clusternet · byliu · Aug 8, 2022 · Aug 10, 2022 · Aug 10, 2022 · Aug 11, 2022
@@ -30,7 +30,7 @@ metadata:
   name: clusternet:agent:admin
 rules:
   - apiGroups: [ "" ]
-    resources: [ "pods", "nodes" ]
+    resources: [ "pods", "nodes", "events"]
     verbs: [ "get", "list", "watch" ]
   - apiGroups: ["metrics.k8s.io"]
     resources: ["pods", "nodes"]

@@ -131,6 +131,14 @@ spec:
                 description: APIServerURL indicates the advertising url/address of
                   managed Kubernetes cluster
                 type: string
+              apiserverURLOutCls:
+                description: APIServerURLOutCls indicates the advertising url/address of
+                  managed Kubernetes cluster, out-cluster
+                type: string
+              apiserverConfig:
+                description: apiserverConfig indicates the kube-config of
+                  managed Kubernetes cluster
+                type: string
               appPusher:
                 description: AppPusher indicates whether to allow parent cluster deploying
                   applications in Push or Dual Mode. Mainly for security concerns.

@@ -151,6 +151,8 @@ func NewAgent(registrationOpts *ClusterRegistrationOptions, controllerOpts *util
 		controllerOptions:      controllerOpts,
 		statusManager: NewStatusManager(
 			childKubeConfig.Host,
+			registrationOpts.ApiServerURLOutCls,
+			childKubeConfig.BearerToken,
 			registrationOpts,
 			childKubeClientSet,
 			metricClient,

@@ -25,6 +25,9 @@ const (
 	// ClusterRegistrationURL flag denotes the url of parent cluster
 	ClusterRegistrationURL = "cluster-reg-parent-url"
 
+	// ClusterServerURLOutCluster flag denotes the url of cluster
+	ClusterServerURLOutCluster = "cluster-server-url-out-cls"
+
 	// ClusterRegistrationToken flag is the token used to temporarily authenticate with parent cluster
 	// while registering as a child cluster.
 	ClusterRegistrationToken = "cluster-reg-token"

@@ -54,8 +54,9 @@ type ClusterRegistrationOptions struct {
 	// ClusterStatusCollectFrequency is the frequency at which the agent updates current cluster's status
 	ClusterStatusCollectFrequency metav1.Duration
 
-	ParentURL      string
-	BootstrapToken string
+	ParentURL          string
+	ApiServerURLOutCls string
+	BootstrapToken     string
 
 	// No tunnel logging by default
 	TunnelLogging bool
@@ -93,6 +94,8 @@ func (opts *ClusterRegistrationOptions) AddFlags(fs *pflag.FlagSet) {
 	// flags for cluster registration
 	fs.StringVar(&opts.ParentURL, ClusterRegistrationURL, opts.ParentURL,
 		"The parent cluster url you want to register to")
+	fs.StringVar(&opts.ApiServerURLOutCls, ClusterServerURLOutCluster, opts.ApiServerURLOutCls,
+		"The cluster api server url")
 	fs.StringVar(&opts.BootstrapToken, ClusterRegistrationToken, opts.BootstrapToken,
 		"The boostrap token is used to temporarily authenticate with parent cluster while registering "+
 			"a unregistered child cluster. On success, parent cluster credentials will be stored to a secret "+
@@ -150,6 +153,13 @@ func (opts *ClusterRegistrationOptions) Validate() []error {
 		}
 	}
 
+	if len(opts.ApiServerURLOutCls) > 0 {
+		_, err := url.ParseRequestURI(opts.ApiServerURLOutCls)
+		if err != nil {
+			allErrs = append(allErrs, fmt.Errorf("invalid value for --%s: %v", ClusterServerURLOutCluster, err))
+		}
+	}
+
 	if len(opts.ClusterName) > 0 {
 		if len(opts.ClusterName) > ClusterNameMaxLength {
 			allErrs = append(allErrs, fmt.Errorf("cluster name %s is longer than %d", opts.ClusterName, ClusterNameMaxLength))

@@ -54,6 +54,8 @@ type Manager struct {
 
 func NewStatusManager(
 	apiserverURL string,
+	apiserverURLOutCls string,
+	apiserverConfig string,
 	regOpts *ClusterRegistrationOptions,
 	kubeClient kubernetes.Interface,
 	metricClient *metricsv.Clientset,
@@ -63,6 +65,8 @@ func NewStatusManager(
 		statusReportFrequency: regOpts.ClusterStatusReportFrequency,
 		clusterStatusController: clusterstatus.NewController(
 			apiserverURL,
+			apiserverURLOutCls,
+			apiserverConfig,
 			kubeClient,
 			metricClient,
 			kubeInformerFactory,

@@ -231,6 +231,14 @@ type ManagedClusterStatus struct {
 	// +optional
 	APIServerURL string `json:"apiserverURL,omitempty"`
 
+	// APIServerURLOutCls indicates the advertising url/address of managed Kubernetes cluster, out-cluster
+	// +optional
+	APIServerURLOutCls string `json:"apiserverURLOutCls,omitempty"`
+
+	// APIServerConfig indicates the advertising config of managed Kubernetes cluster
+	// +optional
+	APIServerConfig string `json:"apiserverConfig,omitempty"`
+
 	// Healthz indicates the healthz status of the cluster
 	// which is deprecated since Kubernetes v1.16. Please use Livez and Readyz instead.
 	// Leave it here only for compatibility.

