Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get pods/events in all child clusters through clusternet-hub #499

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Get pods/events in all child clusters through clusternet-hub #499

wants to merge 8 commits into from

Conversation

byliu
Copy link

@byliu byliu commented Sep 30, 2022

What type of PR is this?

Now we can get pods/events in all child clusters through clusternet-hub.

What this PR does / why we need it:

Get pods/events directly through clusternet-hub.

clusternet-hub

# kubectl clusternet -n test052601-prj-hx2t8pc2 get pod -o wide
NAME                 READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
basic-template-0     1/1     Running   0          63d   9.xxx.0.xx   9.xxx.0.xx   <none>           2/2
basic-template11-0   1/1     Running   0          63d   9.xxx.0.xx    9.xxx.0.xx   <none>           2/2
basic-template3-0    1/1     Running   0          91d   9.xxx.0.xx    9.xxx.0.xx   <none>           1/1

the details of child clusters:
child-cluster-1

# kubectl -n test052601-prj-hx2t8pc2 get pod -o wide
NAME                 READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
basic-template-0     1/1     Running   0          63d   9.xxx.0.xx   9.xxx.0.   <none>           2/2
basic-template3-0    1/1     Running   0          91d   9.xxx.0.xx    9.xxx.0.xx   <none>           1/1

child-cluster-2

# kubectl -n test052601-prj-hx2t8pc2 get pod -o wide
NAME                 READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
basic-template11-0   1/1     Running   0          63d   9.xxx.0.xx    9.xxx.0.xx   <none>           2/2

What we need to do?

add flag --cluster-server-url-out-cls for clusternet-agent if it's running in-cluster
egg

      - command:
        - /usr/local/bin/clusternet-agent
        - --cluster-reg-token=$(REG_TOKEN)
        - --cluster-reg-parent-url=$(PARENT_URL)
        - --cluster-sync-mode=Dual
        - --feature-gates=SocketConnection=true,AppPusher=true,Recovery=true
        - --leader-elect-resource-namespace=$(AGENT_NAMESPACE)
        - --cluster-server-url-out-cls=https://{ClusterServerURLOutCluster}

replace {ClusterServerURLOutCluster} with your child cluster's apiserverURL

@byliu byliu requested review from a team as code owners September 30, 2022 06:48
baoyiliu added 8 commits September 30, 2022 14:54
feat: get pod from child clsternet
beb315e 
Signed-off-by: baoyiliu <baoyiliu@tencent.com>
feat: add child cls client cache
9b622de 
Signed-off-by: baoyiliu <baoyiliu@tencent.com>
feat: add events get
ebd3f69 
Signed-off-by: baoyiliu <baoyiliu@tencent.com>
feat: add pods/events list
b3af86a 
Signed-off-by: baoyiliu <baoyiliu@tencent.com>
fix:add child cluster kubeconfig to mcls
5b11255 
Signed-off-by: baoyiliu <baoyiliu@tencent.com>
feat: use dynamic client for child cluster
d9b97bd 
Signed-off-by: baoyiliu <baoyiliu@tencent.com>
fmt: remove useless code
89bde27 
Signed-off-by: baoyiliu <baoyiliu@tencent.com>
feat: agent add flag cluster-reg-parent-url
baf8575 
Signed-off-by: baoyiliu <baoyiliu@tencent.com>
dixudx
dixudx requested changes Sep 30, 2022
View reviewed changes
Copy link
Member

@dixudx dixudx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution.

Some extra changes are needed.

pkg/agent/agent.go
@@ -151,6 +151,8 @@ func NewAgent(registrationOpts *ClusterRegistrationOptions, controllerOpts *util
controllerOptions: controllerOpts,
statusManager: NewStatusManager(
childKubeConfig.Host,
registrationOpts.ApiServerURLOutCls,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do have this in childKubeConfig.Host.

pkg/apis/clusters/v1beta1/types.go
// +optional
APIServerURLOutCls string `json:"apiserverURLOutCls,omitempty"`

// APIServerConfig indicates the advertising config of managed Kubernetes cluster
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need. There are already a secret in the dedicated namespace, which can be used as the kubeconfig for child clusters.

And it is NOT safe to put kubeconfig in ManagedCluster.

dixudx
dixudx requested changes Oct 7, 2022
View reviewed changes
Copy link
Member

@dixudx dixudx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need more considerations for security, extensibility, and maintainability.

pkg/registry/shadow/template/rest.go

// resourceInCCls need to get resource from child cls
func (r *REST) resourceInCCls() bool {
resource, _ := r.getResourceName()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently only pods and events are allowed, but what if users want to list CRs in child clusters in the future?

pkg/registry/shadow/template/rest.go
break
}
}
return unstructObj, err
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to be wrong. I do NOT see any objects concentration here.

Here it just returns results from the last cluster.

pkg/registry/shadow/template/rest.go
var err error
for _, cls := range mcls {
clusterID := string(cls.Spec.ClusterID)
clientset, ok := r.getCClsCliFromCache(clusterID)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A big shout out to how the RABC rules should be set for this up-to-bottom GET operations to child clusters.
It seems admin account from child cluster is used here for listing operations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dixudx dixudx dixudx requested changes

@DanielXLee DanielXLee Awaiting requested review from DanielXLee DanielXLee is a code owner automatically assigned from clusternet/sig-apis

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@byliu @dixudx