support yurthub component work in specified namespace (#1366)

openyurtio · Apr 13, 2023 · 83e8526 · 83e8526
1 parent 228240a
commit 83e8526
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 20 deletions.
diff --git a/cmd/yurthub/app/config/config.go b/cmd/yurthub/app/config/config.go
@@ -92,6 +92,7 @@ type YurtHubConfiguration struct {
 	YurtHubDummyProxyServerServing  *apiserver.DeprecatedInsecureServingInfo
 	YurtHubSecureProxyServerServing *apiserver.SecureServingInfo
 	YurtHubProxyServerAddr          string
+	YurtHubNamespace                string
 	ProxiedClient                   kubernetes.Interface
 	DiskCachePath                   string
 	CoordinatorPKIDir               string
@@ -137,7 +138,7 @@ func Complete(options *options.YurtHubOptions) (*YurtHubConfiguration, error) {
 		return nil, err
 	}
 	tenantNs := util.ParseTenantNsFromOrgs(options.YurtHubCertOrganizations)
-	registerInformers(sharedFactory, yurtSharedFactory, workingMode, serviceTopologyFilterEnabled(options), options.NodePoolName, options.NodeName, tenantNs)
+	registerInformers(options, sharedFactory, yurtSharedFactory, workingMode, tenantNs)
 	filterManager, err := manager.NewFilterManager(options, sharedFactory, yurtSharedFactory, serializerManager, storageWrapper, us[0].Host)
 	if err != nil {
 		klog.Errorf("could not create filter manager, %v", err)
@@ -166,6 +167,7 @@ func Complete(options *options.YurtHubOptions) (*YurtHubConfiguration, error) {
 		MinRequestTimeout:         options.MinRequestTimeout,
 		TenantNs:                  tenantNs,
 		YurtHubProxyServerAddr:    fmt.Sprintf("%s:%d", options.YurtHubProxyHost, options.YurtHubProxyPort),
+		YurtHubNamespace:          options.YurtHubNamespace,
 		ProxiedClient:             proxiedClient,
 		DiskCachePath:             options.DiskCachePath,
 		CoordinatorPKIDir:         filepath.Join(options.RootDir, "poolcoordinator"),
@@ -260,28 +262,28 @@ func createClientAndSharedInformers(proxyAddr string, enableNodePool bool) (kube
 }
 
 // registerInformers reconstruct node/nodePool/configmap informers
-func registerInformers(informerFactory informers.SharedInformerFactory,
+func registerInformers(options *options.YurtHubOptions,
+	informerFactory informers.SharedInformerFactory,
 	yurtInformerFactory yurtinformers.SharedInformerFactory,
 	workingMode util.WorkingMode,
-	serviceTopologyFilterEnabled bool,
-	nodePoolName, nodeName string,
 	tenantNs string) {
 	// skip construct node/nodePool informers if service topology filter disabled
+	serviceTopologyFilterEnabled := isServiceTopologyFilterEnabled(options)
 	if serviceTopologyFilterEnabled {
 		if workingMode == util.WorkingModeCloud {
 			newNodeInformer := func(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-				tweakListOptions := func(options *metav1.ListOptions) {
-					options.FieldSelector = fields.Set{"metadata.name": nodeName}.String()
+				tweakListOptions := func(ops *metav1.ListOptions) {
+					ops.FieldSelector = fields.Set{"metadata.name": options.NodeName}.String()
 				}
 				return coreinformers.NewFilteredNodeInformer(client, resyncPeriod, nil, tweakListOptions)
 			}
 			informerFactory.InformerFor(&corev1.Node{}, newNodeInformer)
 		}
 
-		if len(nodePoolName) != 0 {
+		if len(options.NodePoolName) != 0 {
 			newNodePoolInformer := func(client yurtclientset.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-				tweakListOptions := func(options *metav1.ListOptions) {
-					options.FieldSelector = fields.Set{"metadata.name": nodePoolName}.String()
+				tweakListOptions := func(ops *metav1.ListOptions) {
+					ops.FieldSelector = fields.Set{"metadata.name": options.NodePoolName}.String()
 				}
 				return yurtv1alpha1.NewFilteredNodePoolInformer(client, resyncPeriod, nil, tweakListOptions)
 			}
@@ -294,7 +296,7 @@ func registerInformers(informerFactory informers.SharedInformerFactory,
 		tweakListOptions := func(options *metav1.ListOptions) {
 			options.FieldSelector = fields.Set{"metadata.name": util.YurthubConfigMapName}.String()
 		}
-		return coreinformers.NewFilteredConfigMapInformer(client, util.YurtHubNamespace, resyncPeriod, nil, tweakListOptions)
+		return coreinformers.NewFilteredConfigMapInformer(client, options.YurtHubNamespace, resyncPeriod, nil, tweakListOptions)
 	}
 	informerFactory.InformerFor(&corev1.ConfigMap{}, newConfigmapInformer)
 
