karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5699 from jabellard/external_etcd_3 

External `etcd` Support for Karmada Operator - Part 1
This commit is contained in:
karmada-bot 2024-10-19 19:27:29 +08:00 committed by GitHub
parent 517cb0d3a9 b8de9678e2
commit 31bc0224f2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 100 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
charts/karmada-operator/crds/operator.karmada.io_karmadas.yaml
View File

@ -65,12 +65,14 @@ spec:
description: |- description: |-
CAData is an SSL Certificate Authority file used to secure etcd communication. CAData is an SSL Certificate Authority file used to secure etcd communication.
Required if using a TLS connection. Required if using a TLS connection.
Deprecated: This field is deprecated and will be removed in a future version. Use SecretRef for providing client connection credentials.
format: byte format: byte
type: string type: string
certData: certData:
description: |- description: |-
CertData is an SSL certification file used to secure etcd communication. CertData is an SSL certification file used to secure etcd communication.
Required if using a TLS connection. Required if using a TLS connection.
Deprecated: This field is deprecated and will be removed in a future version. Use SecretRef for providing client connection credentials.
format: byte format: byte
type: string type: string
endpoints: endpoints:
@ -82,13 +84,29 @@ spec:
description: |- description: |-
KeyData is an SSL key file used to secure etcd communication. KeyData is an SSL key file used to secure etcd communication.
Required if using a TLS connection. Required if using a TLS connection.
Deprecated: This field is deprecated and will be removed in a future version. Use SecretRef for providing client connection credentials.
format: byte format: byte
type: string type: string
secretRef:
description: |-
SecretRef references a Kubernetes secret containing the etcd connection credentials.
The secret must contain the following data keys:
ca.crt: The Certificate Authority (CA) certificate data.
tls.crt: The TLS certificate data used for verifying the etcd server's certificate.
tls.key: The TLS private key.
Required to configure the connection to an external etcd cluster.
properties:
name:
description: Name is the name of resource being referenced.
type: string
namespace:
description: Namespace is the namespace for the resource
being referenced.
type: string
type: object
required: required:
- caData
- certData
- endpoints - endpoints
- keyData - secretRef
type: object type: object
local: local:
description: |- description: |-

24
operator/config/crds/operator.karmada.io_karmadas.yaml
View File

@ -65,12 +65,14 @@ spec:
description: |- description: |-
CAData is an SSL Certificate Authority file used to secure etcd communication. CAData is an SSL Certificate Authority file used to secure etcd communication.
Required if using a TLS connection. Required if using a TLS connection.
Deprecated: This field is deprecated and will be removed in a future version. Use SecretRef for providing client connection credentials.
format: byte format: byte
type: string type: string
certData: certData:
description: |- description: |-
CertData is an SSL certification file used to secure etcd communication. CertData is an SSL certification file used to secure etcd communication.
Required if using a TLS connection. Required if using a TLS connection.
Deprecated: This field is deprecated and will be removed in a future version. Use SecretRef for providing client connection credentials.
format: byte format: byte
type: string type: string
endpoints: endpoints:
@ -82,13 +84,29 @@ spec:
description: |- description: |-
KeyData is an SSL key file used to secure etcd communication. KeyData is an SSL key file used to secure etcd communication.
Required if using a TLS connection. Required if using a TLS connection.
Deprecated: This field is deprecated and will be removed in a future version. Use SecretRef for providing client connection credentials.
format: byte format: byte
type: string type: string
secretRef:
description: |-
SecretRef references a Kubernetes secret containing the etcd connection credentials.
The secret must contain the following data keys:
ca.crt: The Certificate Authority (CA) certificate data.
tls.crt: The TLS certificate data used for verifying the etcd server's certificate.
tls.key: The TLS private key.
Required to configure the connection to an external etcd cluster.
properties:
name:
description: Name is the name of resource being referenced.
type: string
namespace:
description: Namespace is the namespace for the resource
being referenced.
type: string
type: object
required: required:
- caData
- certData
- endpoints - endpoints
- keyData - secretRef
type: object type: object
local: local:
description: |- description: |-

19
operator/pkg/apis/operator/v1alpha1/type.go
View File

@ -239,19 +239,32 @@ type VolumeData struct {
// operator has no knowledge of where certificate files live, and they must be supplied. // operator has no knowledge of where certificate files live, and they must be supplied.
type ExternalEtcd struct { type ExternalEtcd struct {
// Endpoints of etcd members. Required for ExternalEtcd. // Endpoints of etcd members. Required for ExternalEtcd.
// +required
Endpoints []string `json:"endpoints"` Endpoints []string `json:"endpoints"`
// CAData is an SSL Certificate Authority file used to secure etcd communication. // CAData is an SSL Certificate Authority file used to secure etcd communication.
// Required if using a TLS connection. // Required if using a TLS connection.
CAData []byte `json:"caData"` // Deprecated: This field is deprecated and will be removed in a future version. Use SecretRef for providing client connection credentials.
CAData []byte `json:"caData,omitempty"`
// CertData is an SSL certification file used to secure etcd communication. // CertData is an SSL certification file used to secure etcd communication.
// Required if using a TLS connection. // Required if using a TLS connection.
CertData []byte `json:"certData"` // Deprecated: This field is deprecated and will be removed in a future version. Use SecretRef for providing client connection credentials.
CertData []byte `json:"certData,omitempty"`
// KeyData is an SSL key file used to secure etcd communication. // KeyData is an SSL key file used to secure etcd communication.
// Required if using a TLS connection. // Required if using a TLS connection.
KeyData []byte `json:"keyData"` // Deprecated: This field is deprecated and will be removed in a future version. Use SecretRef for providing client connection credentials.
KeyData []byte `json:"keyData,omitempty"`
// SecretRef references a Kubernetes secret containing the etcd connection credentials.
// The secret must contain the following data keys:
// ca.crt: The Certificate Authority (CA) certificate data.
// tls.crt: The TLS certificate data used for verifying the etcd server's certificate.
// tls.key: The TLS private key.
// Required to configure the connection to an external etcd cluster.
// +required
SecretRef LocalSecretReference `json:"secretRef"`
} }
// KarmadaAPIServer holds settings to kube-apiserver component of the kubernetes. // KarmadaAPIServer holds settings to kube-apiserver component of the kubernetes.

