update serverURL and CABundle if ManagedCluster is created before reg… #270
Conversation
ivan-cai
force-pushed
the
update_clientconfigs_for_cluster
branch
from
5ac4072
to
c387d7d
Compare
|
@qiujian16 plz review. |
| if len(c.spokeExternalServerURLs) != 0 { | ||
| for _, serverURL := range c.spokeExternalServerURLs { | ||
| managedClusterClientConfigs = append(managedClusterClientConfigs, clusterv1.ClientConfig{ | ||
| URL: serverURL, |
There was a problem hiding this comment.
we need to consider the case that user update this, we should not update this back from agent
There was a problem hiding this comment.
we need to consider the case that user update this, we should not update this back from agent
@qiujian16 ok, I have change the condition for updating this in https://github.com/open-cluster-management-io/registration/pull/270/files#diff-0b36934623fbbd233f2529b6c4e12a550c7a7537f8d1223070b2c2748140cdb9R74
Plz review again, thx.
…istration-agent running Signed-off-by: ivan-cai <caijing.cai@alibaba-inc.com>
ivan-cai
force-pushed
the
update_clientconfigs_for_cluster
branch
from
c387d7d
to
d2bcaff
Compare
| clusterCopy := existingCluster.DeepCopy() | ||
| clusterCopy.Spec.ManagedClusterClientConfigs = managedClusterClientConfigs | ||
| if _, err := c.hubClusterClient.ClusterV1().ManagedClusters().Update(ctx, clusterCopy, metav1.UpdateOptions{}); err != nil { | ||
| return fmt.Errorf("unable to update ManagedClusterClientConfigs of managed cluster %q on hub: %w", c.clusterName, err) |
There was a problem hiding this comment.
we should also ignore Unauthorized error here
| switch { | ||
| case errors.IsUnauthorized(err), | ||
| errors.IsForbidden(err) && strings.Contains(err.Error(), anonymous): | ||
| klog.V(4).Infof("unable to get the managed cluster %q from hub: %v", c.clusterName, err) | ||
| return nil | ||
| case errors.IsNotFound(err): | ||
| case err == nil: | ||
| if len(existingCluster.Spec.ManagedClusterClientConfigs) == 0 && len(managedClusterClientConfigs) > 0 { |
There was a problem hiding this comment.
do you think it is makes more sense if we check the ManagedClusterClientConfigs in clusters include the managedClusterClientConfigs, if not, merge it?
…nore Unauthorized error Signed-off-by: ivan-cai <caijing.cai@alibaba-inc.com>
|
@qiujian16 I have refactored the codes, and merged serverUrl. I have also ingored the Unauthorized error. |
| Name: c.clusterName, | ||
| }, | ||
| // create ManagedCluster if not found | ||
| if err != nil && errors.IsNotFound(err) { |
There was a problem hiding this comment.
nit, err!=nil is not necessary
There was a problem hiding this comment.
@qiujian16
err != nil is necessary, because I am not check err == nil before this.
There was a problem hiding this comment.
i think
if errors.IsNotFound(err)
indicate err!=nil already
There was a problem hiding this comment.
i think
if errors.IsNotFound(err)indicate err!=nil already
done
| case errors.IsUnauthorized(err), | ||
| errors.IsForbidden(err) && strings.Contains(err.Error(), anonymous): | ||
| existingCluster, err := c.hubClusterClient.ClusterV1().ManagedClusters().Get(ctx, c.clusterName, metav1.GetOptions{}) | ||
| if err != nil && (errors.IsUnauthorized(err) || errors.IsForbidden(err) && strings.Contains(err.Error(), anonymous)) { |
There was a problem hiding this comment.
if errors.IsUnauthorized(err) || errors.IsForbidden(err)
do we really need to check anonymous?
Also pls add a comment here on why we return when unauthorized.
There was a problem hiding this comment.
also use skipUnauthorizedError here
There was a problem hiding this comment.
also use skipUnauthorizedError here
@qiujian16 if use skipUnauthorizedError, here will beif err != nil && skipUnauthorizedError(err) == nil && strings.Contains(err.Error(), anonymous), is it ok?
There was a problem hiding this comment.
also use skipUnauthorizedError here
done @qiujian16
| } | ||
|
|
||
| _, err = c.hubClusterClient.ClusterV1().ManagedClusters().Create(ctx, managedCluster, metav1.CreateOptions{}) | ||
| if err != nil { |
There was a problem hiding this comment.
I think you would want to skip unauthorized here also?
It is better if we have a func skipUnauthorizedError(err error) error. So we can use it when run get/update/create
…ror when creating ManagedCluster Signed-off-by: ivan-cai <caijing.cai@alibaba-inc.com>
Signed-off-by: ivan-cai <caijing.cai@alibaba-inc.com>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ivan-cai, qiujian16 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…istration-agent running
Sometimes, ManagedCluster is created before deploy klusterlet, we want registration-agent can also update serverURL and CABundle from Klusterlet CR while it is running.
cluster-gateway will use serverURL and CABundle in ManagedCluster if ClusterEndpointType is
ConstnotClusterProxy.Signed-off-by: ivan-cai caijing.cai@alibaba-inc.com