diff --git a/charts/cluster-auth-manager/common/gateway_cluster_role.yaml b/charts/cluster-auth-manager/common/gateway_cluster_role.yaml
index d0bb7096..4c146f90 100644
--- a/charts/cluster-auth-manager/common/gateway_cluster_role.yaml
+++ b/charts/cluster-auth-manager/common/gateway_cluster_role.yaml
@@ -4,10 +4,18 @@ kind: ClusterRole
metadata:
name: open-cluster-management:cluster-gateway:proxy
rules:
+ - apiGroups:
+ - gateway.open-cluster-management.io
+ resources:
+ - clustergateways
+ verbs: ["get", "list", "watch"]
- apiGroups:
- gateway.open-cluster-management.io
resources:
- clustergateways/health
+ verbs: ["get"]
+ - apiGroups:
+ - gateway.open-cluster-management.io
+ resources:
- clustergateways/proxy
- verbs:
- - "*"
+ verbs: ["*"]
diff --git a/charts/cluster-gateway-manager/README.md b/charts/cluster-gateway-manager/README.md
index a8fdcd13..86e28269 100644
--- a/charts/cluster-gateway-manager/README.md
+++ b/charts/cluster-gateway-manager/README.md
@@ -8,7 +8,7 @@
$ helm repo add appscode https://charts.appscode.com/stable
$ helm repo update
$ helm search repo appscode/cluster-gateway-manager --version=v2024.2.25
-$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management --create-namespace --version=v2024.2.25
+$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management-cluster-gateway --create-namespace --version=v2024.2.25
```
## Introduction
@@ -24,7 +24,7 @@ This chart deploys a cluster-gateway-manager on a [Kubernetes](http://kubernetes
To install/upgrade the chart with the release name `cluster-gateway-manager`:
```bash
-$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management --create-namespace --version=v2024.2.25
+$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management-cluster-gateway --create-namespace --version=v2024.2.25
```
The command deploys a cluster-gateway-manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -36,7 +36,7 @@ The command deploys a cluster-gateway-manager on the Kubernetes cluster in the d
To uninstall the `cluster-gateway-manager`:
```bash
-$ helm uninstall cluster-gateway-manager -n open-cluster-management
+$ helm uninstall cluster-gateway-manager -n open-cluster-management-cluster-gateway
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
@@ -45,27 +45,37 @@ The command removes all the Kubernetes components associated with the chart and
The following table lists the configurable parameters of the `cluster-gateway-manager` chart and their default values.
-| Parameter | Description | Default |
-|---------------------------------|----------------------------------------|--------------------------------------------------|
-| image | Image of the cluster-gateway instances | oamdev/cluster-gateway-manager
|
-| tag | |
|
-| clusterGateway.image | | oamdev/cluster-gateway
|
-| clusterGateway.installNamespace | | vela-system
|
-| clusterGateway.secretNamespace | | open-cluster-management-credentials
|
-| replicas | Number of replicas | 1
|
-| manualSecretManagement | | true
|
-| konnectivityEgress | | false
|
+| Parameter | Description | Default |
+|--------------------------------------------------|----------------------------------------|-------------------------------------------------------------------|
+| nameOverride | | ""
|
+| fullnameOverride | | ""
|
+| image | Image of the cluster-gateway instances | ghcr.io/kluster-manager/cluster-gateway-manager
|
+| tag | | latest
|
+| clusterGateway.image | | ghcr.io/kluster-manager/cluster-gateway
|
+| replicas | Number of replicas | 1
|
+| manualSecretManagement | | false
|
+| clusterProxy.enabled | | true
|
+| clusterProxy.proxyServerHost | | "proxy-entrypoint.open-cluster-management-addon.svc"
|
+| clusterProxy.proxyServerPort | | 8090
|
+| clusterProxy.credentials.namespace | | open-cluster-management-addon
|
+| clusterProxy.credentials.proxyClientCASecretName | | proxy-server-ca
|
+| clusterProxy.credentials.proxyClientSecretName | | proxy-client
|
+| kubeconfigSecretName | | ""
|
+| addonManagerNamespace | | open-cluster-management-cluster-gateway
|
+| placement.create | | true
|
+| placement.name | | global
|
+| kubectl.image | | ghcr.io/appscode/kubectl-nonroot:1.25
|
Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
```bash
-$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management --create-namespace --version=v2024.2.25 --set image=oamdev/cluster-gateway-manager
+$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management-cluster-gateway --create-namespace --version=v2024.2.25 --set image=ghcr.io/kluster-manager/cluster-gateway-manager
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while
installing the chart. For example:
```bash
-$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management --create-namespace --version=v2024.2.25 --values values.yaml
+$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management-cluster-gateway --create-namespace --version=v2024.2.25 --values values.yaml
```
diff --git a/charts/cluster-gateway-manager/common/addon/clustergatewayconfiguration.yaml b/charts/cluster-gateway-manager/common/addon/clustergatewayconfiguration.yaml
new file mode 100644
index 00000000..0492486a
--- /dev/null
+++ b/charts/cluster-gateway-manager/common/addon/clustergatewayconfiguration.yaml