@@ -51,6 +51,8 @@ type Controller struct {
 	collectingPeriod   metav1.Duration
 	heartbeatFrequency metav1.Duration
 	apiserverURL       string
+	apiserverURLOutCls string
+	apiserverConfig    string
 	appPusherEnabled   bool
 	useSocket          bool
 	useMetricsServer   bool
@@ -66,6 +68,8 @@ type Controller struct {
 
 func NewController(
 	apiserverURL string,
+	apiserverURLOutCls string,
+	apiserverConfig string,
 	kubeClient kubernetes.Interface,
 	metricClient *metricsv.Clientset,
 	kubeInformerFactory informers.SharedInformerFactory,
@@ -81,6 +85,8 @@ func NewController(
 		collectingPeriod:      collectingPeriod,
 		heartbeatFrequency:    heartbeatFrequency,
 		apiserverURL:          apiserverURL,
+		apiserverURLOutCls:    apiserverURLOutCls,
+		apiserverConfig:       apiserverConfig,
 		appPusherEnabled:      utilfeature.DefaultFeatureGate.Enabled(features.AppPusher),
 		useSocket:             utilfeature.DefaultFeatureGate.Enabled(features.SocketConnection),
 		predictorEnable:       utilfeature.DefaultFeatureGate.Enabled(features.Predictor),
@@ -143,6 +149,8 @@ func (c *Controller) collectingClusterStatus(ctx context.Context) {
 	}
 
 	status.APIServerURL = c.apiserverURL
+	status.APIServerURLOutCls = c.apiserverURLOutCls
+	status.APIServerConfig = c.apiserverConfig
 	status.Healthz = c.getHealthStatus(ctx, "/healthz")
 	status.Livez = c.getHealthStatus(ctx, "/livez")
 	status.Readyz = c.getHealthStatus(ctx, "/readyz")

@@ -22,6 +22,8 @@ import (
 	"strings"
 	"time"
 
+	clusterlisters "github.com/clusternet/clusternet/pkg/generated/listers/clusters/v1beta1"
+
 	autoscalingapiv1 "k8s.io/api/autoscaling/v1"
 	crdinformers "k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions"
 	apiextensionsv1lister "k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1"
@@ -53,6 +55,7 @@ import (
 	shadowinstall "github.com/clusternet/clusternet/pkg/apis/shadow/install"
 	shadowapi "github.com/clusternet/clusternet/pkg/apis/shadow/v1alpha1"
 	clusternet "github.com/clusternet/clusternet/pkg/generated/clientset/versioned"
+	informers "github.com/clusternet/clusternet/pkg/generated/informers/externalversions"
 	applisters "github.com/clusternet/clusternet/pkg/generated/listers/apps/v1alpha1"
 	"github.com/clusternet/clusternet/pkg/registry/shadow/template"
 )
@@ -114,6 +117,8 @@ type ShadowAPIServer struct {
 
 	// namespace where Manifests are created
 	reservedNamespace string
+
+	mcLister clusterlisters.ManagedClusterLister
 }
 
 func NewShadowAPIServer(apiserver *genericapiserver.GenericAPIServer,
@@ -122,7 +127,8 @@ func NewShadowAPIServer(apiserver *genericapiserver.GenericAPIServer,
 	kubeRESTClient restclient.Interface, clusternetclient *clusternet.Clientset,
 	manifestLister applisters.ManifestLister, apiserviceLister apiservicelisters.APIServiceLister,
 	crdInformerFactory crdinformers.SharedInformerFactory,
-	reservedNamespace string) *ShadowAPIServer {
+	reservedNamespace string,
+	clusternetInformerFactory informers.SharedInformerFactory) *ShadowAPIServer {
 
 	return &ShadowAPIServer{
 		GenericAPIServer:    apiserver,
@@ -137,9 +143,11 @@ func NewShadowAPIServer(apiserver *genericapiserver.GenericAPIServer,
 		crdHandler: NewCRDHandler(
 			kubeRESTClient, clusternetclient, manifestLister, apiserviceLister,
 			crdInformerFactory.Apiextensions().V1().CustomResourceDefinitions(),
-			minRequestTimeout, maxRequestBodyBytes, admissionControl, apiserver.Authorizer, apiserver.Serializer, reservedNamespace),
+			minRequestTimeout, maxRequestBodyBytes, admissionControl, apiserver.Authorizer, apiserver.Serializer,
+			reservedNamespace, clusternetInformerFactory),
 		apiserviceLister:  apiserviceLister,
 		reservedNamespace: reservedNamespace,
+		mcLister:          clusternetInformerFactory.Clusters().V1beta1().ManagedClusters().Lister(),
 	}
 }
 
