diff --git a/charts/cluster-gateway-manager/README.md b/charts/cluster-gateway-manager/README.md
index a8fdcd13..5108f35d 100644
--- a/charts/cluster-gateway-manager/README.md
+++ b/charts/cluster-gateway-manager/README.md
@@ -45,22 +45,21 @@ The command removes all the Kubernetes components associated with the chart and
The following table lists the configurable parameters of the `cluster-gateway-manager` chart and their default values.
-| Parameter | Description | Default |
-|---------------------------------|----------------------------------------|--------------------------------------------------|
-| image | Image of the cluster-gateway instances | oamdev/cluster-gateway-manager |
-| tag | | oamdev/cluster-gateway |
-| clusterGateway.installNamespace | | vela-system |
-| clusterGateway.secretNamespace | | open-cluster-management-credentials |
-| replicas | Number of replicas | 1 |
-| manualSecretManagement | | true |
-| konnectivityEgress | | false |
+| Parameter | Description | Default |
+|---------------------------------|----------------------------------------|--------------------------------------------------------------|
+| image | Image of the cluster-gateway instances | ghcr.io/kluster-manager/cluster-gateway-manager |
+| tag | | ghcr.io/kluster-manager/cluster-gateway |
+| clusterGateway.installNamespace | | cluster-gateway |
+| replicas | Number of replicas | 1 |
+| manualSecretManagement | | false |
+| clusterProxy.enabled | | false |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
```bash
-$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management --create-namespace --version=v2024.2.25 --set image=oamdev/cluster-gateway-manager
+$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management --create-namespace --version=v2024.2.25 --set image=ghcr.io/kluster-manager/cluster-gateway-manager
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while
diff --git a/charts/cluster-gateway-manager/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml b/charts/cluster-gateway-manager/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml
new file mode 100644
index 00000000..465dd73b
--- /dev/null
+++ b/charts/cluster-gateway-manager/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml
@@ -0,0 +1,670 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clustermanagementaddons.addon.open-cluster-management.io
+spec:
+ group: addon.open-cluster-management.io
+ names:
+ kind: ClusterManagementAddOn
+ listKind: ClusterManagementAddOnList
+ plural: clustermanagementaddons
+ shortNames:
+ - cma
+ - cmas
+ singular: clustermanagementaddon
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.addOnMeta.displayName
+ name: DISPLAY NAME
+ type: string
+ - jsonPath: .spec.addOnConfiguration.crdName
+ name: CRD NAME
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ClusterManagementAddOn represents the registration of an add-on
+ to the cluster manager. This resource allows you to discover which add-ons
+ are available for the cluster manager and provides metadata information
+ about the add-ons. The ClusterManagementAddOn name is used for the namespace-scoped
+ ManagedClusterAddOn resource. ClusterManagementAddOn is a cluster-scoped
+ resource.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec represents a desired configuration for the agent on
+ the cluster management add-on.
+ properties:
+ addOnConfiguration:
+ description: 'Deprecated: Use supportedConfigs filed instead addOnConfiguration
+ is a reference to configuration information for the add-on. In scenario
+ where a multiple add-ons share the same add-on CRD, multiple ClusterManagementAddOn
+ resources need to be created and reference the same AddOnConfiguration.'
+ properties:
+ crName:
+ description: crName is the name of the CR used to configure instances
+ of the managed add-on. This field should be configured if add-on
+ CR have a consistent name across the all of the ManagedCluster
+ instaces.
+ type: string
+ crdName:
+ description: crdName is the name of the CRD used to configure
+ instances of the managed add-on. This field should be configured
+ if the add-on have a CRD that controls the configuration of
+ the add-on.
+ type: string
+ lastObservedGeneration:
+ description: lastObservedGeneration is the observed generation
+ of the custom resource for the configuration of the addon.
+ format: int64
+ type: integer
+ type: object
+ addOnMeta:
+ description: addOnMeta is a reference to the metadata information
+ for the add-on.
+ properties:
+ description:
+ description: description represents the detailed description of
+ the add-on.
+ type: string
+ displayName:
+ description: displayName represents the name of add-on that will
+ be displayed.
