diff --git a/Makefile b/Makefile index d8e608edb1f..333f47dfa8c 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,6 @@ IMAGE_REPO ?= openyurt IMAGE_TAG ?= $(shell git describe --abbrev=0 --tags) GIT_COMMIT = $(shell git rev-parse HEAD) ENABLE_AUTONOMY_TESTS ?=true -CRD_OPTIONS ?= "crd:crdVersions=v1,maxDescLen=1000" BUILD_KUSTOMIZE ?= _output/manifest GOPROXY ?= $(shell go env GOPROXY) @@ -211,10 +210,9 @@ generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and .PHONY: manifests manifests: kustomize kubectl yq generate ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. rm -rf $(BUILD_KUSTOMIZE) - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=role webhook paths="./pkg/..." output:crd:artifacts:config=$(BUILD_KUSTOMIZE)/auto_generate/crd output:rbac:artifacts:config=$(BUILD_KUSTOMIZE)/auto_generate/rbac output:webhook:artifacts:config=$(BUILD_KUSTOMIZE)/auto_generate/webhook + hack/make-rules/generate_manifests.sh hack/make-rules/kustomize_to_chart.sh --crd $(BUILD_KUSTOMIZE)/auto_generate/crd --webhook $(BUILD_KUSTOMIZE)/auto_generate/webhook --rbac $(BUILD_KUSTOMIZE)/auto_generate/rbac --output $(BUILD_KUSTOMIZE)/kustomize --chartDir charts/yurt-manager - # newcontroller # .e.g # make newcontroller GROUP=apps VERSION=v1beta1 KIND=example SHORTNAME=examples SCOPE=Namespaced diff --git a/charts/yurt-manager/templates/yurt-manager-auto-generated.yaml b/charts/yurt-manager/templates/yurt-manager-auto-generated.yaml index d5be3bad7bb..ffa4aca9341 100644 --- a/charts/yurt-manager/templates/yurt-manager-auto-generated.yaml +++ b/charts/yurt-manager/templates/yurt-manager-auto-generated.yaml @@ -5,11 +5,131 @@ # # --------------------------------------------------- +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-csr-approver-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-daemon-pod-updater-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-delegate-lease-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-gateway-dns-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-gateway-internal-service-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-gateway-pickup-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-gateway-public-service-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-load-balancer-set-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-node-bucket-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-node-life-cycle-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-nodepool-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-platform-admin-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-pod-binding-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-service-topology-endpoints-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-service-topology-endpointslice-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-app-daemon-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-app-overrider-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-app-set-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-coordinator-cert-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-static-set-controller + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: yurt-manager-role + name: yurt-manager-basecontroller namespace: {{ .Release.Namespace }} rules: - apiGroups: @@ -21,18 +141,43 @@ rules: - get - patch - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: yurt-manager-webhook + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: yurt-manager-yurt-coordinator-cert-controller + namespace: {{ .Release.Namespace }} +rules: - apiGroups: - "" resources: - secrets verbs: + - create - get + - patch - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: yurt-manager-role + name: yurt-manager-basecontroller rules: - apiGroups: - "" @@ -43,34 +188,39 @@ rules: - list - watch - apiGroups: - - admissionregistration.k8s.io + - "" resources: - - mutatingwebhookconfigurations + - nodes verbs: - get - list - - patch - - update - watch - apiGroups: - - admissionregistration.k8s.io + - "" resources: - - validatingwebhookconfigurations + - pods verbs: - get - list - - patch - update - watch - apiGroups: - - apiextensions.k8s.io + - "" resources: - - customresourcedefinitions + - secrets verbs: + - create - get - list - patch - - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list - watch - apiGroups: - apps @@ -237,6 +387,12 @@ rules: - get - patch - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create - apiGroups: - certificates.k8s.io resources: @@ -293,6 +449,7 @@ rules: - get - patch - update + - watch - apiGroups: - "" resources: @@ -317,6 +474,13 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get - apiGroups: - "" resources: @@ -332,11 +496,7 @@ rules: resources: - nodes/status verbs: - - get - - list - - patch - update - - watch - apiGroups: - "" resources: @@ -356,6 +516,19 @@ rules: verbs: - patch - update +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create - apiGroups: - "" resources: @@ -396,7 +569,7 @@ rules: - apiGroups: - iot.openyurt.io resources: - - deviceprofiles + - platformadmins verbs: - create - delete @@ -408,21 +581,21 @@ rules: - apiGroups: - iot.openyurt.io resources: - - deviceprofiles/finalizers + - platformadmins/finalizers verbs: - update - apiGroups: - iot.openyurt.io resources: - - deviceprofiles/status + - platformadmins/status verbs: - get - patch - update - apiGroups: - - iot.openyurt.io + - network.openyurt.io resources: - - devices + - poolservices verbs: - create - delete @@ -432,75 +605,96 @@ rules: - update - watch - apiGroups: - - iot.openyurt.io - resources: - - devices/finalizers - verbs: - - update -- apiGroups: - - iot.openyurt.io + - network.openyurt.io resources: - - devices/status + - poolservices/status verbs: - get - patch - update - apiGroups: - - iot.openyurt.io + - raven.openyurt.io resources: - - deviceservices + - gateways verbs: - create - delete - get - list - - patch - update - watch - apiGroups: - - iot.openyurt.io + - raven.openyurt.io resources: - - deviceservices/finalizers + - gateways/finalizers verbs: - update - apiGroups: - - iot.openyurt.io + - raven.openyurt.io resources: - - deviceservices/status + - gateways/status verbs: - get - patch - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-csr-approver-controller +rules: - apiGroups: - - iot.openyurt.io + - certificates.k8s.io resources: - - platformadmins + - certificatesigningrequests verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - iot.openyurt.io + - certificates.k8s.io resources: - - platformadmins/finalizers + - certificatesigningrequests/approval verbs: - update - apiGroups: - - iot.openyurt.io + - certificates.k8s.io + resourceNames: + - kubernetes.io/kube-apiserver-client + - kubernetes.io/kubelet-serving resources: - - platformadmins/status + - signers + verbs: + - approve +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-daemon-pod-updater-controller +rules: +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - nodes verbs: - get + - list - patch - update + - watch - apiGroups: - - network.openyurt.io + - "" resources: - - poolservices + - pods verbs: - create - delete @@ -509,39 +703,1148 @@ rules: - patch - update - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-delegate-lease-controller +rules: - apiGroups: - - network.openyurt.io + - coordination.k8s.io resources: - - poolservices/status + - leases verbs: - get - - patch - - update + - list + - watch - apiGroups: - - raven.openyurt.io + - "" resources: - - gateways + - nodes verbs: - - create - - delete - get - list - update - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-gateway-dns-controller +rules: - apiGroups: - - raven.openyurt.io + - apps.openyurt.io resources: - - gateways/finalizers + - nodepools verbs: - - update + - get + - list + - watch - apiGroups: - - raven.openyurt.io + - "" resources: - - gateways/status + - configmaps verbs: + - create + - delete - get - - patch - update + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-gateway-internal-service-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - update + - watch +- apiGroups: + - raven.openyurt.io + resources: + - gateways + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-gateway-pickup-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - crd.projectcalico.org + resources: + - blockaffinities + verbs: + - get + - list + - watch +- apiGroups: + - raven.openyurt.io + resources: + - gateways + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - raven.openyurt.io + resources: + - gateways/finalizers + verbs: + - update +- apiGroups: + - raven.openyurt.io + resources: + - gateways/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-gateway-public-service-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - raven.openyurt.io + resources: + - gateways + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-load-balancer-set-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - update +- apiGroups: + - network.openyurt.io + resources: + - poolservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openyurt.io + resources: + - poolservices/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-node-bucket-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodebuckets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-node-life-cycle-controller +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods/status + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-nodepool-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - nodepools/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-platform-admin-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - iot.openyurt.io + resources: + - platformadmins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - iot.openyurt.io + resources: + - platformadmins/finalizers + verbs: + - update +- apiGroups: + - iot.openyurt.io + resources: + - platformadmins/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-pod-binding-controller +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-service-topology-endpoints-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-service-topology-endpointslice-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-webhook +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-app-daemon-controller +rules: +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - apps.openyurt.io + resources: + - yurtappdaemons + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappdaemons/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-app-overrider-controller +rules: +- apiGroups: + - apps + resources: + - deployments + verbs: + - list + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappdaemons + verbs: + - get + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappoverriders + verbs: + - get + - list + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets + verbs: + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-app-set-controller +rules: +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get + - patch + - update +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-coordinator-cert-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - create + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-static-set-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - yurtstaticsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtstaticsets/finalizers + verbs: + - update +- apiGroups: + - apps.openyurt.io + resources: + - yurtstaticsets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/status + verbs: + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: yurt-manager-yurt-coordinator-cert-controller-binding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: yurt-manager-yurt-coordinator-cert-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-coordinator-cert-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-csr-approver-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-csr-approver-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-csr-approver-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-daemon-pod-updater-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-daemon-pod-updater-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-daemon-pod-updater-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-delegate-lease-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-delegate-lease-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-delegate-lease-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-gateway-dns-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-gateway-dns-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-gateway-dns-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-gateway-internal-service-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-gateway-internal-service-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-gateway-internal-service-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-gateway-pickup-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-gateway-pickup-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-gateway-pickup-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-gateway-public-service-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-gateway-public-service-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-gateway-public-service-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-load-balancer-set-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-load-balancer-set-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-load-balancer-set-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-node-bucket-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-node-bucket-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-node-bucket-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-node-life-cycle-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-node-life-cycle-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-node-life-cycle-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-nodepool-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-nodepool-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-nodepool-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-platform-admin-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-platform-admin-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-platform-admin-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-pod-binding-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-pod-binding-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-pod-binding-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-service-topology-endpoints-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-service-topology-endpoints-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-service-topology-endpoints-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-service-topology-endpointslice-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-service-topology-endpointslice-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-service-topology-endpointslice-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-app-daemon-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-app-daemon-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-app-daemon-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-app-overrider-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-app-overrider-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-app-overrider-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-app-set-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-app-set-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-app-set-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-coordinator-cert-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-coordinator-cert-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-coordinator-cert-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-static-set-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-static-set-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-static-set-controller + namespace: {{ .Release.Namespace }} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration diff --git a/charts/yurt-manager/templates/yurt-manager.yaml b/charts/yurt-manager/templates/yurt-manager.yaml index 9f72f3b1551..db79947de04 100644 --- a/charts/yurt-manager/templates/yurt-manager.yaml +++ b/charts/yurt-manager/templates/yurt-manager.yaml @@ -15,11 +15,24 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: yurt-manager-rolebinding + name: yurt-manager-webhook-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: yurt-manager-role + name: yurt-manager-webhook +subjects: +- kind: ServiceAccount + name: yurt-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-controller-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-basecontroller subjects: - kind: ServiceAccount name: yurt-manager @@ -28,12 +41,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: yurt-manager-role-binding + name: yurt-manager-webhook-role-binding namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: yurt-manager-role + name: yurt-manager-webhook subjects: - kind: ServiceAccount name: yurt-manager @@ -140,3 +153,4 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} +--- \ No newline at end of file diff --git a/cmd/yurt-manager/app/client/client.go b/cmd/yurt-manager/app/client/client.go new file mode 100644 index 00000000000..6f007c4406b --- /dev/null +++ b/cmd/yurt-manager/app/client/client.go @@ -0,0 +1,173 @@ +/* +Copyright 2024 The OpenYurt Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package app + +import ( + "net/http" + "sync" + + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + "k8s.io/client-go/transport" + "k8s.io/klog/v2" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" + + "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" +) + +const serviceAccountPrefix = "yurt-manager-" + +var clientStore = &struct { + clientByName map[string]client.Client + lock sync.Mutex +}{ + clientByName: make(map[string]client.Client), + lock: sync.Mutex{}, +} + +var configStore = &struct { + configByName map[string]*rest.Config + lock sync.Mutex + // baseClient is used to get service account token for each controller client + baseClient *kubernetes.Clientset +}{ + configByName: make(map[string]*rest.Config), + lock: sync.Mutex{}, +} + +func GetConfigByControllerNameOrDie(mgr manager.Manager, controllerName string) *rest.Config { + + namespace := config.WorkingNamespace + + // if controllerName is empty, return the base config of manager + if controllerName == "" { + return mgr.GetConfig() + } + + configStore.lock.Lock() + defer configStore.lock.Unlock() + + if cfg, ok := configStore.configByName[controllerName]; ok { + return cfg + } + + // get base config + baseCfg := mgr.GetConfig() + + // get base client + var err error + if configStore.baseClient == nil { + configStore.baseClient, err = kubernetes.NewForConfig(baseCfg) + if err != nil { + klog.Fatalf("failed to create base client: %v", err) + } + } + + // rename cfg user-agent + cfg := rest.CopyConfig(baseCfg) + rest.AddUserAgent(cfg, controllerName) + + // add controller-specific token wrapper to cfg + cachedTokenSource := transport.NewCachedTokenSource(&tokenSourceImpl{ + namespace: namespace, + serviceAccountName: serviceAccountPrefix + controllerName, + cli: *configStore.baseClient, + expirationSeconds: defaultExpirationSeconds, + leewayPercent: defaultLeewayPercent, + }) + + // Notice: The execution order is the opposite of the display order + // EmptyIfHasAuthorization -> Reset Authorization -> PostCheck + cfg.Wrap(CheckAuthorization) + cfg.Wrap(transport.ResettableTokenSourceWrapTransport(cachedTokenSource)) + cfg.Wrap(EmptyIfHasAuthorization) + + configStore.configByName[controllerName] = cfg + klog.V(5).Infof("create new client config for controller %s", controllerName) + + return cfg +} + +func GetClientByControllerNameOrDie(mgr manager.Manager, controllerName string) client.Client { + // if controllerName is empty, return the base client of manager + if controllerName == "" { + return mgr.GetClient() + } + + clientStore.lock.Lock() + defer clientStore.lock.Unlock() + + if cli, ok := clientStore.clientByName[controllerName]; ok { + return cli + } + + // construct client options + clientOptions := client.Options{ + Scheme: mgr.GetScheme(), + Mapper: mgr.GetRESTMapper(), + // todo: this is just a default option, we should use mgr's cache options + Cache: &client.CacheOptions{ + Unstructured: false, + Reader: mgr.GetCache(), + }, + } + + cfg := GetConfigByControllerNameOrDie(mgr, controllerName) + cli, err := client.New(cfg, clientOptions) + if err != nil { + panic(err) + } + clientStore.clientByName[controllerName] = cli + + return cli +} + +func EmptyIfHasAuthorization(rt http.RoundTripper) http.RoundTripper { + return TokenResetter{ + defaultRT: rt, + } +} + +type TokenResetter struct { + defaultRT http.RoundTripper +} + +func (tr TokenResetter) RoundTrip(req *http.Request) (*http.Response, error) { + if len(req.Header.Get("Authorization")) > 0 { + klog.V(5).Info("[before] check request credential: already set, reset it") + req.Header.Set("Authorization", "") + } + return tr.defaultRT.RoundTrip(req) +} + +func CheckAuthorization(rt http.RoundTripper) http.RoundTripper { + return RequestInspector{ + defaultRT: rt, + } +} + +type RequestInspector struct { + defaultRT http.RoundTripper +} + +func (r RequestInspector) RoundTrip(req *http.Request) (*http.Response, error) { + if len(req.Header.Get("Authorization")) > 0 { + klog.V(5).Infof("[after] check request credential: %s", req.Header.Get("Authorization")) + } + return r.defaultRT.RoundTrip(req) +} diff --git a/cmd/yurt-manager/app/client/token.go b/cmd/yurt-manager/app/client/token.go new file mode 100644 index 00000000000..9e4694831c2 --- /dev/null +++ b/cmd/yurt-manager/app/client/token.go @@ -0,0 +1,130 @@ +/* +Copyright 2024 The OpenYurt Authors. +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package app + +import ( + "context" + "fmt" + "time" + + "golang.org/x/oauth2" + v1authenticationapi "k8s.io/api/authentication/v1" + v1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/client-go/kubernetes" + "k8s.io/klog/v2" + utilpointer "k8s.io/utils/pointer" +) + +var ( + // defaultExpirationSeconds defines the duration of a TokenRequest in seconds. + defaultExpirationSeconds = int64(3600) + // defaultLeewayPercent defines the percentage of expiration left before the client trigger a token rotation. + // range[0, 100] + defaultLeewayPercent = 20 +) + +// migrate from kubernetes/staging/src/k8s.io/controller-manager/pkg/clientbuilder/client_builder_dynamic.go +type tokenSourceImpl struct { + namespace string + serviceAccountName string + cli