@@ -0,0 +1,19 @@
+apiVersion: config.gateway.open-cluster-management.io/v1alpha1
+kind: ClusterGatewayConfiguration
+metadata:
+ name: cluster-gateway
+spec:
+ image: {{ .Values.clusterGateway.image }}:{{ .Values.tag | default .Chart.AppVersion }}
+ secretManagement:
+ {{ if .Values.manualSecretManagement }}
+ type: Manual
+ {{ else }}
+ type: ManagedServiceAccount
+ managedServiceAccount:
+ name: cluster-gateway
+ {{ end }}
+ egress:
+ {{- if .Values.clusterProxy.enabled }}
+ clusterProxy:
+ {{- omit .Values.clusterProxy "enabled" | toYaml | nindent 6 }}
+ {{- end }}
diff --git a/charts/cluster-gateway-manager/common/addon/clustermanagementaddon.yaml b/charts/cluster-gateway-manager/common/addon/clustermanagementaddon.yaml
new file mode 100644
index 00000000..970e68e5
--- /dev/null
+++ b/charts/cluster-gateway-manager/common/addon/clustermanagementaddon.yaml
@@ -0,0 +1,20 @@
+apiVersion: addon.open-cluster-management.io/v1alpha1
+kind: ClusterManagementAddOn
+metadata:
+ name: cluster-gateway
+ annotations:
+ addon.open-cluster-management.io/lifecycle: "addon-manager"
+spec:
+ addOnMeta:
+ displayName: {{ .Chart.Name }}
+ description: {{ .Chart.Description }}
+ installStrategy:
+ type: Placements
+ placements:
+ - name: {{ .Values.placement.name }}
+ namespace: {{ include "cluster-gateway-manager.namespace" . }}
+ supportedConfigs:
+ - group: config.gateway.open-cluster-management.io
+ resource: clustergatewayconfigurations
+ defaultConfig:
+ name: cluster-gateway
diff --git a/charts/cluster-gateway-manager/common/addon/clustersetbinding.yaml b/charts/cluster-gateway-manager/common/addon/clustersetbinding.yaml
new file mode 100644
index 00000000..e17c761b
--- /dev/null
+++ b/charts/cluster-gateway-manager/common/addon/clustersetbinding.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.placement.create }}
+
+apiVersion: cluster.open-cluster-management.io/v1beta2
+kind: ManagedClusterSetBinding
+metadata:
+ name: global
+ namespace: {{ include "cluster-gateway-manager.namespace" . }}
+spec:
+ clusterSet: global
+
+{{- end }}
diff --git a/charts/cluster-gateway-manager/common/addon/placement.yaml b/charts/cluster-gateway-manager/common/addon/placement.yaml
new file mode 100644
index 00000000..33a1a6bb
--- /dev/null
+++ b/charts/cluster-gateway-manager/common/addon/placement.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.placement.create }}
+
+apiVersion: cluster.open-cluster-management.io/v1beta1
+kind: Placement
+metadata:
+ name: {{ .Values.placement.name }}
+ namespace: {{ include "cluster-gateway-manager.namespace" . }}
+spec:
+ clusterSets:
+ - global
+
+{{- end }}
diff --git a/charts/cluster-gateway-manager/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml b/charts/cluster-gateway-manager/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml
new file mode 100644
index 00000000..465dd73b
--- /dev/null
+++ b/charts/cluster-gateway-manager/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml
@@ -0,0 +1,670 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clustermanagementaddons.addon.open-cluster-management.io
+spec:
+ group: addon.open-cluster-management.io
+ names:
+ kind: ClusterManagementAddOn
+ listKind: ClusterManagementAddOnList
+ plural: clustermanagementaddons
+ shortNames:
+ - cma
+ - cmas
+ singular: clustermanagementaddon
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.addOnMeta.displayName
+ name: DISPLAY NAME
+ type: string
+ - jsonPath: .spec.addOnConfiguration.crdName
+ name: CRD NAME
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ClusterManagementAddOn represents the registration of an add-on
+ to the cluster manager. This resource allows you to discover which add-ons
+ are available for the cluster manager and provides metadata information
+ about the add-ons. The ClusterManagementAddOn name is used for the namespace-scoped
+ ManagedClusterAddOn resource. ClusterManagementAddOn is a cluster-scoped
+ resource.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec represents a desired configuration for the agent on
+ the cluster management add-on.
+ properties:
+ addOnConfiguration:
+ description: 'Deprecated: Use supportedConfigs filed instead addOnConfiguration
+ is a reference to configuration information for the add-on. In scenario
+ where a multiple add-ons share the same add-on CRD, multiple ClusterManagementAddOn
+ resources need to be created and reference the same AddOnConfiguration.'
+ properties:
+ crName:
+ description: crName is the name of the CR used to configure instances
+ of the managed add-on. This field should be configured if add-on
+ CR have a consistent name across the all of the ManagedCluster
+ instaces.
+ type: string
+ crdName:
+ description: crdName is the name of the CRD used to configure
+ instances of the managed add-on. This field should be configured
+ if the add-on have a CRD that controls the configuration of
+ the add-on.
+ type: string
+ lastObservedGeneration:
+ description: lastObservedGeneration is the observed generation
+ of the custom resource for the configuration of the addon.
+ format: int64
+ type: integer
+ type: object
+ addOnMeta:
+ description: addOnMeta is a reference to the metadata information
+ for the add-on.
