diff --git a/multicluster/build/yamls/antrea-multicluster-member.yml b/multicluster/build/yamls/antrea-multicluster-member.yml index 5eebd7df0b8..d5100e5ef0d 100644 --- a/multicluster/build/yamls/antrea-multicluster-member.yml +++ b/multicluster/build/yamls/antrea-multicluster-member.yml @@ -1818,7 +1818,6 @@ spec: apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - creationTimestamp: null labels: app: antrea name: antrea-mc-mutating-webhook-configuration @@ -1833,6 +1832,9 @@ webhooks: path: /mutate-multicluster-crd-antrea-io-v1alpha1-clusterclaim failurePolicy: Fail name: mclusterclaim.kb.io + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system rules: - apiGroups: - multicluster.crd.antrea.io @@ -1854,6 +1856,9 @@ webhooks: path: /mutate-multicluster-crd-antrea-io-v1alpha1-clusterset failurePolicy: Fail name: mclusterset.kb.io + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system rules: - apiGroups: - multicluster.crd.antrea.io @@ -1865,53 +1870,10 @@ webhooks: resources: - clustersets sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: antrea-mc-webhook-service - namespace: kube-system - path: /mutate-multicluster-crd-antrea-io-v1alpha1-resourceexport - failurePolicy: Fail - name: mresourceexport.kb.io - rules: - - apiGroups: - - multicluster.crd.antrea.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - resourceexports - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: antrea-mc-webhook-service - namespace: kube-system - path: /mutate-multicluster-crd-antrea-io-v1alpha1-resourceimport - failurePolicy: Fail - name: mresourceimport.kb.io - rules: - - apiGroups: - - multicluster.crd.antrea.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - resourceimports - sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - creationTimestamp: null labels: app: antrea name: antrea-mc-validating-webhook-configuration @@ -1926,6 +1888,9 @@ webhooks: path: /validate-multicluster-crd-antrea-io-v1alpha1-clusterclaim failurePolicy: Fail name: vclusterclaim.kb.io + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system rules: - apiGroups: - multicluster.crd.antrea.io @@ -1947,6 +1912,9 @@ webhooks: path: /validate-multicluster-crd-antrea-io-v1alpha1-clusterset failurePolicy: Fail name: vclusterset.kb.io + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system rules: - apiGroups: - multicluster.crd.antrea.io @@ -1958,66 +1926,3 @@ webhooks: resources: - clustersets sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: antrea-mc-webhook-service - namespace: kube-system - path: /validate-multicluster-crd-antrea-io-v1alpha1-resourceexport - failurePolicy: Fail - name: vresourceexport.kb.io - rules: - - apiGroups: - - multicluster.crd.antrea.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - resourceexports - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: antrea-mc-webhook-service - namespace: kube-system - path: /validate-multicluster-crd-antrea-io-v1alpha1-resourceimport - failurePolicy: Fail - name: vresourceimport.kb.io - rules: - - apiGroups: - - multicluster.crd.antrea.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - resourceimports - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: antrea-mc-webhook-service - namespace: kube-system - path: /validate-multicluster-crd-antrea-io-v1alpha1-memberclusterannounce - failurePolicy: Fail - name: vmemberclusterannounce.kb.io - rules: - - apiGroups: - - multicluster.crd.antrea.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - memberclusterannounces - sideEffects: None diff --git a/multicluster/cmd/multicluster-controller/member.go b/multicluster/cmd/multicluster-controller/member.go index 177b71cc381..aef55f97666 100644 --- a/multicluster/cmd/multicluster-controller/member.go +++ b/multicluster/cmd/multicluster-controller/member.go @@ -24,6 +24,7 @@ import ( multiclustercontrollers "antrea.io/antrea/multicluster/controllers/multicluster" "antrea.io/antrea/pkg/signals" + "antrea.io/antrea/pkg/util/env" ) func newMemberCommand() *cobra.Command { @@ -51,8 +52,9 @@ func runMember(o *Options) error { } clusterSetReconciler := &multiclustercontrollers.MemberClusterSetReconciler{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Namespace: env.GetPodNamespace(), } if err = clusterSetReconciler.SetupWithManager(mgr); err != nil { return fmt.Errorf("error creating ClusterSet controller: %v", err) diff --git a/multicluster/config/overlays/member/kustomization.yaml b/multicluster/config/overlays/member/kustomization.yaml index e375b5e360d..655786c61ba 100644 --- a/multicluster/config/overlays/member/kustomization.yaml +++ b/multicluster/config/overlays/member/kustomization.yaml @@ -22,3 +22,4 @@ configurations: patchesStrategicMerge: - manager_command_patch.yaml + - webhook_patch.yaml diff --git a/multicluster/config/overlays/member/webhook_patch.yaml b/multicluster/config/overlays/member/webhook_patch.yaml new file mode 100644 index 00000000000..121c365fddc --- /dev/null +++ b/multicluster/config/overlays/member/webhook_patch.yaml @@ -0,0 +1,60 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + name: vmemberclusterannounce.kb.io + $patch: delete +- admissionReviewVersions: + name: vresourceexport.kb.io + $patch: delete +- admissionReviewVersions: + name: vresourceimport.kb.io + $patch: delete +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + name: mresourceexport.kb.io + $patch: delete +- admissionReviewVersions: + name: mresourceimport.kb.io + $patch: delete +- admissionReviewVersions: + - v1 + - v1beta1 + name: mclusterclaim.kb.io + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system +- admissionReviewVersions: + - v1 + - v1beta1 + name: mclusterset.kb.io + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + name: vclusterclaim.kb.io + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system +- admissionReviewVersions: + - v1 + - v1beta1 + name: vclusterset.kb.io + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system diff --git a/multicluster/controllers/multicluster/member_clusterset_controller.go b/multicluster/controllers/multicluster/member_clusterset_controller.go index 0f13a3a7cc2..b985e44c9ce 100644 --- a/multicluster/controllers/multicluster/member_clusterset_controller.go +++ b/multicluster/controllers/multicluster/member_clusterset_controller.go @@ -41,8 +41,9 @@ import ( // MemberClusterSetReconciler reconciles a ClusterSet object in the member cluster deployment. type MemberClusterSetReconciler struct { client.Client - Scheme *runtime.Scheme - mutex sync.Mutex + Scheme *runtime.Scheme + Namespace string + mutex sync.Mutex clusterSetConfig *multiclusterv1alpha1.ClusterSet clusterSetID common.ClusterSetID @@ -57,6 +58,10 @@ type MemberClusterSetReconciler struct { // Reconcile ClusterSet changes func (r *MemberClusterSetReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + if req.Namespace != r.Namespace { + klog.V(2).InfoS("Skip reconciling ClusterSet", "clusterset", req.String()) + return ctrl.Result{}, nil + } clusterSet := &multiclusterv1alpha1.ClusterSet{} err := r.Get(ctx, req.NamespacedName, clusterSet) defer r.mutex.Unlock()