+ type: string
+ type: object
+ installStrategy:
+ default:
+ type: Manual
+ description: InstallStrategy represents that related ManagedClusterAddOns
+ should be installed on certain clusters.
+ properties:
+ placements:
+ description: Placements is a list of placement references honored
+ when install strategy type is Placements. All clusters selected
+ by these placements will install the addon If one cluster belongs
+ to multiple placements, it will only apply the strategy defined
+ later in the order. That is to say, The latter strategy overrides
+ the previous one.
+ items:
+ properties:
+ configs:
+ description: Configs is the configuration of managedClusterAddon
+ during installation. User can override the configuration
+ by updating the managedClusterAddon directly.
+ items:
+ properties:
+ group:
+ default: ""
+ description: group of the add-on configuration.
+ type: string
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration.
+ If this field is not set, the configuration is in
+ the cluster scope.
+ type: string
+ resource:
+ description: resource of the add-on configuration.
+ minLength: 1
+ type: string
+ required:
+ - name
+ - resource
+ type: object
+ type: array
+ name:
+ description: Name is the name of the placement
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace is the namespace of the placement
+ minLength: 1
+ type: string
+ rolloutStrategy:
+ default:
+ type: All
+ description: The rollout strategy to apply addon configurations
+ change. The rollout strategy only watches the addon configurations
+ defined in ClusterManagementAddOn.
+ properties:
+ all:
+ description: All defines required fields for RolloutStrategy
+ type All
+ properties:
+ maxFailures:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 0
+ description: MaxFailures is a percentage or number
+ of clusters in the current rollout that can fail
+ before proceeding to the next rollout. Fail means
+ the cluster has a failed status or timeout status
+ (does not reach successful status after ProgressDeadline).
+ Once the MaxFailures is breached, the rollout
+ will stop. MaxFailures is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ For Progressive, this is considered over the total
+ number of clusters. For ProgressivePerGroup, this
+ is considered according to the size of the current
+ group. For both Progressive and ProgressivePerGroup,
+ the MaxFailures does not apply for MandatoryDecisionGroups,
+ which tolerate no failures. Default is that no
+ failures are tolerated.
+ pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
+ x-kubernetes-int-or-string: true
+ minSuccessTime:
+ default: "0"
+ description: MinSuccessTime is a "soak" time. In
+ other words, the minimum amount of time the workload
+ applier controller will wait from the start of
+ each rollout before proceeding (assuming a successful
+ state has been reached and MaxFailures wasn't
+ breached). MinSuccessTime is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ The default value is 0 meaning the workload applier
+ proceeds immediately after a successful state
+ is reached. MinSuccessTime must be defined in
+ [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m
+ , 360s
+ type: string
+ progressDeadline:
+ default: None
+ description: ProgressDeadline defines how long workload
+ applier controller will wait for the workload
+ to reach a successful state in the cluster. If
+ the workload does not reach a successful state
+ after ProgressDeadline, will stop waiting and
+ workload will be treated as "timeout" and be counted
+ into MaxFailures. Once the MaxFailures is breached,
+ the rollout will stop. ProgressDeadline default
+ value is "None", meaning the workload applier
+ will wait for a successful state indefinitely.
+ ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s]
+ format examples; 2h , 90m , 360s
+ pattern: ^(([0-9])+[h|m|s])|None$
+ type: string
+ type: object
+ progressive:
+ description: Progressive defines required fields for
+ RolloutStrategy type Progressive
+ properties:
+ mandatoryDecisionGroups:
+ description: List of the decision groups names or
+ indexes to apply the workload first and fail if
+ workload did not reach successful state. GroupName
+ or GroupIndex must match with the decisionGroups
+ defined in the placement's decisionStrategy
+ items:
+ description: MandatoryDecisionGroup set the decision
+ group name or group index. GroupName is considered
+ first to select the decisionGroups then GroupIndex.
+ properties:
+ groupIndex:
+ description: GroupIndex of the decision group
+ should match the placementDecisions label
+ value with label key cluster.open-cluster-management.io/decision-group-index
+ format: int32
+ type: integer
+ groupName:
+ description: GroupName of the decision group
+ should match the placementDecisions label
+ value with label key cluster.open-cluster-management.io/decision-group-name
+ type: string
+ type: object
+ type: array
+ maxConcurrency:
+ anyOf:
+ - type: integer
+ - type: string
+ description: MaxConcurrency is the max number of
+ clusters to deploy workload concurrently. The
+ default value for MaxConcurrency is determined
+ from the clustersPerDecisionGroup defined in the
+ placement->DecisionStrategy.
+ pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
+ x-kubernetes-int-or-string: true
+ maxFailures:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 0
+ description: MaxFailures is a percentage or number
+ of clusters in the current rollout that can fail
+ before proceeding to the next rollout. Fail means
+ the cluster has a failed status or timeout status
+ (does not reach successful status after ProgressDeadline).
+ Once the MaxFailures is breached, the rollout
+ will stop. MaxFailures is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ For Progressive, this is considered over the total
+ number of clusters. For ProgressivePerGroup, this
+ is considered according to the size of the current
+ group. For both Progressive and ProgressivePerGroup,
+ the MaxFailures does not apply for MandatoryDecisionGroups,
+ which tolerate no failures. Default is that no
+ failures are tolerated.
+ pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
+ x-kubernetes-int-or-string: true
+ minSuccessTime:
+ default: "0"
+ description: MinSuccessTime is a "soak" time. In
+ other words, the minimum amount of time the workload
+ applier controller will wait from the start of
+ each rollout before proceeding (assuming a successful
+ state has been reached and MaxFailures wasn't
+ breached). MinSuccessTime is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ The default value is 0 meaning the workload applier
+ proceeds immediately after a successful state
+ is reached. MinSuccessTime must be defined in
+ [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m
+ , 360s
+ type: string
+ progressDeadline:
+ default: None
+ description: ProgressDeadline defines how long workload
+ applier controller will wait for the workload
+ to reach a successful state in the cluster. If
+ the workload does not reach a successful state
+ after ProgressDeadline, will stop waiting and
+ workload will be treated as "timeout" and be counted
+ into MaxFailures. Once the MaxFailures is breached,
+ the rollout will stop. ProgressDeadline default
+ value is "None", meaning the workload applier
+ will wait for a successful state indefinitely.
+ ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s]
+ format examples; 2h , 90m , 360s
+ pattern: ^(([0-9])+[h|m|s])|None$
+ type: string
+ type: object
+ progressivePerGroup:
+ description: ProgressivePerGroup defines required fields
+ for RolloutStrategy type ProgressivePerGroup
+ properties:
+ mandatoryDecisionGroups:
+ description: List of the decision groups names or
+ indexes to apply the workload first and fail if
+ workload did not reach successful state. GroupName
+ or GroupIndex must match with the decisionGroups
+ defined in the placement's decisionStrategy
+ items:
+ description: MandatoryDecisionGroup set the decision
+ group name or group index. GroupName is considered
+ first to select the decisionGroups then GroupIndex.
+ properties:
+ groupIndex:
+ description: GroupIndex of the decision group
+ should match the placementDecisions label
+ value with label key cluster.open-cluster-management.io/decision-group-index
+ format: int32
+ type: integer
+ groupName:
+ description: GroupName of the decision group
+ should match the placementDecisions label
+ value with label key cluster.open-cluster-management.io/decision-group-name
+ type: string
+ type: object
+ type: array
+ maxFailures:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 0
+ description: MaxFailures is a percentage or number
+ of clusters in the current rollout that can fail
+ before proceeding to the next rollout. Fail means
+ the cluster has a failed status or timeout status
+ (does not reach successful status after ProgressDeadline).
+ Once the MaxFailures is breached, the rollout
+ will stop. MaxFailures is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ For Progressive, this is considered over the total
+ number of clusters. For ProgressivePerGroup, this
+ is considered according to the size of the current
+ group. For both Progressive and ProgressivePerGroup,
+ the MaxFailures does not apply for MandatoryDecisionGroups,
+ which tolerate no failures. Default is that no
+ failures are tolerated.
+ pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
+ x-kubernetes-int-or-string: true
+ minSuccessTime:
+ default: "0"
+ description: MinSuccessTime is a "soak" time. In
+ other words, the minimum amount of time the workload
+ applier controller will wait from the start of
+ each rollout before proceeding (assuming a successful
+ state has been reached and MaxFailures wasn't
+ breached). MinSuccessTime is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ The default value is 0 meaning the workload applier
+ proceeds immediately after a successful state
+ is reached. MinSuccessTime must be defined in
+ [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m
+ , 360s
+ type: string
+ progressDeadline:
+ default: None
+ description: ProgressDeadline defines how long workload
+ applier controller will wait for the workload
+ to reach a successful state in the cluster. If
+ the workload does not reach a successful state
+ after ProgressDeadline, will stop waiting and
+ workload will be treated as "timeout" and be counted
+ into MaxFailures. Once the MaxFailures is breached,
+ the rollout will stop. ProgressDeadline default
+ value is "None", meaning the workload applier
+ will wait for a successful state indefinitely.
+ ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s]
+ format examples; 2h , 90m , 360s
+ pattern: ^(([0-9])+[h|m|s])|None$
+ type: string
+ type: object
+ type:
+ default: All
+ enum:
+ - All
+ - Progressive
+ - ProgressivePerGroup
+ type: string
+ type: object
+ required:
+ - name
+ - namespace
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ type:
+ default: Manual
+ description: 'Type is the type of the install strategy, it can
+ be: - Manual: no automatic install - Placements: install to
+ clusters selected by placements.'
+ enum:
+ - Manual
+ - Placements
+ type: string
+ type: object
+ supportedConfigs:
+ description: supportedConfigs is a list of configuration types supported
+ by add-on. An empty list means the add-on does not require configurations.
+ The default is an empty list
+ items:
+ description: ConfigMeta represents a collection of metadata information
+ for add-on configuration.
+ properties:
+ defaultConfig:
+ description: defaultConfig represents the namespace and name
+ of the default add-on configuration. In scenario where all
+ add-ons have a same configuration.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration. If this
+ field is not set, the configuration is in the cluster
+ scope.
+ type: string
+ required:
+ - name
+ type: object
+ group:
+ default: ""
+ description: group of the add-on configuration.
+ type: string
+ resource:
+ description: resource of the add-on configuration.
+ minLength: 1
+ type: string
+ required:
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ x-kubernetes-list-type: map
+ type: object
+ status:
+ description: status represents the current status of cluster management
+ add-on.
+ properties:
+ defaultconfigReferences:
+ description: defaultconfigReferences is a list of current add-on default
+ configuration references.
+ items:
+ description: DefaultConfigReference is a reference to the current
+ add-on configuration. This resource is used to record the configuration
+ resource for the current add-on.
+ properties:
+ desiredConfig:
+ description: desiredConfig record the desired config spec hash.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration. If this
+ field is not set, the configuration is in the cluster
+ scope.
+ type: string
+ specHash:
+ description: spec hash for an add-on configuration.
+ type: string
+ required:
+ - name
+ type: object
+ group:
+ default: ""
+ description: group of the add-on configuration.
+ type: string
+ resource:
+ description: resource of the add-on configuration.
+ minLength: 1
+ type: string
+ required:
+ - resource
+ type: object
+ type: array
+ installProgressions:
+ description: installProgression is a list of current add-on configuration
+ references per placement.
+ items:
+ properties:
+ conditions:
+ description: conditions describe the state of the managed and
+ monitored components for the operator.
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource. --- This struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example, \n type FooStatus struct{
+ // Represents the observations of a foo's current state.
+ // Known .status.conditions.type are: \"Available\", \"Progressing\",
+ and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
+ }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should
+ be when the underlying condition changed. If that is
+ not known, then using the time when the API field changed
+ is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance,
+ if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the
+ current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier
+ indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected
+ values and meanings for this field, and whether the
+ values are considered a guaranteed API. The value should
+ be a CamelCase string. This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across
+ resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability
+ to deconflict is important. The regex it matches is
+ (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ configReferences:
+ description: configReferences is a list of current add-on configuration
+ references.
+ items:
+ description: InstallConfigReference is a reference to the
+ current add-on configuration. This resource is used to record
+ the configuration resource for the current add-on.
+ properties:
+ desiredConfig:
+ description: desiredConfig record the desired config name
+ and spec hash.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration.
