-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update serverURL and CABundle if ManagedCluster is created before reg… #270
update serverURL and CABundle if ManagedCluster is created before reg… #270
Conversation
5ac4072
to
c387d7d
Compare
@qiujian16 plz review. |
if len(c.spokeExternalServerURLs) != 0 { | ||
for _, serverURL := range c.spokeExternalServerURLs { | ||
managedClusterClientConfigs = append(managedClusterClientConfigs, clusterv1.ClientConfig{ | ||
URL: serverURL, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need to consider the case that user update this, we should not update this back from agent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need to consider the case that user update this, we should not update this back from agent
@qiujian16 ok, I have change the condition for updating this in https://github.com/open-cluster-management-io/registration/pull/270/files#diff-0b36934623fbbd233f2529b6c4e12a550c7a7537f8d1223070b2c2748140cdb9R74
Plz review again, thx.
…istration-agent running Signed-off-by: ivan-cai <caijing.cai@alibaba-inc.com>
c387d7d
to
d2bcaff
Compare
clusterCopy := existingCluster.DeepCopy() | ||
clusterCopy.Spec.ManagedClusterClientConfigs = managedClusterClientConfigs | ||
if _, err := c.hubClusterClient.ClusterV1().ManagedClusters().Update(ctx, clusterCopy, metav1.UpdateOptions{}); err != nil { | ||
return fmt.Errorf("unable to update ManagedClusterClientConfigs of managed cluster %q on hub: %w", c.clusterName, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should also ignore Unauthorized error here
switch { | ||
case errors.IsUnauthorized(err), | ||
errors.IsForbidden(err) && strings.Contains(err.Error(), anonymous): | ||
klog.V(4).Infof("unable to get the managed cluster %q from hub: %v", c.clusterName, err) | ||
return nil | ||
case errors.IsNotFound(err): | ||
case err == nil: | ||
if len(existingCluster.Spec.ManagedClusterClientConfigs) == 0 && len(managedClusterClientConfigs) > 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you think it is makes more sense if we check the ManagedClusterClientConfigs in clusters include the managedClusterClientConfigs, if not, merge it?
…nore Unauthorized error Signed-off-by: ivan-cai <caijing.cai@alibaba-inc.com>
@qiujian16 I have refactored the codes, and merged serverUrl. I have also ingored the Unauthorized error. |
Name: c.clusterName, | ||
}, | ||
// create ManagedCluster if not found | ||
if err != nil && errors.IsNotFound(err) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit, err!=nil is not necessary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@qiujian16
err != nil is necessary, because I am not check err == nil before this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think
if errors.IsNotFound(err)
indicate err!=nil already
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think
if errors.IsNotFound(err)
indicate err!=nil already
done
case errors.IsUnauthorized(err), | ||
errors.IsForbidden(err) && strings.Contains(err.Error(), anonymous): | ||
existingCluster, err := c.hubClusterClient.ClusterV1().ManagedClusters().Get(ctx, c.clusterName, metav1.GetOptions{}) | ||
if err != nil && (errors.IsUnauthorized(err) || errors.IsForbidden(err) && strings.Contains(err.Error(), anonymous)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if errors.IsUnauthorized(err) || errors.IsForbidden(err)
do we really need to check anonymous?
Also pls add a comment here on why we return when unauthorized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also use skipUnauthorizedError here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also use skipUnauthorizedError here
@qiujian16 if use skipUnauthorizedError, here will beif err != nil && skipUnauthorizedError(err) == nil && strings.Contains(err.Error(), anonymous)
, is it ok?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also use skipUnauthorizedError here
done @qiujian16
} | ||
|
||
_, err = c.hubClusterClient.ClusterV1().ManagedClusters().Create(ctx, managedCluster, metav1.CreateOptions{}) | ||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you would want to skip unauthorized here also?
It is better if we have a func skipUnauthorizedError(err error) error
. So we can use it when run get/update/create
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@qiujian16 done!
…ror when creating ManagedCluster Signed-off-by: ivan-cai <caijing.cai@alibaba-inc.com>
Signed-off-by: ivan-cai <caijing.cai@alibaba-inc.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ivan-cai, qiujian16 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…istration-agent running
Sometimes, ManagedCluster is created before deploy klusterlet, we want registration-agent can also update serverURL and CABundle from Klusterlet CR while it is running.
cluster-gateway will use serverURL and CABundle in ManagedCluster if ClusterEndpointType is
Const
notClusterProxy
.Signed-off-by: ivan-cai caijing.cai@alibaba-inc.com