Fix error with update

Signed-off-by: Jian Qiu <jqiu@redhat.com>
open-cluster-management-io · Oct 22, 2024 · 6e87681 · 6e87681
1 parent 56eef67
commit 6e87681
Show file tree

Hide file tree

Showing 9 changed files with 34 additions and 19 deletions.
diff --git a/go.mod b/go.mod
@@ -1,8 +1,6 @@
 module open-cluster-management.io/multicluster-controlplane
 
-go 1.22.5
-
-toolchain go1.22.8
+go 1.22.8
 
 require (
 	github.com/onsi/ginkgo/v2 v2.20.0
@@ -30,9 +28,10 @@ require (
 	k8s.io/metrics v0.30.3
 	k8s.io/utils v0.0.0-20240310230437-4693a0247e57
 	open-cluster-management.io/api v0.15.0
-	open-cluster-management.io/managed-serviceaccount v0.6.0
+	open-cluster-management.io/managed-serviceaccount v0.7.0
 	open-cluster-management.io/ocm v0.15.0
 	open-cluster-management.io/sdk-go v0.15.0
+	sigs.k8s.io/cluster-inventory-api v0.0.0-20240730014211-ef0154379848
 	sigs.k8s.io/controller-runtime v0.18.5
 )
 
@@ -180,7 +179,6 @@ require (
 	k8s.io/pod-security-admission v0.30.3 // indirect
 	open-cluster-management.io/addon-framework v0.11.0 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect
-	sigs.k8s.io/cluster-inventory-api v0.0.0-20240730014211-ef0154379848 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect

diff --git a/go.sum b/go.sum
@@ -566,8 +566,8 @@ open-cluster-management.io/addon-framework v0.11.0 h1:ZJxphgHQ36VUJF0RIag+nzcEn5
 open-cluster-management.io/addon-framework v0.11.0/go.mod h1:ruMU8i/dciz3qCv2CQ46Cu1b7rkK7TpvB+W4bRwHf+I=
 open-cluster-management.io/api v0.15.0 h1:lRee1KOlGHZb2scTA7ff9E9Fxt2hJc7jpkHnaCbvkOU=
 open-cluster-management.io/api v0.15.0/go.mod h1:9erZEWEn4bEqh0nIX2wA7f/s3KCuFycQdBrPrRzi0QM=
-open-cluster-management.io/managed-serviceaccount v0.6.0 h1:qIi5T9WQJBuoGqnYGIktXbtqfQoiN2H9XU2P/6lAQiw=
-open-cluster-management.io/managed-serviceaccount v0.6.0/go.mod h1:G4LUTbZiyrB8c0+rqi/xnDmGlsg7Rdr4T7MPLCWhyQI=
+open-cluster-management.io/managed-serviceaccount v0.7.0 h1:OShodBB3i+rMXjR9xEF6ySp9yBeiiLlEOAKvPA2v3i4=
+open-cluster-management.io/managed-serviceaccount v0.7.0/go.mod h1:NNKqC+cePQ9HH0r7mb9CYSk/hXGsNYu9+K4YfcZTwAk=
 open-cluster-management.io/ocm v0.15.0 h1:anXQzvQUhM/DT8FcKVi4n8AY97IA5DVI0mb8R1wsvbs=
 open-cluster-management.io/ocm v0.15.0/go.mod h1:d6ubRiBaouiQ+yV+wFAmarpU7I77nXhkJnQJf8gLZC4=
 open-cluster-management.io/sdk-go v0.15.0 h1:2IAJnPfUoY6rPC5w7LhqAnvIlgekPoVW03LdZO1unIM=

diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go
@@ -125,7 +125,8 @@ func (o *AgentOptions) WithWorkloadSourceDriverConfig(hubKubeConfigFile string)
 }
 
 func (o *AgentOptions) RunAgent(ctx context.Context) error {
-	config := singletonspoke.NewAgentConfig(o.CommonOpts, o.RegistrationAgentOpts, o.WorkAgentOpts)
+	cancleCtx, cancel := context.WithCancel(ctx)
+	config := singletonspoke.NewAgentConfig(o.CommonOpts, o.RegistrationAgentOpts, o.WorkAgentOpts, cancel)
 	inClusterKubeConfig, err := rest.InClusterConfig()
 	if err != nil {
 		klog.Warningf("failed to get kubeconfig from cluster inside, will use '--kubeconfig' to build client")
@@ -156,9 +157,9 @@ func (o *AgentOptions) RunAgent(ctx context.Context) error {
 		OperatorNamespace: "open-cluster-management-agent",
 	}
 