+ If this field is not set, the configuration is in
+ the cluster scope.
+ type: string
+ specHash:
+ description: spec hash for an add-on configuration.
+ type: string
+ required:
+ - name
+ type: object
+ group:
+ default: ""
+ description: group of the add-on configuration.
+ type: string
+ lastAppliedConfig:
+ description: lastAppliedConfig records the config spec
+ hash when the all the corresponding ManagedClusterAddOn
+ are applied successfully.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration.
+ If this field is not set, the configuration is in
+ the cluster scope.
+ type: string
+ specHash:
+ description: spec hash for an add-on configuration.
+ type: string
+ required:
+ - name
+ type: object
+ lastKnownGoodConfig:
+ description: lastKnownGoodConfig records the last known
+ good config spec hash. For fresh install or rollout
+ with type UpdateAll or RollingUpdate, the lastKnownGoodConfig
+ is the same as lastAppliedConfig. For rollout with type
+ RollingUpdateWithCanary, the lastKnownGoodConfig is
+ the last successfully applied config spec hash of the
+ canary placement.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration.
+ If this field is not set, the configuration is in
+ the cluster scope.
+ type: string
+ specHash:
+ description: spec hash for an add-on configuration.
+ type: string
+ required:
+ - name
+ type: object
+ resource:
+ description: resource of the add-on configuration.
+ minLength: 1
+ type: string
+ required:
+ - resource
+ type: object
+ type: array
+ name:
+ description: Name is the name of the placement
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace is the namespace of the placement
+ minLength: 1
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/cluster-gateway-manager/crds/clustergatewayconfigurations.yaml b/charts/cluster-gateway-manager/crds/proxy.open-cluster-management.io_clustergatewayconfigurations.yaml
similarity index 98%
rename from charts/cluster-gateway-manager/crds/clustergatewayconfigurations.yaml
rename to charts/cluster-gateway-manager/crds/proxy.open-cluster-management.io_clustergatewayconfigurations.yaml
index b678a8ac..1112fc24 100644
--- a/charts/cluster-gateway-manager/crds/clustergatewayconfigurations.yaml
+++ b/charts/cluster-gateway-manager/crds/proxy.open-cluster-management.io_clustergatewayconfigurations.yaml
@@ -1,11 +1,8 @@
-
----
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
- creationTimestamp: null
name: clustergatewayconfigurations.proxy.open-cluster-management.io
spec:
group: proxy.open-cluster-management.io
@@ -174,9 +171,3 @@ spec:
storage: true
subresources:
status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/cluster-gateway-manager/templates/clustergatewayconfiguration.yaml b/charts/cluster-gateway-manager/templates/clustergatewayconfiguration.yaml
index 6736d796..a9ee0e98 100644
--- a/charts/cluster-gateway-manager/templates/clustergatewayconfiguration.yaml
+++ b/charts/cluster-gateway-manager/templates/clustergatewayconfiguration.yaml
@@ -1,11 +1,10 @@
-apiVersion: proxy.open-cluster-management.io/v1alpha1
+apiVersion: config.gateway.open-cluster-management.io/v1alpha1
kind: ClusterGatewayConfiguration
metadata:
name: cluster-gateway
spec:
image: {{ .Values.clusterGateway.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }}
installNamespace: {{ .Values.clusterGateway.installNamespace }}
- secretNamespace: {{ .Values.clusterGateway.secretNamespace }}
secretManagement:
{{ if .Values.manualSecretManagement }}
type: Manual
@@ -15,8 +14,7 @@ spec:
name: cluster-gateway
{{ end }}
egress:
- {{ if .Values.konnectivityEgress }}
- type: ClusterProxy
+ {{ if .Values.clusterProxy.enabled }}
clusterProxy:
proxyServerHost: "proxy-entrypoint.open-cluster-management-addon"
proxyServerPort: 8090
@@ -24,6 +22,4 @@ spec:
namespace: open-cluster-management-addon
proxyClientCASecretName: proxy-server-ca
proxyClientSecretName: proxy-client
- {{ else }}
- type: Direct
{{ end }}
diff --git a/charts/cluster-gateway-manager/templates/clustermanagementaddon.yaml b/charts/cluster-gateway-manager/templates/clustermanagementaddon.yaml
index f8357119..42851005 100644
