: + description: Status represents the current status of the ManagedClusterSet + type: object + properties: + conditions: + description: Conditions contains the different condition statuses for this ManagedClusterSet. + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/cluster-manager/management/cluster-manager-registration-webhook-deployment.yaml b/manifests/cluster-manager/management/cluster-manager-registration-webhook-deployment.yaml index dfd67883f..761b97a0d 100644 --- a/manifests/cluster-manager/management/cluster-manager-registration-webhook-deployment.yaml +++ b/manifests/cluster-manager/management/cluster-manager-registration-webhook-deployment.yaml @@ -94,6 +94,7 @@ spec: name: kubeconfig readOnly: true {{ end }} + {{ if not .HostedMode }} - name: {{ .ClusterManagerName }}-registration-conversion-webhook image: {{ .RegistrationImage }} args: @@ -132,6 +133,7 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs name: webhook-secret readOnly: true + {{ end }} volumes: - name: webhook-secret secret: diff --git a/pkg/operators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go b/pkg/operators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go index b305886b5..d6a5b7ec1 100644 --- a/pkg/operators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go +++ b/pkg/operators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go @@ -48,13 +48,14 @@ var ( "managedclusters.cluster.open-cluster-management.io", } - namespaceResource = "cluster-manager/cluster-manager-namespace.yaml" + namespaceResource = "cluster-manager/cluster-manager-namespace.yaml" + hostedClusterSetCrdFile = "cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclustersets.crd-hosted.yaml" + clusterSetCrdFile = "cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclustersets.crd.yaml" // crdResourceFiles should be deployed in the hub cluster hubCRDResourceFiles = []string{ "cluster-manager/hub/0000_00_addon.open-cluster-management.io_clustermanagementaddons.crd.yaml", "cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclusters.crd.yaml", - "cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclustersets.crd.yaml", "cluster-manager/hub/0000_00_work.open-cluster-management.io_manifestworks.crd.yaml", "cluster-manager/hub/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml", "cluster-manager/hub/0000_01_clusters.open-cluster-management.io_managedclustersetbindings.crd.yaml", @@ -780,6 +781,12 @@ func getSAs(clusterManagerName string) []string { func getHubResources(mode operatorapiv1.InstallMode, isRegistrationIPFormat, isWorkIPFormat, skipAddCRDs bool) []string { hubResources := []string{namespaceResource} if !skipAddCRDs { + //TODO: Currently, in hosted mode, clusterset only support v1beta1 version, will fix it in future releases + if mode == operatorapiv1.InstallModeHosted { + hubResources = append(hubResources, hostedClusterSetCrdFile) + } else { + hubResources = append(hubResources, clusterSetCrdFile) + } hubResources = append(hubResources, hubCRDResourceFiles...) }