kubernetes.Clientset + expirationSeconds int64 + leewayPercent int +} + +func (ts *tokenSourceImpl) Token() (*oauth2.Token, error) { + klog.V(5).Info("start get token") + var retTokenRequest *v1authenticationapi.TokenRequest + + backoff := wait.Backoff{ + Duration: 500 * time.Millisecond, + Factor: 2, // double the timeout for every failure + Steps: 4, + } + if err := wait.ExponentialBackoff(backoff, func() (bool, error) { + _, inErr := getOrCreateServiceAccount(ts.cli, ts.namespace, ts.serviceAccountName) + if inErr != nil { + klog.Warningf("get or create service account failed: %v", inErr) + return false, nil + } + klog.V(5).Infof("get serviceaccount %s successfully", ts.serviceAccountName) + + tr, inErr := ts.cli.CoreV1().ServiceAccounts(ts.namespace).CreateToken(context.TODO(), ts.serviceAccountName, &v1authenticationapi.TokenRequest{ + Spec: v1authenticationapi.TokenRequestSpec{ + ExpirationSeconds: utilpointer.Int64(ts.expirationSeconds), + }, + }, metav1.CreateOptions{}) + if inErr != nil { + klog.Warningf("get token failed: %v", inErr) + return false, nil + } + retTokenRequest = tr + klog.V(5).Infof("create token successfully for serviceaccount %s", ts.serviceAccountName) + + return true, nil + }); err != nil { + return nil, fmt.Errorf("failed to get token for %s/%s: %v", ts.namespace, ts.serviceAccountName, err) + } + + if retTokenRequest.Spec.ExpirationSeconds == nil { + return nil, fmt.Errorf("nil pointer of expiration in token request") + } + + lifetime := retTokenRequest.Status.ExpirationTimestamp.Time.Sub(time.Now()) + if lifetime < time.Minute*10 { + // possible clock skew issue, pin to minimum token lifetime + lifetime = time.Minute * 10 + } + + leeway := time.Duration(int64(lifetime) * int64(ts.leewayPercent) / 100) + expiry := time.Now().Add(lifetime).Add(-1 * leeway) + + return &oauth2.Token{ + AccessToken: retTokenRequest.Status.Token, + TokenType: "Bearer", + Expiry: expiry, + }, nil +} + +func getOrCreateServiceAccount(cli kubernetes.Clientset, namespace, name string) (*v1.ServiceAccount, error) { + sa, err := cli.CoreV1().ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{}) + if err == nil { + return sa, nil + } + if !apierrors.IsNotFound(err) { + return nil, err + } + + // Create the namespace if we can't verify it exists. + // Tolerate errors, since we don't know whether this component has namespace creation permissions. + if _, err := cli.CoreV1().Namespaces().Get(context.TODO(), namespace, metav1.GetOptions{}); apierrors.IsNotFound(err) { + if _, err = cli.CoreV1().Namespaces().Create(context.TODO(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}}, metav1.CreateOptions{}); err != nil && !apierrors.IsAlreadyExists(err) { + klog.Warningf("create non-exist namespace %s failed:%v", namespace, err) + } + } + + // Create the service account + sa, err = cli.CoreV1().ServiceAccounts(namespace).Create(context.TODO(), &v1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Namespace: namespace, Name: name}}, metav1.CreateOptions{}) + if apierrors.IsAlreadyExists(err) { + // If we're racing to init and someone else already created it, re-fetch + return cli.CoreV1().ServiceAccounts(namespace).Get(context.TODO(), name, metav1.GetOptions{}) + } + return sa, err +} diff --git a/cmd/yurt-manager/app/config/config.go b/cmd/yurt-manager/app/config/config.go index 75f9424f50a..a5ff98057c5 100644 --- a/cmd/yurt-manager/app/config/config.go +++ b/cmd/yurt-manager/app/config/config.go @@ -20,6 +20,8 @@ import ( yurtctrlmgrconfig "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/apis/config" ) +var WorkingNamespace string + // Config is the main context object for the controller manager. type Config struct { ComponentConfig yurtctrlmgrconfig.YurtManagerConfiguration diff --git a/cmd/yurt-manager/app/manager.go b/cmd/yurt-manager/app/manager.go index 1e4e629e9d3..93c4ae5647e 100644 --- a/cmd/yurt-manager/app/manager.go +++ b/cmd/yurt-manager/app/manager.go @@ -44,7 +44,7 @@ import ( "github.com/openyurtio/openyurt/pkg/apis" "github.com/openyurtio/openyurt/pkg/projectinfo" "github.com/openyurtio/openyurt/pkg/util/profile" - "github.com/openyurtio/openyurt/pkg/yurtmanager/controller" + controller "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/base" "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook" "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/util" ) @@ -138,6 +138,8 @@ current state towards the desired state.`, cliflag.PrintSections(cmd.OutOrStdout(), namedFlagSets, cols) }) + config.WorkingNamespace = s.Generic.WorkingNamespace + return cmd } @@ -233,6 +235,7 @@ func Run(c *config.CompletedConfig, stopCh <-chan struct{}) error { setupLog.Error(err, "problem running manager") os.Exit(1) } + klog.V(5).Info("start manager successfully") return nil } diff --git a/go.mod b/go.mod index 89eeeec9826..91446e6c0f0 100644 --- a/go.mod +++ b/go.mod @@ -31,6 +31,7 @@ require ( go.etcd.io/etcd/client/pkg/v3 v3.5.9 go.etcd.io/etcd/client/v3 v3.5.9 golang.org/x/net v0.23.0 + golang.org/x/oauth2 v0.8.0 golang.org/x/sys v0.18.0 google.golang.org/grpc v1.57.1 gopkg.in/cheggaaa/pb.v1 v1.0.28 @@ -152,7 +153,6 @@ require ( go.uber.org/zap v1.25.0 // indirect golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20220827204233-334a2380cb91 // indirect - golang.org/x/oauth2 v0.8.0 // indirect golang.org/x/sync v0.5.0 // indirect golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect diff --git a/hack/lib/complement-rbac.sh b/hack/lib/complement-rbac.sh new file mode 100755 index 00000000000..7910013de22 --- /dev/null +++ b/hack/lib/complement-rbac.sh @@ -0,0 +1,126 @@ +#!/bin/bash + +# Copyright 2024 The OpenYurt Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +YURT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)" +CONTROLLER_NAME_FILE=$YURT_ROOT/cmd/yurt-manager/names/controller_names.go + + +complement_rbac() { + local input_file="$1" # Accept input_file as an argument + local tmp_file="${input_file}.tmp" + local namespace="kube-system" + local service_accounts=() # Indexed array for service account names + + # Check if the last line of the input file is "---" + if [[ "$(tail -n1 "$input_file")" != "---" ]]; then + # Temporarily append "---" to the file content during the processing + exec 3< <(cat "$input_file" && echo "---") + else + # Use the file directly if it already ends with "---" + exec 3<"$input_file" + fi + cp "$input_file" "$tmp_file" + local kind name # Define variables to hold 'kind' and 'name' + + # Process the file line by line + while IFS= read -r line <&3; do + # Extract 'kind' + if [[ "$line" =~ ^kind:\ (.*) ]]; then + kind=${BASH_REMATCH[1]} + fi + # Extract 'name' + if [[ "$line" =~ ^[[:space:]]*name:\ (.*) ]]; then + name=${BASH_REMATCH[1]} + # Add the service account name if it does not already exist in the array + if [[ ! " ${service_accounts[*]} " =~ " ${name} " ]]; then + service_accounts+=("$name") + fi + fi + # End of a document, check if kind is Role or ClusterRole + if [[ "$line" == "---" ]] && [ -n "$kind" ] && [ -n "$name" ]; then + local binding_kind="RoleBinding" + local namespace_metadata=" namespace: $namespace" + if [ "$kind" = "ClusterRole" ]; then + binding_kind="ClusterRoleBinding" + namespace_metadata="" # ClusterRoleBinding doesn't have a namespace in its metadata + fi + # Generate RoleBinding or ClusterRoleBinding YAML + { + echo "--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: $binding_kind +metadata: + name: ${name}-binding +$namespace_metadata +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: $kind + name: $name +subjects: +- kind: ServiceAccount + name: $name + namespace: $namespace +" + } >> "$tmp_file" + # Reset variables for the next object + kind="" + name="" + fi + done + + # Generate ServiceAccount YAML for each unique name + for sa_name in "${service_accounts[@]}"; do + { + echo "--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: $sa_name + namespace: $namespace +" + } >> "$tmp_file" + done + # Close file descriptor 3 + exec 3<&- + + mv "$tmp_file" "$input_file" +} + +# extract controller names from CONTROLLER_NAME_FILE +extract_controller_names() { + awk -F'"' '/= "/ { print $2 }' "$CONTROLLER_NAME_FILE" +} + +# How to use: +# complement_rbac "_output/manifest/auto_generate/rbac/yurtcoordinator.yaml" + +# result=$(extract_controller_names) +# while IFS= read -r line; do +# echo "Extracted value: $line" +# done <<< "$result" + +# result=$(extract_controller_names) +# while IFS= read -r line; do +# controller_file_name="${line//-/_}.go" +# controller_file_path=$(find $YURT_ROOT -type f -name $controller_file_name) +# # Assuming file_path variable assignment from above +# if [ -n "$controller_file_path" ]; then +# echo "Found: $controller_file_path" +# else +# echo "File $controller_file_name not found." +# fi +# done <<< "$result" + diff --git a/hack/make-rules/generate_manifests.sh b/hack/make-rules/generate_manifests.sh new file mode 100755 index 00000000000..7522a8b6200 --- /dev/null +++ b/hack/make-rules/generate_manifests.sh @@ -0,0 +1,81 @@ +#!/bin/bash +# set -x + +# Copyright 2024 The OpenYurt Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Define the directory to search in and the pattern to search for +YURT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)" + +CONTROLLER_GEN=$YURT_ROOT/bin/controller-gen + +WEBHOOK_DIR=$YURT_ROOT/pkg/yurtmanager/webhook +OUTPUT_DIR=$YURT_ROOT/_output/manifest/auto_generate +PATTERN="+kubebuilder:rbac" +CRD_OPTIONS="crd:crdVersions=v1,maxDescLen=1000" + +source "${YURT_ROOT}/hack/lib/complement-rbac.sh" + + +# 1. generate RBAC yaml files + +# 1.1 generate controller RBAC yaml files +echo "Generate RBAC for controllers" + +result=$(extract_controller_names) +while IFS= read -r role_name; do + controller_file_name="${role_name//-/_}.go" + controller_file_path=$(find $YURT_ROOT -type f -name $controller_file_name) + # Assuming file_path variable assignment from above + if [ -n "$controller_file_path" ]; then + echo "Generate RBAC for $role_name" + $CONTROLLER_GEN rbac:roleName="${role_name}" paths=$controller_file_path/.. output:rbac:artifacts:config=${OUTPUT_DIR}/rbac && mv ${OUTPUT_DIR}/rbac/role.yaml ${OUTPUT_DIR}/rbac/${role_name}.yaml + else + echo "File $controller_file_name not found." + fi +done <<< "$result" + +# 1.2 generate webhook RBAC yaml files +echo "Generate RBAC for webhook" + +# Loop through each first sublevel directory +for dir in "$WEBHOOK_DIR"/*/; do + # Avoid a non-existent directory glob problem + [ -e "$dir" ] || continue + + # Search for files containing the pattern within the current subdirectory + found_file=$(grep -lR -e "$PATTERN" "$dir" | head -n 1) + + if [ ! -z "$found_file" ]; then + echo "Generate RBAC for $dir" + # If a matching file is found, extract directory base name + role_name=$(basename "${dir}") + $CONTROLLER_GEN rbac:roleName="${role_name}" paths=${dir}/... output:rbac:artifacts:config=${OUTPUT_DIR}/rbac && mv ${OUTPUT_DIR}/rbac/role.yaml ${OUTPUT_DIR}/rbac/${role_name}.yaml + fi +done + +# Loop through ${OUTPUT_DIR}/rbac and generate RoleBinding/ClusterRoleBinding/ServiceAccount +for file in ${OUTPUT_DIR}/rbac/*.yaml; do + complement_rbac "$file" +done + +$CONTROLLER_GEN rbac:roleName=basecontroller paths=$YURT_ROOT/pkg/yurtmanager/controller/... output:rbac:artifacts:config=${OUTPUT_DIR}/rbac && mv ${OUTPUT_DIR}/rbac/role.yaml ${OUTPUT_DIR}/rbac/basecontroller.yaml +$CONTROLLER_GEN rbac:roleName=webhook paths=$YURT_ROOT/pkg/yurtmanager/webhook/... output:rbac:artifacts:config=${OUTPUT_DIR}/rbac && mv ${OUTPUT_DIR}/rbac/role.yaml ${OUTPUT_DIR}/rbac/webhook.yaml +echo "Generate RBAC for base controller/webhook" + +# 2. generate CRD/Webhook yaml files +$CONTROLLER_GEN $CRD_OPTIONS webhook paths="./pkg/..." output:crd:artifacts:config=$OUTPUT_DIR/crd output:webhook:artifacts:config=$OUTPUT_DIR/webhook +# remove empty name crd file +rm -f $OUTPUT_DIR/crd/_.yaml +echo "Generate CRD/Webhook for base controller/webhook" diff --git a/pkg/yurtmanager/controller/controller.go b/pkg/yurtmanager/controller/base/controller.go similarity index 95% rename from pkg/yurtmanager/controller/controller.go rename to pkg/yurtmanager/controller/base/controller.go index a6cb06f999b..0a5d54408d5 100644 --- a/pkg/yurtmanager/controller/controller.go +++ b/pkg/yurtmanager/controller/base/controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controller +package base import ( "context" @@ -107,6 +107,10 @@ func NewControllerInitializers() map[string]InitFunc { // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;create +// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;create +// +kubebuilder:rbac:groups=core,resources=serviceaccounts/token,verbs=create +// +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create func SetupWithManager(ctx context.Context, c *config.CompletedConfig, m manager.Manager) error { for controllerName, fn := range NewControllerInitializers() { diff --git a/pkg/yurtmanager/controller/csrapprover/csrapprover_controller.go b/pkg/yurtmanager/controller/csrapprover/csr_approver_controller.go similarity index 98% rename from pkg/yurtmanager/controller/csrapprover/csrapprover_controller.go rename to pkg/yurtmanager/controller/csrapprover/csr_approver_controller.go index 4561e2911ee..62d0652cb69 100644 --- a/pkg/yurtmanager/controller/csrapprover/csrapprover_controller.go +++ b/pkg/yurtmanager/controller/csrapprover/csr_approver_controller.go @@ -37,6 +37,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/projectinfo" @@ -123,7 +124,7 @@ type ReconcileCsrApprover struct { func NewReconcileCsrApprover(mgr manager.Manager) (*ReconcileCsrApprover, error) { r := &ReconcileCsrApprover{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.CsrApproverController), } mapper := mgr.GetRESTMapper() diff --git a/pkg/yurtmanager/controller/csrapprover/csrapprover_controller_test.go b/pkg/yurtmanager/controller/csrapprover/csr_approver_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/csrapprover/csrapprover_controller_test.go rename to pkg/yurtmanager/controller/csrapprover/csr_approver_controller_test.go diff --git a/pkg/yurtmanager/controller/daemonpodupdater/daemon_pod_updater_controller.go b/pkg/yurtmanager/controller/daemonpodupdater/daemon_pod_updater_controller.go index 6e8ab580622..850bfc2e342 100644 --- a/pkg/yurtmanager/controller/daemonpodupdater/daemon_pod_updater_controller.go +++ b/pkg/yurtmanager/controller/daemonpodupdater/daemon_pod_updater_controller.go @@ -47,6 +47,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" k8sutil "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/daemonpodupdater/kubernetes" @@ -115,12 +116,12 @@ type ReconcileDaemonpodupdater struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(_ *appconfig.CompletedConfig, mgr manager.Manager) (reconcile.Reconciler, error) { r := &ReconcileDaemonpodupdater{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.DaemonPodUpdaterController), expectations: k8sutil.NewControllerExpectations(), recorder: mgr.GetEventRecorderFor(names.DaemonPodUpdaterController), } - c, err := kubernetes.NewForConfig(mgr.GetConfig()) + c, err := kubernetes.NewForConfig(yurtClient.GetConfigByControllerNameOrDie(mgr, names.DaemonPodUpdaterController)) if err != nil { klog.Errorf("could not create kube client, %v", err) return nil, err diff --git a/pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/loadbalancerset_controller.go b/pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/load_balancer_set_controller.go similarity index 97% rename from pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/loadbalancerset_controller.go rename to pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/load_balancer_set_controller.go index b92dd9fca23..1cb30d2d555 100644 --- a/pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/loadbalancerset_controller.go +++ b/pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/load_balancer_set_controller.go @@ -38,6 +38,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/apis/apps/v1beta1" @@ -94,7 +95,7 @@ type ReconcileLoadBalancerSet struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(c *appconfig.CompletedConfig, mgr manager.Manager) *ReconcileLoadBalancerSet { return &ReconcileLoadBalancerSet{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.LoadBalancerSetController), scheme: mgr.GetScheme(), mapper: mgr.GetRESTMapper(), recorder: mgr.GetEventRecorderFor(names.LoadBalancerSetController), @@ -123,7 +124,7 @@ func add(mgr manager.Manager, cfg *appconfig.CompletedConfig, r reconcile.Reconc return err } - err = c.Watch(source.Kind(mgr.GetCache(), &v1beta1.NodePool{}), NewNodePoolEventHandler(mgr.GetClient()), NewNodePoolPredicated()) + err = c.Watch(source.Kind(mgr.GetCache(), &v1beta1.NodePool{}), NewNodePoolEventHandler(yurtClient.GetClientByControllerNameOrDie(mgr, names.LoadBalancerSetController)), NewNodePoolPredicated()) if err != nil { return err } @@ -131,8 +132,11 @@ func add(mgr manager.Manager, cfg *appconfig.CompletedConfig, r reconcile.Reconc return nil } +// +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;update +// +kubebuilder:rbac:groups=core,resources=services/status,verbs=update // +kubebuilder:rbac:groups=network.openyurt.io,resources=poolservices,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=network.openyurt.io,resources=poolservices/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=apps.openyurt.io,resources=nodepools,verbs=list;watch // Reconcile reads that state of the cluster for a PoolService object and makes changes based on the state read // and what is in the PoolService.Spec diff --git a/pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/loadbalancerset_controller_test.go b/pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/load_balancer_set_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/loadbalancerset_controller_test.go rename to pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/load_balancer_set_controller_test.go diff --git a/pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/loadbalancer_status.go b/pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/load_balancer_status.go similarity index 100% rename from pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/loadbalancer_status.go rename to pkg/yurtmanager/controller/loadbalancerset/loadbalancerset/load_balancer_status.go diff --git a/pkg/yurtmanager/controller/nodebucket/nodebucket_controller.go b/pkg/yurtmanager/controller/nodebucket/node_bucket_controller.go similarity index 98% rename from pkg/yurtmanager/controller/nodebucket/nodebucket_controller.go rename to pkg/yurtmanager/controller/nodebucket/node_bucket_controller.go index e43699ae952..b5acfbd4629 100644 --- a/pkg/yurtmanager/controller/nodebucket/nodebucket_controller.go +++ b/pkg/yurtmanager/controller/nodebucket/node_bucket_controller.go @@ -37,6 +37,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" appsv1alpha1 "github.com/openyurtio/openyurt/pkg/apis/apps/v1alpha1" @@ -62,7 +63,7 @@ func Format(format string, args ...interface{}) string { func Add(_ context.Context, cfg *appconfig.CompletedConfig, mgr manager.Manager) error { klog.Infof(Format("nodebucket-controller add controller %s", controllerResource.String())) r := &ReconcileNodeBucket{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.NodeBucketController), maxNodesPerBucket: int(cfg.ComponentConfig.NodeBucketController.MaxNodesPerBucket), } @@ -162,7 +163,7 @@ type ReconcileNodeBucket struct { } // +kubebuilder:rbac:groups=apps.openyurt.io,resources=nodebuckets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=apps.openyurt.io,resources=nodepools,verbs=list;watch +// +kubebuilder:rbac:groups=apps.openyurt.io,resources=nodepools,verbs=get;list;watch // +kubebuilder:rbac:groups=core,resources=nodes,verbs=list;watch // Reconcile reads that state of the cluster for a NodeBucket object and makes changes based on the state read diff --git a/pkg/yurtmanager/controller/nodebucket/nodebucket_controller_test.go b/pkg/yurtmanager/controller/nodebucket/node_bucket_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/nodebucket/nodebucket_controller_test.go rename to pkg/yurtmanager/controller/nodebucket/node_bucket_controller_test.go diff --git a/pkg/yurtmanager/controller/nodelifecycle/node_lifecycle_controller.go b/pkg/yurtmanager/controller/nodelifecycle/node_life_cycle_controller.go similarity index 98% rename from pkg/yurtmanager/controller/nodelifecycle/node_lifecycle_controller.go rename to pkg/yurtmanager/controller/nodelifecycle/node_life_cycle_controller.go index 0eac1685819..b53c54842d8 100644 --- a/pkg/yurtmanager/controller/nodelifecycle/node_lifecycle_controller.go +++ b/pkg/yurtmanager/controller/nodelifecycle/node_life_cycle_controller.go @@ -54,6 +54,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" taintutils "github.com/openyurtio/openyurt/pkg/util/taints" @@ -69,6 +70,7 @@ func init() { } var ( + controllerName = names.NodeLifeCycleController // UnreachableTaintTemplate is the taint for when a node becomes unreachable. UnreachableTaintTemplate = &v1.Taint{ Key: v1.TaintNodeUnreachable, @@ -285,7 +287,11 @@ type ReconcileNodeLifeCycle struct { podUpdateQueue workqueue.RateLimitingInterface } -// +kubebuilder:rbac:groups=core,resources=nodes/status,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=core,resources=nodes/status,verbs=update +// +kubebuilder:rbac:groups=core,resources=nodes,verbs=list;get;watch +// +kubebuilder:rbac:groups=core,resources=pods/status,verbs=update +// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;watch;list;delete +// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;watch // Add creates a new CsrApprover Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller // and Start it when the Manager is Started. @@ -295,7 +301,7 @@ func Add(ctx context.Context, cfg *appconfig.CompletedConfig, mgr manager.Manage return err } // Create a new controller - c, err := util.NewNoReconcileController(names.NodeLifeCycleController, mgr, controller.Options{}) + c, err := util.NewNoReconcileController(controllerName, mgr, controller.Options{}) if err != nil { return err } @@ -410,8 +416,8 @@ func GenGetPodsAssignedToNode(c client.Client) func(string) ([]*v1.Pod, error) { // newReconciler returns a new reconcile.Reconciler func newReconciler(cfg *appconfig.CompletedConfig, mgr manager.Manager) (*ReconcileNodeLifeCycle, error) { nc := &ReconcileNodeLifeCycle{ - controllerRuntimeClient: mgr.GetClient(), - recorder: mgr.GetEventRecorderFor(names.NodeLifeCycleController), + controllerRuntimeClient: yurtClient.GetClientByControllerNameOrDie(mgr, controllerName), + recorder: mgr.GetEventRecorderFor(controllerName), now: metav1.Now, knownNodeSet: make(map[string]*v1.Node), nodeHealthMap: newNodeHealthMap(), @@ -433,7 +439,7 @@ func newReconciler(cfg *appconfig.CompletedConfig, mgr manager.Manager) (*Reconc nc.enterPartialDisruptionFunc = nc.ReducedQPSFunc nc.enterFullDisruptionFunc = nc.HealthyQPSFunc nc.computeZoneStateFunc = nc.ComputeZoneState - kubeClient, err := clientset.NewForConfig(mgr.GetConfig()) + kubeClient, err := clientset.NewForConfig(yurtClient.GetConfigByControllerNameOrDie(mgr, controllerName)) if err != nil { klog.Errorf("could not create kube client, %v", err) return nil, err diff --git a/pkg/yurtmanager/controller/nodelifecycle/node_lifecycle_controller_test.go b/pkg/yurtmanager/controller/nodelifecycle/node_life_cycle_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/nodelifecycle/node_lifecycle_controller_test.go rename to pkg/yurtmanager/controller/nodelifecycle/node_life_cycle_controller_test.go diff --git a/pkg/yurtmanager/controller/nodepool/nodepool_controller.go b/pkg/yurtmanager/controller/nodepool/nodepool_controller.go index 16b076a671c..7198ede241a 100644 --- a/pkg/yurtmanager/controller/nodepool/nodepool_controller.go +++ b/pkg/yurtmanager/controller/nodepool/nodepool_controller.go @@ -31,6 +31,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" appsv1beta1 "github.com/openyurtio/openyurt/pkg/apis/apps/v1beta1" @@ -63,7 +64,7 @@ func Add(ctx context.Context, c *config.CompletedConfig, mgr manager.Manager) er r := &ReconcileNodePool{ cfg: c.ComponentConfig.NodePoolController, recorder: mgr.GetEventRecorderFor(names.NodePoolController), - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.NodePoolController), } // Create a new controller diff --git a/pkg/yurtmanager/controller/platformadmin/platformadmin_controller.go b/pkg/yurtmanager/controller/platformadmin/platform_admin_controller.go similarity index 99% rename from pkg/yurtmanager/controller/platformadmin/platformadmin_controller.go rename to pkg/yurtmanager/controller/platformadmin/platform_admin_controller.go index a7a0567ebe0..1cdd5760a3c 100644 --- a/pkg/yurtmanager/controller/platformadmin/platformadmin_controller.go +++ b/pkg/yurtmanager/controller/platformadmin/platform_admin_controller.go @@ -43,6 +43,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" appsv1alpha1 "github.com/openyurtio/openyurt/pkg/apis/apps/v1alpha1" @@ -126,7 +127,7 @@ func Add(ctx context.Context, c *appconfig.CompletedConfig, mgr manager.Manager) // newReconciler returns a new reconcile.Reconciler func newReconciler(c *appconfig.CompletedConfig, mgr manager.Manager) reconcile.Reconciler { return &ReconcilePlatformAdmin{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.PlatformAdminController), scheme: mgr.GetScheme(), recorder: mgr.GetEventRecorderFor(names.PlatformAdminController), yamlSerializer: kjson.NewSerializerWithOptions(kjson.DefaultMetaFactory, scheme.Scheme, scheme.Scheme, kjson.SerializerOptions{Yaml: true, Pretty: true}), @@ -184,7 +185,7 @@ func add(mgr manager.Manager, cfg *appconfig.CompletedConfig, r reconcile.Reconc // +kubebuilder:rbac:groups=apps.openyurt.io,resources=yurtappsets/status,verbs=get;update;patch // +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=core,resources=configmaps/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=core,resources=configmaps/status,verbs=get;update;patch;watch // +kubebuilder:rbac:groups=core,resources=services/status,verbs=get;update;patch // Reconcile reads that state of the cluster for a PlatformAdmin object and makes changes based on the state read diff --git a/pkg/yurtmanager/controller/raven/dns/dns_controller.go b/pkg/yurtmanager/controller/raven/dns/gateway_dns_controller.go similarity index 94% rename from pkg/yurtmanager/controller/raven/dns/dns_controller.go rename to pkg/yurtmanager/controller/raven/dns/gateway_dns_controller.go index 661d986329c..bae8eec27f2 100644 --- a/pkg/yurtmanager/controller/raven/dns/dns_controller.go +++ b/pkg/yurtmanager/controller/raven/dns/gateway_dns_controller.go @@ -39,6 +39,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/raven/util" @@ -66,7 +67,7 @@ type ReconcileDns struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(mgr manager.Manager) reconcile.Reconciler { return &ReconcileDns{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.GatewayDNSController), scheme: mgr.GetScheme(), recorder: mgr.GetEventRecorderFor(names.GatewayDNSController), } @@ -106,6 +107,11 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error { return nil } +// +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch +// +kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;watch +// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;watch;create;update;delete +// +kubebuilder:rbac:groups=apps.openyurt.io,resources=nodepools,verbs=get;list;watch + func (r *ReconcileDns) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) { klog.V(4).Info(Format("Reconcile DNS configMap for gateway %s", req.Name)) defer func() { diff --git a/pkg/yurtmanager/controller/raven/dns/dns_controller_test.go b/pkg/yurtmanager/controller/raven/dns/gateway_dns_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/raven/dns/dns_controller_test.go rename to pkg/yurtmanager/controller/raven/dns/gateway_dns_controller_test.go diff --git a/pkg/yurtmanager/controller/raven/dns/dns_enqueue_handlers.go b/pkg/yurtmanager/controller/raven/dns/gateway_dns_enqueue_handlers.go similarity index 100% rename from pkg/yurtmanager/controller/raven/dns/dns_enqueue_handlers.go rename to pkg/yurtmanager/controller/raven/dns/gateway_dns_enqueue_handlers.go diff --git a/pkg/yurtmanager/controller/raven/dns/dns_enqueue_handlers_test.go b/pkg/yurtmanager/controller/raven/dns/gateway_dns_enqueue_handlers_test.go similarity index 100% rename from pkg/yurtmanager/controller/raven/dns/dns_enqueue_handlers_test.go rename to pkg/yurtmanager/controller/raven/dns/gateway_dns_enqueue_handlers_test.go diff --git a/pkg/yurtmanager/controller/raven/gatewayinternalservice/gateway_internal_service_controller.go b/pkg/yurtmanager/controller/raven/gatewayinternalservice/gateway_internal_service_controller.go index 694bb3721de..46b07d65ffc 100644 --- a/pkg/yurtmanager/controller/raven/gatewayinternalservice/gateway_internal_service_controller.go +++ b/pkg/yurtmanager/controller/raven/gatewayinternalservice/gateway_internal_service_controller.go @@ -42,6 +42,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" ravenv1beta1 "github.com/openyurtio/openyurt/pkg/apis/raven/v1beta1" @@ -76,7 +77,7 @@ type ReconcileService struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(c *appconfig.CompletedConfig, mgr manager.Manager) reconcile.Reconciler { return &ReconcileService{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.GatewayInternalServiceController), scheme: mgr.GetScheme(), recorder: mgr.GetEventRecorderFor(names.GatewayInternalServiceController), } @@ -121,6 +122,11 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error { return nil } +// +kubebuilder:rbac:groups=core,resources=services,verbs=get;watch;create;update;delete +// +kubebuilder:rbac:groups=core,resources=endpoints,verbs=get;watch;create;update;delete +// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;watch;list +// +kubebuilder:rbac:groups=raven.openyurt.io,resources=gateways,verbs=get;list;watch + // Reconcile reads that state of the cluster for a Gateway object and makes changes based on the state read // and what is in the Gateway.Spec func (r *ReconcileService) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) { diff --git a/pkg/yurtmanager/controller/raven/gatewaypickup/gateway_pickup_controller.go b/pkg/yurtmanager/controller/raven/gatewaypickup/gateway_pickup_controller.go index 91b9189e9fc..ba9f8a49e8a 100644 --- a/pkg/yurtmanager/controller/raven/gatewaypickup/gateway_pickup_controller.go +++ b/pkg/yurtmanager/controller/raven/gatewaypickup/gateway_pickup_controller.go @@ -39,6 +39,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" calicov3 "github.com/openyurtio/openyurt/pkg/apis/calico/v3" @@ -88,7 +89,7 @@ type ReconcileGateway struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(c *appconfig.CompletedConfig, mgr manager.Manager) reconcile.Reconciler { return &ReconcileGateway{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.GatewayPickupController), scheme: mgr.GetScheme(), recorder: mgr.GetEventRecorderFor(names.GatewayPickupController), Configration: c.ComponentConfig.GatewayPickupController, @@ -117,7 +118,7 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error { return err } - err = c.Watch(source.Kind(mgr.GetCache(), &corev1.ConfigMap{}), &EnqueueGatewayForRavenConfig{client: mgr.GetClient()}, predicate.NewPredicateFuncs( + err = c.Watch(source.Kind(mgr.GetCache(), &corev1.ConfigMap{}), &EnqueueGatewayForRavenConfig{client: yurtClient.GetClientByControllerNameOrDie(mgr, names.GatewayPickupController)}, predicate.NewPredicateFuncs( func(object client.Object) bool { cm, ok := object.(*corev1.ConfigMap) if !ok { @@ -139,11 +140,9 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error { //+kubebuilder:rbac:groups=raven.openyurt.io,resources=gateways,verbs=get;list;watch;create;delete;update //+kubebuilder:rbac:groups=raven.openyurt.io,resources=gateways/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=raven.openyurt.io,resources=gateways/finalizers,verbs=update -//+kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;watch;update;patch -//+kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core,resources=endpoints,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;watch +//+kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch //+kubebuilder:rbac:groups=crd.projectcalico.org,resources=blockaffinities,verbs=get;list;watch // Reconcile reads that state of the cluster for a Gateway object and makes changes based on the state read diff --git a/pkg/yurtmanager/controller/raven/gatewaypublicservice/gateway_public_service_controller.go b/pkg/yurtmanager/controller/raven/gatewaypublicservice/gateway_public_service_controller.go index a67a3a4aa7a..ea029895f6b 100644 --- a/pkg/yurtmanager/controller/raven/gatewaypublicservice/gateway_public_service_controller.go +++ b/pkg/yurtmanager/controller/raven/gatewaypublicservice/gateway_public_service_controller.go @@ -39,6 +39,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/apis/raven" @@ -88,7 +89,7 @@ type ReconcileService struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(mgr manager.Manager) reconcile.Reconciler { return &ReconcileService{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.GatewayPublicServiceController), scheme: mgr.GetScheme(), recorder: mgr.GetEventRecorderFor(names.GatewayPublicServiceController), } @@ -111,7 +112,7 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error { } //Watch for changes to raven agent - err = c.Watch(source.Kind(mgr.GetCache(), &corev1.ConfigMap{}), &EnqueueRequestForConfigEvent{client: mgr.GetClient()}, predicate.NewPredicateFuncs( + err = c.Watch(source.Kind(mgr.GetCache(), &corev1.ConfigMap{}), &EnqueueRequestForConfigEvent{client: yurtClient.GetClientByControllerNameOrDie(mgr, names.GatewayPublicServiceController)}, predicate.NewPredicateFuncs( func(object client.Object) bool { cm, ok := object.