@@ -308,8 +310,8 @@ func registerInformers(informerFactory informers.SharedInformerFactory,
 
 }
 
-// serviceTopologyFilterEnabled is used to verify the service topology filter should be enabled or not.
-func serviceTopologyFilterEnabled(options *options.YurtHubOptions) bool {
+// isServiceTopologyFilterEnabled is used to verify the service topology filter should be enabled or not.
+func isServiceTopologyFilterEnabled(options *options.YurtHubOptions) bool {
 	if !options.EnableResourceFilter {
 		return false
 	}

diff --git a/cmd/yurthub/app/options/options.go b/cmd/yurthub/app/options/options.go
@@ -50,6 +50,7 @@ type YurtHubOptions struct {
 	YurtHubPort               int
 	YurtHubProxyPort          int
 	YurtHubProxySecurePort    int
+	YurtHubNamespace          string
 	GCFrequency               int
 	YurtHubCertOrganizations  []string
 	NodeName                  string
@@ -95,6 +96,7 @@ func NewYurtHubOptions() *YurtHubOptions {
 		YurtHubProxyPort:          util.YurtHubProxyPort,
 		YurtHubPort:               util.YurtHubPort,
 		YurtHubProxySecurePort:    util.YurtHubProxySecurePort,
+		YurtHubNamespace:          util.YurtHubNamespace,
 		GCFrequency:               120,
 		YurtHubCertOrganizations:  make([]string, 0),
 		LBMode:                    "rr",
@@ -174,6 +176,7 @@ func (o *YurtHubOptions) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&o.YurtHubProxyHost, "bind-proxy-address", o.YurtHubProxyHost, "the IP address of YurtHub Proxy Server")
 	fs.IntVar(&o.YurtHubProxyPort, "proxy-port", o.YurtHubProxyPort, "the port on which to proxy HTTP requests to kube-apiserver")
 	fs.IntVar(&o.YurtHubProxySecurePort, "proxy-secure-port", o.YurtHubProxySecurePort, "the port on which to proxy HTTPS requests to kube-apiserver")
+	fs.StringVar(&o.YurtHubNamespace, "namespace", o.YurtHubNamespace, "the namespace of YurtHub Server")
 	fs.StringVar(&o.ServerAddr, "server-addr", o.ServerAddr, "the address of Kubernetes kube-apiserver,the format is: \"server1,server2,...\"")
 	fs.StringSliceVar(&o.YurtHubCertOrganizations, "hub-cert-organizations", o.YurtHubCertOrganizations, "Organizations that will be added into hub's apiserver client certificate, the format is: certOrg1,certOrg2,...")
 	fs.IntVar(&o.GCFrequency, "gc-frequency", o.GCFrequency, "the frequency to gc cache in storage(unit: minute).")

diff --git a/cmd/yurthub/app/options/options_test.go b/cmd/yurthub/app/options/options_test.go
@@ -40,6 +40,7 @@ func TestNewYurtHubOptions(t *testing.T) {
 		YurtHubProxyPort:          util.YurtHubProxyPort,
 		YurtHubPort:               util.YurtHubPort,
 		YurtHubProxySecurePort:    util.YurtHubProxySecurePort,
+		YurtHubNamespace:          util.YurtHubNamespace,
 		GCFrequency:               120,
 		YurtHubCertOrganizations:  make([]string, 0),
 		LBMode:                    "rr",

diff --git a/cmd/yurthub/app/start.go b/cmd/yurthub/app/start.go
@@ -243,7 +243,7 @@ func coordinatorRun(ctx context.Context,
 	var coordinatorServiceUrl *url.URL
 