+ properties:
+ description:
+ description: description represents the detailed description of
+ the add-on.
+ type: string
+ displayName:
+ description: displayName represents the name of add-on that will
+ be displayed.
+ type: string
+ type: object
+ installStrategy:
+ default:
+ type: Manual
+ description: InstallStrategy represents that related ManagedClusterAddOns
+ should be installed on certain clusters.
+ properties:
+ placements:
+ description: Placements is a list of placement references honored
+ when install strategy type is Placements. All clusters selected
+ by these placements will install the addon If one cluster belongs
+ to multiple placements, it will only apply the strategy defined
+ later in the order. That is to say, The latter strategy overrides
+ the previous one.
+ items:
+ properties:
+ configs:
+ description: Configs is the configuration of managedClusterAddon
+ during installation. User can override the configuration
+ by updating the managedClusterAddon directly.
+ items:
+ properties:
+ group:
+ default: ""
+ description: group of the add-on configuration.
+ type: string
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration.
+ If this field is not set, the configuration is in
+ the cluster scope.
+ type: string
+ resource:
+ description: resource of the add-on configuration.
+ minLength: 1
+ type: string
+ required:
+ - name
+ - resource
+ type: object
+ type: array
+ name:
+ description: Name is the name of the placement
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace is the namespace of the placement
+ minLength: 1
+ type: string
+ rolloutStrategy:
+ default:
+ type: All
+ description: The rollout strategy to apply addon configurations
+ change. The rollout strategy only watches the addon configurations
+ defined in ClusterManagementAddOn.
+ properties:
+ all:
+ description: All defines required fields for RolloutStrategy
+ type All
+ properties:
+ maxFailures:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 0
+ description: MaxFailures is a percentage or number
+ of clusters in the current rollout that can fail
+ before proceeding to the next rollout. Fail means
+ the cluster has a failed status or timeout status
+ (does not reach successful status after ProgressDeadline).
+ Once the MaxFailures is breached, the rollout
+ will stop. MaxFailures is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ For Progressive, this is considered over the total
+ number of clusters. For ProgressivePerGroup, this
+ is considered according to the size of the current
+ group. For both Progressive and ProgressivePerGroup,
+ the MaxFailures does not apply for MandatoryDecisionGroups,
+ which tolerate no failures. Default is that no
+ failures are tolerated.
+ pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
+ x-kubernetes-int-or-string: true
+ minSuccessTime:
+ default: "0"
+ description: MinSuccessTime is a "soak" time. In
+ other words, the minimum amount of time the workload
+ applier controller will wait from the start of
+ each rollout before proceeding (assuming a successful
+ state has been reached and MaxFailures wasn't
+ breached). MinSuccessTime is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ The default value is 0 meaning the workload applier
+ proceeds immediately after a successful state
+ is reached. MinSuccessTime must be defined in
+ [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m
+ , 360s
+ type: string
+ progressDeadline:
+ default: None
+ description: ProgressDeadline defines how long workload
+ applier controller will wait for the workload
+ to reach a successful state in the cluster. If
+ the workload does not reach a successful state
+ after ProgressDeadline, will stop waiting and
+ workload will be treated as "timeout" and be counted
+ into MaxFailures. Once the MaxFailures is breached,
+ the rollout will stop. ProgressDeadline default
+ value is "None", meaning the workload applier
+ will wait for a successful state indefinitely.
+ ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s]
+ format examples; 2h , 90m , 360s
+ pattern: ^(([0-9])+[h|m|s])|None$
+ type: string
+ type: object
+ progressive:
+ description: Progressive defines required fields for
+ RolloutStrategy type Progressive
+ properties:
+ mandatoryDecisionGroups:
+ description: List of the decision groups names or
+ indexes to apply the workload first and fail if
+ workload did not reach successful state. GroupName
+ or GroupIndex must match with the decisionGroups
+ defined in the placement's decisionStrategy
+ items:
+ description: MandatoryDecisionGroup set the decision
+ group name or group index. GroupName is considered
+ first to select the decisionGroups then GroupIndex.
+ properties:
+ groupIndex:
+ description: GroupIndex of the decision group
+ should match the placementDecisions label
+ value with label key cluster.open-cluster-management.io/decision-group-index
+ format: int32
+ type: integer
+ groupName:
+ description: GroupName of the decision group
+ should match the placementDecisions label
+ value with label key cluster.open-cluster-management.io/decision-group-name
+ type: string
+ type: object
+ type: array
+ maxConcurrency:
+ anyOf:
+ - type: integer
+ - type: string
+ description: MaxConcurrency is the max number of
+ clusters to deploy workload concurrently. The
+ default value for MaxConcurrency is determined
+ from the clustersPerDecisionGroup defined in the
+ placement->DecisionStrategy.
+ pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
+ x-kubernetes-int-or-string: true
+ maxFailures:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 0
+ description: MaxFailures is a percentage or number
+ of clusters in the current rollout that can fail
+ before proceeding to the next rollout. Fail means
+ the cluster has a failed status or timeout status
+ (does not reach successful status after ProgressDeadline).
+ Once the MaxFailures is breached, the rollout
+ will stop. MaxFailures is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ For Progressive, this is considered over the total
+ number of clusters. For ProgressivePerGroup, this
+ is considered according to the size of the current
+ group. For both Progressive and ProgressivePerGroup,
+ the MaxFailures does not apply for MandatoryDecisionGroups,
+ which tolerate no failures. Default is that no
+ failures are tolerated.
+ pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
+ x-kubernetes-int-or-string: true
+ minSuccessTime:
+ default: "0"
+ description: MinSuccessTime is a "soak" time. In
+ other words, the minimum amount of time the workload
+ applier controller will wait from the start of
+ each rollout before proceeding (assuming a successful
+ state has been reached and MaxFailures wasn't
+ breached). MinSuccessTime is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ The default value is 0 meaning the workload applier
+ proceeds immediately after a successful state
+ is reached. MinSuccessTime must be defined in
+ [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m
+ , 360s
+ type: string
+ progressDeadline:
+ default: None
+ description: ProgressDeadline defines how long workload
+ applier controller will wait for the workload
+ to reach a successful state in the cluster. If
+ the workload does not reach a successful state
+ after ProgressDeadline, will stop waiting and
+ workload will be treated as "timeout" and be counted
+ into MaxFailures. Once the MaxFailures is breached,
+ the rollout will stop. ProgressDeadline default
+ value is "None", meaning the workload applier
+ will wait for a successful state indefinitely.
+ ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s]
+ format examples; 2h , 90m , 360s
+ pattern: ^(([0-9])+[h|m|s])|None$
+ type: string
+ type: object
+ progressivePerGroup:
+ description: ProgressivePerGroup defines required fields
+ for RolloutStrategy type ProgressivePerGroup
+ properties:
+ mandatoryDecisionGroups:
+ description: List of the decision groups names or
+ indexes to apply the workload first and fail if
+ workload did not reach successful state. GroupName
+ or GroupIndex must match with the decisionGroups
+ defined in the placement's decisionStrategy
+ items:
+ description: MandatoryDecisionGroup set the decision
+ group name or group index. GroupName is considered
+ first to select the decisionGroups then GroupIndex.
+ properties:
+ groupIndex:
+ description: GroupIndex of the decision group
+ should match the placementDecisions label
+ value with label key cluster.open-cluster-management.io/decision-group-index
+ format: int32
+ type: integer
+ groupName:
+ description: GroupName of the decision group
+ should match the placementDecisions label
+ value with label key cluster.open-cluster-management.io/decision-group-name
+ type: string
+ type: object
+ type: array
+ maxFailures:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 0
+ description: MaxFailures is a percentage or number
+ of clusters in the current rollout that can fail
+ before proceeding to the next rollout. Fail means
+ the cluster has a failed status or timeout status
+ (does not reach successful status after ProgressDeadline).
+ Once the MaxFailures is breached, the rollout
+ will stop. MaxFailures is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ For Progressive, this is considered over the total
+ number of clusters. For ProgressivePerGroup, this
+ is considered according to the size of the current
+ group. For both Progressive and ProgressivePerGroup,
+ the MaxFailures does not apply for MandatoryDecisionGroups,
+ which tolerate no failures. Default is that no
+ failures are tolerated.
+ pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
+ x-kubernetes-int-or-string: true
+ minSuccessTime:
+ default: "0"
+ description: MinSuccessTime is a "soak" time. In
+ other words, the minimum amount of time the workload
+ applier controller will wait from the start of
+ each rollout before proceeding (assuming a successful
+ state has been reached and MaxFailures wasn't
+ breached). MinSuccessTime is only considered for
+ rollout types Progressive and ProgressivePerGroup.
+ The default value is 0 meaning the workload applier
+ proceeds immediately after a successful state
+ is reached. MinSuccessTime must be defined in
+ [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m
+ , 360s
+ type: string
+ progressDeadline:
+ default: None
+ description: ProgressDeadline defines how long workload
+ applier controller will wait for the workload
+ to reach a successful state in the cluster. If
+ the workload does not reach a successful state
+ after ProgressDeadline, will stop waiting and
+ workload will be treated as "timeout" and be counted
+ into MaxFailures. Once the MaxFailures is breached,
+ the rollout will stop. ProgressDeadline default
+ value is "None", meaning the workload applier
+ will wait for a successful state indefinitely.
+ ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s]
+ format examples; 2h , 90m , 360s
+ pattern: ^(([0-9])+[h|m|s])|None$
+ type: string
+ type: object
+ type:
+ default: All
+ enum:
+ - All
+ - Progressive
+ - ProgressivePerGroup
+ type: string
+ type: object
+ required:
+ - name
+ - namespace
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - namespace
+ - name
+ x-kubernetes-list-type: map
+ type:
+ default: Manual
+ description: 'Type is the type of the install strategy, it can
+ be: - Manual: no automatic install - Placements: install to
+ clusters selected by placements.'
+ enum:
+ - Manual
+ - Placements
+ type: string
+ type: object
+ supportedConfigs:
+ description: supportedConfigs is a list of configuration types supported
+ by add-on. An empty list means the add-on does not require configurations.
+ The default is an empty list
+ items:
+ description: ConfigMeta represents a collection of metadata information
+ for add-on configuration.
+ properties:
+ defaultConfig:
+ description: defaultConfig represents the namespace and name
+ of the default add-on configuration. In scenario where all
+ add-ons have a same configuration.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration. If this
+ field is not set, the configuration is in the cluster
+ scope.
