Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: agent report secret #1990

Merged
merged 1 commit into from
Jul 8, 2022
Merged

feat: agent report secret #1990

merged 1 commit into from
Jul 8, 2022

Conversation

CharlesQQ
Copy link
Contributor

@CharlesQQ CharlesQQ commented Jun 12, 2022
edited
Loading

Signed-off-by: charlesQQ charles_ali@qq.com

What type of PR is this?
/kind feature

What this PR does / why we need it:
Allowed karmada-agent report secret for Pull mode cluster

Which issue(s) this PR fixes:
Part of #1946

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

`karmada-agent`: Introduced `--report-secrets` flag to allow secrets to be reported to the Karmada control plane during registering.

@karmada-bot karmada-bot added the kind/feature Categorizes issue or PR as related to a new feature. label Jun 12, 2022
@karmada-bot karmada-bot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Jun 12, 2022
@CharlesQQ CharlesQQ force-pushed the cluster-pull-secret branch 2 times, most recently from 4285a60 to 3b194dc Compare June 12, 2022 08:14
@RainbowMango
Copy link
Member

Thanks @CharlesQQ
Have you tested it? Does it solve the issue addressed by #1946?

@karmada-bot karmada-bot added the do-not-merge/contains-merge-commits Indicates a PR which contains merge commits. label Jun 14, 2022
@CharlesQQ CharlesQQ force-pushed the cluster-pull-secret branch 2 times, most recently from ac9e92e to 1def733 Compare June 14, 2022 08:24
@karmada-bot karmada-bot removed the do-not-merge/contains-merge-commits Indicates a PR which contains merge commits. label Jun 14, 2022
@CharlesQQ
Copy link
Contributor Author

CharlesQQ commented Jun 14, 2022
edited
Loading

Have you tested it? Does it solve the issue addressed by #1946?

yes,I test it, karmada search can fetch cluster's resource in pull mode successfully, but sometimes, when restart karmada, karmada-search-controller might print log, whatever in push or pull mode:

I0614 15:13:55.311227      27 controller.go:170] Cluster member2 is not registered
W0614 15:56:54.931730      27 cache.go:96] SingleClusterInformerManager for cluster(member2) is nil.

I think it might aggregated-apiserver restarted and not started completely when karamda-search already started; so is might be necessary aggregated-apiserver running healthy when restarting karmada-search?

@CharlesQQ
Copy link
Contributor Author

/cc @RainbowMango

@RainbowMango
Copy link
Member

Sorry @CharlesQQ , I missed this PR, so busy these days.
I'll look at by this week.

Poor12
Poor12 reviewed Jun 23, 2022
View reviewed changes
cmd/agent/app/agent.go Outdated Show resolved Hide resolved
pkg/util/credential.go Outdated Show resolved Hide resolved
pkg/util/credential.go Outdated Show resolved Hide resolved
@CharlesQQ CharlesQQ force-pushed the cluster-pull-secret branch 2 times, most recently from 441d900 to 50f65db Compare June 23, 2022 09:27
Poor12
Poor12 reviewed Jun 23, 2022
View reviewed changes
cmd/agent/app/agent.go Outdated Show resolved Hide resolved
pkg/util/credential.go Outdated Show resolved Hide resolved
@Poor12
Copy link
Member

Poor12 commented Jun 24, 2022

Generally looks good to me.
cc @RainbowMango to check.

RainbowMango
RainbowMango reviewed Jun 24, 2022
View reviewed changes
cmd/agent/app/options/options.go Outdated
Comment on lines 114 to 155
fs.StringVar(&o.ClusterProvider, "cluster-provider", "", "Provider of the joining cluster.")
fs.StringVar(&o.ClusterRegion, "cluster-region", "", "The region of the joining cluster.")
fs.StringVar(&o.ClusterZone, "cluster-zone", "", "The zone of the joining cluster")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't combine these flags with this PR. This PR focus on reporting the secret thing.