(*corev1.ConfigMap) if !ok { @@ -132,6 +133,11 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error { return nil } +// +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;delete +// +kubebuilder:rbac:groups=core,resources=endpoints,verbs=get;list;watch;create;update;delete +// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch +// +kubebuilder:rbac:groups=raven.openyurt.io,resources=gateways,verbs=get;list;watch + // Reconcile reads that state of the cluster for a Gateway object and makes changes based on the state read // and what is in the Gateway.Spec func (r *ReconcileService) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) { diff --git a/pkg/yurtmanager/controller/servicetopology/endpoints/endpoints_controller.go b/pkg/yurtmanager/controller/servicetopology/endpoints/service_topology_endpoints_controller.go similarity index 93% rename from pkg/yurtmanager/controller/servicetopology/endpoints/endpoints_controller.go rename to pkg/yurtmanager/controller/servicetopology/endpoints/service_topology_endpoints_controller.go index 2aeb6e16262..8ae2f36c521 100644 --- a/pkg/yurtmanager/controller/servicetopology/endpoints/endpoints_controller.go +++ b/pkg/yurtmanager/controller/servicetopology/endpoints/service_topology_endpoints_controller.go @@ -29,6 +29,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/servicetopology/adapter" @@ -61,8 +62,8 @@ type ReconcileServicetopologyEndpoints struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(_ *appconfig.CompletedConfig, mgr manager.Manager) reconcile.Reconciler { return &ReconcileServicetopologyEndpoints{ - Client: mgr.GetClient(), - endpointsAdapter: adapter.NewEndpointsAdapter(mgr.GetClient()), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.ServiceTopologyEndpointsController), + endpointsAdapter: adapter.NewEndpointsAdapter(yurtClient.GetClientByControllerNameOrDie(mgr, names.ServiceTopologyEndpointsController)), } } diff --git a/pkg/yurtmanager/controller/servicetopology/endpointslice/endpointslice_controller.go b/pkg/yurtmanager/controller/servicetopology/endpointslice/service_topology_endpointslice_controller.go similarity index 96% rename from pkg/yurtmanager/controller/servicetopology/endpointslice/endpointslice_controller.go rename to pkg/yurtmanager/controller/servicetopology/endpointslice/service_topology_endpointslice_controller.go index 95ead7a8f6a..50ffa6e7870 100644 --- a/pkg/yurtmanager/controller/servicetopology/endpointslice/endpointslice_controller.go +++ b/pkg/yurtmanager/controller/servicetopology/endpointslice/service_topology_endpointslice_controller.go @@ -32,6 +32,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/servicetopology/adapter" @@ -83,7 +84,7 @@ type ReconcileServiceTopologyEndpointSlice struct { func newReconciler(_ *appconfig.CompletedConfig, mgr manager.Manager) *ReconcileServiceTopologyEndpointSlice { r := &ReconcileServiceTopologyEndpointSlice{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.ServiceTopologyEndpointSliceController), } if gvk, err := mgr.GetRESTMapper().KindFor(v1EndpointSliceGVR); err != nil { klog.Errorf("v1.EndpointSlice is not supported, %v", err) diff --git a/pkg/yurtmanager/controller/yurtappdaemon/yurtappdaemon_controller.go b/pkg/yurtmanager/controller/yurtappdaemon/yurt_app_daemon_controller.go similarity index 97% rename from pkg/yurtmanager/controller/yurtappdaemon/yurtappdaemon_controller.go rename to pkg/yurtmanager/controller/yurtappdaemon/yurt_app_daemon_controller.go index 05a95f01e26..33faaa08018 100644 --- a/pkg/yurtmanager/controller/yurtappdaemon/yurtappdaemon_controller.go +++ b/pkg/yurtmanager/controller/yurtappdaemon/yurt_app_daemon_controller.go @@ -36,6 +36,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" unitv1alpha1 "github.com/openyurtio/openyurt/pkg/apis/apps/v1alpha1" @@ -91,7 +92,7 @@ func add(mgr manager.Manager, cfg *config.CompletedConfig, r reconcile.Reconcile } // Watch for changes to NodePool - err = c.Watch(source.Kind(mgr.GetCache(), &unitv1alpha1.NodePool{}), &EnqueueYurtAppDaemonForNodePool{client: mgr.GetClient()}) + err = c.Watch(source.Kind(mgr.GetCache(), &unitv1alpha1.NodePool{}), &EnqueueYurtAppDaemonForNodePool{client: yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppDaemonController)}) if err != nil { return err } @@ -112,23 +113,20 @@ type ReconcileYurtAppDaemon struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(mgr manager.Manager) reconcile.Reconciler { return &ReconcileYurtAppDaemon{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppDaemonController), scheme: mgr.GetScheme(), recorder: mgr.GetEventRecorderFor(names.YurtAppDaemonController), controls: map[unitv1alpha1.TemplateType]workloadcontroller.WorkloadController{ - // unitv1alpha1.StatefulSetTemplateType: &StatefulSetControllor{Client: mgr.GetClient(), scheme: mgr.GetScheme()}, - unitv1alpha1.DeploymentTemplateType: &workloadcontroller.DeploymentControllor{Client: mgr.GetClient(), Scheme: mgr.GetScheme()}, + // unitv1alpha1.StatefulSetTemplateType: &StatefulSetControllor{Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppDaemonController), scheme: mgr.GetScheme()}, + unitv1alpha1.DeploymentTemplateType: &workloadcontroller.DeploymentControllor{Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppDaemonController), Scheme: mgr.GetScheme()}, }, } } // +kubebuilder:rbac:groups=apps.openyurt.io,resources=yurtappdaemons,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=apps.openyurt.io,resources=yurtappdaemons/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=apps,resources=statefulsets/status,verbs=get;update;patch // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=apps,resources=controllerrevisions,verbs=get;list;watch;create;update;patch;delete // Reconcile reads that state of the cluster for a YurtAppDaemon object and makes changes based on the state read diff --git a/pkg/yurtmanager/controller/yurtappdaemon/yurtappdaemon_controller_test.go b/pkg/yurtmanager/controller/yurtappdaemon/yurt_app_daemon_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/yurtappdaemon/yurtappdaemon_controller_test.go rename to pkg/yurtmanager/controller/yurtappdaemon/yurt_app_daemon_controller_test.go diff --git a/pkg/yurtmanager/controller/yurtappoverrider/yurtappoverrider_controller.go b/pkg/yurtmanager/controller/yurtappoverrider/yurt_app_overrider_controller.go similarity index 95% rename from pkg/yurtmanager/controller/yurtappoverrider/yurtappoverrider_controller.go rename to pkg/yurtmanager/controller/yurtappoverrider/yurt_app_overrider_controller.go index 3bb4bdd8b55..12947e95e79 100644 --- a/pkg/yurtmanager/controller/yurtappoverrider/yurtappoverrider_controller.go +++ b/pkg/yurtmanager/controller/yurtappoverrider/yurt_app_overrider_controller.go @@ -34,6 +34,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" appsv1alpha1 "github.com/openyurtio/openyurt/pkg/apis/apps/v1alpha1" @@ -77,7 +78,7 @@ type ReconcileYurtAppOverrider struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(c *appconfig.CompletedConfig, mgr manager.Manager) reconcile.Reconciler { return &ReconcileYurtAppOverrider{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppOverriderController), Configuration: c.ComponentConfig.YurtAppOverriderController, CacheOverriderMap: make(map[string]*appsv1alpha1.YurtAppOverrider), recorder: mgr.GetEventRecorderFor(names.YurtAppOverriderController), @@ -104,8 +105,9 @@ func add(mgr manager.Manager, cfg *appconfig.CompletedConfig, r reconcile.Reconc } // +kubebuilder:rbac:groups=apps.openyurt.io,resources=yurtappoverriders,verbs=get;list;watch +// +kubebuilder:rbac:groups=apps.openyurt.io,resources=yurtappsets,verbs=get;watch +// +kubebuilder:rbac:groups=apps.openyurt.io,resources=yurtappdaemons,verbs=get;watch // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=list;watch;update -// +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;update;patch;delete // Reconcile reads that state of the cluster for a YurtAppOverrider object and makes changes based on the state read // and what is in the YurtAppOverrider.Spec diff --git a/pkg/yurtmanager/controller/yurtappoverrider/yurtappoverrider_controller_test.go b/pkg/yurtmanager/controller/yurtappoverrider/yurt_app_overrider_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/yurtappoverrider/yurtappoverrider_controller_test.go rename to pkg/yurtmanager/controller/yurtappoverrider/yurt_app_overrider_controller_test.go diff --git a/pkg/yurtmanager/controller/yurtappset/yurtappset_controller.go b/pkg/yurtmanager/controller/yurtappset/yurt_app_set_controller.go similarity index 97% rename from pkg/yurtmanager/controller/yurtappset/yurtappset_controller.go rename to pkg/yurtmanager/controller/yurtappset/yurt_app_set_controller.go index bd3c762f6de..0727d7064f1 100644 --- a/pkg/yurtmanager/controller/yurtappset/yurtappset_controller.go +++ b/pkg/yurtmanager/controller/yurtappset/yurt_app_set_controller.go @@ -49,6 +49,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" unitv1beta1 "github.com/openyurtio/openyurt/pkg/apis/apps/v1beta1" @@ -91,17 +92,17 @@ func Add(ctx context.Context, c *config.CompletedConfig, mgr manager.Manager) er // newReconciler returns a new reconcile.Reconciler func newReconciler(c *config.CompletedConfig, mgr manager.Manager) reconcile.Reconciler { return &ReconcileYurtAppSet{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppSetController), scheme: mgr.GetScheme(), recorder: mgr.GetEventRecorderFor(names.YurtAppSetController), workloadManagers: map[workloadmanager.TemplateType]workloadmanager.WorkloadManager{ workloadmanager.DeploymentTemplateType: &workloadmanager.DeploymentManager{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppSetController), Scheme: mgr.GetScheme(), }, workloadmanager.StatefulSetTemplateType: &workloadmanager.StatefulSetManager{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppSetController), Scheme: mgr.GetScheme(), }, }, @@ -146,7 +147,7 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error { nodePoolToYurtAppSet := func(ctx context.Context, nodePool client.Object) (res []reconcile.Request) { res = make([]reconcile.Request, 0) yasList := &unitv1beta1.YurtAppSetList{} - if err := mgr.GetClient().List(ctx, yasList); err != nil { + if err := yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppSetController).List(ctx, yasList); err != nil { return } @@ -197,7 +198,6 @@ type ReconcileYurtAppSet struct { // +kubebuilder:rbac:groups=apps,resources=statefulsets/status,verbs=get;update;patch // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=apps,resources=controllerrevisions,verbs=get;list;watch;create;update;patch;delete // Reconcile reads that state of the cluster for a YurtAppSet object and makes changes based on the state read diff --git a/pkg/yurtmanager/controller/yurtappset/yurtappset_controller_statefulset_test.go b/pkg/yurtmanager/controller/yurtappset/yurt_app_set_controller_statefulset_test.go similarity index 100% rename from pkg/yurtmanager/controller/yurtappset/yurtappset_controller_statefulset_test.go rename to pkg/yurtmanager/controller/yurtappset/yurt_app_set_controller_statefulset_test.go diff --git a/pkg/yurtmanager/controller/yurtappset/yurtappset_controller_suite_test.go b/pkg/yurtmanager/controller/yurtappset/yurt_app_set_controller_suite_test.go similarity index 100% rename from pkg/yurtmanager/controller/yurtappset/yurtappset_controller_suite_test.go rename