spoke

package
v0.13.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 13, 2024 License: Apache-2.0 Imports: 40 Imported by: 1

Documentation

Overview

package spoke and its subpackages contain the controllers that make up the spoke agent.

Index

Constants

This section is empty.

Variables

View Source 
var AddOnLeaseControllerSyncInterval = 30 * time.Second

AddOnLeaseControllerSyncInterval is exposed so that integration tests can crank up the constroller sync speed. TODO if we register the lease informer to the lease controller, we need to increase this time

View Source 
var ClientCertHealthCheckInterval = 30 * time.Second

Functions

This section is empty.

Types

type SpokeAgentConfig added in v0.12.0 

type SpokeAgentConfig struct {
	// contains filtered or unexported fields
}

func NewSpokeAgentConfig added in v0.12.0 

func NewSpokeAgentConfig(commonOpts *commonoptions.AgentOptions, opts *SpokeAgentOptions) *SpokeAgentConfig

NewSpokeAgentConfig returns a SpokeAgentConfig

func (*SpokeAgentConfig) HasValidHubClientConfig added in v0.12.0 

func (o *SpokeAgentConfig) HasValidHubClientConfig(ctx context.Context) (bool, error)

HasValidHubClientConfig returns ture if all the conditions below are met:

  1. KubeconfigFile exists;
  2. TLSKeyFile exists;
  3. TLSCertFile exists;
  4. Certificate in TLSCertFile is issued for the current cluster/agent;
  5. Certificate in TLSCertFile is not expired;
  6. Hub kubeconfig and bootstrap hub kubeconfig include the same server, proxyURL and CA bundle.

Normally, KubeconfigFile/TLSKeyFile/TLSCertFile will be created once the bootstrap process completes. Changing the name of the cluster will make the existing hub kubeconfig invalid, because certificate in TLSCertFile is issued to a specific cluster/agent.

func (*SpokeAgentConfig) RunSpokeAgent added in v0.12.0 

func (o *SpokeAgentConfig) RunSpokeAgent(ctx context.Context, controllerContext *controllercmd.ControllerContext) error

RunSpokeAgent starts the controllers on spoke agent to register to the hub.

There are two deploy mode for the registration agent: 'Default' mode and 'Detached' mode,

  • In Default mode, the registration agent pod runs on the spoke/managed cluster.
  • In Detached mode, the registration agent pod may run on a separated cluster from the spoke/managed cluster, we define this cluster as 'management' cluster.

The spoke agent uses four kubeconfigs for different concerns:

  • The 'management' kubeconfig: used to communicate with the cluster where the agent pod runs. In Default mode, it is the managed cluster's kubeconfig; in Detached mode, it is the management cluster's kubeconfig.
  • The 'spoke' kubeconfig: used to communicate with the spoke/managed cluster which will be registered to the hub.
  • The 'bootstrap' kubeconfig: used to communicate with the hub in order to submit a CertificateSigningRequest, begin the join flow with the hub, and to write the 'hub' kubeconfig.
  • The 'hub' kubeconfig: used to communicate with the hub using a signed certificate from the hub.

RunSpokeAgent handles the following scenarios: 

#1. Bootstrap kubeconfig is valid and there is no valid hub kubeconfig in secret
#2. Both bootstrap kubeconfig and hub kubeconfig are valid
#3. Bootstrap kubeconfig is invalid (e.g. certificate expired) and hub kubeconfig is valid
#4. Neither bootstrap kubeconfig nor hub kubeconfig is valid

A temporary ClientCertForHubController with bootstrap kubeconfig is created and started if the hub kubeconfig does not exist or is invalid and used to create a valid hub kubeconfig. Once the hub kubeconfig is valid, the temporary controller is stopped and the main controllers are started.

The agent will be restarted once any of the following happens:

  • the bootstrap hub kubeconfig changes (updated/deleted);
  • the client certificate referenced by the hub kubeconfig become expired (Return failure when checking the health of the agent);

func (*SpokeAgentConfig) RunSpokeAgentWithSpokeInformers added in v0.12.0 

func (o *SpokeAgentConfig) RunSpokeAgentWithSpokeInformers(ctx context.Context,
	kubeConfig, spokeClientConfig *rest.Config,
	spokeKubeClient kubernetes.Interface,
	spokeKubeInformerFactory informers.SharedInformerFactory,
	spokeClusterInformerFactory clusterv1informers.SharedInformerFactory,
	recorder events.Recorder) error

type SpokeAgentOptions 

type SpokeAgentOptions struct {
	BootstrapKubeconfig         string
	BootstrapKubeconfigSecret   string
	HubKubeconfigSecret         string
	SpokeExternalServerURLs     []string
	ClusterHealthCheckPeriod    time.Duration
	MaxCustomClusterClaims      int
	ClientCertExpirationSeconds int32
	ClusterAnnotations          map[string]string
	// contains filtered or unexported fields
}

SpokeAgentOptions holds configuration for spoke cluster agent

func NewSpokeAgentOptions 

func NewSpokeAgentOptions() *SpokeAgentOptions

func (*SpokeAgentOptions) AddFlags 

func (o *SpokeAgentOptions) AddFlags(fs *pflag.FlagSet)

AddFlags registers flags for Agent

func (*SpokeAgentOptions) GetHealthCheckers added in v0.13.0 

func (o *SpokeAgentOptions) GetHealthCheckers() []healthz.HealthChecker

func (*SpokeAgentOptions) Validate 

func (o *SpokeAgentOptions) Validate() error

Validate verifies the inputs.

Source Files

View all Source files

Directories

Path Synopsis
package addon contains the managed cluster side controllers for updating addon status and registering addon on the hub cluster.
 package addon contains the managed cluster side controllers for updating addon status and registering addon on the hub cluster.
package managedcluster contains the spoke cluster side reconciler for the SpokeCluster resource.
 package managedcluster contains the spoke cluster side reconciler for the SpokeCluster resource.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.