+ type: string
+ required:
+ - name
+ type: object
+ group:
+ default: ""
+ description: group of the add-on configuration.
+ type: string
+ resource:
+ description: resource of the add-on configuration.
+ minLength: 1
+ type: string
+ required:
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ x-kubernetes-list-type: map
+ type: object
+ status:
+ description: status represents the current status of cluster management
+ add-on.
+ properties:
+ defaultconfigReferences:
+ description: defaultconfigReferences is a list of current add-on default
+ configuration references.
+ items:
+ description: DefaultConfigReference is a reference to the current
+ add-on configuration. This resource is used to record the configuration
+ resource for the current add-on.
+ properties:
+ desiredConfig:
+ description: desiredConfig record the desired config spec hash.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration. If this
+ field is not set, the configuration is in the cluster
+ scope.
+ type: string
+ specHash:
+ description: spec hash for an add-on configuration.
+ type: string
+ required:
+ - name
+ type: object
+ group:
+ default: ""
+ description: group of the add-on configuration.
+ type: string
+ resource:
+ description: resource of the add-on configuration.
+ minLength: 1
+ type: string
+ required:
+ - resource
+ type: object
+ type: array
+ installProgressions:
+ description: installProgression is a list of current add-on configuration
+ references per placement.
+ items:
+ properties:
+ conditions:
+ description: conditions describe the state of the managed and
+ monitored components for the operator.
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource. --- This struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example, \n type FooStatus struct{
+ // Represents the observations of a foo's current state.
+ // Known .status.conditions.type are: \"Available\", \"Progressing\",
+ and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
+ }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should
+ be when the underlying condition changed. If that is
+ not known, then using the time when the API field changed
+ is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance,
+ if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the
+ current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier
+ indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected
+ values and meanings for this field, and whether the
+ values are considered a guaranteed API. The value should
+ be a CamelCase string. This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across
+ resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability
+ to deconflict is important. The regex it matches is
+ (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ configReferences:
+ description: configReferences is a list of current add-on configuration
+ references.
+ items:
+ description: InstallConfigReference is a reference to the
+ current add-on configuration. This resource is used to record
+ the configuration resource for the current add-on.
+ properties:
+ desiredConfig:
+ description: desiredConfig record the desired config name
+ and spec hash.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration.
+ If this field is not set, the configuration is in
+ the cluster scope.
+ type: string
+ specHash:
+ description: spec hash for an add-on configuration.
+ type: string
+ required:
+ - name
+ type: object
+ group:
+ default: ""
+ description: group of the add-on configuration.
+ type: string
+ lastAppliedConfig:
+ description: lastAppliedConfig records the config spec
+ hash when the all the corresponding ManagedClusterAddOn
+ are applied successfully.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration.
+ If this field is not set, the configuration is in
+ the cluster scope.
+ type: string
+ specHash:
+ description: spec hash for an add-on configuration.
+ type: string
+ required:
+ - name
+ type: object
+ lastKnownGoodConfig:
+ description: lastKnownGoodConfig records the last known
+ good config spec hash. For fresh install or rollout
+ with type UpdateAll or RollingUpdate, the lastKnownGoodConfig
+ is the same as lastAppliedConfig. For rollout with type
+ RollingUpdateWithCanary, the lastKnownGoodConfig is
+ the last successfully applied config spec hash of the
+ canary placement.
+ properties:
+ name:
+ description: name of the add-on configuration.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace of the add-on configuration.
+ If this field is not set, the configuration is in
+ the cluster scope.
+ type: string
+ specHash:
+ description: spec hash for an add-on configuration.
+ type: string
+ required:
+ - name
+ type: object
+ resource:
+ description: resource of the add-on configuration.
+ minLength: 1
+ type: string
+ required:
+ - resource
+ type: object
+ type: array
+ name:
+ description: Name is the name of the placement
+ minLength: 1
+ type: string
+ namespace:
+ description: Namespace is the namespace of the placement
+ minLength: 1
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/cluster-gateway-manager/crds/clustergatewayconfigurations.yaml b/charts/cluster-gateway-manager/crds/cluster.open-cluster-management.io_managedclustersetbindings.yaml
similarity index 60%
rename from charts/cluster-gateway-manager/crds/clustergatewayconfigurations.yaml
rename to charts/cluster-gateway-manager/crds/cluster.open-cluster-management.io_managedclustersetbindings.yaml
index b678a8ac..6e75601a 100644
--- a/charts/cluster-gateway-manager/crds/clustergatewayconfigurations.yaml
+++ b/charts/cluster-gateway-manager/crds/cluster.open-cluster-management.io_managedclustersetbindings.yaml
@@ -1,24 +1,28 @@
-
----
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.4.1
- creationTimestamp: null
- name: clustergatewayconfigurations.proxy.open-cluster-management.io
+ name: managedclustersetbindings.cluster.open-cluster-management.io
spec:
- group: proxy.open-cluster-management.io
+ group: cluster.open-cluster-management.io
names:
- kind: ClusterGatewayConfiguration
- listKind: ClusterGatewayConfigurationList
- plural: clustergatewayconfigurations
- singular: clustergatewayconfiguration
- scope: Cluster
+ kind: ManagedClusterSetBinding
+ listKind: ManagedClusterSetBindingList
+ plural: managedclustersetbindings
+ shortNames:
+ - mclsetbinding
+ - mclsetbindings
+ singular: managedclustersetbinding
+ scope: Namespaced
versions:
- - name: v1alpha1
+ - name: v1beta2
schema:
openAPIV3Schema:
+ description: ManagedClusterSetBinding projects a ManagedClusterSet into a
+ certain namespace. You can create a ManagedClusterSetBinding in a namespace
+ and bind it to a ManagedClusterSet if both have a RBAC rules to CREATE on
+ the virtual subresource of managedclustersets/bind. Workloads that you create
+ in the same namespace can only be distributed to ManagedClusters in ManagedClusterSets
+ that are bound in this namespace by higher-level controllers.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -33,81 +37,33 @@ spec:
metadata:
type: object
spec:
+ description: Spec defines the attributes of ManagedClusterSetBinding.
properties:
- egress:
- properties:
- clusterProxy:
- properties:
- credentials:
- properties:
- namespace:
- type: string
- proxyClientCASecretName:
- type: string
- proxyClientSecretName:
- type: string
- required:
- - namespace
- - proxyClientCASecretName
- - proxyClientSecretName
- type: object
- proxyServerHost:
- type: string
- proxyServerPort:
- format: int32
- type: integer
- required:
- - credentials
- - proxyServerHost
- - proxyServerPort
- type: object
- type:
- type: string
- required:
- - type
- type: object
- image:
+ clusterSet:
+ description: ClusterSet is the name of the ManagedClusterSet to bind.
+ It must match the instance name of the ManagedClusterSetBinding
+ and cannot change once created. User is allowed to set this field
+ if they have an RBAC rule to CREATE on the virtual subresource of
+ managedclustersets/bind.
+ minLength: 1
type: string
- installNamespace:
- type: string
- secretManagement:
- properties:
- managedServiceAccount:
- properties:
- name:
- default: cluster-gateway
- type: string
- type: object
- type:
- default: ManagedServiceAccount
- enum:
- - Manual
- - ManagedServiceAccount
- type: string
- type: object
- secretNamespace:
- type: string
- required:
- - egress
- - image
- - installNamespace
- - secretManagement
- - secretNamespace
type: object
status:
+ description: Status represents the current status of the ManagedClusterSetBinding
properties:
conditions:
+ description: Conditions contains the different condition statuses
+ for this ManagedClusterSetBinding.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
- type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are:
- \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
- \ // +patchStrategy=merge // +listType=map // +listMapKey=type
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
- \n // other fields }"
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
@@ -165,18 +121,9 @@ spec:
- type
type: object
type: array
- lastObservedGeneration:
- format: int64
- type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/charts/cluster-gateway-manager/crds/cluster.open-cluster-management.io_placements.yaml b/charts/cluster-gateway-manager/crds/cluster.open-cluster-management.io_placements.yaml
new file mode 100644
index 00000000..dd4ac28c
--- /dev/null
+++ b/charts/cluster-gateway-manager/crds/cluster.open-cluster-management.io_placements.yaml
@@ -0,0 +1,666 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: placements.cluster.open-cluster-management.io
+spec:
+ group: cluster.open-cluster-management.io
+ names:
+ kind: Placement
+ listKind: PlacementList
+ plural: placements
+ singular: placement
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.conditions[?(@.type=="PlacementSatisfied")].status
+ name: Succeeded
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="PlacementSatisfied")].reason
+ name: Reason
+ type: string
+ - jsonPath: .status.numberOfSelectedClusters
+ name: SelectedClusters
+ type: integer
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: "Placement defines a rule to select a set of ManagedClusters
+ from the ManagedClusterSets bound to the placement namespace. \n Here is
+ how the placement policy combines with other selection methods to determine
+ a matching list of ManagedClusters: 1. Kubernetes clusters are registered
+ with hub as cluster-scoped ManagedClusters; 2. ManagedClusters are organized
+ into cluster-scoped ManagedClusterSets; 3. ManagedClusterSets are bound
+ to workload namespaces; 4. Namespace-scoped Placements specify a slice of
+ ManagedClusterSets which select a working set of potential ManagedClusters;
+ 5. Then Placements subselect from that working set using label/claim selection.
+ \n A ManagedCluster will not be selected if no ManagedClusterSet is bound
+ to the placement namespace. A user is able to bind a ManagedClusterSet to
+ a namespace by creating a ManagedClusterSetBinding in that namespace if
+ they have an RBAC rule to CREATE on the virtual subresource of `managedclustersets/bind`.
+ \n A slice of PlacementDecisions with the label cluster.open-cluster-management.io/placement={placement
+ name} will be created to represent the ManagedClusters selected by this
+ placement. \n If a ManagedCluster is selected and added into the PlacementDecisions,
+ other components may apply workload on it; once it is removed from the PlacementDecisions,
+ the workload applied on this ManagedCluster should be evicted accordingly."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the attributes of Placement.
+ properties:
+ clusterSets:
+ description: ClusterSets represent the ManagedClusterSets from which
+ the ManagedClusters are selected. If the slice is empty, ManagedClusters
+ will be selected from the ManagedClusterSets bound to the placement
+ namespace, otherwise ManagedClusters will be selected from the intersection
+ of this slice and the ManagedClusterSets bound to the placement
+ namespace.
+ items:
+ type: string
+ type: array
+ decisionStrategy:
+ description: DecisionStrategy divide the created placement decision
+ to groups and define number of clusters per decision group.
+ properties:
+ groupStrategy:
+ description: GroupStrategy define strategies to divide selected
+ clusters to decision groups.
+ properties:
+ clustersPerDecisionGroup:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 100%
+ description: "ClustersPerDecisionGroup is a specific number
+ or percentage of the total selected clusters. The specific
+ number will divide the placementDecisions to decisionGroups
+ each group has max number of clusters equal to that specific
+ number. The percentage will divide the placementDecisions
+ to decisionGroups each group has max number of clusters
+ based on the total num of selected clusters and percentage.
+ ex; for a total 100 clusters selected, ClustersPerDecisionGroup
+ equal to 20% will divide the placement decision to 5 groups
+ each group should have 20 clusters. Default is having all
+ clusters in a single group. \n The predefined decisionGroups
+ is expected to be a subset of the selected clusters and
+ the number of items in each group SHOULD be less than ClustersPerDecisionGroup.
+ Once the number of items exceeds the ClustersPerDecisionGroup,
+ the decisionGroups will also be be divided into multiple
+ decisionGroups with same GroupName but different GroupIndex."
+ pattern: ^((100|[1-9][0-9]{0,1})%|[1-9][0-9]*)$
+ x-kubernetes-int-or-string: true
+ decisionGroups:
+ description: DecisionGroups represents a list of predefined
+ groups to put decision results. Decision groups will be
+ constructed based on the DecisionGroups field at first.
+ The clusters not included in the DecisionGroups will be
+ divided to other decision groups afterwards. Each decision
+ group should not have the number of clusters larger than
+ the ClustersPerDecisionGroup.
+ items:
+ description: DecisionGroup define a subset of clusters that
+ will be added to placementDecisions with groupName label.
+ properties:
+ groupClusterSelector:
+ description: LabelSelector to select clusters subset
+ by label.
+ properties:
+ claimSelector:
+ description: ClaimSelector represents a selector
+ of ManagedClusters by clusterClaims in status
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of cluster
+ claim selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ labelSelector:
+ description: LabelSelector represents a selector
+ of ManagedClusters by label
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ groupName:
+ description: Group name to be added as label value to
+ the created placement Decisions labels with label
+ key cluster.open-cluster-management.io/decision-group-name
+ pattern: ^[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$
+ type: string
+ required:
+ - groupClusterSelector
+ - groupName
+ type: object
+ type: array
+ type: object
+ type: object
+ numberOfClusters:
+ description: NumberOfClusters represents the desired number of ManagedClusters
+ to be selected which meet the placement requirements. 1) If not
+ specified, all ManagedClusters which meet the placement requirements
+ (including ClusterSets, and Predicates) will be selected; 2) Otherwise
+ if the nubmer of ManagedClusters meet the placement requirements
+ is larger than NumberOfClusters, a random subset with desired number
+ of ManagedClusters will be selected; 3) If the nubmer of ManagedClusters
+ meet the placement requirements is equal to NumberOfClusters, all
+ of them will be selected; 4) If the nubmer of ManagedClusters meet
+ the placement requirements is less than NumberOfClusters, all of
+ them will be selected, and the status of condition `PlacementConditionSatisfied`
+ will be set to false;
+ format: int32
+ type: integer
+ predicates:
+ description: Predicates represent a slice of predicates to select
+ ManagedClusters. The predicates are ORed.
+ items:
+ description: ClusterPredicate represents a predicate to select ManagedClusters.
+ properties:
+ requiredClusterSelector:
+ description: RequiredClusterSelector represents a selector of
+ ManagedClusters by label and claim. If specified, 1) Any ManagedCluster,
+ which does not match the selector, should not be selected
+ by this ClusterPredicate; 2) If a selected ManagedCluster
+ (of this ClusterPredicate) ceases to match the selector (e.g.
+ due to an update) of any ClusterPredicate, it will be eventually
+ removed from the placement decisions; 3) If a ManagedCluster
+ (not selected previously) starts to match the selector, it
+ will either be selected or at least has a chance to be selected
+ (when NumberOfClusters is specified);
+ properties:
+ claimSelector:
+ description: ClaimSelector represents a selector of ManagedClusters
+ by clusterClaims in status
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of cluster claim
+ selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ labelSelector:
+ description: LabelSelector represents a selector of ManagedClusters
+ by label
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In,
+ NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists
+ or DoesNotExist, the values array must be empty.
+ This array is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field
+ is "key", the operator is "In", and the values array
+ contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ type: array
+ prioritizerPolicy:
+ description: PrioritizerPolicy defines the policy of the prioritizers.
+ If this field is unset, then default prioritizer mode and configurations
+ are used. Referring to PrioritizerPolicy to see more description
+ about Mode and Configurations.
+ properties:
+ configurations:
+ items:
+ description: PrioritizerConfig represents the configuration
+ of prioritizer
+ properties:
+ scoreCoordinate:
+ description: ScoreCoordinate represents the configuration
+ of the prioritizer and score source.
+ properties:
+ addOn:
+ description: When type is "AddOn", AddOn defines the
+ resource name and score name.