to pkg/yurtmanager/controller/yurtappset/yurt_app_set_controller_suite_test.go diff --git a/pkg/yurtmanager/controller/yurtappset/yurtappset_controller_test.go b/pkg/yurtmanager/controller/yurtappset/yurt_app_set_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/yurtappset/yurtappset_controller_test.go rename to pkg/yurtmanager/controller/yurtappset/yurt_app_set_controller_test.go diff --git a/pkg/yurtmanager/controller/yurtcoordinator/cert/yurtcoordinatorcert_controller.go b/pkg/yurtmanager/controller/yurtcoordinator/cert/yurt_coordinator_cert_controller.go similarity index 97% rename from pkg/yurtmanager/controller/yurtcoordinator/cert/yurtcoordinatorcert_controller.go rename to pkg/yurtmanager/controller/yurtcoordinator/cert/yurt_coordinator_cert_controller.go index 9d7429050e2..394652f30cc 100644 --- a/pkg/yurtmanager/controller/yurtcoordinator/cert/yurtcoordinatorcert_controller.go +++ b/pkg/yurtmanager/controller/yurtcoordinator/cert/yurt_coordinator_cert_controller.go @@ -37,6 +37,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" certfactory "github.com/openyurtio/openyurt/pkg/util/certmanager/factory" @@ -203,7 +204,7 @@ func Format(format string, args ...interface{}) string { // Add creates a new YurtCoordinatorcert Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller // and Start it when the Manager is Started. func Add(ctx context.Context, cfg *appconfig.CompletedConfig, mgr manager.Manager) error { - kubeClient, err := client.NewForConfig(mgr.GetConfig()) + kubeClient, err := client.NewForConfig(yurtClient.GetConfigByControllerNameOrDie(mgr, names.YurtCoordinatorCertController)) if err != nil { klog.Errorf("could not create kube client, %v", err) return err @@ -296,9 +297,11 @@ type ReconcileYurtCoordinatorCert struct { reuseCA bool } -// +kubebuilder:rbac:groups=certificates.k8s.io,resources=certificatesigningrequests,verbs=create -// +kubebuilder:rbac:groups="",namespace=kube-system,resources=secrets,verbs=get;update;create;patch +// +kubebuilder:rbac:groups=certificates.k8s.io,resources=certificatesigningrequests,verbs=create;list;watch +// +kubebuilder:rbac:groups="",namespace=kube-system,resources=secrets,verbs=get;update;create;patch;watch // +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;watch;list +// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;watch;list;create;patch +// +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch // todo: make customized certificate for each yurtcoordinator pod func (r *ReconcileYurtCoordinatorCert) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { diff --git a/pkg/yurtmanager/controller/yurtcoordinator/cert/yurtcoordinatorcert_controller_test.go b/pkg/yurtmanager/controller/yurtcoordinator/cert/yurt_coordinator_cert_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/yurtcoordinator/cert/yurtcoordinatorcert_controller_test.go rename to pkg/yurtmanager/controller/yurtcoordinator/cert/yurt_coordinator_cert_controller_test.go diff --git a/pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegatelease_controller.go b/pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegate_lease_controller.go similarity index 93% rename from pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegatelease_controller.go rename to pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegate_lease_controller.go index 927088f7313..5a99849089e 100644 --- a/pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegatelease_controller.go +++ b/pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegate_lease_controller.go @@ -33,6 +33,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" nodeutil "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/util/node" @@ -50,7 +51,7 @@ type ReconcileDelegateLease struct { // Add creates a delegatelease controller and add it to the Manager with default RBAC. The Manager will set fields on the Controller // and Start it when the Manager is Started. func Add(_ context.Context, cfg *appconfig.CompletedConfig, mgr manager.Manager) error { - kubeClient, err := kubernetes.NewForConfig(mgr.GetConfig()) + kubeClient, err := kubernetes.NewForConfig(yurtClient.GetConfigByControllerNameOrDie(mgr, names.DelegateLeaseController)) if err != nil { klog.Errorf("could not create kube client, %v", err) return err @@ -59,7 +60,7 @@ func Add(_ context.Context, cfg *appconfig.CompletedConfig, mgr manager.Manager) r := &ReconcileDelegateLease{ ldc: utils.NewLeaseDelegatedCounter(), delLdc: utils.NewLeaseDelegatedCounter(), - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.DelegateLeaseController), dlClient: kubeClient, } c, err := controller.New(names.DelegateLeaseController, mgr, controller.Options{ @@ -73,6 +74,9 @@ func Add(_ context.Context, cfg *appconfig.CompletedConfig, mgr manager.Manager) return err } +// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch +// +kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;watch;update + // Reconcile reads that state of Node in cluster and makes changes if node autonomy state has been changed func (r *ReconcileDelegateLease) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) { lea := &coordv1.Lease{} diff --git a/pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegatelease_controller_test.go b/pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegate_lease_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegatelease_controller_test.go rename to pkg/yurtmanager/controller/yurtcoordinator/delegatelease/delegate_lease_controller_test.go diff --git a/pkg/yurtmanager/controller/yurtcoordinator/podbinding/podbinding_controller.go b/pkg/yurtmanager/controller/yurtcoordinator/podbinding/pod_binding_controller.go similarity index 96% rename from pkg/yurtmanager/controller/yurtcoordinator/podbinding/podbinding_controller.go rename to pkg/yurtmanager/controller/yurtcoordinator/podbinding/pod_binding_controller.go index 05b03382de6..70df2fa8be2 100644 --- a/pkg/yurtmanager/controller/yurtcoordinator/podbinding/podbinding_controller.go +++ b/pkg/yurtmanager/controller/yurtcoordinator/podbinding/pod_binding_controller.go @@ -31,6 +31,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" nodeutil "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/util/node" @@ -72,7 +73,7 @@ func Add(ctx context.Context, c *appconfig.CompletedConfig, mgr manager.Manager) // newReconciler returns a new reconcile.Reconciler func newReconciler(_ *appconfig.CompletedConfig, mgr manager.Manager) reconcile.Reconciler { return &ReconcilePodBinding{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.PodBindingController), } } @@ -106,6 +107,9 @@ func add(mgr manager.Manager, cfg *appconfig.CompletedConfig, r reconcile.Reconc //return err } +// +kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch +// +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;update + // Reconcile reads that state of Node in cluster and makes changes if node autonomy state has been changed func (r *ReconcilePodBinding) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) { var err error diff --git a/pkg/yurtmanager/controller/yurtcoordinator/podbinding/podbinding_controller_test.go b/pkg/yurtmanager/controller/yurtcoordinator/podbinding/pod_binding_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/yurtcoordinator/podbinding/podbinding_controller_test.go rename to pkg/yurtmanager/controller/yurtcoordinator/podbinding/pod_binding_controller_test.go diff --git a/pkg/yurtmanager/controller/yurtstaticset/yurtstaticset_controller.go b/pkg/yurtmanager/controller/yurtstaticset/yurt_static_set_controller.go similarity index 99% rename from pkg/yurtmanager/controller/yurtstaticset/yurtstaticset_controller.go rename to pkg/yurtmanager/controller/yurtstaticset/yurt_static_set_controller.go index c1d7e8cd6cd..41db889a34d 100644 --- a/pkg/yurtmanager/controller/yurtstaticset/yurtstaticset_controller.go +++ b/pkg/yurtmanager/controller/yurtstaticset/yurt_static_set_controller.go @@ -39,6 +39,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" appconfig "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" appsv1alpha1 "github.com/openyurtio/openyurt/pkg/apis/apps/v1alpha1" @@ -143,7 +144,7 @@ type ReconcileYurtStaticSet struct { // newReconciler returns a new reconcile.Reconciler func newReconciler(c *appconfig.CompletedConfig, mgr manager.Manager) reconcile.Reconciler { return &ReconcileYurtStaticSet{ - Client: mgr.GetClient(), + Client: yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtStaticSetController), scheme: mgr.GetScheme(), recorder: mgr.GetEventRecorderFor(names.YurtStaticSetController), Configuration: c.ComponentConfig.YurtStaticSetController, diff --git a/pkg/yurtmanager/controller/yurtstaticset/yurtstaticset_controller_test.go b/pkg/yurtmanager/controller/yurtstaticset/yurt_static_set_controller_test.go similarity index 100% rename from pkg/yurtmanager/controller/yurtstaticset/yurtstaticset_controller_test.go rename to pkg/yurtmanager/controller/yurtstaticset/yurt_static_set_controller_test.go diff --git a/pkg/yurtmanager/webhook/deploymentrender/v1alpha1/deploymentrender_handler.go b/pkg/yurtmanager/webhook/deploymentrender/v1alpha1/deploymentrender_handler.go index ffb4fad7d0c..c105d8f3b9b 100644 --- a/pkg/yurtmanager/webhook/deploymentrender/v1alpha1/deploymentrender_handler.go +++ b/pkg/yurtmanager/webhook/deploymentrender/v1alpha1/deploymentrender_handler.go @@ -24,13 +24,15 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" + "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/util" ) // SetupWebhookWithManager sets up Cluster webhooks. mutate path, validatepath, error func (webhook *DeploymentRenderHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() + webhook.Client = yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppOverriderController) webhook.Scheme = mgr.GetScheme() gvk, err := apiutil.GVKForObject(&v1.Deployment{}, mgr.GetScheme()) diff --git a/pkg/yurtmanager/webhook/gateway/v1alpha1/gateway_handler.go b/pkg/yurtmanager/webhook/gateway/v1alpha1/gateway_handler.go index d2f0b5272fc..267b288ecf1 100644 --- a/pkg/yurtmanager/webhook/gateway/v1alpha1/gateway_handler.go +++ b/pkg/yurtmanager/webhook/gateway/v1alpha1/gateway_handler.go @@ -18,7 +18,6 @@ package v1alpha1 import ( ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" @@ -29,8 +28,6 @@ import ( // SetupWebhookWithManager sets up Cluster webhooks. mutate path, validatepath, error func (webhook *GatewayHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() - gvk, err := apiutil.GVKForObject(&v1alpha1.Gateway{}, mgr.GetScheme()) if err != nil { return "", "", err @@ -46,7 +43,6 @@ func (webhook *GatewayHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string // Cluster implements a validating and defaulting webhook for Cluster. type GatewayHandler struct { - Client client.Client } var _ webhook.CustomDefaulter = &GatewayHandler{} diff --git a/pkg/yurtmanager/webhook/gateway/v1beta1/gateway_handler.go b/pkg/yurtmanager/webhook/gateway/v1beta1/gateway_handler.go index 0193b8c9e6c..1717cc34739 100644 --- a/pkg/yurtmanager/webhook/gateway/v1beta1/gateway_handler.go +++ b/pkg/yurtmanager/webhook/gateway/v1beta1/gateway_handler.go @@ -18,7 +18,6 @@ package v1beta1 import ( ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" @@ -29,7 +28,6 @@ import ( // SetupWebhookWithManager sets up Cluster webhooks. mutate