✨ Registration-agent supports multiple bootstrapkubeconfigs. #443
Conversation
...anager/olm-catalog/0.13.1/manifests/operator.open-cluster-management.io_clustermanagers.yaml
Outdated
Show resolved
Hide resolved
pkg/operator/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
Outdated
Show resolved
Hide resolved
xuezhaojun
force-pushed
the
feature-switch-hub
branch
2 times, most recently
from
7115d11
to
51b4c3b
Compare
Yes, I have split the PR and now it only contains registration part. |
xuezhaojun
force-pushed
the
feature-switch-hub
branch
3 times, most recently
from
649f468
to
55d1b74
Compare
xuezhaojun
changed the title
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #443 +/- ##
==========================================
+ Coverage 61.54% 62.09% +0.54%
==========================================
Files 133 142 +9
Lines 14078 11823 -2255
==========================================
- Hits 8665 7342 -1323
+ Misses 4664 3687 -977
- Partials 749 794 +45
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
xuezhaojun
changed the title
xuezhaojun
force-pushed
the
feature-switch-hub
branch
from
4645a2a
to
3b52b6e
Compare
xuezhaojun
force-pushed
the
feature-switch-hub
branch
2 times, most recently
from
eeeee2a
to
73f58c6
Compare
xuezhaojun
force-pushed
the
feature-switch-hub
branch
3 times, most recently
from
2baf7de
to
fa7196e
Compare
pkg/registration/spoke/spokeagent.go
Outdated
| @@ -411,6 +424,16 @@ func (o *SpokeAgentConfig) RunSpokeAgentWithSpokeInformers(ctx context.Context, | |||
| ) | |||
| } | |||
|
|
|||
| hubAcceptController := registration.NewHubAcceptController( | |||
| o.agentOptions.SpokeClusterName, | |||
There was a problem hiding this comment.
the agent will be unauthorized when accept is false. So this controller does not always work.
There was a problem hiding this comment.
Yes, the feature depends on the auto-approve enabled and configured, I will note this point in the doc in the future.
| ) | ||
|
|
||
| // bootstrapKubeConfigInUse is the registration spoke's current in used bootstrap kubeconfig. | ||
| type bootstrapKubeConfigInUse interface { |
There was a problem hiding this comment.
why interface, we always use the bootstrap kubeconfig from file system, isn't it?
There was a problem hiding this comment.
No, the current bootstrap kubeconfig used to trigger rebootstrap is based on the secret, and if in the future we want to change to another type such as file, then the interface is a good practice to prevent that change impact other parts of code.
|
|
||
| // ReSelect is the only public method of a bootstrapkubeconfigManager | ||
| func (m *bootstrapkubeconfigsManager) ReSelect(ctx context.Context) error { | ||
| if m.reselected { |
There was a problem hiding this comment.
when reslect will be set false again?
There was a problem hiding this comment.
Never in the same lifecycle, the pod will restart and in the next lifecycle of container, the reselect will be set as false initially.
pkg/registration/spoke/bootstrapkubeconfigsmanager/bootstrapkubeconfig.go
Outdated
Show resolved
Hide resolved
| if cluster.Spec.HubAcceptsClient { | ||
| return nil | ||
| } |
There was a problem hiding this comment.
If hubClientAccpet set to false, is there a controller to remove the clusterrole and prevent agent to get ManagedCluster?
There was a problem hiding this comment.
There was a problem hiding this comment.
Comment added: the hubAccpetController can only handle the case that "true" -> "false".
There was a problem hiding this comment.
PS: from this line of code we can see that an event is send to all watchers at the same time. So if the informer on the hub side and informer on the agent side will both get the update event.
pkg/registration/spoke/bootstrapkubeconfigsmanager/bootstrapkubeconfigsmanager.go
Show resolved
Hide resolved
pkg/registration/spoke/bootstrapkubeconfigsmanager/bootstrapkubeconfiginuse.go
Show resolved
Hide resolved
|
|
||
| type bootstrapKubeConfigInUseImpl struct { | ||
| secretName string | ||
| secretNamespace string |
There was a problem hiding this comment.
remove secretName and use from constant pkg.
There was a problem hiding this comment.
From the code we know, the spoke compoennt namespace is not always the defaultSpokeComponentNamespace, it depends on which ns the agent is installed, which means it's neccessary to keep the secretNamespace.
// NewAgentOptions returns the flags with default value set
func NewAgentOptions() *AgentOptions {
opts := &AgentOptions{
HubKubeconfigDir: "/spoke/hub-kubeconfig",
ComponentNamespace: defaultSpokeComponentNamespace,
CommoOpts: NewOptions(),
}
// get component namespace of spoke agent
nsBytes, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
if err == nil {
opts.ComponentNamespace = string(nsBytes)
}
return opts
}
pkg/registration/spoke/bootstrapkubeconfigsmanager/bootstrapkubeconfigsmanager.go
Outdated
Show resolved
Hide resolved
xuezhaojun
force-pushed
the
feature-switch-hub
branch
from
fa7196e
to
fc574c1
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: xuezhaojun The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
xuezhaojun
force-pushed
the
feature-switch-hub
branch
4 times, most recently
from
9719311
to
8ccb0b3
Compare
xuezhaojun
changed the title
xuezhaojun
changed the title
xuezhaojun
force-pushed
the
feature-switch-hub
branch
from
8ccb0b3
to
affc8c9
Compare
…hub. Signed-off-by: xuezhaojun <zxue@redhat.com>
xuezhaojun
force-pushed
the
feature-switch-hub
branch
from
affc8c9
to
983b8da
Compare
Summary
Klusterlet supports configure multiple bootstrapkubeconfigs and switch when hub doesn't accpet it or failed to connect to a hub.
Special Notes: