From 66125dce874c58cef00bbd115e74d42aea007dd7 Mon Sep 17 00:00:00 2001 From: wangdepeng Date: Fri, 31 May 2024 14:49:28 +0800 Subject: [PATCH] fix: add kube-nest-admission-plugins flag for virtual-cluster operator Signed-off-by: wangdepeng --- cmd/kubenest/operator/app/options/options.go | 6 +++-- pkg/kubenest/controlplane/apiserver.go | 9 ++++--- .../apiserver/mainfests_deployment.go | 6 +++++ pkg/kubenest/tasks/anp.go | 24 ++++++++++--------- pkg/kubenest/tasks/apiserver.go | 1 + 5 files changed, 30 insertions(+), 16 deletions(-) diff --git a/cmd/kubenest/operator/app/options/options.go b/cmd/kubenest/operator/app/options/options.go index 9f5133566..0a587b3e7 100644 --- a/cmd/kubenest/operator/app/options/options.go +++ b/cmd/kubenest/operator/app/options/options.go @@ -24,8 +24,9 @@ type KubernetesOptions struct { } type KubeNestOptions struct { - ForceDestroy bool - AnpMode string + ForceDestroy bool + AnpMode string + AdmissionPlugins bool } func NewOptions() *Options { @@ -55,4 +56,5 @@ func (o *Options) AddFlags(flags *pflag.FlagSet) { flags.BoolVar(&o.KosmosJoinController, "kosmos-join-controller", false, "Turn on or off kosmos-join-controller.") flags.BoolVar(&o.KubeNestOptions.ForceDestroy, "kube-nest-force-destroy", false, "Force destroy the node.If it set true.If set to true, Kubernetes will not evict the existing nodes on the node when joining nodes to the tenant's control plane, but will instead force destroy.") flags.StringVar(&o.KubeNestOptions.AnpMode, "kube-nest-anp-mode", "tcp", "kube-apiserver network proxy mode, must be set to tcp or uds. uds mode the replicas for apiserver should be one, and tcp for multi apiserver replicas.") + flags.BoolVar(&o.KubeNestOptions.AdmissionPlugins, "kube-nest-admission-plugins", false, "kube-apiserver network disable-admission-plugins, false for - --disable-admission-plugins=License, true for remove the --disable-admission-plugins=License flag .") } diff --git a/pkg/kubenest/controlplane/apiserver.go b/pkg/kubenest/controlplane/apiserver.go index 95122f51c..396d5f20d 100644 --- a/pkg/kubenest/controlplane/apiserver.go +++ b/pkg/kubenest/controlplane/apiserver.go @@ -8,13 +8,14 @@ import ( "k8s.io/apimachinery/pkg/util/yaml" clientset "k8s.io/client-go/kubernetes" + "github.com/kosmos.io/kosmos/cmd/kubenest/operator/app/options" "github.com/kosmos.io/kosmos/pkg/kubenest/constants" "github.com/kosmos.io/kosmos/pkg/kubenest/manifest/controlplane/apiserver" "github.com/kosmos.io/kosmos/pkg/kubenest/util" ) -func EnsureVirtualClusterAPIServer(client clientset.Interface, name, namespace string, portMap map[string]int32) error { - if err := installAPIServer(client, name, namespace, portMap); err != nil { +func EnsureVirtualClusterAPIServer(client clientset.Interface, name, namespace string, portMap map[string]int32, opt *options.KubeNestOptions) error { + if err := installAPIServer(client, name, namespace, portMap, opt); err != nil { return fmt.Errorf("failed to install virtual cluster apiserver, err: %w", err) } return nil @@ -28,7 +29,7 @@ func DeleteVirtualClusterAPIServer(client clientset.Interface, name, namespace s return nil } -func installAPIServer(client clientset.Interface, name, namespace string, portMap map[string]int32) error { +func installAPIServer(client clientset.Interface, name, namespace string, portMap map[string]int32, opt *options.KubeNestOptions) error { imageRepository, imageVersion := util.GetImageMessage() clusterIp, err := util.GetEtcdServiceClusterIp(namespace, name+constants.EtcdSuffix, client) if err != nil { @@ -41,6 +42,7 @@ func installAPIServer(client clientset.Interface, name, namespace string, portMa Replicas