path, validatepath, error func (webhook *GatewayHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() gvk, err := apiutil.GVKForObject(&v1beta1.Gateway{}, mgr.GetScheme()) if err != nil { @@ -49,7 +47,6 @@ func (webhook *GatewayHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string // Cluster implements a validating and defaulting webhook for Cluster. type GatewayHandler struct { - Client client.Client } var _ webhook.CustomDefaulter = &GatewayHandler{} diff --git a/pkg/yurtmanager/webhook/node/v1/node_handler.go b/pkg/yurtmanager/webhook/node/v1/node_handler.go index 101afe40f8c..ed810bc9219 100644 --- a/pkg/yurtmanager/webhook/node/v1/node_handler.go +++ b/pkg/yurtmanager/webhook/node/v1/node_handler.go @@ -23,6 +23,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" + "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/util" ) @@ -33,7 +35,7 @@ const ( // SetupWebhookWithManager sets up Cluster webhooks. mutate path, validate path, error func (webhook *NodeHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() + webhook.Client = yurtClient.GetClientByControllerNameOrDie(mgr, names.NodePoolController) gvk, err := apiutil.GVKForObject(&v1.Node{}, mgr.GetScheme()) if err != nil { diff --git a/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_handler.go b/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_handler.go index 0bf0f3f876f..22f9dfe4bc7 100644 --- a/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_handler.go +++ b/pkg/yurtmanager/webhook/nodepool/v1beta1/nodepool_handler.go @@ -22,6 +22,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" + "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/apis/apps/v1beta1" "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/util" ) @@ -29,7 +31,7 @@ import ( // SetupWebhookWithManager sets up Cluster webhooks. mutate path, validatepath, error func (webhook *NodePoolHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() + webhook.Client = yurtClient.GetClientByControllerNameOrDie(mgr, names.NodePoolController) gvk, err := apiutil.GVKForObject(&v1beta1.NodePool{}, mgr.GetScheme()) if err != nil { diff --git a/pkg/yurtmanager/webhook/platformadmin/v1alpha1/platformadmin_handler.go b/pkg/yurtmanager/webhook/platformadmin/v1alpha1/platformadmin_handler.go index 670e9234f4d..fde810a4632 100644 --- a/pkg/yurtmanager/webhook/platformadmin/v1alpha1/platformadmin_handler.go +++ b/pkg/yurtmanager/webhook/platformadmin/v1alpha1/platformadmin_handler.go @@ -24,6 +24,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" + "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/apis/iot/v1alpha1" "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/platformadmin/config" webhookutil "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/util" @@ -32,7 +34,7 @@ import ( // SetupWebhookWithManager sets up Cluster webhooks. func (webhook *PlatformAdminHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() + webhook.Client = yurtClient.GetClientByControllerNameOrDie(mgr, names.PlatformAdminController) gvk, err := apiutil.GVKForObject(&v1alpha1.PlatformAdmin{}, mgr.GetScheme()) if err != nil { diff --git a/pkg/yurtmanager/webhook/platformadmin/v1alpha2/platformadmin_handler.go b/pkg/yurtmanager/webhook/platformadmin/v1alpha2/platformadmin_handler.go index 547e9149385..9185b0e0b3f 100644 --- a/pkg/yurtmanager/webhook/platformadmin/v1alpha2/platformadmin_handler.go +++ b/pkg/yurtmanager/webhook/platformadmin/v1alpha2/platformadmin_handler.go @@ -24,6 +24,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" + "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/apis/iot/v1alpha2" "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/platformadmin/config" webhookutil "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/util" @@ -32,7 +34,7 @@ import ( // SetupWebhookWithManager sets up Cluster webhooks. func (webhook *PlatformAdminHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() + webhook.Client = yurtClient.GetClientByControllerNameOrDie(mgr, names.PlatformAdminController) gvk, err := apiutil.GVKForObject(&v1alpha2.PlatformAdmin{}, mgr.GetScheme()) if err != nil { diff --git a/pkg/yurtmanager/webhook/pod/v1alpha1/pod_handler.go b/pkg/yurtmanager/webhook/pod/v1alpha1/pod_handler.go index 79622d8f2f8..b2b7b3a48a7 100644 --- a/pkg/yurtmanager/webhook/pod/v1alpha1/pod_handler.go +++ b/pkg/yurtmanager/webhook/pod/v1alpha1/pod_handler.go @@ -19,7 +19,6 @@ package v1alpha1 import ( corev1 "k8s.io/api/core/v1" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" @@ -33,7 +32,6 @@ const ( // SetupWebhookWithManager sets up Cluster webhooks. mutate path, validate path, error func (webhook *PodHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() gvk, err := apiutil.GVKForObject(&corev1.Pod{}, mgr.GetScheme()) if err != nil { @@ -51,7 +49,6 @@ func (webhook *PodHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, st // PodHandler implements a validating and defaulting webhook for Cluster. type PodHandler struct { - Client client.Client } var _ webhook.CustomDefaulter = &PodHandler{} diff --git a/pkg/yurtmanager/webhook/server.go b/pkg/yurtmanager/webhook/server.go index be6b725ef9f..2265c248f66 100644 --- a/pkg/yurtmanager/webhook/server.go +++ b/pkg/yurtmanager/webhook/server.go @@ -29,7 +29,7 @@ import ( "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" "github.com/openyurtio/openyurt/cmd/yurt-manager/names" - "github.com/openyurtio/openyurt/pkg/yurtmanager/controller" + controller "github.com/openyurtio/openyurt/pkg/yurtmanager/controller/base" v1alpha1deploymentrender "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/deploymentrender/v1alpha1" v1beta1gateway "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/gateway/v1beta1" v1node "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/node/v1" diff --git a/pkg/yurtmanager/webhook/yurtappdaemon/v1alpha1/yurtappdaemon_handler.go b/pkg/yurtmanager/webhook/yurtappdaemon/v1alpha1/yurtappdaemon_handler.go index a375e9869dd..c5fd1b2fd47 100644 --- a/pkg/yurtmanager/webhook/yurtappdaemon/v1alpha1/yurtappdaemon_handler.go +++ b/pkg/yurtmanager/webhook/yurtappdaemon/v1alpha1/yurtappdaemon_handler.go @@ -22,6 +22,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" + "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/apis/apps/v1alpha1" appsv1alpha1 "github.com/openyurtio/openyurt/pkg/apis/apps/v1alpha1" "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/util" @@ -30,7 +32,7 @@ import ( // SetupWebhookWithManager sets up Cluster webhooks. func (webhook *YurtAppDaemonHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() + webhook.Client = yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppDaemonController) gvk, err := apiutil.GVKForObject(&appsv1alpha1.YurtAppDaemon{}, mgr.GetScheme()) if err != nil { diff --git a/pkg/yurtmanager/webhook/yurtappoverrider/v1alpha1/yurtappoverrider_handler.go b/pkg/yurtmanager/webhook/yurtappoverrider/v1alpha1/yurtappoverrider_handler.go index 53df018c966..7b1cb0e0f54 100644 --- a/pkg/yurtmanager/webhook/yurtappoverrider/v1alpha1/yurtappoverrider_handler.go +++ b/pkg/yurtmanager/webhook/yurtappoverrider/v1alpha1/yurtappoverrider_handler.go @@ -22,6 +22,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" + "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/apis/apps/v1alpha1" "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/util" ) @@ -29,7 +31,7 @@ import ( // SetupWebhookWithManager sets up Cluster webhooks. mutate path, validatepath, error func (webhook *YurtAppOverriderHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() + webhook.Client = yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppOverriderController) gvk, err := apiutil.GVKForObject(&v1alpha1.YurtAppOverrider{}, mgr.GetScheme()) if err != nil { diff --git a/pkg/yurtmanager/webhook/yurtappset/v1beta1/yurtappset_handler.go b/pkg/yurtmanager/webhook/yurtappset/v1beta1/yurtappset_handler.go index 5e94b8923f6..36c97f670a2 100644 --- a/pkg/yurtmanager/webhook/yurtappset/v1beta1/yurtappset_handler.go +++ b/pkg/yurtmanager/webhook/yurtappset/v1beta1/yurtappset_handler.go @@ -23,6 +23,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/webhook" + yurtClient "github.com/openyurtio/openyurt/cmd/yurt-manager/app/client" + "github.com/openyurtio/openyurt/cmd/yurt-manager/names" "github.com/openyurtio/openyurt/pkg/apis/apps/v1beta1" "github.com/openyurtio/openyurt/pkg/yurtmanager/webhook/util" ) @@ -30,7 +32,7 @@ import ( // SetupWebhookWithManager sets up Cluster webhooks. func (webhook *YurtAppSetHandler) SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) { // init - webhook.Client = mgr.GetClient() + webhook.Client = yurtClient.GetClientByControllerNameOrDie(mgr, names.YurtAppSetController) webhook.Scheme = mgr.GetScheme() gvk, err := apiutil.GVKForObject(&v1beta1.YurtAppSet{}, mgr.GetScheme()) diff --git a/test/e2e/cmd/init/converter.go b/test/e2e/cmd/init/converter.go index 4dbafcb8fa2..47b12041322 100644 --- a/test/e2e/cmd/init/converter.go +++ b/test/e2e/cmd/init/converter.go @@ -90,6 +90,7 @@ func (c *ClusterConverter) Run() error { klog.Info("Running node-servant-convert jobs to deploy the yurt-hub and reset the kubelet service on edge and cloud nodes") if err := c.installYurthubByHelm(); err != nil { klog.Errorf("error occurs when deploying Yurthub, %v", err) + c.dumpYurtManagerLog() return err } return nil @@ -212,7 +213,7 @@ func (c *ClusterConverter) installYurtManagerByHelm() error { imageTagParts := strings.Split(parts[len(parts)-1], ":") tag := imageTagParts[1] - cmd := exec.Command(helmPath, "install", "yurt-manager", yurtManagerChartPath, "--namespace", "kube-system", "--set", fmt.Sprintf("image.tag=%s", tag)) + cmd := exec.Command(helmPath, "install", "yurt-manager", yurtManagerChartPath, "--namespace", "kube-system", "--set", fmt.Sprintf("image.tag=%s", tag), "--set", "log.level=5") output, err := cmd.CombinedOutput() if err != nil { klog.Errorf("couldn't install yurt-manager, %v", err) @@ -251,24 +252,27 @@ func (c *ClusterConverter) installYurtManagerByHelm() error { return true, nil }); err != nil { - // print logs of yurt-manager - podList, logErr := c.ClientSet.CoreV1().Pods("kube-system").List(context.TODO(), metav1.ListOptions{ - LabelSelector: labels.SelectorFromSet(map[string]string{"app.kubernetes.io/name": "yurt-manager"}).String(), - }) - if logErr != nil { - klog.Errorf("failed to get yurt-manager pod, %v", logErr) - return err - } - - if len(podList.Items) == 0 { - klog.Errorf("yurt-manager pod doesn't exist") - return err - } - if logErr = kubeutil.DumpPod(c.ClientSet, &podList.Items[0], os.Stderr); logErr != nil { - return err - } + c.dumpYurtManagerLog() return err } return nil } + +// print logs of yurt-manager +func (c *ClusterConverter) dumpYurtManagerLog() { + // print logs of yurt-manager + podList, logErr := c.ClientSet.CoreV1().Pods("kube-system").List(context.TODO(), metav1.ListOptions{ + LabelSelector: labels.SelectorFromSet(map[string]string{"app.kubernetes.io/name": "yurt-manager"}).String(), + }) + if logErr != nil { + klog.Errorf("failed to get yurt-manager pod, %v", logErr) + } + + if len(podList.Items) == 0 { + klog.Errorf("yurt-manager pod doesn't exist") + } + if logErr = kubeutil.DumpPod(c.ClientSet, &podList.Items[0], os.Stderr); logErr != nil { + klog.Warning("failed to dump yurtmanager logs") + } +}