Skip to content

Commit 33026ef

Browse files
arturshadnikarturshadnik
authored
🐛 upsert fcc-agent namespace independently of join (#73)
* fix: upsert namespace independently of join Signed-off-by: Artur Shad Nik <[email protected]> * fix: make reviewable Signed-off-by: Artur Shad Nik <[email protected]> * fix: undo test change Signed-off-by: Artur Shad Nik <[email protected]> * chore: make reviewable Signed-off-by: Artur Shad Nik <[email protected]> --------- Signed-off-by: Artur Shad Nik <[email protected]>
1 parent ab0bba5 commit 33026ef

File tree

4 files changed

+32
-25
lines changed

4 files changed

+32
-25
lines changed

fleetconfig-controller/charts/fleetconfig-controller/README.md

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,6 @@ Resource specifications for all klusterlet-managed containers.
100100
| `fleetConfig.hub.kubeconfig.context` | The context to use in the kubeconfig file. Leave empty to use the current context. | `""` |
101101
| `fleetConfig.hub.kubeconfig.inCluster` | If set, the kubeconfig will be read from the cluster. Only applicable for same-cluster operations. | `true` |
102102
| `fleetConfig.hub.kubeconfig.secretReference.name` | The name of the secret. | `""` |
103-
| `fleetConfig.hub.kubeconfig.secretReference.namespace` | The namespace the secret is in. | `""` |
104103
| `fleetConfig.hub.kubeconfig.secretReference.kubeconfigKey` | The map key to access the kubeconfig. | `kubeconfig` |
105104
| `fleetConfig.hub.singletonControlPlane.enabled` | Whether to enable the singleton control plane. Set to false if using Cluster Manager. | `false` |
106105
| `fleetConfig.hub.singletonControlPlane.name` | The name of the singleton control plane. | `singleton-controlplane` |
@@ -121,7 +120,6 @@ Resource specifications for all klusterlet-managed containers.
121120
| `fleetConfig.spokes[0].kubeconfig.context` | The context to use in the kubeconfig file. Leave empty to use the current context. | `""` |
122121
| `fleetConfig.spokes[0].kubeconfig.inCluster` | If set, the kubeconfig will be read from the cluster. Only applicable for same-cluster operations. | `true` |
123122
| `fleetConfig.spokes[0].kubeconfig.secretReference.name` | The name of the secret. | `""` |
124-
| `fleetConfig.spokes[0].kubeconfig.secretReference.namespace` | The namespace the secret is in. | `""` |
125123
| `fleetConfig.spokes[0].kubeconfig.secretReference.kubeconfigKey` | The map key to access the kubeconfig. | `kubeconfig` |
126124
| `fleetConfig.spokes[0].proxyCa` | Proxy CA certificate, optional. | `""` |
127125
| `fleetConfig.spokes[0].proxyUrl` | URL of a forward proxy server used by agents to connect to the Hub cluster, optional. | `""` |
@@ -131,7 +129,6 @@ Resource specifications for all klusterlet-managed containers.
131129
| `fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.context` | The context to use in the kubeconfig file. | `""` |
132130
| `fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.inCluster` | If set, the kubeconfig will be read from the cluster. Only applicable for same-cluster operations. | `false` |
133131
| `fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.secretReference.name` | The name of the secret. | `""` |
134-
| `fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.secretReference.namespace` | The namespace the secret is in. | `""` |
135132
| `fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.secretReference.kubeconfigKey` | The map key to access the kubeconfig. | `kubeconfig` |
136133
| `fleetConfig.spokes[0].klusterlet.forceInternalEndpointLookupManaged` | If true, the klusterlet accesses the managed cluster using the internal endpoint from the public cluster-info in the managed cluster instead of using managedClusterKubeconfig. | `false` |
137134
| `fleetConfig.spokes[0].klusterlet.resources.limits.cpu` | The number of CPU units to request, e.g., '800m'. | `""` |