int32 EtcdListenClientPort int32 ClusterPort int32 + AdmissionPlugins bool }{ DeploymentName: fmt.Sprintf("%s-%s", name, "apiserver"), Namespace: namespace, @@ -53,6 +55,7 @@ func installAPIServer(client clientset.Interface, name, namespace string, portMa Replicas: constants.ApiServerReplicas, EtcdListenClientPort: constants.ApiServerEtcdListenClientPort, ClusterPort: portMap[constants.ApiServerPortKey], + AdmissionPlugins: opt.AdmissionPlugins, }) if err != nil { return fmt.Errorf("error when parsing virtual cluster apiserver deployment template: %w", err) diff --git a/pkg/kubenest/manifest/controlplane/apiserver/mainfests_deployment.go b/pkg/kubenest/manifest/controlplane/apiserver/mainfests_deployment.go index bd76bd505..3a3768e51 100644 --- a/pkg/kubenest/manifest/controlplane/apiserver/mainfests_deployment.go +++ b/pkg/kubenest/manifest/controlplane/apiserver/mainfests_deployment.go @@ -90,6 +90,9 @@ spec: - --max-mutating-requests-inflight=500 - --v=4 - --advertise-address=$(PODIP) + {{ if not .AdmissionPlugins }} + - --disable-admission-plugins=License + {{ end }} livenessProbe: failureThreshold: 8 httpGet: @@ -222,6 +225,9 @@ spec: - --v=4 - --advertise-address=$(PODIP) - --egress-selector-config-file=/etc/kubernetes/konnectivity-server-config/{{ .Namespace }}/{{ .Name }}/egress_selector_configuration.yaml + {{ if not .AdmissionPlugins }} + - --disable-admission-plugins=License + {{ end }} livenessProbe: failureThreshold: 8 httpGet: diff --git a/pkg/kubenest/tasks/anp.go b/pkg/kubenest/tasks/anp.go index 5c780ca26..4914ac168 100644 --- a/pkg/kubenest/tasks/anp.go +++ b/pkg/kubenest/tasks/anp.go @@ -3,7 +3,6 @@ package tasks import ( "context" "fmt" - apiclient "github.com/kosmos.io/kosmos/pkg/kubenest/util/api-client" "strings" "github.com/pkg/errors" @@ -21,6 +20,7 @@ import ( "github.com/kosmos.io/kosmos/pkg/kubenest/constants" "github.com/kosmos.io/kosmos/pkg/kubenest/manifest/controlplane/apiserver" "github.com/kosmos.io/kosmos/pkg/kubenest/util" + apiclient "github.com/kosmos.io/kosmos/pkg/kubenest/util/api-client" "github.com/kosmos.io/kosmos/pkg/kubenest/workflow" ) @@ -70,17 +70,19 @@ func runAnpServer(r workflow.RunData) error { portMap := data.HostPortMap() // install egress_selector_configuration config map egressSelectorConfig, err := util.ParseTemplate(apiserver.EgressSelectorConfiguration, struct { - Namespace string - Name string - AnpMode string - ProxyServerPort int32 - SvcName string + Namespace string + Name string + AnpMode string + ProxyServerPort int32 + SvcName string + AdmissionPlugins bool }{ - Namespace: namespace, - Name: name, - ProxyServerPort: portMap[constants.ApiServerNetworkProxyServerPortKey], - SvcName: fmt.Sprintf("%s-konnectivity-server.%s.svc.cluster.local", name, namespace), - AnpMode: kubeNestOpt.AnpMode, + Namespace: namespace, + Name: name, + ProxyServerPort: portMap[constants.ApiServerNetworkProxyServerPortKey], + SvcName: fmt.Sprintf("%s-konnectivity-server.%s.svc.cluster.local", name, namespace), + AnpMode: kubeNestOpt.AnpMode, + AdmissionPlugins: kubeNestOpt.AdmissionPlugins, }) if err != nil { return fmt.Errorf("failed to parse egress_selector_configuration config map template, err: %w", err) diff --git a/pkg/kubenest/tasks/apiserver.go b/pkg/kubenest/tasks/apiserver.go index 93f803f47..68be48d74 100644 --- a/pkg/kubenest/tasks/apiserver.go +++ b/pkg/kubenest/tasks/apiserver.go @@ -51,6 +51,7 @@ func runVirtualClusterAPIServer(r workflow.RunData) error { data.GetName(), data.GetNamespace(), data.HostPortMap(), + data.KubeNestOpt(), ) if err != nil { return fmt.Errorf("failed to install virtual cluster apiserver component, err: %w", err)