--- a/charts/cluster-gateway-manager/templates/clustermanagementaddon.yaml
+++ b/charts/cluster-gateway-manager/templates/clustermanagementaddon.yaml
@@ -6,6 +6,8 @@ spec:
addOnMeta:
displayName: cluster-gateway
description: cluster-gateway
- addOnConfiguration:
- crdName: clustergatewayconfigurations.proxy.open-cluster-management.io
- crName: cluster-gateway
+ supportedConfigs:
+ - group: config.gateway.open-cluster-management.io
+ resource: clustergatewayconfigurations
+ defaultConfig:
+ name: cluster-gateway
diff --git a/charts/cluster-gateway-manager/templates/clusterrolebindings.yaml b/charts/cluster-gateway-manager/templates/clusterrolebindings.yaml
index 59e84984..56d074e6 100644
--- a/charts/cluster-gateway-manager/templates/clusterrolebindings.yaml
+++ b/charts/cluster-gateway-manager/templates/clusterrolebindings.yaml
@@ -1,11 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:addon-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:addon-manager
subjects:
- kind: ServiceAccount
name: cluster-gateway-manager
diff --git a/charts/cluster-gateway-manager/templates/clusterroles.yaml b/charts/cluster-gateway-manager/templates/clusterroles.yaml
index 55776083..61b28ab5 100644
--- a/charts/cluster-gateway-manager/templates/clusterroles.yaml
+++ b/charts/cluster-gateway-manager/templates/clusterroles.yaml
@@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:addon-manager
rules:
- apiGroups:
- cluster.open-cluster-management.io
@@ -18,13 +18,13 @@ rules:
verbs:
- "*"
- apiGroups:
- - proxy.open-cluster-management.io
+ - config.gateway.open-cluster-management.io
resources:
- clustergatewayconfigurations
verbs:
- "*"
- apiGroups:
- - cluster.core.oam.dev
+ - gateway.open-cluster-management.io
resources:
- clustergateways/health
- clustergateways/proxy
diff --git a/charts/cluster-gateway-manager/templates/rolebinder-kubesystem.yaml b/charts/cluster-gateway-manager/templates/rolebinder-kubesystem.yaml
deleted file mode 100644
index e4b4c332..00000000
--- a/charts/cluster-gateway-manager/templates/rolebinder-kubesystem.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: open-cluster-management:cluster-gateway:role-grantor
- namespace: kube-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: open-cluster-management:cluster-gateway:managedcluster-reader
-subjects:
- - kind: ServiceAccount
- name: cluster-gateway-manager
- namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/cluster-gateway-manager/templates/rolebinder.yaml b/charts/cluster-gateway-manager/templates/rolebinder.yaml
deleted file mode 100644
index c2007c76..00000000
--- a/charts/cluster-gateway-manager/templates/rolebinder.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: open-cluster-management:cluster-gateway:role-grantor
- namespace: {{ .Release.Namespace }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: open-cluster-management:cluster-gateway:managedcluster-reader
-subjects:
- - kind: ServiceAccount
- name: cluster-gateway-manager
- namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/cluster-gateway-manager/values.yaml b/charts/cluster-gateway-manager/values.yaml
index a40e8b31..9813dc88 100644
--- a/charts/cluster-gateway-manager/values.yaml
+++ b/charts/cluster-gateway-manager/values.yaml
@@ -1,14 +1,14 @@
# Image of the cluster-gateway instances
-image: oamdev/cluster-gateway-manager
+image: ghcr.io/kluster-manager/cluster-gateway-manager
tag:
clusterGateway:
- image: oamdev/cluster-gateway
- installNamespace: vela-system
- secretNamespace: open-cluster-management-credentials
+ image: ghcr.io/kluster-manager/cluster-gateway
+ installNamespace: cluster-gateway
# Number of replicas
replicas: 1
-manualSecretManagement: true
-konnectivityEgress: false
\ No newline at end of file
+manualSecretManagement: false
+clusterProxy:
+ enabled: false
diff --git a/charts/cluster-gateway/README.md b/charts/cluster-gateway/README.md
index 53ad76a5..35e5ee87 100644
--- a/charts/cluster-gateway/README.md
+++ b/charts/cluster-gateway/README.md
@@ -45,18 +45,15 @@ The command removes all the Kubernetes components associated with the chart and
The following table lists the configurable parameters of the `cluster-gateway` chart and their default values.