1
operator/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go
View File

@ -139,6 +139,7 @@ func (in *ExternalEtcd) DeepCopyInto(out *ExternalEtcd) {
*out = make([]byte, len(*in)) *out = make([]byte, len(*in))
copy(*out, *in) copy(*out, *in)
} }
out.SecretRef = in.SecretRef
return return
} }

3
operator/pkg/constants/constants.go
View File

@ -125,6 +125,9 @@ const (
// APIServiceName defines the karmada aggregated apiserver APIService resource name. // APIServiceName defines the karmada aggregated apiserver APIService resource name.
APIServiceName = "v1alpha1.cluster.karmada.io" APIServiceName = "v1alpha1.cluster.karmada.io"
// KarmadaApiserverEtcdClientCertNameSuffix defines the suffix for the Karmada API server etcd client cert name
KarmadaApiserverEtcdClientCertNameSuffix = "karmada-apiserver-etcd-client-cert"
) )
var ( var (

38
operator/pkg/controller/karmada/controller.go
View File

@ -18,11 +18,15 @@ package karmada
import ( import (
"context" "context"
"fmt"
"reflect" "reflect"
"strconv" "strconv"
"time" "time"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
"k8s.io/client-go/tools/record" "k8s.io/client-go/tools/record"
@ -36,6 +40,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/predicate"
operatorv1alpha1 "github.com/karmada-io/karmada/operator/pkg/apis/operator/v1alpha1" operatorv1alpha1 "github.com/karmada-io/karmada/operator/pkg/apis/operator/v1alpha1"
"github.com/karmada-io/karmada/operator/pkg/constants"
operatorscheme "github.com/karmada-io/karmada/operator/pkg/scheme" operatorscheme "github.com/karmada-io/karmada/operator/pkg/scheme"
) )
@ -48,6 +53,9 @@ const (
// DisableCascadingDeletionLabel is the label that determine whether to perform cascade deletion // DisableCascadingDeletionLabel is the label that determine whether to perform cascade deletion
DisableCascadingDeletionLabel = "operator.karmada.io/disable-cascading-deletion" DisableCascadingDeletionLabel = "operator.karmada.io/disable-cascading-deletion"
// ValidationErrorReason is the reason for a validation error
ValidationErrorReason = "ValidationError"
) )
// Controller controls the Karmada resource. // Controller controls the Karmada resource.
@ -77,6 +85,11 @@ func (ctrl *Controller) Reconcile(ctx context.Context, req controllerruntime.Req
return controllerruntime.Result{}, err return controllerruntime.Result{}, err
} }
if err := ctrl.validateKarmada(karmada); err != nil {
klog.Error(err, "Validation failed for karmada")
return controllerruntime.Result{}, nil
}
// The object is being deleted // The object is being deleted
if !karmada.DeletionTimestamp.IsZero() { if !karmada.DeletionTimestamp.IsZero() {
val, ok := karmada.Labels[DisableCascadingDeletionLabel] val, ok := karmada.Labels[DisableCascadingDeletionLabel]
@ -96,6 +109,31 @@ func (ctrl *Controller) Reconcile(ctx context.Context, req controllerruntime.Req
return controllerruntime.Result{}, ctrl.syncKarmada(karmada) return controllerruntime.Result{}, ctrl.syncKarmada(karmada)
} }
// validateKarmada ensures the Karmada resource adheres to validation rules
func (ctrl *Controller) validateKarmada(karmada *operatorv1alpha1.Karmada) error {
if karmada.Spec.Components.Etcd != nil && karmada.Spec.Components.Etcd.External != nil {
expectedSecretName := fmt.Sprintf("%s-%s", karmada.Name, constants.KarmadaApiserverEtcdClientCertNameSuffix)
if karmada.Spec.Components.Etcd.External.SecretRef.Name != expectedSecretName {
errorMessage := fmt.Sprintf("Secret name for external etcd client must be %s, but got %s", expectedSecretName, karmada.Spec.Components.Etcd.External.SecretRef.Name)
ctrl.EventRecorder.Event(karmada, corev1.EventTypeWarning, ValidationErrorReason, errorMessage)
newCondition := metav1.Condition{
Type: string(operatorv1alpha1.Ready),
Status: metav1.ConditionFalse,
Reason: ValidationErrorReason,
Message: errorMessage,
LastTransitionTime: metav1.Now(),
}
meta.SetStatusCondition(&karmada.Status.Conditions, newCondition)
if err := ctrl.Status().Update(context.TODO(), karmada); err != nil {
return err
}
return fmt.Errorf(errorMessage)
}
}
return nil
}
func (ctrl *Controller) syncKarmada(karmada *operatorv1alpha1.Karmada) error { func (ctrl *Controller) syncKarmada(karmada *operatorv1alpha1.Karmada) error {
klog.V(2).InfoS("Reconciling karmada", "name", karmada.Name) klog.V(2).InfoS("Reconciling karmada", "name", karmada.Name)
planner, err := NewPlannerFor(karmada, ctrl.Client, ctrl.Config) planner, err := NewPlannerFor(karmada, ctrl.Client, ctrl.Config)