open-cluster-management-io · openshift-merge-bot · Sep 24, 2025 · Aug 28, 2025 · Sep 9, 2025 · Sep 9, 2025
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -9,6 +9,9 @@ on:
         artifacts:
           required: false
           type: string
+        ginkgoLabelFilter:
+          required: false
+          type: string
 
 env:
   GO_REQUIRED_MIN_VERSION: ''
@@ -33,7 +36,8 @@ jobs:
 
       - name: Test E2E
         run: |
-          cd ${{ inputs.repo }} && make test-e2e
+          cd ${{ inputs.repo }}
+          LABEL_FILTER=${{ inputs.ginkgoLabelFilter }} make test-e2e
 
       - name: Upload Artifacts
         if: |

diff --git a/.github/workflows/planner.yml b/.github/workflows/planner.yml
@@ -3,7 +3,7 @@ name: Planner
 on:
   pull_request:
   pull_request_target:
-    types: [unlabeled]
+    types: [opened, labeled, unlabeled, reopened, synchronize, ready_for_review]
   workflow_dispatch:
 
 concurrency:
@@ -92,6 +92,50 @@ jobs:
 
         echo "Matrix: $matrixJson"
         echo "Artifacts: $artifacts_json"
+
+  extract-label-filter:
+    name: extract-label-filter
+    needs: generate-matrix
+    runs-on: ubuntu-latest
+    outputs:
+      ginkgoLabelFilter: ${{ steps.extract-label-filter.outputs.ginkgoLabelFilter }}
+    steps:
+    - name: Extract label filter
+      id: extract-label-filter
+      run: |
+        set -e
+        # Find labels that start with 'ginkgo-filter:'
+        LABELS="${{ join(github.event.pull_request.labels.*.name, ',') }}"
+
+        # Array to collect all filters
+        FILTERS=()
+
+        # Extract all ginkgo filters
+        for label in $(echo $LABELS | tr ',' '\n'); do
+          if [[ $label == ginkgo-filter:* ]]; then
+            # Extract the filter part after the prefix
+            FILTER="${label#ginkgo-filter:}"
+            echo "Found Ginkgo filter in label: $FILTER"
+            FILTERS+=("$FILTER")
+          fi
+        done
+
+        # If we have filters, combine them with OR operator
+        if [ ${#FILTERS[@]} -gt 0 ]; then
+          COMBINED_FILTER=""
+
+          # OR each filter
+          for i in "${!FILTERS[@]}"; do
+            if [ $i -eq 0 ]; then
+              COMBINED_FILTER="(${FILTERS[$i]})"
+            else
+              COMBINED_FILTER="$COMBINED_FILTER||(${FILTERS[$i]})"
+            fi
+          done
+
+          echo "Final ginkgo label filter: $COMBINED_FILTER"
+          echo "ginkgoLabelFilter=$COMBINED_FILTER" >> $GITHUB_OUTPUT
+        fi
 
   call-test:
     name: test
@@ -108,7 +152,9 @@ jobs:
 
   call-e2e:
     name: e2e
-    needs: generate-matrix
+    needs: 
+      - generate-matrix
+      - extract-label-filter
     if: |
       needs.generate-matrix.outputs.matrix != ''
     strategy:
@@ -118,4 +164,5 @@ jobs:
     with:
       repo: ${{ matrix.repo }}
       artifacts: ${{ fromJson(needs.generate-matrix.outputs.artifacts)[matrix.repo] }}
+      ginkgoLabelFilter: ${{ needs.extract-label-filter.outputs.ginkgoLabelFilter }}
     secrets: inherit
diff --git a/fleetconfig-controller/.dockerignore b/fleetconfig-controller/.dockerignore
@@ -1,3 +1,4 @@
 # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
 # Ignore build and test binaries.
 bin/
+tmp/
diff --git a/fleetconfig-controller/Makefile b/fleetconfig-controller/Makefile
@@ -117,6 +117,7 @@ test-unit: manifests generate fmt vet envtest ## Run unit tests.
 		-coverprofile=$(COVER_DIR)/unit/cover.out \
 		$(shell go list ./... | grep -v '/test/e2e')
 
