feat: agent add flag cluster-reg-parent-url

Signed-off-by: baoyiliu <baoyiliu@tencent.com>

manifests/crds/clusters.clusternet.io_managedclusters.yaml

@@ -131,6 +131,10 @@ spec:
                 description: APIServerURL indicates the advertising url/address of
                   managed Kubernetes cluster
                 type: string
+              apiserverURLOutCls:
+                description: APIServerURLOutCls indicates the advertising url/address of
+                  managed Kubernetes cluster, out-cluster
+                type: string
               apiserverConfig:
                 description: apiserverConfig indicates the kube-config of
                   managed Kubernetes cluster

pkg/agent/agent.go

@@ -151,6 +151,7 @@ func NewAgent(registrationOpts *ClusterRegistrationOptions, controllerOpts *util
 		controllerOptions:      controllerOpts,
 		statusManager: NewStatusManager(
 			childKubeConfig.Host,
+			registrationOpts.ApiServerURLOutCls,
 			childKubeConfig.BearerToken,
 			registrationOpts,
 			childKubeClientSet,

pkg/agent/constant.go

@@ -25,6 +25,9 @@ const (
 	// ClusterRegistrationURL flag denotes the url of parent cluster
 	ClusterRegistrationURL = "cluster-reg-parent-url"
 
+	// ClusterServerURLOutCluster flag denotes the url of cluster
+	ClusterServerURLOutCluster = "cluster-server-url-out-cls"
+
 	// ClusterRegistrationToken flag is the token used to temporarily authenticate with parent cluster
 	// while registering as a child cluster.
 	ClusterRegistrationToken = "cluster-reg-token"

pkg/agent/option.go

@@ -54,8 +54,9 @@ type ClusterRegistrationOptions struct {
 	// ClusterStatusCollectFrequency is the frequency at which the agent updates current cluster's status
 	ClusterStatusCollectFrequency metav1.Duration
 
-	ParentURL      string
-	BootstrapToken string
+	ParentURL          string
+	ApiServerURLOutCls string
+	BootstrapToken     string
 
 	// No tunnel logging by default
 	TunnelLogging bool
@@ -93,6 +94,8 @@ func (opts *ClusterRegistrationOptions) AddFlags(fs *pflag.FlagSet) {
 	// flags for cluster registration
 	fs.StringVar(&opts.ParentURL, ClusterRegistrationURL, opts.ParentURL,
 		"The parent cluster url you want to register to")
+	fs.StringVar(&opts.ApiServerURLOutCls, ClusterServerURLOutCluster, opts.ApiServerURLOutCls,
+		"The cluster api server url")
 	fs.StringVar(&opts.BootstrapToken, ClusterRegistrationToken, opts.BootstrapToken,
 		"The boostrap token is used to temporarily authenticate with parent cluster while registering "+
 			"a unregistered child cluster. On success, parent cluster credentials will be stored to a secret "+
@@ -150,6 +153,13 @@ func (opts *ClusterRegistrationOptions) Validate() []error {
 		}
 	}
 
+	if len(opts.ApiServerURLOutCls) > 0 {
+		_, err := url.ParseRequestURI(opts.ApiServerURLOutCls)
+		if err != nil {
+			allErrs = append(allErrs, fmt.Errorf("invalid value for --%s: %v", ClusterServerURLOutCluster, err))
+		}
+	}
+
 	if len(opts.ClusterName) > 0 {
 		if len(opts.ClusterName) > ClusterNameMaxLength {
 			allErrs = append(allErrs, fmt.Errorf("cluster name %s is longer than %d", opts.ClusterName, ClusterNameMaxLength))

pkg/agent/status_manager.go

@@ -54,6 +54,7 @@ type Manager struct {
 
 func NewStatusManager(
 	apiserverURL string,
+	apiserverURLOutCls string,
 	apiserverConfig string,
 	regOpts *ClusterRegistrationOptions,
 	kubeClient kubernetes.Interface,
@@ -64,6 +65,7 @@ func NewStatusManager(
 		statusReportFrequency: regOpts.ClusterStatusReportFrequency,
 		clusterStatusController: clusterstatus.NewController(
 			apiserverURL,
+			apiserverURLOutCls,
 			apiserverConfig,
 			kubeClient,
 			metricClient,

pkg/apis/clusters/v1beta1/types.go

@@ -231,6 +231,10 @@ type ManagedClusterStatus struct {
 	// +optional
 	APIServerURL string `json:"apiserverURL,omitempty"`
 
+	// APIServerURLOutCls indicates the advertising url/address of managed Kubernetes cluster, out-cluster
+	// +optional
+	APIServerURLOutCls string `json:"apiserverURLOutCls,omitempty"`
+
 	// APIServerConfig indicates the advertising config of managed Kubernetes cluster
 	// +optional
 	APIServerConfig string `json:"apiserverConfig,omitempty"`

pkg/controllers/clusters/clusterstatus/clusterstatus_controller.go

@@ -51,6 +51,7 @@ type Controller struct {
 	collectingPeriod   metav1.Duration
 	heartbeatFrequency metav1.Duration
 	apiserverURL       string
+	apiserverURLOutCls string
 	apiserverConfig    string
 	appPusherEnabled   bool
 	useSocket          bool
@@ -67,6 +68,7 @@ type Controller struct {
 
 func NewController(
 	apiserverURL string,
+	apiserverURLOutCls string,
 	apiserverConfig string,
 	kubeClient kubernetes.Interface,
 	metricClient *metricsv.Clientset,
@@ -83,6 +85,7 @@ func NewController(
 		collectingPeriod:      collectingPeriod,
 		heartbeatFrequency:    heartbeatFrequency,
 		apiserverURL:          apiserverURL,
+		apiserverURLOutCls:    apiserverURLOutCls,
 		apiserverConfig:       apiserverConfig,
 		appPusherEnabled:      utilfeature.DefaultFeatureGate.Enabled(features.AppPusher),
 		useSocket:             utilfeature.DefaultFeatureGate.Enabled(features.SocketConnection),
@@ -146,6 +149,7 @@ func (c *Controller) collectingClusterStatus(ctx context.Context) {
 	}
 
 	status.APIServerURL = c.apiserverURL
+	status.APIServerURLOutCls = c.apiserverURLOutCls
 	status.APIServerConfig = c.apiserverConfig
 	status.Healthz = c.getHealthStatus(ctx, "/healthz")
 	status.Livez = c.getHealthStatus(ctx, "/livez")

pkg/registry/shadow/template/rest.go

@@ -155,7 +155,7 @@ func (r *REST) setCClsCliToCache(clusterID string, client dynamic.Interface) {
 func (r *REST) newCClsCLi(clusterID string, cls *v1beta1.ManagedCluster) (dynamic.Interface, error) {
 	// TODO: need add child clusters certificates for security
 	config := &clientgorest.Config{
-		Host:            cls.Status.APIServerURL,
+		Host:            cls.Status.APIServerURLOutCls,
 		TLSClientConfig: clientgorest.TLSClientConfig{Insecure: true},
 		BearerToken:     cls.Status.APIServerConfig,
 	}