diff --git a/deploy/cluster-manager/chart/cluster-manager/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml b/deploy/cluster-manager/chart/cluster-manager/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml index e5fef5e047..73ba5b5153 100644 --- a/deploy/cluster-manager/chart/cluster-manager/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml +++ b/deploy/cluster-manager/chart/cluster-manager/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml @@ -91,6 +91,71 @@ spec: DeployOption contains the options of deploying a cluster-manager Default mode is used if DeployOption is not set. properties: + default: + description: Default includes configurations for clustermanager + in the Default mode + properties: + registrationWebhookConfiguration: + description: RegistrationWebhookConfiguration represents the + customized webhook-server configuration of registration. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + workWebhookConfiguration: + description: WorkWebhookConfiguration represents the customized + webhook-server configuration of work. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + type: object hosted: description: Hosted includes configurations we need for clustermanager in the Hosted mode. @@ -106,6 +171,24 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string port: default: 443 description: Port represents the port of a webhook-server. @@ -127,6 +210,24 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string port: default: 443 description: Port represents the port of a webhook-server. diff --git a/deploy/cluster-manager/config/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml b/deploy/cluster-manager/config/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml index e5fef5e047..73ba5b5153 100644 --- a/deploy/cluster-manager/config/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml +++ b/deploy/cluster-manager/config/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml @@ -91,6 +91,71 @@ spec: DeployOption contains the options of deploying a cluster-manager Default mode is used if DeployOption is not set. properties: + default: + description: Default includes configurations for clustermanager + in the Default mode + properties: + registrationWebhookConfiguration: + description: RegistrationWebhookConfiguration represents the + customized webhook-server configuration of registration. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + workWebhookConfiguration: + description: WorkWebhookConfiguration represents the customized + webhook-server configuration of work. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + type: object hosted: description: Hosted includes configurations we need for clustermanager in the Hosted mode. @@ -106,6 +171,24 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string port: default: 443 description: Port represents the port of a webhook-server. @@ -127,6 +210,24 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string port: default: 443 description: Port represents the port of a webhook-server. diff --git a/deploy/cluster-manager/olm-catalog/latest/manifests/cluster-manager.clusterserviceversion.yaml b/deploy/cluster-manager/olm-catalog/latest/manifests/cluster-manager.clusterserviceversion.yaml index cdecced1ad..5c22f40bfc 100644 --- a/deploy/cluster-manager/olm-catalog/latest/manifests/cluster-manager.clusterserviceversion.yaml +++ b/deploy/cluster-manager/olm-catalog/latest/manifests/cluster-manager.clusterserviceversion.yaml @@ -59,7 +59,7 @@ metadata: categories: Integration & Delivery,OpenShift Optional certified: "false" containerImage: quay.io/open-cluster-management/registration-operator:latest - createdAt: "2025-05-29T02:56:45Z" + createdAt: "2025-06-12T23:20:27Z" description: Manages the installation and upgrade of the ClusterManager. operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 diff --git a/deploy/cluster-manager/olm-catalog/latest/manifests/operator.open-cluster-management.io_clustermanagers.yaml b/deploy/cluster-manager/olm-catalog/latest/manifests/operator.open-cluster-management.io_clustermanagers.yaml index 989586e683..c9f9145a9c 100644 --- a/deploy/cluster-manager/olm-catalog/latest/manifests/operator.open-cluster-management.io_clustermanagers.yaml +++ b/deploy/cluster-manager/olm-catalog/latest/manifests/operator.open-cluster-management.io_clustermanagers.yaml @@ -91,6 +91,71 @@ spec: DeployOption contains the options of deploying a cluster-manager Default mode is used if DeployOption is not set. properties: + default: + description: Default includes configurations for clustermanager + in the Default mode + properties: + registrationWebhookConfiguration: + description: RegistrationWebhookConfiguration represents the + customized webhook-server configuration of registration. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + workWebhookConfiguration: + description: WorkWebhookConfiguration represents the customized + webhook-server configuration of work. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + type: object hosted: description: Hosted includes configurations we need for clustermanager in the Hosted mode. diff --git a/deploy/klusterlet/olm-catalog/latest/manifests/klusterlet.clusterserviceversion.yaml b/deploy/klusterlet/olm-catalog/latest/manifests/klusterlet.clusterserviceversion.yaml index b68854d01d..99c6a20fa0 100644 --- a/deploy/klusterlet/olm-catalog/latest/manifests/klusterlet.clusterserviceversion.yaml +++ b/deploy/klusterlet/olm-catalog/latest/manifests/klusterlet.clusterserviceversion.yaml @@ -31,7 +31,7 @@ metadata: categories: Integration & Delivery,OpenShift Optional certified: "false" containerImage: quay.io/open-cluster-management/registration-operator:latest - createdAt: "2025-05-29T02:56:45Z" + createdAt: "2025-06-12T23:20:27Z" description: Manages the installation and upgrade of the Klusterlet. operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 diff --git a/go.mod b/go.mod index f94115bd5e..24fabc0f56 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,9 @@ module open-cluster-management.io/ocm go 1.23.6 +// TEMPORARY while waiting for upstream tag – must be removed before merge +replace open-cluster-management.io/api => github.com/bhperry/ocm-api v0.0.0-20250709152251-dc6f14dcb9c0 + require ( github.com/aws/aws-sdk-go-v2 v1.36.3 github.com/aws/aws-sdk-go-v2/config v1.29.14 diff --git a/go.sum b/go.sum index 1abd2cd671..a470e611d0 100644 --- a/go.sum +++ b/go.sum @@ -58,6 +58,8 @@ github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bhperry/ocm-api v0.0.0-20250709152251-dc6f14dcb9c0 h1:BGB/xHmOWNgwbuz6vqFBk+hf+dXhcSI5IBbRwim3CjA= +github.com/bhperry/ocm-api v0.0.0-20250709152251-dc6f14dcb9c0/go.mod h1:/OeqXycNBZQoe3WG6ghuWsMgsKGuMZrK8ZpsU6gWL0Y= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bwmarrin/snowflake v0.3.0 h1:xm67bEhkKh6ij1790JB83OujPR5CzNe8QuQqAgISZN0= @@ -491,8 +493,6 @@ k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6J k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= open-cluster-management.io/addon-framework v1.0.0 h1:ejTk4hPAJnwCSxQhY/tVDPg3SeH91lVfWqSaJcYiKwg= open-cluster-management.io/addon-framework v1.0.0/go.mod h1:Gw9zRGvuNJJ3XhTYanIuA7FFFw0EjtoE74l5OBZCZf8= -open-cluster-management.io/api v1.0.0 h1:54QllH9DTudCk6VrGt0q8CDsE3MghqJeTaTN4RHZpE0= -open-cluster-management.io/api v1.0.0/go.mod h1:/OeqXycNBZQoe3WG6ghuWsMgsKGuMZrK8ZpsU6gWL0Y= open-cluster-management.io/sdk-go v1.0.1-0.20250708024404-422b23814b5d h1:sYgNfYyQ6O7sfiVOUaMuoK/CTeWnTNTfVKY8dWORBgw= open-cluster-management.io/sdk-go v1.0.1-0.20250708024404-422b23814b5d/go.mod h1:LYX48E3h96XGnm6o+GomV0DSf15w1i9crtggj2HeDvI= sigs.k8s.io/about-api v0.0.0-20250131010323-518069c31c03 h1:1ShFiMjGQOR/8jTBkmZrk1gORxnvMwm1nOy2/DbHg4U= diff --git a/manifests/cluster-manager/hub/cluster-manager-registration-webhook-service.yaml b/manifests/cluster-manager/hub/cluster-manager-registration-webhook-service.yaml index 07781ea4b0..c7fc3423a3 100644 --- a/manifests/cluster-manager/hub/cluster-manager-registration-webhook-service.yaml +++ b/manifests/cluster-manager/hub/cluster-manager-registration-webhook-service.yaml @@ -14,5 +14,5 @@ spec: app: {{ .ClusterManagerName }}-registration-webhook ports: - name: webhook - port: 9443 - targetPort: 9443 + port: {{ .RegistrationWebhook.Port }} + targetPort: {{ .RegistrationWebhook.Port }} diff --git a/manifests/cluster-manager/hub/cluster-manager-work-webhook-service.yaml b/manifests/cluster-manager/hub/cluster-manager-work-webhook-service.yaml index c6ebdd4e95..52c1751210 100644 --- a/manifests/cluster-manager/hub/cluster-manager-work-webhook-service.yaml +++ b/manifests/cluster-manager/hub/cluster-manager-work-webhook-service.yaml @@ -14,5 +14,5 @@ spec: app: {{ .ClusterManagerName }}-work-webhook ports: - name: webhook - port: 9443 - targetPort: 9443 + port: {{ .WorkWebhook.Port }} + targetPort: {{ .WorkWebhook.Port }} diff --git a/manifests/cluster-manager/hub/cluster-manager-work-webhook-validatingconfiguration.yaml b/manifests/cluster-manager/hub/cluster-manager-work-webhook-validatingconfiguration.yaml index 695bbfea3c..fbce1e809b 100644 --- a/manifests/cluster-manager/hub/cluster-manager-work-webhook-validatingconfiguration.yaml +++ b/manifests/cluster-manager/hub/cluster-manager-work-webhook-validatingconfiguration.yaml @@ -17,8 +17,8 @@ webhooks: namespace: {{ .ClusterManagerNamespace }} name: cluster-manager-work-webhook path: /validate-work-open-cluster-management-io-v1-manifestwork - port: {{.RegistrationWebhook.Port}} - caBundle: {{ .RegistrationAPIServiceCABundle }} + port: {{.WorkWebhook.Port}} + caBundle: {{ .WorkAPIServiceCABundle }} rules: - operations: - CREATE diff --git a/manifests/cluster-manager/management/cluster-manager-registration-webhook-deployment.yaml b/manifests/cluster-manager/management/cluster-manager-registration-webhook-deployment.yaml index 9ac61efe44..30429f9d82 100644 --- a/manifests/cluster-manager/management/cluster-manager-registration-webhook-deployment.yaml +++ b/manifests/cluster-manager/management/cluster-manager-registration-webhook-deployment.yaml @@ -12,6 +12,16 @@ metadata: {{ end }} spec: replicas: {{ .Replica }} + {{- if .RegistrationWebhook.HostNetwork }} + strategy: + rollingUpdate: + {{- if lt .Replica 4 }} + maxUnavailable: 1 + {{- else }} + maxUnavailable: 25% + {{- end }} + type: RollingUpdate + {{- end }} selector: matchLabels: app: {{ .ClusterManagerName }}-registration-webhook @@ -59,7 +69,9 @@ spec: args: - /registration - "webhook-server" - - "port=9443" + - "--port={{ .RegistrationWebhook.Port }}" + - "--health-probe-bind-address={{ .RegistrationWebhook.HealthProbeBindAddress }}" + - "--metrics-bind-address={{ .RegistrationWebhook.MetricsBindAddress }}" {{ if gt (len .RegistrationFeatureGates) 0 }} {{range .RegistrationFeatureGates}} - {{ . }} @@ -91,21 +103,23 @@ spec: privileged: false runAsNonRoot: true readOnlyRootFilesystem: true + {{- if gt .RegistrationWebhook.HealthProbePort 0 }} livenessProbe: httpGet: path: /healthz scheme: HTTP - port: 8000 + port: {{ .RegistrationWebhook.HealthProbePort }} initialDelaySeconds: 2 periodSeconds: 10 readinessProbe: httpGet: path: /readyz scheme: HTTP - port: 8000 + port: {{ .RegistrationWebhook.HealthProbePort }} initialDelaySeconds: 2 + {{- end }} ports: - - containerPort: 9443 + - containerPort: {{ .RegistrationWebhook.Port }} protocol: TCP volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs @@ -116,6 +130,10 @@ spec: name: kubeconfig readOnly: true {{ end }} + {{- if .RegistrationWebhook.HostNetwork }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + {{- end }} volumes: - name: webhook-secret secret: diff --git a/manifests/cluster-manager/management/cluster-manager-work-webhook-deployment.yaml b/manifests/cluster-manager/management/cluster-manager-work-webhook-deployment.yaml index a0dee0975b..b680ae57fe 100644 --- a/manifests/cluster-manager/management/cluster-manager-work-webhook-deployment.yaml +++ b/manifests/cluster-manager/management/cluster-manager-work-webhook-deployment.yaml @@ -12,6 +12,16 @@ metadata: {{ end }} spec: replicas: {{ .Replica }} + {{- if .WorkWebhook.HostNetwork }} + strategy: + rollingUpdate: + {{- if lt .Replica 4 }} + maxUnavailable: 1 + {{- else }} + maxUnavailable: 25% + {{- end }} + type: RollingUpdate + {{- end }} selector: matchLabels: app: {{ .ClusterManagerName }}-work-webhook @@ -59,7 +69,9 @@ spec: args: - /work - "webhook-server" - - "port=9443" + - "--port={{ .WorkWebhook.Port }}" + - "--health-probe-bind-address={{ .WorkWebhook.HealthProbeBindAddress }}" + - "--metrics-bind-address={{ .WorkWebhook.MetricsBindAddress }}" {{ if gt (len .WorkFeatureGates) 0 }} {{range .WorkFeatureGates}} - {{ . }} @@ -76,19 +88,21 @@ spec: privileged: false runAsNonRoot: true readOnlyRootFilesystem: true + {{- if gt .WorkWebhook.HealthProbePort 0 }} livenessProbe: httpGet: path: /healthz scheme: HTTP - port: 8000 + port: {{ .WorkWebhook.HealthProbePort }} initialDelaySeconds: 2 periodSeconds: 10 readinessProbe: httpGet: path: /healthz scheme: HTTP - port: 8000 + port: {{ .WorkWebhook.HealthProbePort }} initialDelaySeconds: 2 + {{- end }} {{- if or (eq .ResourceRequirementResourceType "Default") (eq .ResourceRequirementResourceType "") }} resources: requests: @@ -103,7 +117,7 @@ spec: {{ .ResourceRequirements | indent 10 }} {{- end }} ports: - - containerPort: 9443 + - containerPort: {{ .WorkWebhook.Port }} protocol: TCP volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs @@ -114,6 +128,10 @@ spec: name: kubeconfig readOnly: true {{ end }} + {{- if .WorkWebhook.HostNetwork }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + {{- end }} volumes: - name: webhook-secret secret: diff --git a/manifests/config.go b/manifests/config.go index 17d4400721..f9f5c399f9 100644 --- a/manifests/config.go +++ b/manifests/config.go @@ -1,6 +1,11 @@ package manifests -import operatorapiv1 "open-cluster-management.io/api/operator/v1" +import ( + "net" + "strconv" + + operatorapiv1 "open-cluster-management.io/api/operator/v1" +) type HubConfig struct { ClusterManagerName string @@ -43,7 +48,38 @@ type HubConfig struct { } type Webhook struct { - IsIPFormat bool - Port int32 - Address string + IsIPFormat bool + HostNetwork bool + Port int32 + HealthProbeBindAddress string + MetricsBindAddress string + Address string +} + +func (w Webhook) HealthProbePort() int32 { + _, port, err := parseHostPort(w.HealthProbeBindAddress) + if err != nil { + return 0 + } + return port +} + +func (w Webhook) MetricsPort() int32 { + _, port, err := parseHostPort(w.MetricsBindAddress) + if err != nil { + return 0 + } + return port +} + +func parseHostPort(address string) (host string, port int32, err error) { + host, portStr, err := net.SplitHostPort(address) + if err != nil { + return host, port, err + } + port64, err := strconv.ParseInt(portStr, 10, 32) + if err != nil { + return host, port, err + } + return host, int32(port64), nil } diff --git a/pkg/operator/operators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go b/pkg/operator/operators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go index b0e8ffa529..613a0e380d 100644 --- a/pkg/operator/operators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go +++ b/pkg/operator/operators/clustermanager/controllers/clustermanagercontroller/clustermanager_controller.go @@ -41,8 +41,10 @@ import ( const ( clusterManagerFinalizer = "operator.open-cluster-management.io/cluster-manager-cleanup" - defaultWebhookPort = int32(9443) - clusterManagerReSyncTime = 5 * time.Second + defaultWebhookPort = int32(9443) + defaultHealthProbeBindAddr = ":8000" + defaultMetricsBindAddr = ":8080" + clusterManagerReSyncTime = 5 * time.Second ) type clusterManagerController struct { @@ -157,22 +159,19 @@ func (n *clusterManagerController) sync(ctx context.Context, controllerContext f } // This config is used to render template of manifests. + registrationWebhook, workWebhook := webhookConfigurations(clusterManager.Spec.DeployOption) config := manifests.HubConfig{ - ClusterManagerName: clusterManager.Name, - ClusterManagerNamespace: clusterManagerNamespace, - OperatorNamespace: n.operatorNamespace, - RegistrationImage: clusterManager.Spec.RegistrationImagePullSpec, - WorkImage: clusterManager.Spec.WorkImagePullSpec, - PlacementImage: clusterManager.Spec.PlacementImagePullSpec, - AddOnManagerImage: clusterManager.Spec.AddOnManagerImagePullSpec, - Replica: replica, - HostedMode: clusterManager.Spec.DeployOption.Mode == operatorapiv1.InstallModeHosted, - RegistrationWebhook: manifests.Webhook{ - Port: defaultWebhookPort, - }, - WorkWebhook: manifests.Webhook{ - Port: defaultWebhookPort, - }, + ClusterManagerName: clusterManager.Name, + ClusterManagerNamespace: clusterManagerNamespace, + OperatorNamespace: n.operatorNamespace, + RegistrationImage: clusterManager.Spec.RegistrationImagePullSpec, + WorkImage: clusterManager.Spec.WorkImagePullSpec, + PlacementImage: clusterManager.Spec.PlacementImagePullSpec, + AddOnManagerImage: clusterManager.Spec.AddOnManagerImagePullSpec, + Replica: replica, + HostedMode: clusterManager.Spec.DeployOption.Mode == operatorapiv1.InstallModeHosted, + RegistrationWebhook: registrationWebhook, + WorkWebhook: workWebhook, ResourceRequirementResourceType: helpers.ResourceType(clusterManager), ResourceRequirements: resourceRequirements, WorkDriver: string(workDriver), @@ -217,14 +216,6 @@ func (n *clusterManagerController) sync(ctx context.Context, controllerContext f // Compute and populate the value of managed cluster identity creator role to be used in cluster manager registration service account config.ManagedClusterIdentityCreatorRole = getIdentityCreatorRoleAndTags(*clusterManager) - // If we are deploying in the hosted mode, it requires us to create webhook in a different way with the default mode. - // In the hosted mode, the webhook servers is running in the management cluster but the users are accessing the hub cluster. - // So we need to add configuration to make the apiserver of the hub cluster could access the webhook servers on the management cluster. - if clusterManager.Spec.DeployOption.Hosted != nil { - config.RegistrationWebhook = convertWebhookConfiguration(clusterManager.Spec.DeployOption.Hosted.RegistrationWebhookConfiguration) - config.WorkWebhook = convertWebhookConfiguration(clusterManager.Spec.DeployOption.Hosted.WorkWebhookConfiguration) - } - config.Labels = helpers.GetClusterManagerHubLabels(clusterManager, n.enableSyncLabels) config.LabelsString = helpers.GetRegistrationLabelString(config.Labels) @@ -376,6 +367,10 @@ func ensureSAKubeconfigs(ctx context.Context, clusterManagerName, clusterManager // TODO: support IPV6 address func isIPFormat(address string) bool { + if address == "" { + return false + } + runes := []rune(address) for i := 0; i < len(runes); i++ { if (runes[i] < '0' || runes[i] > '9') && runes[i] != '.' { @@ -385,11 +380,52 @@ func isIPFormat(address string) bool { return true } -func convertWebhookConfiguration(webhookConfiguration operatorapiv1.WebhookConfiguration) manifests.Webhook { +func webhookConfigurations(deployOption operatorapiv1.ClusterManagerDeployOption) (registration, work manifests.Webhook) { + switch deployOption.Mode { + case operatorapiv1.InstallModeDefault: + if deployOption.Default != nil { + registration = convertDefaultWebhookConfiguration(deployOption.Default.RegistrationWebhookConfiguration) + work = convertDefaultWebhookConfiguration(deployOption.Default.WorkWebhookConfiguration) + return + } + case operatorapiv1.InstallModeHosted: + if deployOption.Hosted != nil { + registration = convertHostedWebhookConfiguration(deployOption.Hosted.RegistrationWebhookConfiguration) + work = convertHostedWebhookConfiguration(deployOption.Hosted.WorkWebhookConfiguration) + return + } + } + + registration = manifests.Webhook{ + Port: defaultWebhookPort, + HealthProbeBindAddress: defaultHealthProbeBindAddr, + MetricsBindAddress: defaultMetricsBindAddr, + } + work = manifests.Webhook{ + Port: defaultWebhookPort, + HealthProbeBindAddress: defaultHealthProbeBindAddr, + MetricsBindAddress: defaultMetricsBindAddr, + } + return +} + +func convertDefaultWebhookConfiguration(webhookConfiguration operatorapiv1.DefaultWebhookConfiguration) manifests.Webhook { + return manifests.Webhook{ + Port: webhookConfiguration.Port, + HealthProbeBindAddress: webhookConfiguration.HealthProbeBindAddress, + MetricsBindAddress: webhookConfiguration.MetricsBindAddress, + HostNetwork: webhookConfiguration.HostNetwork, + } +} + +func convertHostedWebhookConfiguration(webhookConfiguration operatorapiv1.HostedWebhookConfiguration) manifests.Webhook { return manifests.Webhook{ - Address: webhookConfiguration.Address, - Port: webhookConfiguration.Port, - IsIPFormat: isIPFormat(webhookConfiguration.Address), + Address: webhookConfiguration.Address, + IsIPFormat: isIPFormat(webhookConfiguration.Address), + Port: webhookConfiguration.Port, + HealthProbeBindAddress: webhookConfiguration.HealthProbeBindAddress, + MetricsBindAddress: webhookConfiguration.MetricsBindAddress, + HostNetwork: webhookConfiguration.HostNetwork, } } diff --git a/pkg/registration/webhook/option.go b/pkg/registration/webhook/option.go index 82ab745aeb..767f373d24 100644 --- a/pkg/registration/webhook/option.go +++ b/pkg/registration/webhook/option.go @@ -4,20 +4,28 @@ import "github.com/spf13/pflag" // Config contains the server (the webhook) cert and key. type Options struct { - Port int - CertDir string + Port int + MetricsBindAddr string + HealthProbeBindAddr string + CertDir string } // NewOptions constructs a new set of default options for webhook. func NewOptions() *Options { return &Options{ - Port: 9443, + Port: 9443, + MetricsBindAddr: ":8080", + HealthProbeBindAddr: ":8000", } } func (c *Options) AddFlags(fs *pflag.FlagSet) { fs.IntVar(&c.Port, "port", c.Port, "Port is the port that the webhook server serves at.") + fs.StringVar(&c.MetricsBindAddr, "metrics-bind-address", c.MetricsBindAddr, + "The address the metric endpoint binds to.") + fs.StringVar(&c.HealthProbeBindAddr, "health-probe-bind-address", c.HealthProbeBindAddr, + "The