✨ Expose ManagedCluster annotations during join via clusteradm flag (#481)

* feat: expose klusterlet/managedcluster annotations via clusteradm flags

Signed-off-by: Artur Shad Nik <[email protected]>

* feat: improve handling annotations; add e2e test

Signed-off-by: Artur Shad Nik <[email protected]>

* test: simplify assertion

Signed-off-by: Artur Shad Nik <[email protected]>

---------

Signed-off-by: Artur Shad Nik <[email protected]>

Author: arturshadnik

pkg/cmd/join/cmd.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/spf13/cobra"
 	"k8s.io/cli-runtime/pkg/genericiooptions"
+	operatorv1 "open-cluster-management.io/api/operator/v1"
 	genericclioptionsclusteradm "open-cluster-management.io/clusteradm/pkg/genericclioptions"
 	"open-cluster-management.io/clusteradm/pkg/helpers"
 )
@@ -18,6 +19,8 @@ var example = `
 # join a cluster to the hub while the hub provided no valid CA data in kube-public namespace
 %[1]s join --hub-token <tokenID.tokenSecret> --hub-apiserver <hub_apiserver_url> --cluster-name <cluster_name> --ca-file <ca-file>
 %[1]s join --hub-token <tokenID.tokenSecret> --hub-apiserver <hub_apiserver_url> --cluster-name <cluster_name> --registration-auth awsirsa --hub-cluster-arn arn:aws:eks:us-west-2:123456789012:cluster/hub-cluster-1
+# Join a cluster to the hub and annotate the ManagedCluster
+%[1]s join --hub-token <tokenID.tokenSecret> --hub-apiserver <hub_apiserver_url> --cluster-name <cluster_name> --klusterlet-annotation foo=bar --klusterlet-annotation bar=foo
 `
 
 // NewCmd ...
@@ -80,5 +83,6 @@ func NewCmd(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, stream
 	cmd.Flags().Int32Var(&o.clientCertExpirationSeconds, "client-cert-expiration-seconds", 31536000, "clientCertExpirationSeconds represents the seconds of a client certificate to expire.")
 	cmd.Flags().StringVar(&o.registrationAuth, "registration-auth", "", "The type of authentication to use for registering and authenticating with hub")
 	cmd.Flags().StringVar(&o.hubClusterArn, "hub-cluster-arn", "", "The arn of the hub cluster(i.e. EKS cluster) to which managed-cluster will join")
+	cmd.Flags().StringArrayVar(&o.klusterletAnnotations, "klusterlet-annotation", []string{}, fmt.Sprintf("Annotations to set on the ManagedCluster, in key=value format. Note: each key will be automatically prefixed with '%s/', if not set.", operatorv1.ClusterAnnotationsKeyPrefix))
 	return cmd
 }

pkg/cmd/join/exec.go

@@ -152,6 +152,7 @@ func (o *Options) complete(cmd *cobra.Command, args []string) (err error) {
 			genericclioptionsclusteradm.SpokeMutableFeatureGate, ocmfeature.DefaultSpokeRegistrationFeatureGates),
 		ClientCertExpirationSeconds: o.clientCertExpirationSeconds,
 	}
+	o.setKlusterletRegistrationAnnotations()
 
 	// set registration auth type
 	if o.registrationAuth == AwsIrsaAuthentication {
@@ -742,3 +743,34 @@ func mergeCertificateData(caBundles ...[]byte) ([]byte, error) {
 	}
 	return b.Bytes(), nil
 }
+
+func (o *Options) setKlusterletRegistrationAnnotations() {
+	if len(o.klusterletAnnotations) == 0 {
+		return
+	}
+
+	if o.klusterletChartConfig.Klusterlet.RegistrationConfiguration.ClusterAnnotations == nil {
+		o.klusterletChartConfig.Klusterlet.RegistrationConfiguration.ClusterAnnotations = map[string]string{}
+	}
+
+	for _, annotation := range o.klusterletAnnotations {
+		i := strings.Index(annotation, "=")
+		if i == -1 {
+			klog.Warningf("Skipping malformed annotation (missing '='): %s", annotation)
+			continue
+		}
+
+		k, v := strings.TrimSpace(annotation[:i]), strings.TrimSpace(annotation[i+1:])
+
+		if k == "" {
+			klog.Warningf("Skipping annotation with empty key: %s", annotation)
+			continue
+		}
+
+		if !strings.HasPrefix(k, operatorv1.ClusterAnnotationsKeyPrefix) {
+			k = fmt.Sprintf("%s/%s", operatorv1.ClusterAnnotationsKeyPrefix, k)
+		}
+
+		o.klusterletChartConfig.Klusterlet.RegistrationConfiguration.ClusterAnnotations[k] = v
+	}
+}