 	go func() {
-		coorCertManager, err := coordinatorcertmgr.NewCertManager(cfg.CoordinatorPKIDir, cfg.ProxiedClient, cfg.SharedFactory)
+		coorCertManager, err := coordinatorcertmgr.NewCertManager(cfg.CoordinatorPKIDir, cfg.YurtHubNamespace, cfg.ProxiedClient, cfg.SharedFactory)
 		close(coordinatorInformerRegistryChan) // notify the coordinator secret informer registry event
 		if err != nil {
 			klog.Errorf("coordinator failed to create coordinator cert manager, %v", err)

diff --git a/pkg/yurthub/poolcoordinator/certmanager/certmanager.go b/pkg/yurthub/poolcoordinator/certmanager/certmanager.go
@@ -54,7 +54,7 @@ var certFileNames = map[CertFileType]string{
 	NodeLeaseProxyClientKey:  "node-lease-proxy-client.key",
 }
 
-func NewCertManager(pkiDir string, yurtClient kubernetes.Interface, informerFactory informers.SharedInformerFactory) (*CertManager, error) {
+func NewCertManager(pkiDir, yurtHubNs string, yurtClient kubernetes.Interface, informerFactory informers.SharedInformerFactory) (*CertManager, error) {
 	store := fs.FileSystemOperator{}
 	if err := store.CreateDir(pkiDir); err != nil && err != fs.ErrExists {
 		return nil, fmt.Errorf("failed to create dir %s, %v", pkiDir, err)
@@ -69,7 +69,7 @@ func NewCertManager(pkiDir string, yurtClient kubernetes.Interface, informerFact
 		tweakListOptions := func(options *metav1.ListOptions) {
 			options.FieldSelector = fields.Set{"metadata.name": constants.PoolCoordinatorClientSecretName}.String()
 		}
-		return coreinformers.NewFilteredSecretInformer(yurtClient, constants.PoolCoordinatorClientSecretNamespace, 0, nil, tweakListOptions)
+		return coreinformers.NewFilteredSecretInformer(yurtClient, yurtHubNs, 0, nil, tweakListOptions)
 	}
 	secretInformer := informerFactory.InformerFor(&corev1.Secret{}, secretInformerFunc)
 	secretInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{

diff --git a/pkg/yurthub/poolcoordinator/certmanager/certmanager_test.go b/pkg/yurthub/poolcoordinator/certmanager/certmanager_test.go
@@ -31,6 +31,7 @@ import (
 	"k8s.io/client-go/kubernetes/fake"
 
 	"github.com/openyurtio/openyurt/pkg/yurthub/poolcoordinator/constants"
+	"github.com/openyurtio/openyurt/pkg/yurthub/util"
 	"github.com/openyurtio/openyurt/pkg/yurthub/util/fs"
 )
 
@@ -192,7 +193,7 @@ var (
 	poolCoordinatorSecret = &corev1.Secret{
 		ObjectMeta: v1.ObjectMeta{
 			Name:      constants.PoolCoordinatorClientSecretName,
-			Namespace: constants.PoolCoordinatorClientSecretNamespace,
+			Namespace: util.YurtHubNamespace,
 		},
 		TypeMeta: v1.TypeMeta{
 			Kind:       "Secret",
@@ -623,7 +624,7 @@ func TestCreateOrUpdateFile(t *testing.T) {
 func initFakeClientAndCertManager() (*fake.Clientset, *CertManager, func(), error) {
 	fakeClientSet := fake.NewSimpleClientset()
 	fakeInformerFactory := informers.NewSharedInformerFactory(fakeClientSet, 0)
-	certMgr, err := NewCertManager(testPKIDir, fakeClientSet, fakeInformerFactory)
+	certMgr, err := NewCertManager(testPKIDir, util.YurtHubNamespace, fakeClientSet, fakeInformerFactory)
 	if err != nil {
 		return nil, nil, nil, fmt.Errorf("failed to create cert manager, %v", err)
 	}

diff --git a/pkg/yurthub/poolcoordinator/constants/constants.go b/pkg/yurthub/poolcoordinator/constants/constants.go
@@ -28,7 +28,6 @@ var (
 )
 
 const (
-	DefaultPoolScopedUserAgent           = "leader-yurthub"
-	PoolCoordinatorClientSecretName      = "pool-coordinator-yurthub-certs"
-	PoolCoordinatorClientSecretNamespace = "kube-system"
+	DefaultPoolScopedUserAgent      = "leader-yurthub"
+	PoolCoordinatorClientSecretName = "pool-coordinator-yurthub-certs"
 )