-	go utilruntime.Must(config.RunSpokeAgent(ctx, controllerContext))
+	go utilruntime.Must(config.RunSpokeAgent(cancleCtx, controllerContext))
 
-	<-ctx.Done()
+	<-cancleCtx.Done()
 	return nil
 }
 

diff --git a/pkg/certificate/certchains/signers.go b/pkg/certificate/certchains/signers.go
@@ -336,7 +336,7 @@ func (s *CertificateSigner) SignServingCertificate(signInfo *ServingCertificateS
 	tlsConfig, _, err := s.signerConfig.EnsureServerCert(
 		ServingCertPath(certDir),
 		ServingKeyPath(certDir),
-		sets.NewString(signInfo.Hostnames...),
+		sets.New[string](signInfo.Hostnames...),
 		signInfo.ValidityDays,
 	)
 
@@ -354,7 +354,7 @@ func (s *CertificateSigner) SignServingCertificate(signInfo *ServingCertificateS
 func (s *CertificateSigner) SignPeerCertificate(signInfo *PeerCertificateSigningRequestInfo) error {
 	certDir := filepath.Join(s.signerDir, signInfo.Name)
 
-	hostnameSet := sets.NewString(signInfo.Hostnames...)
+	hostnameSet := sets.New[string](signInfo.Hostnames...)
 	if _, err := crypto.GetServerCert(
 		PeerCertPath(certDir),
 		PeerKeyPath(certDir),

diff --git a/pkg/controllers/kubecontroller/core.go b/pkg/controllers/kubecontroller/core.go
@@ -87,6 +87,7 @@ func startGarbageCollectorController(ctx context.Context, controllerContext Cont
 		ignoredResources[schema.GroupResource{Group: r.Group, Resource: r.Resource}] = struct{}{}
 	}
 	garbageCollector, err := garbagecollector.NewGarbageCollector(
+		ctx,
 		gcClientset,
 		metadataClient,
 		controllerContext.RESTMapper,

diff --git a/pkg/controllers/ocmcontroller/ocmcontroller.go b/pkg/controllers/ocmcontroller/ocmcontroller.go
@@ -3,6 +3,8 @@ package ocmcontroller
 
 import (
 	"context"
+	cpclientset "sigs.k8s.io/cluster-inventory-api/client/clientset/versioned"
+	cpinformerv1alpha1 "sigs.k8s.io/cluster-inventory-api/client/informers/externalversions"
 	"time"
 
 	"github.com/openshift/library-go/pkg/controller/controllercmd"
@@ -125,8 +127,14 @@ func runControllers(ctx context.Context,
 		return err
 	}
 
+	clusterProfileClient, err := cpclientset.NewForConfig(controllerContext.KubeConfig)
+	if err != nil {
+		return err
+	}
+
 	clusterInformers := clusterv1informers.NewSharedInformerFactory(clusterClient, 10*time.Minute)
 	workInformers := workinformers.NewSharedInformerFactory(workClient, 10*time.Minute)
+	clusterProfileInformers := cpinformerv1alpha1.NewSharedInformerFactory(clusterProfileClient, 30*time.Minute)
 	addOnInformers := addoninformers.NewSharedInformerFactory(addOnClient, 10*time.Minute)
 	dynamicInformers := dynamicinformer.NewDynamicSharedInformerFactory(dynamicClient, 10*time.Minute)
 
@@ -137,9 +145,11 @@ func runControllers(ctx context.Context,
 			kubeClient,
 			metadataClient,
 			clusterClient,
+			clusterProfileClient,
 			addOnClient,
 			kubeInformers,
 			clusterInformers,
+			clusterProfileInformers,
 			workInformers,
 			addOnInformers,
 		); err != nil {

diff --git a/pkg/servers/kubeapiserver.go b/pkg/servers/kubeapiserver.go
@@ -6,6 +6,7 @@ package servers
 import (
 	"crypto/tls"
 	"fmt"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"net/http"
 	"net/url"
 	"time"
@@ -264,6 +265,8 @@ func buildGenericConfig(
 		return
 	}
 