You can do it by a separated PR. By the way, the --cluster-zone might need to update to --cluster-zones and it accepts a string. (The API part also needs an update).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can add provider, region, zone flags and related code in the next pr.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @CharlesQQ Why are the three flags still in this PR?

cmd/agent/app/options/options.go Outdated Show resolved Hide resolved
cmd/agent/app/options/options.go Outdated Show resolved Hide resolved
@karmada-bot karmada-bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jun 25, 2022
@CharlesQQ CharlesQQ force-pushed the cluster-pull-secret branch 2 times, most recently from 73e2225 to 6c92a44 Compare June 26, 2022 01:38
XiShanYongYe-Chang
XiShanYongYe-Chang reviewed Jun 27, 2022
View reviewed changes
Copy link
Member

@XiShanYongYe-Chang XiShanYongYe-Chang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks~

pkg/karmadactl/join.go Outdated Show resolved Hide resolved
pkg/util/credential.go Show resolved Hide resolved
cmd/agent/app/agent.go Show resolved Hide resolved
cmd/agent/app/agent.go Outdated
}
}
}
if opts.IsKubeImpersonatorEnabled() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if opts.IsKubeImpersonatorEnabled() if false?

Copy link
Contributor Author

@CharlesQQ CharlesQQ Jun 27, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if opts.IsKubeImpersonatorEnabled() if false?

if IsKubeCredentialsEnabled and IsKubeImpersonatorEnabled is false, mutateFunc is nil, and return err

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When IsKubeCredentialsEnabled and IsKubeImpersonatorEnabled are false, we need to create a Cluster object without them.

Copy link
Contributor Author

@CharlesQQ CharlesQQ Jun 28, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

got it!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic here still seems to be a bit problematic. When IsKubeImpersonatorEnabled is false, mutateFunc will be nil.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I don't understand clearly. When mutate is nill, do we just create an empty Cluster object?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When mutate is nill, do we just create an empty Cluster object?

Oh, that's really a problem

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

review again pls? @XiShanYongYe-Chang

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay~

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When report-secrets is {"KubeCredentials", "KubeImpersonator"}, only impersonator secret will be report.

I suggest to update like this:

--- a/cmd/agent/app/agent.go
+++ b/cmd/agent/app/agent.go
@@ -312,8 +312,7 @@ func startServiceExportController(ctx controllerscontext.Context) (bool, error)

 func generateClusterInControllerPlane(opts util.ClusterRegisterOption) (*clusterv1alpha1.Cluster, error) {
        clusterObj := &clusterv1alpha1.Cluster{ObjectMeta: metav1.ObjectMeta{Name: opts.ClusterName}}
-       var mutateFunc, tempFunc func(cluster *clusterv1alpha1.Cluster)
-       tempFunc = func(cluster *clusterv1alpha1.Cluster) {
+       mutateFunc := func(cluster *clusterv1alpha1.Cluster) {
                cluster.Spec.SyncMode = clusterv1alpha1.Pull
                cluster.Spec.APIEndpoint = opts.ClusterAPIEndpoint
                cluster.Spec.ProxyURL = opts.ProxyServerAddress
@@ -340,28 +339,22 @@ func generateClusterInControllerPlane(opts util.ClusterRegisterOption) (*cluster
                                cluster.Spec.ProxyURL = url.String()
                        }
                }
-       }
-       if opts.IsKubeCredentialsEnabled() {
-               mutateFunc = func(cluster *clusterv1alpha1.Cluster) {
-                       tempFunc(cluster)
+
+               if opts.IsKubeCredentialsEnabled() {
                        cluster.Spec.SecretRef = &clusterv1alpha1.LocalSecretReference{
                                Namespace: opts.Secret.Namespace,
                                Name:      opts.Secret.Name,
                        }
                }
-       }
-       if opts.IsKubeImpersonatorEnabled() {
-               mutateFunc = func(cluster *clusterv1alpha1.Cluster) {
-                       tempFunc(cluster)
+
+               if opts.IsKubeImpersonatorEnabled() {
                        cluster.Spec.ImpersonatorSecretRef = &clusterv1alpha1.LocalSecretReference{
                                Namespace: opts.ImpersonatorSecret.Namespace,
                                Name:      opts.ImpersonatorSecret.Name,
                        }
                }
        }
-       if mutateFunc == nil {
-               mutateFunc = tempFunc
-       }

@XiShanYongYe-Chang
Copy link
Member

/assign

RainbowMango
RainbowMango reviewed Jul 5, 2022
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @CharlesQQ for your hard work, and sorry for the delay.
I can focus on it this week.