-| Parameter | Description | Default |
-|-------------------------------------------|-------------------------------------------------|---------------------------------------------------------------------|
-| image | Image of the cluster-gateway instances | oamdev/cluster-gateway |
-| tag | | 1 |
-| secretNamespace | A secured namespace for reading cluster secrets | open-cluster-management-credentials |
-| ocmIntegration.enabled | | false |
-| ocmIntegration.clusterProxy.enabled | | false |
-| ocmIntegration.clusterProxy.endpoint.host | | proxy-entrypoint.open-cluster-management-cluster-proxy |
-| ocmIntegration.clusterProxy.endpoint.port | | 8090 |
-| featureGate.healthiness | | false |
-| featureGate.secretCache | | false |
+| Parameter | Description | Default |
+|----------------------------|----------------------------------------|---------------------------------------------------------------------|
+| image | Image of the cluster-gateway instances | oamdev/cluster-gateway |
+| tag | | 1 |
+| clusterProxy.enabled | | false |
+| clusterProxy.endpoint.host | | proxy-entrypoint.open-cluster-management-cluster-proxy |
+| clusterProxy.endpoint.port | | 8090 |
+| featureGate.healthiness | | false |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
diff --git a/charts/cluster-gateway/templates/apiservice.yaml b/charts/cluster-gateway/templates/apiservice.yaml
index 48e42b3b..40759de8 100644
--- a/charts/cluster-gateway/templates/apiservice.yaml
+++ b/charts/cluster-gateway/templates/apiservice.yaml
@@ -1,13 +1,13 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
- name: v1alpha1.cluster.core.oam.dev
+ name: v1alpha1.gateway.open-cluster-management.io
labels:
api: cluster-extension-apiserver
apiserver: "true"
spec:
version: v1alpha1
- group: cluster.core.oam.dev
+ group: gateway.open-cluster-management.io
groupPriorityMinimum: 2000
service:
name: gateway-service
diff --git a/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml b/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml
index b535a80a..090c2199 100644
--- a/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml
+++ b/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml
@@ -29,20 +29,16 @@ spec:
imagePullPolicy: IfNotPresent
args:
- --secure-port=9443
- - --secret-namespace={{ .Values.secretNamespace }}
- {{ if .Values.ocmIntegration.enabled }}
- - --ocm-integration=true
- {{ if .Values.ocmIntegration.clusterProxy.enabled }}
- - --proxy-host={{ .Values.ocmIntegration.clusterProxy.endpoint.host }}
- - --proxy-port={{ .Values.ocmIntegration.clusterProxy.endpoint.port }}
+ {{ if .Values.clusterProxy.enabled }}
+ - --proxy-host={{ .Values.clusterProxy.endpoint.host }}
+ - --proxy-port={{ .Values.clusterProxy.endpoint.port }}
- --proxy-ca-cert=/etc/ca/ca.crt
- --proxy-cert=/etc/tls/tls.crt
- --proxy-key=/etc/tls/tls.key
{{ end }}
- {{ end }}
- - --feature-gates={{ if .Values.featureGate.healthiness }}HealthinessCheck=true,{{ end }}{{ if .Values.featureGate.secretCache }}SecretCache=true,{{ end }}
+ - --feature-gates={{ if .Values.featureGate.healthiness }}HealthinessCheck=true,{{ end }}
# TODO: certificate rotation, otherwise the self-signed will expire in 1 year
- {{ if .Values.ocmIntegration.clusterProxy.enabled }}
+ {{ if .Values.clusterProxy.enabled }}
volumeMounts:
- name: proxy-client
mountPath: "/etc/tls/"
diff --git a/charts/cluster-gateway/templates/clusterrolebindings.yaml b/charts/cluster-gateway/templates/clusterrolebindings.yaml
index 9e4264d1..31ae7294 100644
--- a/charts/cluster-gateway/templates/clusterrolebindings.yaml
+++ b/charts/cluster-gateway/templates/clusterrolebindings.yaml
@@ -1,11 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:apiserver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:apiserver
