Merge pull request #5509 from jabellard/volumes_bindings_api_server

Support to Specify Extra Volumes and Volume Mounts for Karmada API Server Component
2024-09-12 20:34:58 +08:00 · 2024-09-12 20:34:58 +08:00 · 4dfff39d56
parent 071fb3d3b0 c45b817e74
commit 4dfff39d56
6 changed files with 3804 additions and 13 deletions
--- a/charts/karmada-operator/crds/operator.karmada.io_karmadas.yaml
+++ b/charts/karmada-operator/crds/operator.karmada.io_karmadas.yaml
--- a/operator/config/crds/operator.karmada.io_karmadas.yaml
+++ b/operator/config/crds/operator.karmada.io_karmadas.yaml
--- a/operator/pkg/apis/operator/v1alpha1/type.go
+++ b/operator/pkg/apis/operator/v1alpha1/type.go
@ -290,6 +290,24 @@ type KarmadaAPIServer struct {
 	// +optional
 	ExtraArgs map[string]string `json:"extraArgs,omitempty"`

+	// ExtraVolumes specifies a list of extra volumes for the API server's pod
+	// To fulfil the base functionality required for a functioning control plane, when provisioning a new Karmada instance,
+	// the operator will automatically attach volumes for the API server pod needed to configure things such as TLS,
+	// SA token issuance/signing and secured connection to etcd, amongst others. However, given the wealth of options for configurability,
+	// there are additional features (e.g., encryption at rest and custom AuthN webhook) that can be configured. ExtraVolumes, in conjunction
+	// with ExtraArgs and ExtraVolumeMounts can be used to fulfil those use cases.
+	// +optional
+	ExtraVolumes []corev1.Volume `json:"extraVolumes,omitempty"`
+
+	// ExtraVolumeMounts specifies a list of extra volume mounts to be mounted into the API server's container
+	// To fulfil the base functionality required for a functioning control plane, when provisioning a new Karmada instance,
+	// the operator will automatically mount volumes into the API server container needed to configure things such as TLS,
+	// SA token issuance/signing and secured connection to etcd, amongst others. However, given the wealth of options for configurability,
+	// there are additional features (e.g., encryption at rest and custom AuthN webhook) that can be configured. ExtraVolumeMounts, in conjunction
+	// with ExtraArgs and ExtraVolumes can be used to fulfil those use cases.
+	// +optional
+	ExtraVolumeMounts []corev1.VolumeMount `json:"extraVolumeMounts,omitempty"`
+
 	// CertSANs sets extra Subject Alternative Names for the API Server signing cert.
 	// +optional
 	CertSANs []string `json:"certSANs,omitempty"`
--- a/operator/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go
+++ b/operator/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go
@ -22,8 +22,8 @@ limitations under the License.
 package v1alpha1

 import (
-	corev1 "k8s.io/api/core/v1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )

@ -277,6 +277,20 @@ func (in *KarmadaAPIServer) DeepCopyInto(out *KarmadaAPIServer) {
 			(*out)[key] = val
 		}
 	}
+	if in.ExtraVolumes != nil {
+		in, out := &in.ExtraVolumes, &out.ExtraVolumes
+		*out = make([]v1.Volume, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.ExtraVolumeMounts != nil {
+		in, out := &in.ExtraVolumeMounts, &out.ExtraVolumeMounts
+		*out = make([]v1.VolumeMount, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 	if in.CertSANs != nil {
 		in, out := &in.CertSANs, &out.CertSANs
 		*out = make([]string, len(*in))
@ -629,7 +643,7 @@ func (in *KarmadaStatus) DeepCopyInto(out *KarmadaStatus) {
 	}
 	if in.Conditions != nil {
 		in, out := &in.Conditions, &out.Conditions
-		*out = make([]v1.Condition, len(*in))
+		*out = make([]metav1.Condition, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@ -781,17 +795,17 @@ func (in *VolumeData) DeepCopyInto(out *VolumeData) {
 	*out = *in
 	if in.VolumeClaim != nil {
 		in, out := &in.VolumeClaim, &out.VolumeClaim
-		*out = new(corev1.PersistentVolumeClaimTemplate)
+		*out = new(v1.PersistentVolumeClaimTemplate)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.HostPath != nil {
 		in, out := &in.HostPath, &out.HostPath
-		*out = new(corev1.HostPathVolumeSource)
+		*out = new(v1.HostPathVolumeSource)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.EmptyDir != nil {
 		in, out := &in.EmptyDir, &out.EmptyDir
-		*out = new(corev1.EmptyDirVolumeSource)
+		*out = new(v1.EmptyDirVolumeSource)
 		(*in).DeepCopyInto(*out)
 	}
 	return
--- a/operator/pkg/controlplane/apiserver/apiserver.go
+++ b/operator/pkg/controlplane/apiserver/apiserver.go
@ -77,7 +77,8 @@ func installKarmadaAPIServer(client clientset.Interface, cfg *operatorv1alpha1.K
 		return fmt.Errorf("error when decoding karmadaApiserver deployment: %w", err)
 	}
 	patcher.NewPatcher().WithAnnotations(cfg.Annotations).WithLabels(cfg.Labels).
-		WithExtraArgs(cfg.ExtraArgs).WithResources(cfg.Resources).ForDeployment(apiserverDeployment)
+		WithExtraArgs(cfg.ExtraArgs).WithExtraVolumeMounts(cfg.ExtraVolumeMounts).
+		WithExtraVolumes(cfg.ExtraVolumes).WithResources(cfg.Resources).ForDeployment(apiserverDeployment)

 	if err := apiclient.CreateOrUpdateDeployment(client, apiserverDeployment); err != nil {
 		return fmt.Errorf("error when creating deployment for %s, err: %w", apiserverDeployment.Name, err)
--- a/operator/pkg/util/patcher/pather.go
+++ b/operator/pkg/util/patcher/pather.go
@ -35,12 +35,14 @@ import (

 // Patcher defines multiple variables that need to be patched.
 type Patcher struct {
-	labels       map[string]string
-	annotations  map[string]string
-	extraArgs    map[string]string
-	featureGates map[string]bool
-	volume       *operatorv1alpha1.VolumeData
-	resources    corev1.ResourceRequirements
+	labels            map[string]string
+	annotations       map[string]string
+	extraArgs         map[string]string
+	extraVolumes      []corev1.Volume
+	extraVolumeMounts []corev1.VolumeMount
+	featureGates      map[string]bool
+	volume            *operatorv1alpha1.VolumeData
+	resources         corev1.ResourceRequirements
 }

 // NewPatcher returns a patcher.
@ -66,6 +68,18 @@ func (p *Patcher) WithExtraArgs(extraArgs map[string]string) *Patcher {
 	return p
 }

+// WithExtraVolumes sets extra volumes for the patcher.
+func (p *Patcher) WithExtraVolumes(extraVolumes []corev1.Volume) *Patcher {
+	p.extraVolumes = extraVolumes
+	return p
+}
+
+// WithExtraVolumeMounts sets extra volume mounts for the patcher.
+func (p *Patcher) WithExtraVolumeMounts(extraVolumeMounts []corev1.VolumeMount) *Patcher {
+	p.extraVolumeMounts = extraVolumeMounts
+	return p
+}
+
 // WithFeatureGates sets featureGates to the patcher.
 func (p *Patcher) WithFeatureGates(featureGates map[string]bool) *Patcher {
 	p.featureGates = featureGates
@ -122,6 +136,10 @@ func (p *Patcher) ForDeployment(deployment *appsv1.Deployment) {
 		command = append(command, buildArgumentListFromMap(argsMap, overrideArgs)...)
 		deployment.Spec.Template.Spec.Containers[0].Command = command
 	}
+	// Add extra volumes and volume mounts
+	// First container in the pod is expected to contain the Karmada component
+	deployment.Spec.Template.Spec.Volumes = append(deployment.Spec.Template.Spec.Volumes, p.extraVolumes...)
+	deployment.Spec.Template.Spec.Containers[0].VolumeMounts = append(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, p.extraVolumeMounts...)
 }

 // ForStatefulSet patches the statefulset manifest.