From 83e85265a69085ade65ef3197914e77d37a2172e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=83=A1=E4=BC=9F=E7=85=8C?= Date: Thu, 13 Apr 2023 19:38:53 +0800 Subject: [PATCH] support yurthub component work in specified namespace (#1366) --- cmd/yurthub/app/config/config.go | 26 ++++++++++--------- cmd/yurthub/app/options/options.go | 3 +++ cmd/yurthub/app/options/options_test.go | 1 + cmd/yurthub/app/start.go | 2 +- .../certmanager/certmanager.go | 4 +-- .../certmanager/certmanager_test.go | 5 ++-- .../poolcoordinator/constants/constants.go | 5 ++-- 7 files changed, 26 insertions(+), 20 deletions(-) diff --git a/cmd/yurthub/app/config/config.go b/cmd/yurthub/app/config/config.go index f6a8847b005..f4f1c1ba281 100644 --- a/cmd/yurthub/app/config/config.go +++ b/cmd/yurthub/app/config/config.go @@ -92,6 +92,7 @@ type YurtHubConfiguration struct { YurtHubDummyProxyServerServing *apiserver.DeprecatedInsecureServingInfo YurtHubSecureProxyServerServing *apiserver.SecureServingInfo YurtHubProxyServerAddr string + YurtHubNamespace string ProxiedClient kubernetes.Interface DiskCachePath string CoordinatorPKIDir string @@ -137,7 +138,7 @@ func Complete(options *options.YurtHubOptions) (*YurtHubConfiguration, error) { return nil, err } tenantNs := util.ParseTenantNsFromOrgs(options.YurtHubCertOrganizations) - registerInformers(sharedFactory, yurtSharedFactory, workingMode, serviceTopologyFilterEnabled(options), options.NodePoolName, options.NodeName, tenantNs) + registerInformers(options, sharedFactory, yurtSharedFactory, workingMode, tenantNs) filterManager, err := manager.NewFilterManager(options, sharedFactory, yurtSharedFactory, serializerManager, storageWrapper, us[0].Host) if err != nil { klog.Errorf("could not create filter manager, %v", err) @@ -166,6 +167,7 @@ func Complete(options *options.YurtHubOptions) (*YurtHubConfiguration, error) { MinRequestTimeout: options.MinRequestTimeout, TenantNs: tenantNs, YurtHubProxyServerAddr: fmt.Sprintf("%s:%d", options.YurtHubProxyHost, options.YurtHubProxyPort), + YurtHubNamespace: options.YurtHubNamespace, ProxiedClient: proxiedClient, DiskCachePath: options.DiskCachePath, CoordinatorPKIDir: filepath.Join(options.RootDir, "poolcoordinator"), @@ -260,28 +262,28 @@ func createClientAndSharedInformers(proxyAddr string, enableNodePool bool) (kube } // registerInformers reconstruct node/nodePool/configmap informers -func registerInformers(informerFactory informers.SharedInformerFactory, +func registerInformers(options *options.YurtHubOptions, + informerFactory informers.SharedInformerFactory, yurtInformerFactory yurtinformers.SharedInformerFactory, workingMode util.WorkingMode, - serviceTopologyFilterEnabled bool, - nodePoolName, nodeName string, tenantNs string) { // skip construct node/nodePool informers if service topology filter disabled + serviceTopologyFilterEnabled := isServiceTopologyFilterEnabled(options) if serviceTopologyFilterEnabled { if workingMode == util.WorkingModeCloud { newNodeInformer := func(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - tweakListOptions := func(options *metav1.ListOptions) { - options.FieldSelector = fields.Set{"metadata.name": nodeName}.String() + tweakListOptions := func(ops *metav1.ListOptions) { + ops.FieldSelector = fields.Set{"metadata.name": options.NodeName}.String() } return coreinformers.NewFilteredNodeInformer(client, resyncPeriod, nil, tweakListOptions) } informerFactory.InformerFor(&corev1.Node{}, newNodeInformer) } - if len(nodePoolName) != 0 { + if len(options.NodePoolName) != 0 { newNodePoolInformer := func(client yurtclientset.