pkg/cmd/join/options.go

@@ -92,6 +92,9 @@ type Options struct {
 
 	// The arn of hub cluster(i.e. EKS) to which managed-cluster will join
 	hubClusterArn string
+
+	// Annotations for registration controller to set on the ManagedCluster
+	klusterletAnnotations []string
 }
 
 func newOptions(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, streams genericiooptions.IOStreams) *Options {

test/e2e/clusteradm/joinhubscenario_annotate_test.go

@@ -0,0 +1,68 @@
+// Copyright Contributors to the Open Cluster Management project
+package clusteradme2e
+
+import (
+	"context"
+	"time"
+
+	"github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	operatorv1 "open-cluster-management.io/api/operator/v1"
+	"open-cluster-management.io/clusteradm/test/e2e/util"
+)
+
+var _ = ginkgo.Describe("test clusteradm join with annotations", func() {
+	ginkgo.BeforeEach(func() {
+		ginkgo.By("clear e2e environment...")
+		err := e2e.ClearEnv()
+		gomega.Expect(err).NotTo(gomega.HaveOccurred())
+	})
+
+	ginkgo.Context("join hub scenario with annotations", func() {
+		var err error
+
+		ginkgo.It("should managedclusters join with annotations and be accepted successfully", func() {
+			ginkgo.By("init hub")
+			err = e2e.Clusteradm().Init(
+				"--context", e2e.Cluster().Hub().Context(),
+				"--bundle-version=latest",
+			)
+			gomega.Expect(err).NotTo(gomega.HaveOccurred(), "clusteradm init error")
+
+			ginkgo.By("managedcluster1 join hub with annotations")
+			err = e2e.Clusteradm().Join(
+				"--context", e2e.Cluster().ManagedCluster1().Context(),
+				"--hub-token", e2e.CommandResult().Token(), "--hub-apiserver", e2e.CommandResult().Host(),
+				"--cluster-name", e2e.Cluster().ManagedCluster1().Name(),
+				"--wait",
+				"--bundle-version=latest",
+				"--force-internal-endpoint-lookup",
+				"--klusterlet-annotation", "foo=bar",
+				"--klusterlet-annotation", "test=value",
+			)
+			gomega.Expect(err).NotTo(gomega.HaveOccurred(), "managedcluster1 join error")
+			gomega.Eventually(func() error {
+				return util.ValidateImagePullSecret(managedClusterKubeClient,
+					"e30=", "open-cluster-management")
+			}, time.Second*120, time.Second*2).ShouldNot(gomega.HaveOccurred())
+
+			ginkgo.By("hub accept managedcluster1")
+			err = e2e.Clusteradm().Accept(
+				"--clusters", e2e.Cluster().ManagedCluster1().Name(),
+				"--wait",
+				"--context", e2e.Cluster().Hub().Context(),
+			)
+			gomega.Expect(err).NotTo(gomega.HaveOccurred(), "clusteradm accept error")
+
+			ginkgo.By("verify managedcluster1 has correct annotations")
+			managedCluster, err := clusterClient.ClusterV1().ManagedClusters().Get(
+				context.TODO(), e2e.Cluster().ManagedCluster1().Name(), metav1.GetOptions{})
+			gomega.Expect(err).NotTo(gomega.HaveOccurred())
+			annotations := managedCluster.GetAnnotations()
+			gomega.Expect(annotations).NotTo(gomega.BeNil())
+			gomega.Expect(annotations[operatorv1.ClusterAnnotationsKeyPrefix+"/foo"]).To(gomega.Equal("bar"))
+			gomega.Expect(annotations[operatorv1.ClusterAnnotationsKeyPrefix+"/test"]).To(gomega.Equal("value"))
+		})
+	})
+})