fleetconfig-controller/charts/fleetconfig-controller/templates/fleetconfig.yaml

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -40,9 +40,12 @@ spec:
4040
createNamespace: {{ .Values.fleetConfig.hub.createNamespace }}
4141
force: {{ .Values.fleetConfig.hub.force }}
4242
{{- with .Values.fleetConfig.hub.kubeconfig }}
43+
{{- if and .inCluster (and .secretReference (not (empty .secretReference.name))) }}
44+
{{- fail "hub.kubeconfig.inCluster and hub.kubeconfig.secretReference are mutually exclusive" }}
45+
{{- end }}
4346
kubeconfig:
44-
context: {{ .context | quote }}
45-
inCluster: {{ .inCluster }}
47+
context: {{ default "" .context | quote }}
48+
inCluster: {{ default false .inCluster }}
4649
{{- if and .secretReference (not (empty .secretReference.name)) }}
4750
secretReference: {{ toYaml .secretReference | nindent 6 }}
4851
{{- end }}
@@ -82,8 +85,11 @@ spec:
8285
createNamespace: {{ .createNamespace }}
8386
syncLabels: {{ .syncLabels }}
8487
{{- with .kubeconfig }}
88+
{{- if and .inCluster (and .secretReference (not (empty .secretReference.name))) }}
89+
{{- fail "spoke.kubeconfig.inCluster and spoke.kubeconfig.secretReference are mutually exclusive" }}
90+
{{- end }}
8591
kubeconfig:
86-
context: {{ .context | quote }}
92+
context: {{ default "" .context | quote }}
8793
inCluster: {{ .inCluster }}
8894
{{- if and .secretReference (not (empty .secretReference.name)) }}
8995
secretReference: {{ toYaml .secretReference | nindent 6 }}
@@ -108,9 +114,12 @@ spec:
108114
forceInternalEndpointLookupManaged: {{ .klusterlet.forceInternalEndpointLookupManaged }}
109115
singleton: {{ .klusterlet.singleton }}
110116
{{- $mck := .klusterlet.managedClusterKubeconfig -}}
117+
{{- if and $mck.inCluster (and $mck.secretReference (not (empty $mck.secretReference.name))) }}
118+
{{- fail "spoke.klusterlet.managedClusterKubeconfig.inCluster and spoke.klusterlet.managedClusterKubeconfig.secretReference are mutually exclusive" }}
119+
{{- end }}
111120
{{- if or $mck.context $mck.inCluster (and $mck.secretReference (not (empty $mck.secretReference.name))) }}
112121
managedClusterKubeconfig:
113-
context: {{ $mck.context | quote }}
122+
context: {{ default "" $mck.context | quote }}
114123
inCluster: {{ $mck.inCluster }}
115124
{{- if and $mck.secretReference (not (empty $mck.secretReference.name)) }}
116125
secretReference: {{ toYaml $mck.secretReference | nindent 8 }}

fleetconfig-controller/charts/fleetconfig-controller/values.yaml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -138,8 +138,6 @@ fleetConfig:
138138
secretReference:
139139
## @param fleetConfig.hub.kubeconfig.secretReference.name The name of the secret.
140140
name: ""
141-
## @param fleetConfig.hub.kubeconfig.secretReference.namespace The namespace the secret is in.
142-
namespace: ""
143141
## @param fleetConfig.hub.kubeconfig.secretReference.kubeconfigKey The map key to access the kubeconfig.
144142
kubeconfigKey: "kubeconfig"
145143
## @descriptionStart
@@ -189,7 +187,6 @@ fleetConfig:
189187
## @param fleetConfig.spokes[0].kubeconfig.context The context to use in the kubeconfig file. Leave empty to use the current context.
190188
## @param fleetConfig.spokes[0].kubeconfig.inCluster If set, the kubeconfig will be read from the cluster. Only applicable for same-cluster operations.
191189
## @param fleetConfig.spokes[0].kubeconfig.secretReference.name The name of the secret.
192-
## @param fleetConfig.spokes[0].kubeconfig.secretReference.namespace The namespace the secret is in.
193190
## @param fleetConfig.spokes[0].kubeconfig.secretReference.kubeconfigKey The map key to access the kubeconfig.
194191
## @param fleetConfig.spokes[0].proxyCa Proxy CA certificate, optional.
195192
## @param fleetConfig.spokes[0].proxyUrl URL of a forward proxy server used by agents to connect to the Hub cluster, optional.
@@ -199,7 +196,6 @@ fleetConfig:
199196
## @param fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.context The context to use in the kubeconfig file.
200197
## @param fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.inCluster If set, the kubeconfig will be read from the cluster. Only applicable for same-cluster operations.
201198
## @param fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.secretReference.name The name of the secret.
202-
## @param fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.secretReference.namespace The namespace the secret is in.
203199
## @param fleetConfig.spokes[0].klusterlet.managedClusterKubeconfig.secretReference.kubeconfigKey The map key to access the kubeconfig.
204200
## @param fleetConfig.spokes[0].klusterlet.forceInternalEndpointLookupManaged If true, the klusterlet accesses the managed cluster using the internal endpoint from the public cluster-info in the managed cluster instead of using managedClusterKubeconfig.
205201
## @param fleetConfig.spokes[0].klusterlet.resources.limits.cpu The number of CPU units to request, e.g., '800m'.
@@ -227,7 +223,6 @@ fleetConfig:
227223
## A reference to an existing secret containing a kubeconfig. Must be provided for remote clusters. For same-cluster, must be provided unless InCluster is set to true.
228224
secretReference:
229225
name: ""
230-
namespace: ""
231226
kubeconfigKey: "kubeconfig"
232227
proxyCa: ""
233228
proxyUrl: ""
@@ -244,7 +239,6 @@ fleetConfig:
244239
inCluster: false
245240
secretReference:
246241
name: ""
247-
namespace: ""
248242
kubeconfigKey: "kubeconfig"
249243
forceInternalEndpointLookupManaged: false
250244
## @descriptionStart