address the health probe endpoint binds to.") fs.StringVar(&c.CertDir, "certdir", c.CertDir, "CertDir is the directory that contains the server key and certificate. If not set, "+ "webhook server would look up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs") diff --git a/pkg/registration/webhook/start.go b/pkg/registration/webhook/start.go index e42d6402ea..79ad7e4faf 100644 --- a/pkg/registration/webhook/start.go +++ b/pkg/registration/webhook/start.go @@ -11,6 +11,7 @@ import ( "k8s.io/klog/v2" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/metrics/server" "sigs.k8s.io/controller-runtime/pkg/webhook" clusterv1 "open-cluster-management.io/api/cluster/v1" @@ -36,7 +37,10 @@ func (c *Options) RunWebhookServer() error { mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, - HealthProbeBindAddress: ":8000", + HealthProbeBindAddress: c.HealthProbeBindAddr, + Metrics: server.Options{ + BindAddress: c.MetricsBindAddr, + }, WebhookServer: webhook.NewServer(webhook.Options{ Port: c.Port, CertDir: c.CertDir, @@ -52,15 +56,17 @@ func (c *Options) RunWebhookServer() error { return err } - // add healthz/readyz check handler - if err := mgr.AddHealthzCheck("healthz-ping", healthz.Ping); err != nil { - logger.Error(err, "unable to add healthz check handler") - return err - } + if c.HealthProbeBindAddr != "" && c.HealthProbeBindAddr != "0" { + // add healthz/readyz check handler + if err := mgr.AddHealthzCheck("healthz-ping", healthz.Ping); err != nil { + logger.Error(err, "unable to add healthz check handler") + return err + } - if err := mgr.AddReadyzCheck("readyz-ping", healthz.Ping); err != nil { - logger.Error(err, "unable to add readyz check handler") - return err + if err := mgr.AddReadyzCheck("readyz-ping", healthz.Ping); err != nil { + logger.Error(err, "unable to add readyz check handler") + return err + } } if err = (&internalv1.ManagedClusterWebhook{}).Init(mgr); err != nil { diff --git a/pkg/work/webhook/option.go b/pkg/work/webhook/option.go index ae1090a458..44129a31ab 100644 --- a/pkg/work/webhook/option.go +++ b/pkg/work/webhook/option.go @@ -4,22 +4,30 @@ import "github.com/spf13/pflag" // Config contains the server (the webhook) cert and key. type Options struct { - Port int - CertDir string - ManifestLimit int + Port int + MetricsBindAddr string + HealthProbeBindAddr string + CertDir string + ManifestLimit int } // NewOptions constructs a new set of default options for webhook. func NewOptions() *Options { return &Options{ - Port: 9443, - ManifestLimit: 500 * 1024, // the default manifest limit is 500k. + Port: 9443, + MetricsBindAddr: ":8080", + HealthProbeBindAddr: ":8000", + ManifestLimit: 500 * 1024, // the default manifest limit is 500k. } } func (c *Options) AddFlags(fs *pflag.FlagSet) { fs.IntVar(&c.Port, "port", c.Port, "Port is the port that the webhook server serves at.") + fs.StringVar(&c.MetricsBindAddr, "metrics-bind-address", c.MetricsBindAddr, + "The address the metric endpoint binds to.") + fs.StringVar(&c.HealthProbeBindAddr, "health-probe-bind-address", c.HealthProbeBindAddr, + "The address the health probe endpoint binds to.") fs.StringVar(&c.CertDir, "certdir", c.CertDir, "CertDir is the directory that contains the server key and certificate. If not set, "+ "webhook server would look up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs") diff --git a/pkg/work/webhook/start.go b/pkg/work/webhook/start.go index db06cfef0f..ebd6aa61ae 100644 --- a/pkg/work/webhook/start.go +++ b/pkg/work/webhook/start.go @@ -13,6 +13,7 @@ import ( "k8s.io/klog/v2" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/metrics/server" "sigs.k8s.io/controller-runtime/pkg/webhook" ocmfeature "open-cluster-management.io/api/feature" @@ -41,7 +42,10 @@ func (c *Options) RunWebhookServer() error { mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, - HealthProbeBindAddress: ":8000", + HealthProbeBindAddress: c.HealthProbeBindAddr, + Metrics: server.Options{ + BindAddress: c.MetricsBindAddr, + }, WebhookServer: webhook.NewServer(webhook.Options{ TLSOpts: []func(config *tls.Config){ func(config *tls.Config) { @@ -57,15 +61,17 @@ func (c *Options) RunWebhookServer() error { return err } - // add healthz/readyz check handler - if err := mgr.AddHealthzCheck("healthz-ping", healthz.Ping); err != nil { - logger.Error(err, "unable to add healthz check handler") - return err - } + if c.HealthProbeBindAddr != "" && c.HealthProbeBindAddr != "0" { + // add healthz/readyz check handler + if err := mgr.AddHealthzCheck("healthz-ping", healthz.Ping); err != nil { + logger.Error(err, "unable to add healthz check handler") + return err + } - if err := mgr.AddReadyzCheck("readyz-ping", healthz.Ping); err != nil { - logger.Error(err, "unable to add readyz check handler") - return err + if err := mgr.AddReadyzCheck("readyz-ping", healthz.Ping); err != nil { + logger.Error(err, "unable to add readyz check handler") + return err + } } common.ManifestValidator.WithLimit(c.ManifestLimit) diff --git a/test/integration/operator/integration_suite_test.go b/test/integration/operator/integration_suite_test.go index bea6e7b9af..c2ea1c999b 100644 --- a/test/integration/operator/integration_suite_test.go +++ b/test/integration/operator/integration_suite_test.go @@ -167,11 +167,11 @@ var _ = ginkgo.BeforeSuite(func() { DeployOption: operatorapiv1.ClusterManagerDeployOption{ Mode: operatorapiv1.InstallModeHosted, Hosted: &operatorapiv1.HostedClusterManagerConfiguration{ - RegistrationWebhookConfiguration: operatorapiv1.WebhookConfiguration{ + RegistrationWebhookConfiguration: operatorapiv1.HostedWebhookConfiguration{ Address: "localhost", Port: 443, }, - WorkWebhookConfiguration: operatorapiv1.WebhookConfiguration{ + WorkWebhookConfiguration: operatorapiv1.HostedWebhookConfiguration{ Address: "localhost", Port: 443, }, diff --git a/vendor/modules.txt b/vendor/modules.txt index 91571cdf8a..0faee7518a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1718,7 +1718,7 @@ open-cluster-management.io/addon-framework/pkg/agent open-cluster-management.io/addon-framework/pkg/assets open-cluster-management.io/addon-framework/pkg/index open-cluster-management.io/addon-framework/pkg/utils -# open-cluster-management.io/api v1.0.0 +# open-cluster-management.io/api v1.0.0 => github.com/bhperry/ocm-api v0.0.0-20250709152251-dc6f14dcb9c0 ## explicit; go 1.23.6 open-cluster-management.io/api/addon/v1alpha1 open-cluster-management.io/api/client/addon/clientset/versioned @@ -1948,3 +1948,4 @@ sigs.k8s.io/structured-merge-diff/v4/value sigs.k8s.io/yaml sigs.k8s.io/yaml/goyaml.v2 sigs.k8s.io/yaml/goyaml.v3 +# open-cluster-management.io/api => github.com/bhperry/ocm-api v0.0.0-20250709152251-dc6f14dcb9c0 diff --git a/vendor/open-cluster-management.io/api/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml b/vendor/open-cluster-management.io/api/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml index e5fef5e047..73ba5b5153 100644 --- a/vendor/open-cluster-management.io/api/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml +++ b/vendor/open-cluster-management.io/api/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml @@ -91,6 +91,71 @@ spec: DeployOption contains the options of deploying a cluster-manager Default mode is used if DeployOption is not set. properties: + default: + description: Default includes configurations for clustermanager + in the Default mode + properties: + registrationWebhookConfiguration: + description: RegistrationWebhookConfiguration represents the + customized webhook-server configuration of registration. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + workWebhookConfiguration: + description: WorkWebhookConfiguration represents the customized + webhook-server configuration of work. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + type: object hosted: description: Hosted includes configurations we need for clustermanager in the Hosted mode. @@ -106,6 +171,24 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string port: default: 443 description: Port represents the port of a webhook-server. @@ -127,6 +210,24 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string port: default: 443 description: Port represents the port of a webhook-server. diff --git a/vendor/open-cluster-management.io/api/operator/v1/types_clustermanager.go b/vendor/open-cluster-management.io/api/operator/v1/types_clustermanager.go index abfdc9b07d..304b20c6cb 100644 --- a/vendor/open-cluster-management.io/api/operator/v1/types_clustermanager.go +++ b/vendor/open-cluster-management.io/api/operator/v1/types_clustermanager.go @@ -232,19 +232,62 @@ const ( FeatureGateModeTypeDisable FeatureGateModeType = "Disable" ) +// DefaultClusterManagerConfiguration represents customized configurations for clustermanager in the Default mode +type DefaultClusterManagerConfiguration struct { + // RegistrationWebhookConfiguration represents the customized webhook-server configuration of registration. + // +optional + RegistrationWebhookConfiguration DefaultWebhookConfiguration `json:"registrationWebhookConfiguration,omitempty"` + + // WorkWebhookConfiguration represents the customized webhook-server configuration of work. + // +optional + WorkWebhookConfiguration DefaultWebhookConfiguration `json:"workWebhookConfiguration,omitempty"` +} + // HostedClusterManagerConfiguration represents customized configurations we need to set for clustermanager in the Hosted mode. type HostedClusterManagerConfiguration struct { // RegistrationWebhookConfiguration represents the customized webhook-server configuration of registration. // +optional - RegistrationWebhookConfiguration WebhookConfiguration `json:"registrationWebhookConfiguration,omitempty"` + RegistrationWebhookConfiguration HostedWebhookConfiguration `json:"registrationWebhookConfiguration,omitempty"` // WorkWebhookConfiguration represents the customized webhook-server configuration of work. // +optional - WorkWebhookConfiguration WebhookConfiguration `json:"workWebhookConfiguration,omitempty"` + WorkWebhookConfiguration HostedWebhookConfiguration `json:"workWebhookConfiguration,omitempty"` } -// WebhookConfiguration has two properties: Address and Port. +// WebhookConfiguration represents customization of webhook servers type WebhookConfiguration struct { + // HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + // Healthchecks may be disabled by setting a value of "0" or "". + // +optional + // +kubebuilder:default=":8000" + HealthProbeBindAddress string `json:"healthProbeBindAddress"` + + // MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + // Metrics may be disabled by setting a value of "0" or "". + // +optional + // +kubebuilder:default=":8080" + MetricsBindAddress string `json:"metricsBindAddress"` + + // HostNetwork enables running webhook pods with hostNetwork: true + // This may be required in some installations, such as EKS with Calico CNI, + // to allow the API Server to communicate with the webhook pods. + // +optional + HostNetwork bool `json:"hostNetwork,omitempty"` +} + +// DefaultWebhookConfiguration