+LABEL_FILTER ?= v1beta1
 .PHONY: test-e2e
 test-e2e: kind kubectl ginkgo support-bundle ## Run e2e tests in the top-level test directory.
 	@mkdir -p $(COVER_DIR)/e2e
@@ -125,7 +126,7 @@ test-e2e: kind kubectl ginkgo support-bundle ## Run e2e tests in the top-level t
 	$(GINKGO) run -vv \
 		--cover \
 		--coverpkg=./... \
-		--label-filter="fleetconfig" \
+		--label-filter="$(if $(LABEL_FILTER),$(LABEL_FILTER),v1beta1)" \
 		--output-dir=$(COVER_DIR)/e2e \
 		--timeout 20m \
 		./test/e2e/

diff --git a/fleetconfig-controller/PROJECT b/fleetconfig-controller/PROJECT
@@ -26,7 +26,7 @@ resources:
   path: github.com/open-cluster-management-io/lab/fleetconfig-controller/api/v1beta1
   version: v1beta1
   webhooks:
-    defaulting: true
+    defaulting: false
     validation: true
     webhookVersion: v1
 - api:
@@ -36,7 +36,7 @@ resources:
   path: github.com/open-cluster-management-io/lab/fleetconfig-controller/api/v1beta1
   version: v1beta1
   webhooks:
-    defaulting: true
+    defaulting: false
     validation: true
     webhookVersion: v1
 version: "3"
diff --git a/fleetconfig-controller/api/v1alpha1/fleetconfig_types.go b/fleetconfig-controller/api/v1alpha1/fleetconfig_types.go
@@ -23,10 +23,11 @@ import (
 	"sort"
 	"time"
 
-	"open-cluster-management.io/ocm/pkg/operator/helpers/chart"
-
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"open-cluster-management.io/ocm/pkg/operator/helpers/chart"
+
+	"github.com/open-cluster-management-io/lab/fleetconfig-controller/internal/args"
 )
 
 // FleetConfigSpec defines the desired state of FleetConfig.
@@ -675,6 +676,33 @@ func (r *ResourceValues) String() string {
 	return ""
 }
 
+// GetRequests returns the resource requests.
+func (r ResourceSpec) GetRequests() args.ResourceValues {
+	if r.Requests == nil {
+		return &ResourceValues{}
+	}
+	return r.Requests
+}
+
+// GetLimits returns the resource limits.
+func (r ResourceSpec) GetLimits() args.ResourceValues {
+	if r.Limits == nil {
+		return &ResourceValues{}
+	}
+	return r.Limits
+}
+
+// GetQosClass returns the QoS class.
+func (r ResourceSpec) GetQosClass() string {
+	return r.QosClass
+}
+
+// Ensure ResourceSpec implements args.ResourceSpec interface
+var _ args.ResourceSpec = (*ResourceSpec)(nil)
+
+// Ensure ResourceValues implements args.ResourceValues interface
+var _ args.ResourceValues = (*ResourceValues)(nil)
+
 // RegistrationAuth provides specifications for registration authentication.
 type RegistrationAuth struct {
 	// The registration authentication driver to use.