subjects:
- kind: ServiceAccount
name: cluster-gateway
diff --git a/charts/cluster-gateway/templates/clusterroles.yaml b/charts/cluster-gateway/templates/clusterroles.yaml
index 898c48d9..a280316c 100644
--- a/charts/cluster-gateway/templates/clusterroles.yaml
+++ b/charts/cluster-gateway/templates/clusterroles.yaml
@@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:apiserver
rules:
- apiGroups:
- cluster.open-cluster-management.io
@@ -42,4 +42,27 @@ rules:
resources:
- subjectaccessreviews
verbs:
- - "*"
\ No newline at end of file
+ - "*"
+ # read/update managed cluster addons
+ - apiGroups:
+ - addon.open-cluster-management.io
+ resources:
+ - managedclusteraddons
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ # read managed service account credentials
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ resourceNames:
+ - cluster-gateway
diff --git a/charts/cluster-gateway/templates/secret-namespace.yaml b/charts/cluster-gateway/templates/secret-namespace.yaml
deleted file mode 100644
index 9d2f362d..00000000
--- a/charts/cluster-gateway/templates/secret-namespace.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
- name: {{ .Values.secretNamespace }}
\ No newline at end of file
diff --git a/charts/cluster-gateway/templates/secret-rolebindings.yaml b/charts/cluster-gateway/templates/secret-rolebindings.yaml
deleted file mode 100644
index ad3d6706..00000000
--- a/charts/cluster-gateway/templates/secret-rolebindings.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: cluster-gateway-secret-reader
- namespace: {{ .Values.secretNamespace }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: cluster-gateway-secret-reader
-subjects:
- - kind: ServiceAccount
- name: cluster-gateway
- namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/cluster-gateway/templates/secret-roles.yaml b/charts/cluster-gateway/templates/secret-roles.yaml
deleted file mode 100644
index 2db55f10..00000000
--- a/charts/cluster-gateway/templates/secret-roles.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: cluster-gateway-secret-reader
- namespace: {{ .Values.secretNamespace }}
-rules:
- - apiGroups:
- - ""
- resources:
- - "secrets"
- verbs:
- - "*"
diff --git a/charts/cluster-gateway/values.yaml b/charts/cluster-gateway/values.yaml
index 4d1b13d1..bcb9e392 100644
--- a/charts/cluster-gateway/values.yaml
+++ b/charts/cluster-gateway/values.yaml
@@ -5,17 +5,12 @@ tag:
# Number of replicas
replicas: 1
-# A secured namespace for reading cluster secrets
-secretNamespace: open-cluster-management-credentials
-ocmIntegration:
+clusterProxy:
enabled: false
- clusterProxy:
- enabled: false
- endpoint:
- host: proxy-entrypoint.open-cluster-management-cluster-proxy
- port: 8090
+ endpoint:
+ host: proxy-entrypoint.open-cluster-management-cluster-proxy
+ port: 8090
featureGate:
healthiness: false
- secretCache: false
\ No newline at end of file
diff --git a/hack/scripts/import-crds.sh b/hack/scripts/import-crds.sh
index e26cf409..ce5614c0 100755
--- a/hack/scripts/import-crds.sh
+++ b/hack/scripts/import-crds.sh
@@ -34,7 +34,7 @@ crd-importer \
--out=./charts/cluster-auth-manager/crds
crd-importer \
- --input=https://github.com/kluster-manager/cluster-gateway/raw/master/hack/crd/bases/proxy.open-cluster-management.io_clustergatewayconfigurations.yaml \
+ --input=https://github.com/oam-dev/cluster-gateway/raw/master/hack/crd/bases/proxy.open-cluster-management.io_clustergatewayconfigurations.yaml \
--input=https://github.com/open-cluster-management-io/api/raw/${OPEN_CLUSTER_MANAGEMENT_IO_API_TAG}/addon/v1alpha1/0000_00_addon.open-cluster-management.io_clustermanagementaddons.crd.yaml \
--out=./charts/cluster-gateway-manager/crds