represents customization of webhook servers running in default installation mode +type DefaultWebhookConfiguration struct { + // Port represents the port of a webhook-server. The default value of Port is 9443. + // +optional + // +kubebuilder:default=9443 + // +kubebuilder:validation:Maximum=65535 + Port int32 `json:"port,omitempty"` + + WebhookConfiguration `json:",inline"` +} + +// HostedWebhookConfiguration represents customization of webhook servers running in hosted installation mode +type HostedWebhookConfiguration struct { // Address represents the address of a webhook-server. // It could be in IP format or fqdn format. // The Address must be reachable by apiserver of the hub cluster. @@ -258,6 +301,8 @@ type WebhookConfiguration struct { // +kubebuilder:default=443 // +kubebuilder:validation:Maximum=65535 Port int32 `json:"port,omitempty"` + + WebhookConfiguration `json:",inline"` } // ClusterManagerDeployOption describes the deployment options for cluster-manager @@ -274,6 +319,10 @@ type ClusterManagerDeployOption struct { // +kubebuilder:validation:Enum=Default;Hosted Mode InstallMode `json:"mode,omitempty"` + // Default includes configurations for clustermanager in the Default mode + // +optional + Default *DefaultClusterManagerConfiguration `json:"default,omitempty"` + // Hosted includes configurations we need for clustermanager in the Hosted mode. // +optional Hosted *HostedClusterManagerConfiguration `json:"hosted,omitempty"` diff --git a/vendor/open-cluster-management.io/api/operator/v1/zz_generated.deepcopy.go b/vendor/open-cluster-management.io/api/operator/v1/zz_generated.deepcopy.go index af3ca25844..619c09d25c 100644 --- a/vendor/open-cluster-management.io/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/open-cluster-management.io/api/operator/v1/zz_generated.deepcopy.go @@ -168,6 +168,11 @@ func (in *ClusterManager) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterManagerDeployOption) DeepCopyInto(out *ClusterManagerDeployOption) { *out = *in + if in.Default != nil { + in, out := &in.Default, &out.Default + *out = new(DefaultClusterManagerConfiguration) + **out = **in + } if in.Hosted != nil { in, out := &in.Hosted, &out.Hosted *out = new(HostedClusterManagerConfiguration) @@ -290,6 +295,41 @@ func (in *ClusterManagerStatus) DeepCopy() *ClusterManagerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DefaultClusterManagerConfiguration) DeepCopyInto(out *DefaultClusterManagerConfiguration) { + *out = *in + out.RegistrationWebhookConfiguration = in.RegistrationWebhookConfiguration + out.WorkWebhookConfiguration = in.WorkWebhookConfiguration + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultClusterManagerConfiguration. +func (in *DefaultClusterManagerConfiguration) DeepCopy() *DefaultClusterManagerConfiguration { + if in == nil { + return nil + } + out := new(DefaultClusterManagerConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DefaultWebhookConfiguration) DeepCopyInto(out *DefaultWebhookConfiguration) { + *out = *in + out.WebhookConfiguration = in.WebhookConfiguration + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultWebhookConfiguration. +func (in *DefaultWebhookConfiguration) DeepCopy() *DefaultWebhookConfiguration { + if in == nil { + return nil + } + out := new(DefaultWebhookConfiguration) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FeatureGate) DeepCopyInto(out *FeatureGate) { *out = *in @@ -340,6 +380,23 @@ func (in *HostedClusterManagerConfiguration) DeepCopy() *HostedClusterManagerCon return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HostedWebhookConfiguration) DeepCopyInto(out *HostedWebhookConfiguration) { + *out = *in + out.WebhookConfiguration = in.WebhookConfiguration + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostedWebhookConfiguration. +func (in *HostedWebhookConfiguration) DeepCopy() *HostedWebhookConfiguration { + if in == nil { + return nil + } + out := new(HostedWebhookConfiguration) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HubApiServerHostAlias) DeepCopyInto(out *HubApiServerHostAlias) { *out = *in diff --git a/vendor/open-cluster-management.io/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/open-cluster-management.io/api/operator/v1/zz_generated.swagger_doc_generated.go index 49e19c5741..a4dd641e31 100644 --- a/vendor/open-cluster-management.io/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/open-cluster-management.io/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -48,9 +48,10 @@ func (ClusterManager) SwaggerDoc() map[string]string { } var map_ClusterManagerDeployOption = map[string]string{ - "": "ClusterManagerDeployOption describes the deployment options for cluster-manager", - "mode": "Mode can be Default or Hosted. In Default mode, the Hub is installed as a whole and all parts of Hub are deployed in the same cluster. In Hosted mode, only crd and configurations are installed on one cluster(defined as hub-cluster). Controllers run in another cluster (defined as management-cluster) and connect to the hub with the kubeconfig in secret of \"external-hub-kubeconfig\"(a kubeconfig of hub-cluster with cluster-admin permission). Note: Do not modify the Mode field once it's applied.", - "hosted": "Hosted includes configurations we need for clustermanager in the Hosted mode.", + "": "ClusterManagerDeployOption describes the deployment options for cluster-manager", + "mode": "Mode can be Default or Hosted. In Default mode, the Hub is installed as a whole and all parts of Hub are