Just a suggestion for get it easy to move this PR forward,
please keep PR as small as you can, and don't couple too much refactor work in it.

pkg/util/cluster.go Outdated Show resolved Hide resolved
pkg/util/cluster.go Outdated Show resolved Hide resolved
pkg/util/cluster_test.go Show resolved Hide resolved
cmd/agent/app/agent.go Outdated Show resolved Hide resolved
@CharlesQQ CharlesQQ force-pushed the cluster-pull-secret branch 2 times, most recently from 58a7b88 to 2f7acb6 Compare July 5, 2022 16:56
@RainbowMango
Copy link
Member

Thanks for your hard work.
Generally looks good to me.
But why the cluster-provider, --cluster-region and --cluster-zone are still in this PR?

@CharlesQQ
Copy link
Contributor Author

But why the cluster-provider, --cluster-region and --cluster-zone are still in this PR?

fixed, why e2e test failed?

@RainbowMango
Copy link
Member

Message: failed to create a ClusterClient: Secret "karmada-member1" not found

I'm not sure, but please rebase your code with the master, and push again.

@XiShanYongYe-Chang
Copy link
Member

XiShanYongYe-Chang commented Jul 6, 2022
edited
Loading

It's maybe not an occasional mistake:

Status:
  Conditions:
    Last Transition Time:  2022-07-06T05:31:55Z
    Message:               failed to create a ClusterClient: Secret "karmada-member1" not found
    Reason:                StatusCollectionFailed
    Status:                False
    Type:                  Ready
Events:                    <none>

For the Push mode cluster, we need to create both of those two secrets by default.

XiShanYongYe-Chang
XiShanYongYe-Chang reviewed Jul 6, 2022
View reviewed changes
Copy link
Member

@XiShanYongYe-Chang XiShanYongYe-Chang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to report KubeImpersonator by default, our CI needs this.

cmd/agent/app/agent.go Outdated
}
}
}
if opts.IsKubeImpersonatorEnabled() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When report-secrets is {"KubeCredentials", "KubeImpersonator"}, only impersonator secret will be report.

I suggest to update like this:

--- a/cmd/agent/app/agent.go
+++ b/cmd/agent/app/agent.go
@@ -312,8 +312,7 @@ func startServiceExportController(ctx controllerscontext.Context) (bool, error)

 func generateClusterInControllerPlane(opts util.ClusterRegisterOption) (*clusterv1alpha1.Cluster, error) {
        clusterObj := &clusterv1alpha1.Cluster{ObjectMeta: metav1.ObjectMeta{Name: opts.ClusterName}}
-       var mutateFunc, tempFunc func(cluster *clusterv1alpha1.Cluster)
-       tempFunc = func(cluster *clusterv1alpha1.Cluster) {
+       mutateFunc := func(cluster *clusterv1alpha1.Cluster) {
                cluster.Spec.SyncMode = clusterv1alpha1.Pull
                cluster.Spec.APIEndpoint = opts.ClusterAPIEndpoint
                cluster.Spec.ProxyURL = opts.ProxyServerAddress
@@ -340,28 +339,22 @@ func generateClusterInControllerPlane(opts util.ClusterRegisterOption) (*cluster
                                cluster.Spec.ProxyURL = url.String()
                        }
                }
-       }
-       if opts.IsKubeCredentialsEnabled() {
-               mutateFunc = func(cluster *clusterv1alpha1.Cluster) {
-                       tempFunc(cluster)
+
+               if opts.IsKubeCredentialsEnabled() {
                        cluster.Spec.SecretRef = &clusterv1alpha1.LocalSecretReference{
                                Namespace: opts.Secret.Namespace,
                                Name:      opts.Secret.Name,
                        }
                }
-       }
-       if opts.IsKubeImpersonatorEnabled() {
-               mutateFunc = func(cluster *clusterv1alpha1.Cluster) {
-                       tempFunc(cluster)
+
+               if opts.IsKubeImpersonatorEnabled() {
                        cluster.Spec.ImpersonatorSecretRef = &clusterv1alpha1.LocalSecretReference{
                                Namespace: opts.ImpersonatorSecret.Namespace,
                                Name:      opts.ImpersonatorSecret.Name,
                        }
                }
        }
-       if mutateFunc == nil {
-               mutateFunc = tempFunc
-       }

