Skip to content

✨ support add-on registration #412

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-bot merged 1 commit into from
Jan 16, 2026
Merged

✨ support add-on registration #412

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions addon/v1alpha1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,18 @@ spec:
RegistrationConfig defines the configuration of the addon agent to register to hub. The Klusterlet agent will
create a csr for the addon agent with the registrationConfig.
properties:
driver:
description: |-
driver specifies the authentication driver used by the ManagedClusterAddOn
for this registration configuration when the signer name is
`kubernetes.io/kube-apiserver-client`.
This field is ignored for other signer names.
Supported values are `csr` and `token`.
The field is set by the agent to declare which authentication driver it is using.
enum:
- csr
- token
type: string
signerName:
description: |-
Deprecated: Will be replaced with type: kubeClient and type: csr in v1beta1.
Expand Down
10 changes: 10 additions & 0 deletions addon/v1alpha1/types_managedclusteraddon.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,16 @@ type RegistrationConfig struct {
//
// +optional
Subject Subject `json:"subject,omitempty"`

// driver specifies the authentication driver used by the ManagedClusterAddOn
// for this registration configuration when the signer name is
// `kubernetes.io/kube-apiserver-client`.
// This field is ignored for other signer names.
// Supported values are `csr` and `token`.
// The field is set by the agent to declare which authentication driver it is using.
// +optional
// +kubebuilder:validation:Enum=csr;token
Driver string `json:"driver,omitempty"`
}

type AddOnConfig struct {
Expand Down
28 changes: 24 additions & 4 deletions addon/v1beta1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,18 @@ spec:
RegistrationConfig defines the configuration of the addon agent to register to hub. The Klusterlet agent will
create a csr for the addon agent with the registrationConfig.
properties:
driver:
description: |-
driver specifies the authentication driver used by the ManagedClusterAddOn
for this registration configuration when the signer name is
`kubernetes.io/kube-apiserver-client`.
This field is ignored for other signer names.
Supported values are `csr` and `token`.
The field is set by the agent to declare which authentication driver it is using.
enum:
- csr
- token
type: string
signerName:
description: |-
Deprecated: Will be replaced with type: kubeClient and type: csr in v1beta1.
Expand Down Expand Up @@ -648,10 +660,10 @@ spec:
description: RegistrationConfig defines the configuration for the
addon agent to register to the hub cluster.
properties:
csr:
customSigner:
description: |-
csr holds the configuration for csr type registration.
It should be set when type is "csr".
customSigner holds the configuration for customSigner type registration.
It should be set when type is "customSigner".
properties:
signerName:
description: signerName is the name of signer that addon
Expand Down Expand Up @@ -687,6 +699,14 @@ spec:
kubeClient holds the configuration for kubeClient type registration.
It should be set when type is "kubeClient".
properties:
driver:
description: |-
driver is the authentication driver used by managedclusteraddon for kubeClient registration. Possible values are csr and token.
This field is set by the agent to declare which driver it is using.
enum:
- csr
- token
type: string
subject:
description: subject is the user subject of the addon agent
to be registered to the hub.
Expand All @@ -705,7 +725,7 @@ spec:
description: type specifies the type of registration configuration.
enum:
- kubeClient
- csr
- customSigner
type: string
required:
- type
Expand Down
15 changes: 9 additions & 6 deletions addon/v1beta1/conversion.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package v1beta1

import (
"fmt"

certificates "k8s.io/api/certificates/v1"
"k8s.io/apimachinery/pkg/conversion"
"open-cluster-management.io/api/addon/v1alpha1"
Expand Down Expand Up @@ -117,12 +118,13 @@ func Convert_v1beta1_RegistrationConfig_To_v1alpha1_RegistrationConfig(in *Regis
User: in.KubeClient.Subject.User,
Groups: in.KubeClient.Subject.Groups,
}
out.Driver = in.KubeClient.Driver
} else {
if in.CSR == nil {
return fmt.Errorf("nil CSR")
if in.CustomSigner == nil {
return fmt.Errorf("nil CustomSigner")
}
out.SignerName = in.CSR.SignerName
if err := Convert_v1beta1_Subject_To_v1alpha1_Subject(&in.CSR.Subject, &out.Subject, s); err != nil {
out.SignerName = in.CustomSigner.SignerName
if err := Convert_v1beta1_Subject_To_v1alpha1_Subject(&in.CustomSigner.Subject, &out.Subject, s); err != nil {
return err
}
}
Expand All @@ -141,10 +143,11 @@ func Convert_v1alpha1_RegistrationConfig_To_v1beta1_RegistrationConfig(in *v1alp
Groups: in.Subject.Groups,
},
},
Driver: in.Driver,
}
} else {
out.Type = CSR
out.CSR = &CSRConfig{
out.Type = CustomSigner
out.CustomSigner = &CustomSignerConfig{
SignerName: in.SignerName,
Subject: Subject{
BaseSubject: BaseSubject{
Expand Down
Loading