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - tweakListOptions := func(options *metav1.ListOptions) { - options.FieldSelector = fields.Set{"metadata.name": nodePoolName}.String() + tweakListOptions := func(ops *metav1.ListOptions) { + ops.FieldSelector = fields.Set{"metadata.name": options.NodePoolName}.String() } return yurtv1alpha1.NewFilteredNodePoolInformer(client, resyncPeriod, nil, tweakListOptions) } @@ -294,7 +296,7 @@ func registerInformers(informerFactory informers.SharedInformerFactory, tweakListOptions := func(options *metav1.ListOptions) { options.FieldSelector = fields.Set{"metadata.name": util.YurthubConfigMapName}.String() } - return coreinformers.NewFilteredConfigMapInformer(client, util.YurtHubNamespace, resyncPeriod, nil, tweakListOptions) + return coreinformers.NewFilteredConfigMapInformer(client, options.YurtHubNamespace, resyncPeriod, nil, tweakListOptions) } informerFactory.InformerFor(&corev1.ConfigMap{}, newConfigmapInformer) @@ -308,8 +310,8 @@ func registerInformers(informerFactory informers.SharedInformerFactory, } -// serviceTopologyFilterEnabled is used to verify the service topology filter should be enabled or not. -func serviceTopologyFilterEnabled(options *options.YurtHubOptions) bool { +// isServiceTopologyFilterEnabled is used to verify the service topology filter should be enabled or not. +func isServiceTopologyFilterEnabled(options *options.YurtHubOptions) bool { if !options.EnableResourceFilter { return false } diff --git a/cmd/yurthub/app/options/options.go b/cmd/yurthub/app/options/options.go index 32f90ed85d8..2f3b4eb40f3 100644 --- a/cmd/yurthub/app/options/options.go +++ b/cmd/yurthub/app/options/options.go @@ -50,6 +50,7 @@ type YurtHubOptions struct { YurtHubPort int YurtHubProxyPort int YurtHubProxySecurePort int + YurtHubNamespace string GCFrequency int YurtHubCertOrganizations []string NodeName string @@ -95,6 +96,7 @@ func NewYurtHubOptions() *YurtHubOptions { YurtHubProxyPort: util.YurtHubProxyPort, YurtHubPort: util.YurtHubPort, YurtHubProxySecurePort: util.YurtHubProxySecurePort, + YurtHubNamespace: util.YurtHubNamespace, GCFrequency: 120, YurtHubCertOrganizations: make([]string, 0), LBMode: "rr", @@ -174,6 +176,7 @@ func (o *YurtHubOptions) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&o.YurtHubProxyHost, "bind-proxy-address", o.YurtHubProxyHost, "the IP address of YurtHub Proxy Server") fs.IntVar(&o.YurtHubProxyPort, "proxy-port", o.YurtHubProxyPort, "the port on which to proxy HTTP requests to kube-apiserver") fs.IntVar(&o.YurtHubProxySecurePort, "proxy-secure-port", o.YurtHubProxySecurePort, "the port on which to proxy HTTPS requests to kube-apiserver") + fs.StringVar(&o.YurtHubNamespace, "namespace", o.YurtHubNamespace, "the namespace of YurtHub Server") fs.StringVar(&o.ServerAddr, "server-addr", o.ServerAddr, "the address of Kubernetes kube-apiserver,the format is: \"server1,server2,...\"") fs.StringSliceVar(&o.YurtHubCertOrganizations, "hub-cert-organizations", o.YurtHubCertOrganizations, "Organizations that will be added into hub's apiserver client certificate, the format is: certOrg1,certOrg2,...") fs.IntVar(&o.GCFrequency, "gc-frequency", o.GCFrequency, "the frequency to gc cache in storage(unit: minute).") diff --git a/cmd/yurthub/app/options/options_test.go b/cmd/yurthub/app/options/options_test.go index 2e1dad3f888..f9888e35c86 100644 --- a/cmd/yurthub/app/options/options_test.go +++ b/cmd/yurthub/app/options/options_test.go @@ -40,6 +40,7 @@ func TestNewYurtHubOptions(t *testing.T) { YurtHubProxyPort: util.YurtHubProxyPort, YurtHubPort: util.YurtHubPort, YurtHubProxySecurePort: util.YurtHubProxySecurePort, + YurtHubNamespace: util.YurtHubNamespace, GCFrequency: 120, YurtHubCertOrganizations: make([]string, 0), LBMode: "rr", diff --git a/cmd/yurthub/app/start.go b/cmd/yurthub/app/start.go index e680683bc6a..ca0ad7f35ba 100644 --- a/cmd/yurthub/app/start.go +++ b/cmd/yurthub/app/start.go @@ -243,7 +243,7 @@ func coordinatorRun(ctx context.Context, var coordinatorServiceUrl *url.URL go func() { - coorCertManager, err := coordinatorcertmgr.NewCertManager(cfg.CoordinatorPKIDir, cfg.ProxiedClient, cfg.SharedFactory) + coorCertManager, err := coordinatorcertmgr.NewCertManager(cfg.CoordinatorPKIDir, cfg.YurtHubNamespace, cfg.ProxiedClient, cfg.SharedFactory) close(coordinatorInformerRegistryChan) // notify the coordinator secret informer registry event if err != nil { klog.Errorf("coordinator failed to create coordinator cert manager, %v", err) diff --git a/pkg/yurthub/poolcoordinator/certmanager/certmanager.go b/pkg/yurthub/poolcoordinator/certmanager/certmanager.go index 8d6484efefe..70a81a72844 100644 --- a/pkg/yurthub/poolcoordinator/certmanager/certmanager.go +++ b/pkg/yurthub/poolcoordinator/certmanager/certmanager.go @@ -54,7 +54,7 @@ var certFileNames = map[CertFileType]string{ NodeLeaseProxyClientKey: "node-lease-proxy-client.key", } -func NewCertManager(pkiDir string, yurtClient kubernetes.Interface, informerFactory informers.SharedInformerFactory) (*CertManager, error) { +func NewCertManager(pkiDir, yurtHubNs string, yurtClient kubernetes.Interface, informerFactory informers.SharedInformerFactory) (*CertManager, error) { store := fs.FileSystemOperator{} if err := store.CreateDir(pkiDir); err != nil && err != fs.ErrExists { return nil, fmt.Errorf("failed to create dir %s, %v", pkiDir, err) @@ -69,7 +69,7 @@ func NewCertManager(pkiDir string, yurtClient kubernetes.Interface, informerFact tweakListOptions := func(options *metav1.ListOptions) { options.FieldSelector = fields.Set{"metadata.name": constants.PoolCoordinatorClientSecretName}.String() } - return coreinformers.NewFilteredSecretInformer(yurtClient, constants.PoolCoordinatorClientSecretNamespace, 0, nil, tweakListOptions) + return coreinformers.NewFilteredSecretInformer(yurtClient, yurtHubNs, 0, nil, tweakListOptions) } secretInformer := informerFactory.InformerFor(&corev1.Secret{}, secretInformerFunc) secretInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{ diff --git a/pkg/yurthub/poolcoordinator/certmanager/certmanager_test.go b/pkg/yurthub/poolcoordinator/certmanager/certmanager_test.go index d41bba625d0..87bc2afbfb8 100644 --- a/pkg/yurthub/poolcoordinator/certmanager/certmanager_test.go +++ b/pkg/yurthub/poolcoordinator/certmanager/certmanager_test.go @@ -31,6 +31,7 @@ import ( "k8s.io/client-go/kubernetes/fake" "github.com/openyurtio/openyurt/pkg/yurthub/poolcoordinator/constants" + "github.com/openyurtio/openyurt/pkg/yurthub/util" "github.com/openyurtio/openyurt/pkg/yurthub/util/fs" ) @@ -192,7 +193,7 @@ var ( poolCoordinatorSecret = &corev1.Secret{ ObjectMeta: v1.ObjectMeta{ Name: constants.PoolCoordinatorClientSecretName, - Namespace: constants.PoolCoordinatorClientSecretNamespace, + Namespace: util.YurtHubNamespace, }, TypeMeta: v1.TypeMeta{ Kind: "Secret", @@ -623,7 +624,7 @@ func TestCreateOrUpdateFile(t *testing.T) { func initFakeClientAndCertManager() (*fake.Clientset, *CertManager, func(), error) { fakeClientSet := fake.NewSimpleClientset() fakeInformerFactory := informers.NewSharedInformerFactory(fakeClientSet, 0) - certMgr, err := NewCertManager(testPKIDir, fakeClientSet, fakeInformerFactory) + certMgr, err := NewCertManager(testPKIDir, util.YurtHubNamespace, fakeClientSet, fakeInformerFactory) if err != nil { return nil, nil, nil, fmt.Errorf("failed to create cert manager, %v", err) } diff --git a/pkg/yurthub/poolcoordinator/constants/constants.go b/pkg/yurthub/poolcoordinator/constants/constants.go index 43924dd50b5..9f25267b215 100644 --- a/pkg/yurthub/poolcoordinator/constants/constants.go +++ b/pkg/yurthub/poolcoordinator/constants/constants.go @@ -28,7 +28,6 @@ var ( ) const ( - DefaultPoolScopedUserAgent = "leader-yurthub" - PoolCoordinatorClientSecretName = "pool-coordinator-yurthub-certs" - PoolCoordinatorClientSecretNamespace = "kube-system" + DefaultPoolScopedUserAgent = "leader-yurthub" + PoolCoordinatorClientSecretName = "pool-coordinator-yurthub-certs" )