deployed in the same cluster. In Hosted mode, only crd and configurations are installed on one cluster(defined as hub-cluster). Controllers run in another cluster (defined as management-cluster) and connect to the hub with the kubeconfig in secret of \"external-hub-kubeconfig\"(a kubeconfig of hub-cluster with cluster-admin permission). Note: Do not modify the Mode field once it's applied.", + "default": "Default includes configurations for clustermanager in the Default mode", + "hosted": "Hosted includes configurations we need for clustermanager in the Hosted mode.", } func (ClusterManagerDeployOption) SwaggerDoc() map[string]string { @@ -97,6 +98,25 @@ func (ClusterManagerStatus) SwaggerDoc() map[string]string { return map_ClusterManagerStatus } +var map_DefaultClusterManagerConfiguration = map[string]string{ + "": "DefaultClusterManagerConfiguration represents customized configurations for clustermanager in the Default mode", + "registrationWebhookConfiguration": "RegistrationWebhookConfiguration represents the customized webhook-server configuration of registration.", + "workWebhookConfiguration": "WorkWebhookConfiguration represents the customized webhook-server configuration of work.", +} + +func (DefaultClusterManagerConfiguration) SwaggerDoc() map[string]string { + return map_DefaultClusterManagerConfiguration +} + +var map_DefaultWebhookConfiguration = map[string]string{ + "": "DefaultWebhookConfiguration represents customization of webhook servers running in default installation mode", + "port": "Port represents the port of a webhook-server. The default value of Port is 9443.", +} + +func (DefaultWebhookConfiguration) SwaggerDoc() map[string]string { + return map_DefaultWebhookConfiguration +} + var map_FeatureGate = map[string]string{ "feature": "Feature is the key of feature gate. e.g. featuregate/Foo.", "mode": "Mode is either Enable, Disable, \"\" where \"\" is Disable by default. In Enable mode, a valid feature gate `featuregate/Foo` will be set to \"--featuregate/Foo=true\". In Disable mode, a valid feature gate `featuregate/Foo` will be set to \"--featuregate/Foo=false\".", @@ -130,6 +150,16 @@ func (HostedClusterManagerConfiguration) SwaggerDoc() map[string]string { return map_HostedClusterManagerConfiguration } +var map_HostedWebhookConfiguration = map[string]string{ + "": "HostedWebhookConfiguration represents customization of webhook servers running in hosted installation mode", + "address": "Address represents the address of a webhook-server. It could be in IP format or fqdn format. The Address must be reachable by apiserver of the hub cluster.", + "port": "Port represents the port of a webhook-server. The default value of Port is 443.", +} + +func (HostedWebhookConfiguration) SwaggerDoc() map[string]string { + return map_HostedWebhookConfiguration +} + var map_NodePlacement = map[string]string{ "": "NodePlacement describes node scheduling configuration for the pods.", "nodeSelector": "NodeSelector defines which Nodes the Pods are scheduled on. The default is an empty list.", @@ -174,9 +204,10 @@ func (RelatedResourceMeta) SwaggerDoc() map[string]string { } var map_WebhookConfiguration = map[string]string{ - "": "WebhookConfiguration has two properties: Address and Port.", - "address": "Address represents the address of a webhook-server. It could be in IP format or fqdn format. The Address must be reachable by apiserver of the hub cluster.", - "port": "Port represents the port of a webhook-server. The default value of Port is 443.", + "": "WebhookConfiguration represents customization of webhook servers", + "healthProbeBindAddress": "HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is \":8000\". Healthchecks may be disabled by setting a value of \"0\" or \"\".", + "metricsBindAddress": "MetricsBindAddress represents the metrics address of a webhook-server. The default value is \":8080\" Metrics may be disabled by setting a value of \"0\" or \"\".", + "hostNetwork": "HostNetwork enables running webhook pods with hostNetwork: true This may be required in some installations, such as EKS with Calico CNI, to allow the API Server to communicate with the webhook pods.", } func (WebhookConfiguration) SwaggerDoc() map[string]string { diff --git a/vendor/open-cluster-management.io/api/work/v1/types.go b/vendor/open-cluster-management.io/api/work/v1/types.go index 2e74ef9057..9e3d4c6c02 100644 --- a/vendor/open-cluster-management.io/api/work/v1/types.go +++ b/vendor/open-cluster-management.io/api/work/v1/types.go @@ -503,6 +503,16 @@ const ( // WorkDegraded represents that the current state of work does not match // the desired state for a certain period. WorkDegraded string = "Degraded" + // WorkComplete represents that the work has completed and should no longer + // be updated. + WorkComplete string = "Complete" +) + +// Work condition reasons +const ( + // WorkManifestsComplete represents that all completable manifests in the work + // have the Complete condition + WorkManifestsComplete string = "ManifestsComplete" ) // ManifestCondition represents the conditions of the resources deployed on a @@ -596,7 +606,10 @@ const ( ManifestComplete string = "Complete" ) -// Condition reasons +// Manifest condition reasons +// +// All reasons set by condition rule evaluation are expected to be prefixed with "ConditionRule" +// in order to determine which conditions were set by rules. const ( // ConditionRuleTrue is set when a rule is evaluated without error ConditionRuleEvaluated string = "ConditionRuleEvaluated"