@@ -208,7 +216,8 @@ func (ss *ShadowAPIServer) InstallShadowAPIGroups(stopCh <-chan struct{}, cl dis
 			)
 			metav1.AddToGroupVersion(Scheme, groupVersion)
 
-			resourceRest := template.NewREST(ss.kubeRESTClient, ss.clusternetclient, runtime.NewParameterCodec(Scheme), ss.manifestLister, ss.reservedNamespace)
+			resourceRest := template.NewREST(ss.kubeRESTClient, ss.clusternetclient,
+				runtime.NewParameterCodec(Scheme), ss.manifestLister, ss.reservedNamespace, ss.mcLister)
 			resourceRest.SetNamespaceScoped(apiresource.Namespaced)
 			resourceRest.SetName(apiresource.Name)
 			resourceRest.SetShortNames(apiresource.ShortNames)

@@ -26,6 +26,10 @@ import (
 	"sync"
 	"time"
 
+	informers "github.com/clusternet/clusternet/pkg/generated/informers/externalversions"
+
+	clusterlisters "github.com/clusternet/clusternet/pkg/generated/listers/clusters/v1beta1"
+
 	"github.com/emicklei/go-restful"
 	autoscalingv1 "k8s.io/api/autoscaling/v1"
 	apiextensionshelpers "k8s.io/apiextensions-apiserver/pkg/apihelpers"
@@ -87,14 +91,17 @@ type crdHandler struct {
 
 	// namespace where Manifests are created
 	reservedNamespace string
+
+	mcLister clusterlisters.ManagedClusterLister
 }
 
 func NewCRDHandler(kubeRESTClient restclient.Interface, clusternetClient *clusternet.Clientset,
 	manifestLister applisters.ManifestLister, apiserviceLister apiservicelisters.APIServiceLister,
 	crdInformer apiextensionsinformers.CustomResourceDefinitionInformer,
 	minRequestTimeout int, maxRequestBodyBytes int64,
 	admissionControl admission.Interface, authorizer authorizer.Authorizer, serializer runtime.NegotiatedSerializer,
-	reservedNamespace string) *crdHandler {
+	reservedNamespace string,
+	clusternetInformerFactory informers.SharedInformerFactory) *crdHandler {
 	r := &crdHandler{
 		rootPrefix:          path.Join(genericapiserver.APIGroupPrefix, shadowapi.SchemeGroupVersion.String()),
 		kubeRESTClient:      kubeRESTClient,
@@ -110,6 +117,7 @@ func NewCRDHandler(kubeRESTClient restclient.Interface, clusternetClient *cluste
 		storages:            map[string]*template.REST{},
 		requestScopes:       map[string]*handlers.RequestScope{},
 		reservedNamespace:   reservedNamespace,
+		mcLister:            clusternetInformerFactory.Clusters().V1beta1().ManagedClusters().Lister(),
 	}
 	return r
 }
@@ -301,7 +309,7 @@ func (r *crdHandler) addStorage(crd *apiextensionsv1.CustomResourceDefinition) e
 		selfLinkPrefix = "/" + path.Join("apis", shadowapi.GroupName, shadowapi.SchemeGroupVersion.Version, "namespaces") + "/"
 	}
 
-	restStorage := template.NewREST(r.kubeRESTClient, r.clusternetClient, runtime.NewParameterCodec(Scheme), r.manifestLister, r.reservedNamespace)
+	restStorage := template.NewREST(r.kubeRESTClient, r.clusternetClient, runtime.NewParameterCodec(Scheme), r.manifestLister, r.reservedNamespace, r.mcLister)
 	restStorage.SetNamespaceScoped(crd.Spec.Scope == apiextensionsv1.NamespaceScoped)
 	restStorage.SetName(resource)
 	restStorage.SetShortNames(crd.Spec.Names.ShortNames)

@@ -331,7 +331,8 @@ func (hub *Hub) Run(ctx context.Context) error {
 					hub.clusternetInformerFactory.Apps().V1alpha1().Manifests().Lister(),
 					hub.aggregatorInformerFactory.Apiregistration().V1().APIServices().Lister(),
 					crdInformerFactory,
-					hub.options.ReservedNamespace)
+					hub.options.ReservedNamespace,
+					hub.clusternetInformerFactory)
 
 				crdInformerFactory.Start(postStartHookContext.StopCh)
 				return ss.InstallShadowAPIGroups(postStartHookContext.StopCh, hub.kubeClient.DiscoveryClient)