✨ support add-on registration

Signed-off-by: Yang Le <[email protected]>

Author: elgnay

addon/v1alpha1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml

@@ -300,6 +300,19 @@ spec:
                     RegistrationConfig defines the configuration of the addon agent to register to hub. The Klusterlet agent will
                     create a csr for the addon agent with the registrationConfig.
                   properties:
+                    driver:
+                      description: |-
+                        Deprecated: Will be replaced with kubeClient.driver in v1beta1.
+                        Driver specifies the authentication driver used by the ManagedClusterAddOn
+                        for this registration configuration when the signer name is
+                        `kubernetes.io/kube-apiserver-client`.
+                        This field is ignored for other signer names.
+                        Supported values are `csr` and `token`.
+                        The field is set by the agent to declare which authentication driver it is using.
+                      enum:
+                      - csr
+                      - token
+                      type: string
                     signerName:
                       description: |-
                         Deprecated: Will be replaced with type: kubeClient and type: csr in v1beta1.

addon/v1alpha1/types_managedclusteraddon.go

@@ -73,6 +73,17 @@ type RegistrationConfig struct {
 	//
 	// +optional
 	Subject Subject `json:"subject,omitempty"`
+
+	// Deprecated: Will be replaced with kubeClient.driver in v1beta1.
+	// Driver specifies the authentication driver used by the ManagedClusterAddOn
+	// for this registration configuration when the signer name is
+	// `kubernetes.io/kube-apiserver-client`.
+	// This field is ignored for other signer names.
+	// Supported values are `csr` and `token`.
+	// The field is set by the agent to declare which authentication driver it is using.
+	// +optional
+	// +kubebuilder:validation:Enum=csr;token
+	Driver string `json:"driver,omitempty"`
 }
 
 type AddOnConfig struct {

addon/v1beta1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml

@@ -300,6 +300,19 @@ spec:
                     RegistrationConfig defines the configuration of the addon agent to register to hub. The Klusterlet agent will
                     create a csr for the addon agent with the registrationConfig.
                   properties:
+                    driver:
+                      description: |-
+                        Deprecated: Will be replaced with kubeClient.driver in v1beta1.
+                        Driver specifies the authentication driver used by the ManagedClusterAddOn
+                        for this registration configuration when the signer name is
+                        `kubernetes.io/kube-apiserver-client`.
+                        This field is ignored for other signer names.
+                        Supported values are `csr` and `token`.
+                        The field is set by the agent to declare which authentication driver it is using.
+                      enum:
+                      - csr
+                      - token
+                      type: string
                     signerName:
                       description: |-
                         Deprecated: Will be replaced with type: kubeClient and type: csr in v1beta1.
@@ -642,10 +655,10 @@ spec:
                   description: RegistrationConfig defines the configuration for the
                     addon agent to register to the hub cluster.
                   properties:
-                    csr:
+                    customSigner:
                       description: |-
-                        csr holds the configuration for csr type registration.
-                        It should be set when type is "csr".
+                        customSigner holds the configuration for customSigner type registration.
+                        It should be set when type is "customSigner".
                       properties:
                         signerName:
                           description: signerName is the name of signer that addon
@@ -681,6 +694,14 @@ spec:
                         kubeClient holds the configuration for kubeClient type registration.
                         It should be set when type is "kubeClient".
                       properties:
+                        driver:
+                          description: |-
+                            Driver is the authentication driver used by managedclusteraddon for kubeClient registration. Possible values are csr and token.
+                            This field is set by the agent to declare which driver it is using.
+                          enum:
+                          - csr
+                          - token
+                          type: string
                         subject:
                           description: subject is the user subject of the addon agent
                             to be registered to the hub.
@@ -699,7 +720,7 @@ spec:
                       description: type specifies the type of registration configuration.
                       enum:
                       - kubeClient
-                      - csr
+                      - customSigner
                       type: string
                   required:
                   - type

addon/v1beta1/conversion.go

@@ -3,6 +3,7 @@ package v1beta1
 
 import (
 	"fmt"
+
 	certificates "k8s.io/api/certificates/v1"
 	"k8s.io/apimachinery/pkg/conversion"
 	"open-cluster-management.io/api/addon/v1alpha1"
@@ -117,12 +118,13 @@ func Convert_v1beta1_RegistrationConfig_To_v1alpha1_RegistrationConfig(in *Regis
 			User:   in.KubeClient.Subject.User,
 			Groups: in.KubeClient.Subject.Groups,
 		}
+		out.Driver = in.KubeClient.Driver
 	} else {
-		if in.CSR == nil {
-			return fmt.Errorf("nil CSR")
+		if in.CustomSigner == nil {
+			return fmt.Errorf("nil CustomSigner")
 		}
-		out.SignerName = in.CSR.SignerName
-		if err := Convert_v1beta1_Subject_To_v1alpha1_Subject(&in.CSR.Subject, &out.Subject, s); err != nil {
+		out.SignerName = in.CustomSigner.SignerName
+		if err := Convert_v1beta1_Subject_To_v1alpha1_Subject(&in.CustomSigner.Subject, &out.Subject, s); err != nil {
 			return err
 		}
 	}
@@ -141,10 +143,11 @@ func Convert_v1alpha1_RegistrationConfig_To_v1beta1_RegistrationConfig(in *v1alp
 					Groups: in.Subject.Groups,
 				},
 			},
+			Driver: in.Driver,
 		}
 	} else {
-		out.Type = CSR
-		out.CSR = &CSRConfig{
+		out.Type = CustomSigner
+		out.CustomSigner = &CustomSignerConfig{
 			SignerName: in.SignerName,
 			Subject: Subject{
 				BaseSubject: BaseSubject{