+	ctx := wait.ContextForChannel(genericConfig.DrainedNotify())
+
 	authorizationConfig := options.Authorization.ToAuthorizationConfig(versionedInformers)
 	if genericConfig.EgressSelector != nil {
 		egressDialer, err := genericConfig.EgressSelector.Lookup(egressselector.ControlPlane.AsNetworkContext())
@@ -273,7 +276,7 @@ func buildGenericConfig(
 		}
 		authorizationConfig.CustomDial = egressDialer
 	}
-	genericConfig.Authorization.Authorizer, genericConfig.RuleResolver, err = authorizationConfig.New()
+	genericConfig.Authorization.Authorizer, genericConfig.RuleResolver, err = authorizationConfig.New(ctx, genericConfig.APIServerID)
 	if err != nil {
 		lastErr = fmt.Errorf("invalid authorization config: %v", err)
 		return
@@ -292,7 +295,7 @@ func buildGenericConfig(
 		LoopbackClientConfig: genericConfig.LoopbackClientConfig,
 	}
 	serviceResolver = buildServiceResolver(options.EnableAggregatorRouting, genericConfig.LoopbackClientConfig.Host, versionedInformers)
-	pluginInitializers, admissionPostStartHook, err = admissionConfig.New(proxyTransport, genericConfig.EgressSelector,
+	pluginInitializers, err = admissionConfig.New(proxyTransport, genericConfig.EgressSelector,
 		serviceResolver, genericConfig.TracerProvider)
 	if err != nil {
 		lastErr = fmt.Errorf("failed to create admission plugin initializer: %v", err)

diff --git a/pkg/servers/options/authentication.go b/pkg/servers/options/authentication.go
@@ -495,7 +495,7 @@ func (o *BuiltInAuthenticationOptions) ToAuthenticationConfig() (kubeauthenticat
 	}
 
 	if ret.AuthenticationConfig != nil {
-		if err := apiservervalidation.ValidateAuthenticationConfiguration(ret.AuthenticationConfig).ToAggregate(); err != nil {
+		if err := apiservervalidation.ValidateAuthenticationConfiguration(ret.AuthenticationConfig, []string{}).ToAggregate(); err != nil {
 			return kubeauthenticator.Config{}, err
 		}
 	}
@@ -603,7 +603,7 @@ func (o *BuiltInAuthenticationOptions) ApplyTo(authInfo *genericapiserver.Authen
 	authenticators := []authenticator.Request{}
 
 	// var openAPIV3SecuritySchemes spec3.SecuritySchemes
-	authenticator, openAPIV2SecurityDefinitions, openAPIV3SecuritySchemes, err := authenticatorConfig.New()
+	authenticator, _, openAPIV2SecurityDefinitions, openAPIV3SecuritySchemes, err := authenticatorConfig.New(context.Background())
 	if err != nil {
 		return err
 	}

diff --git a/pkg/servers/options/plugins.go b/pkg/servers/options/plugins.go
@@ -7,6 +7,7 @@ package options
 // This should probably be part of some configuration fed into the build for a
 // given binary target.
 import (
+	validatingadmissionpolicy "k8s.io/apiserver/pkg/admission/plugin/policy/validating"
 	certapproval "k8s.io/kubernetes/plugin/pkg/admission/certificates/approval"
 	certsigning "k8s.io/kubernetes/plugin/pkg/admission/certificates/signing"
 	certsubjectrestriction "k8s.io/kubernetes/plugin/pkg/admission/certificates/subjectrestriction"
@@ -49,9 +50,10 @@ var AllOrderedPlugins = []string{
 	// new admission plugins should generally be inserted above here
 	// webhook, resourcequota, and deny plugins must go at the end
 
-	mutatingwebhook.PluginName,   // MutatingAdmissionWebhook
-	validatingwebhook.PluginName, // ValidatingAdmissionWebhook
-	resourcequota.PluginName,     // ResourceQuota
+	mutatingwebhook.PluginName,           // MutatingAdmissionWebhook
+	validatingwebhook.PluginName,         // ValidatingAdmissionWebhook
+	validatingadmissionpolicy.PluginName, // ValidatingAdmissionPolicy
+	resourcequota.PluginName,             // ResourceQuota
 }
 
 // RegisterAllAdmissionPlugins registers all admission plugins.