fleetconfig-controller/internal/controller/v1beta1/spoke_handler.go

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -170,17 +170,14 @@ func (r *SpokeReconciler) doHubWork(ctx context.Context, spoke *v1beta1.Spoke, h
170170
logger.Error(err, "failed to get managedCluster after join", "spoke", spoke.Name)
171171
return err
172172
}
173+
}
173174

174-
// precreate the namespace that the agent will be installed into
175-
// this prevents it from being automatically garbage collected when the spoke is deregistered
176-
if r.InstanceType != v1beta1.InstanceTypeUnified {
177-
err = r.createAgentNamespace(ctx, spoke.Name, spokeKubeconfig)
178-
if err != nil {
179-
logger.Error(err, "failed to create agent namespace", "spoke", spoke.Name)
180-
return err
181-
}
182-
}
183-
175+
// precreate the namespace that the agent will be installed into
176+
// this prevents it from being automatically garbage collected when the spoke is deregistered
177+
err = r.createAgentNamespace(ctx, spoke)
178+
if err != nil {
179+
logger.Error(err, "failed to create agent namespace", "spoke", spoke.Name)
180+
return err
184181
}
185182

186183
// check managed clusters joined condition
@@ -279,8 +276,18 @@ func (r *SpokeReconciler) doHubWork(ctx context.Context, spoke *v1beta1.Spoke, h
279276
return nil
280277
}
281278

282-
func (r *SpokeReconciler) createAgentNamespace(ctx context.Context, spokeName string, spokeKubeconfig []byte) error {
279+
func (r *SpokeReconciler) createAgentNamespace(ctx context.Context, spoke *v1beta1.Spoke) error {
283280
logger := log.FromContext(ctx)
281+
282+
if r.InstanceType == v1beta1.InstanceTypeUnified || spoke.IsHubAsSpoke() || spoke.PivotComplete() {
283+
return nil
284+
}
285+
286+
spokeKubeconfig, err := kube.KubeconfigFromSecretOrCluster(ctx, r.Client, spoke.Spec.Kubeconfig, spoke.Namespace)
287+
if err != nil {
288+
return err
289+
}
290+
284291
spokeRestCfg, err := kube.RestConfigFromKubeconfig(spokeKubeconfig)
285292
if err != nil {
286293
return err
@@ -299,7 +306,7 @@ func (r *SpokeReconciler) createAgentNamespace(ctx context.Context, spokeName st
299306
if err != nil && !kerrs.IsAlreadyExists(err) {
300307
return err
301308
}
302-
logger.V(1).Info("agent namespace configured", "spoke", spokeName, "namespace", agentNamespace)
309+
logger.V(1).Info("agent namespace configured", "spoke", spoke.Name, "namespace", agentNamespace)
303310
return nil
304311
}
305312

0 commit comments

Comments
 (0)