Skip to content

Commit

Permalink
Allow member and leader deployed in one cluster (antrea-io#3180)
Browse files Browse the repository at this point in the history 
* Allow member and leader deployed in one cluster

We'd like to deploy both member and leader controllers in one
cluster, so need below two fixes:

1. make the memberannounce webhook in member cluster as namespaced
otherwise memberannounce creation will fail.
2. skip any ClusterSet reconsiling in member cluster if it's not the
same as member controller's namespace.

Signed-off-by: Lan Luo <[email protected]>

* Update mutation and validation webhook

* Remove uncessary memberclusterannounce,resourceexport,resourceimport
webhooks in member manifests
* Make clusterclaim,clusterset's validation webhook as namespaced.

Signed-off-by: Lan Luo <[email protected]>
  • Loading branch information
@luolanzone
luolanzone committed Jan 20, 2022
1 parent abaac3d commit abe5e8b
Show file tree
Hide file tree
Showing 5 changed files with 84 additions and 111 deletions.
119 changes: 12 additions & 107 deletions multicluster/build/yamls/antrea-multicluster-member.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1818,7 +1818,6 @@ spec:
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
labels:
app: antrea
name: antrea-mc-mutating-webhook-configuration
Expand All @@ -1833,6 +1832,9 @@ webhooks:
path: /mutate-multicluster-crd-antrea-io-v1alpha1-clusterclaim
failurePolicy: Fail
name: mclusterclaim.kb.io
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
rules:
- apiGroups:
- multicluster.crd.antrea.io
Expand All @@ -1854,6 +1856,9 @@ webhooks:
path: /mutate-multicluster-crd-antrea-io-v1alpha1-clusterset
failurePolicy: Fail
name: mclusterset.kb.io
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
rules:
- apiGroups:
- multicluster.crd.antrea.io
Expand All @@ -1865,53 +1870,10 @@ webhooks:
resources:
- clustersets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: antrea-mc-webhook-service
namespace: kube-system
path: /mutate-multicluster-crd-antrea-io-v1alpha1-resourceexport
failurePolicy: Fail
name: mresourceexport.kb.io
rules:
- apiGroups:
- multicluster.crd.antrea.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- resourceexports
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: antrea-mc-webhook-service
namespace: kube-system
path: /mutate-multicluster-crd-antrea-io-v1alpha1-resourceimport
failurePolicy: Fail
name: mresourceimport.kb.io
rules:
- apiGroups:
- multicluster.crd.antrea.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- resourceimports
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
labels:
app: antrea
name: antrea-mc-validating-webhook-configuration
Expand All @@ -1926,6 +1888,9 @@ webhooks:
path: /validate-multicluster-crd-antrea-io-v1alpha1-clusterclaim
failurePolicy: Fail
name: vclusterclaim.kb.io
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
rules:
- apiGroups:
- multicluster.crd.antrea.io
Expand All @@ -1947,6 +1912,9 @@ webhooks:
path: /validate-multicluster-crd-antrea-io-v1alpha1-clusterset
failurePolicy: Fail
name: vclusterset.kb.io
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
rules:
- apiGroups:
- multicluster.crd.antrea.io
Expand All @@ -1958,66 +1926,3 @@ webhooks:
resources:
- clustersets
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: antrea-mc-webhook-service
namespace: kube-system
path: /validate-multicluster-crd-antrea-io-v1alpha1-resourceexport
failurePolicy: Fail
name: vresourceexport.kb.io
rules:
- apiGroups:
- multicluster.crd.antrea.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- resourceexports
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: antrea-mc-webhook-service
namespace: kube-system
path: /validate-multicluster-crd-antrea-io-v1alpha1-resourceimport
failurePolicy: Fail
name: vresourceimport.kb.io
rules:
- apiGroups:
- multicluster.crd.antrea.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- resourceimports
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: antrea-mc-webhook-service
namespace: kube-system
path: /validate-multicluster-crd-antrea-io-v1alpha1-memberclusterannounce
failurePolicy: Fail
name: vmemberclusterannounce.kb.io
rules:
- apiGroups:
- multicluster.crd.antrea.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- memberclusterannounces
sideEffects: None
6 changes: 4 additions & 2 deletions multicluster/cmd/multicluster-controller/member.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (

multiclustercontrollers "antrea.io/antrea/multicluster/controllers/multicluster"
"antrea.io/antrea/pkg/signals"
"antrea.io/antrea/pkg/util/env"
)

func newMemberCommand() *cobra.Command {
Expand Down Expand Up @@ -51,8 +52,9 @@ func runMember(o *Options) error {
}

clusterSetReconciler := &multiclustercontrollers.MemberClusterSetReconciler{
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
Namespace: env.GetPodNamespace(),
}
if err = clusterSetReconciler.SetupWithManager(mgr); err != nil {
return fmt.Errorf("error creating ClusterSet controller: %v", err)
Expand Down
1 change: 1 addition & 0 deletions multicluster/config/overlays/member/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,4 @@ configurations:

patchesStrategicMerge:
- manager_command_patch.yaml
- webhook_patch.yaml
60 changes: 60 additions & 0 deletions multicluster/config/overlays/member/webhook_patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
webhooks:
- admissionReviewVersions:
name: vmemberclusterannounce.kb.io
$patch: delete
- admissionReviewVersions:
name: vresourceexport.kb.io
$patch: delete
- admissionReviewVersions:
name: vresourceimport.kb.io
$patch: delete
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
name: mresourceexport.kb.io
$patch: delete
- admissionReviewVersions:
name: mresourceimport.kb.io
$patch: delete
- admissionReviewVersions:
- v1
- v1beta1
name: mclusterclaim.kb.io
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
- admissionReviewVersions:
- v1
- v1beta1
name: mclusterset.kb.io
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
name: vclusterclaim.kb.io
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
- admissionReviewVersions:
- v1
- v1beta1
name: vclusterset.kb.io
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
9 changes: 7 additions & 2 deletions multicluster/controllers/multicluster/member_clusterset_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,9 @@ import (
// MemberClusterSetReconciler reconciles a ClusterSet object in the member cluster deployment.
type MemberClusterSetReconciler struct {
client.Client
Scheme *runtime.Scheme
mutex sync.Mutex
Scheme *runtime.Scheme
Namespace string
mutex sync.Mutex

clusterSetConfig *multiclusterv1alpha1.ClusterSet
clusterSetID common.ClusterSetID
Expand All @@ -57,6 +58,10 @@ type MemberClusterSetReconciler struct {

// Reconcile ClusterSet changes
func (r *MemberClusterSetReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
if req.Namespace != r.Namespace {
klog.V(2).InfoS("Skip reconciling ClusterSet", "clusterset", req.String())
return ctrl.Result{}, nil
}
clusterSet := &multiclusterv1alpha1.ClusterSet{}
err := r.Get(ctx, req.NamespacedName, clusterSet)
defer r.mutex.Unlock()
Expand Down

0 comments on commit abe5e8b

Please sign in to comment.