diff --git a/fleetconfig-controller/api/v1beta1/common.go b/fleetconfig-controller/api/v1beta1/common.go
@@ -0,0 +1,157 @@
+package v1beta1
+
+import (
+	"fmt"
+	"time"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/open-cluster-management-io/lab/fleetconfig-controller/internal/args"
+)
+
+// Kubeconfig is the configuration for a kubeconfig.
+type Kubeconfig struct {
+	// A reference to an existing secret containing a kubeconfig.
+	// Must be provided for remote clusters.
+	// For same-cluster, must be provided unless InCluster is set to true.
+	// +optional
+	SecretReference *SecretReference `json:"secretReference,omitempty"`
+
+	// If set, the kubeconfig will be read from the cluster.
+	// Only applicable for same-cluster operations.
+	// Defaults to false.
+	// +optional
+	InCluster bool `json:"inCluster,omitempty"`
+
+	// The context to use in the kubeconfig file.
+	// +optional
+	Context string `json:"context,omitempty"`
+}
+
+// SecretReference describes how to retrieve a kubeconfig stored as a secret in the same namespace as the resource.
+type SecretReference struct {
+	// The name of the secret.
+	// +required
+	Name string `json:"name"`
+
+	// The map key to access the kubeconfig. Defaults to 'kubeconfig'.
+	// +kubebuilder:default:="kubeconfig"
+	// +optional
+	KubeconfigKey string `json:"kubeconfigKey,omitempty"`
+}
+
+// ResourceSpec defines resource limits and requests for all managed clusters.
+type ResourceSpec struct {
+	// The resource limits of all the containers managed by the Cluster Manager or Klusterlet operators.
+	// +optional
+	Limits *ResourceValues `json:"limits,omitempty"`
+
+	// The resource requests of all the containers managed by the Cluster Manager or Klusterlet operators.
+	// +optional
+	Requests *ResourceValues `json:"requests,omitempty"`
+
+	// The resource QoS class of all the containers managed by the Cluster Manager or Klusterlet operators.
+	// One of Default, BestEffort or ResourceRequirement.
+	// +kubebuilder:validation:Enum=Default;BestEffort;ResourceRequirement
+	// +kubebuilder:default:="Default"
+	// +optional
+	QosClass string `json:"qosClass,omitempty"`
+}
+
+// ResourceValues detail container resource constraints.
+type ResourceValues struct {
+	// The number of CPU units to request, e.g., '800m'.
+	// +optional
+	CPU string `json:"cpu,omitempty"`
+
+	// The amount of memory to request, e.g., '8Gi'.
+	// +optional
+	Memory string `json:"memory,omitempty"`
+}
+
+// String returns a string representation of the resource values.
+func (r *ResourceValues) String() string {
+	if r.CPU != "" && r.Memory != "" {
+		return fmt.Sprintf("cpu=%s,memory=%s", r.CPU, r.Memory)
+	} else if r.CPU != "" {
+		return fmt.Sprintf("cpu=%s", r.CPU)
+	} else if r.Memory != "" {
+		return fmt.Sprintf("memory=%s", r.Memory)
+	}
+	return ""
+}
+
+// GetRequests returns the resource requests.
+func (r ResourceSpec) GetRequests() args.ResourceValues {
+	if r.Requests == nil {
+		return &ResourceValues{}
+	}
+	return r.Requests
+}
+
+// GetLimits returns the resource limits.
+func (r ResourceSpec) GetLimits() args.ResourceValues {
+	if r.Limits == nil {
+		return &ResourceValues{}
+	}
+	return r.Limits
+}
+
+// GetQosClass returns the QoS class.
+func (r ResourceSpec) GetQosClass() string {
+	return r.QosClass
+}
+
+// Ensure ResourceSpec implements args.ResourceSpec interface
+var _ args.ResourceSpec = (*ResourceSpec)(nil)
+
+// Ensure ResourceValues implements args.ResourceValues interface
+var _ args.ResourceValues = (*ResourceValues)(nil)
+
+// NewCondition returns a new v1beta1.Condition.
+func NewCondition(msg, cType string, status, wantStatus metav1.ConditionStatus) Condition {
+	return Condition{
+		Condition: metav1.Condition{
+			Status:             status,
+			Message:            msg,
+			Reason:             ReconcileSuccess,
+			Type:               cType,
+			LastTransitionTime: metav1.Time{Time: time.Now()},
+		},
+		WantStatus: wantStatus,
+	}
+}
+
+// Condition describes the state of a FleetConfig.
+type Condition struct {
+	metav1.Condition `json:",inline"`
+	WantStatus       metav1.ConditionStatus `json:"wantStatus"`
+}
+
+// Equal returns true if the condition is identical to the supplied condition, ignoring the LastTransitionTime.
+func (c Condition) Equal(other Condition) bool {
+	return c.Type == other.Type && c.Status == other.Status && c.WantStatus == other.WantStatus &&
+		c.Reason == other.Reason && c.Message == other.Message
+}
+
+// RegistrationAuth provides specifications for registration authentication.
+type RegistrationAuth struct {
+	// The registration authentication driver to use.
+	// Options are:
+	//  - csr: Use the default CSR-based registration authentication.
+	//  - awsirsa: Use AWS IAM Role for Service Accounts (IRSA) registration authentication.
+	// The set of valid options is open for extension.
+	// +kubebuilder:validation:Enum=csr;awsirsa
+	// +kubebuilder:default:="csr"
+	// +optional
+	Driver string `json:"driver,omitempty"`
+
+	// The Hub cluster ARN for awsirsa registration authentication. Required when Type is awsirsa, otherwise ignored.
+	// +optional
+	HubClusterARN string `json:"hubClusterARN,omitempty"`
+
+	// List of AWS EKS ARN patterns so any EKS clusters with these patterns will be auto accepted to join with hub cluster.
+	// Example pattern: "arn:aws:eks:us-west-2:123456789013:cluster/.*"
+	// +optional
+	AutoApprovedARNPatterns []string `json:"autoApprovedARNPatterns,omitempty"`
+}