pkg/util/cluster.go Outdated Show resolved Hide resolved
@CharlesQQ CharlesQQ force-pushed the cluster-pull-secret branch 3 times, most recently from d42cedb to a397f78 Compare July 6, 2022 13:42
XiShanYongYe-Chang
XiShanYongYe-Chang reviewed Jul 7, 2022
View reviewed changes
Copy link
Member

@XiShanYongYe-Chang XiShanYongYe-Chang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

/lgtm

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Jul 7, 2022
@RainbowMango
Copy link
Member

Great! Seems we are ready to move this forward now.
Please help update the release-note part of the PR description since the flag name has changed.

And, before merging this patch, I want to confirm if this fixed the issue addressed by #1946, can you help to confirm that? (Please test with the latest patch)

@CharlesQQ
Copy link
Contributor Author

CharlesQQ commented Jul 7, 2022
edited
Loading

And, before merging this patch, I want to confirm if this fixed the issue addressed by #1946, can you help to confirm that?

yes, I test it,and karamda-search can fetch resource from cluster in pull mode sueecessfully, but if restart karamda and karmada-aggregated-apiserver not healthy, log print following message:

I0707 11:10:53.182584      25 controller.go:170] Cluster member1 is not registered
I0707 11:10:53.182596      25 controller.go:170] Cluster member2 is not registered

@CharlesQQ
feat: agent report secret
8738617 
Signed-off-by: charlesQQ <charles_ali@qq.com>
@karmada-bot karmada-bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 7, 2022
@RainbowMango
Copy link
Member

Did anything change in the force push?

@CharlesQQ
Copy link
Contributor Author

Did anything change in the force push?

yes,has code conflict in agent/app/options, because of last merge add new flag ProfileOpts

XiShanYongYe-Chang
XiShanYongYe-Chang reviewed Jul 8, 2022
View reviewed changes
Copy link
Member

@XiShanYongYe-Chang XiShanYongYe-Chang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

👍

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Jul 8, 2022
@RainbowMango
Copy link
Member

/approve

I can see the provider/region/zone logic still in this PR.
Given this PR has been delayed for a long time, let's merge it now.
But if we are not going to introduce the provider/region/zone logs, please remember to remove the redundant logic before v1.3. @XiShanYongYe-Chang

@karmada-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@karmada-bot karmada-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 8, 2022
@karmada-bot karmada-bot merged commit 821a185 into karmada-io:master Jul 8, 2022
@XiShanYongYe-Chang
Copy link
Member

But if we are not going to introduce the provider/region/zone logs, please remember to remove the redundant logic before v1.3. @XiShanYongYe-Chang

Ok~

@RainbowMango RainbowMango mentioned this pull request Jul 8, 2022
Merged
@nuclearwu nuclearwu mentioned this pull request Aug 8, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RainbowMango RainbowMango RainbowMango left review comments

@Poor12 Poor12 Poor12 left review comments

@XiShanYongYe-Chang XiShanYongYe-Chang XiShanYongYe-Chang left review comments

@Garrybest Garrybest Awaiting requested review from Garrybest

@lonelyCZ lonelyCZ Awaiting requested review from lonelyCZ

Assignees

@XiShanYongYe-Chang XiShanYongYe-Chang

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
Karmada Release 1.3
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@CharlesQQ @RainbowMango @Poor12 @XiShanYongYe-Chang @karmada-bot