+ properties:
+ resourceName:
+ description: ResourceName defines the resource name
+ of the AddOnPlacementScore. The placement prioritizer
+ selects AddOnPlacementScore CR by this name.
+ type: string
+ scoreName:
+ description: ScoreName defines the score name inside
+ AddOnPlacementScore. AddOnPlacementScore contains
+ a list of score name and score value, ScoreName
+ specify the score to be used by the prioritizer.
+ type: string
+ required:
+ - resourceName
+ - scoreName
+ type: object
+ builtIn:
+ description: 'BuiltIn defines the name of a BuiltIn
+ prioritizer. Below are the valid BuiltIn prioritizer
+ names. 1) Balance: balance the decisions among the
+ clusters. 2) Steady: ensure the existing decision
+ is stabilized. 3) ResourceAllocatableCPU & ResourceAllocatableMemory:
+ sort clusters based on the allocatable. 4) Spread:
+ spread the workload evenly to topologies.'
+ type: string
+ type:
+ default: BuiltIn
+ description: Type defines the type of the prioritizer
+ score. Type is either "BuiltIn", "AddOn" or "", where
+ "" is "BuiltIn" by default. When the type is "BuiltIn",
+ need to specify a BuiltIn prioritizer name in BuiltIn.
+ When the type is "AddOn", need to configure the score
+ source in AddOn.
+ enum:
+ - BuiltIn
+ - AddOn
+ type: string
+ required:
+ - type
+ type: object
+ weight:
+ default: 1
+ description: Weight defines the weight of the prioritizer
+ score. The value must be ranged in [-10,10]. Each prioritizer
+ will calculate an integer score of a cluster in the range
+ of [-100, 100]. The final score of a cluster will be sum(weight
+ * prioritizer_score). A higher weight indicates that the
+ prioritizer weights more in the cluster selection, while
+ 0 weight indicates that the prioritizer is disabled. A
+ negative weight indicates wants to select the last ones.
+ format: int32
+ maximum: 10
+ minimum: -10
+ type: integer
+ required:
+ - scoreCoordinate
+ type: object
+ type: array
+ mode:
+ default: Additive
+ description: Mode is either Exact, Additive, "" where "" is Additive
+ by default. In Additive mode, any prioritizer not explicitly
+ enumerated is enabled in its default Configurations, in which
+ Steady and Balance prioritizers have the weight of 1 while other
+ prioritizers have the weight of 0. Additive doesn't require
+ configuring all prioritizers. The default Configurations may
+ change in the future, and additional prioritization will happen.
+ In Exact mode, any prioritizer not explicitly enumerated is
+ weighted as zero. Exact requires knowing the full set of prioritizers
+ you want, but avoids behavior changes between releases.
+ type: string
+ type: object
+ spreadPolicy:
+ description: SpreadPolicy defines how placement decisions should be
+ distributed among a set of ManagedClusters.
+ properties:
+ spreadConstraints:
+ description: SpreadConstraints defines how the placement decision
+ should be distributed among a set of ManagedClusters. The importance
+ of the SpreadConstraintsTerms follows the natural order of their
+ index in the slice. The scheduler first consider SpreadConstraintsTerms
+ with smaller index then those with larger index to distribute
+ the placement decision.
+ items:
+ description: SpreadConstraintsTerm defines a terminology to
+ spread placement decisions.
+ properties:
+ maxSkew:
+ default: 1
+ description: MaxSkew represents the degree to which the
+ workload may be unevenly distributed. Skew is the maximum
+ difference between the number of selected ManagedClusters
+ in a topology and the global minimum. The global minimum
+ is the minimum number of selected ManagedClusters for
+ the topologies within the same TopologyKey. The minimum
+ possible value of MaxSkew is 1, and the default value
+ is 1.
+ format: int32
+ minimum: 1
+ type: integer
+ topologyKey:
+ description: TopologyKey is either a label key or a cluster
+ claim name of ManagedClusters.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$
+ type: string
+ topologyKeyType:
+ description: TopologyKeyType indicates the type of TopologyKey.
+ It could be Label or Claim.
+ enum:
+ - Label
+ - Claim
+ type: string
+ whenUnsatisfiable:
+ default: ScheduleAnyway
+ description: WhenUnsatisfiable represents the action of
+ the scheduler when MaxSkew cannot be satisfied. It could
+ be DoNotSchedule or ScheduleAnyway. The default value
+ is ScheduleAnyway. DoNotSchedule instructs the scheduler
+ not to schedule more ManagedClusters when MaxSkew is not
+ satisfied. ScheduleAnyway instructs the scheduler to keep
+ scheduling even if MaxSkew is not satisfied.
+ enum:
+ - DoNotSchedule
+ - ScheduleAnyway
+ type: string
+ required:
+ - topologyKey
+ - topologyKeyType
+ type: object
+ maxItems: 8
+ type: array
+ type: object
+ tolerations:
+ description: Tolerations are applied to placements, and allow (but
+ do not require) the managed clusters with certain taints to be selected
+ by placements with matching tolerations.
+ items:
+ description: Toleration represents the toleration object that can
+ be attached to a placement. The placement this Toleration is attached
+ to tolerates any taint that matches the triple
+ using the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match. Empty
+ means match all taint effects. When specified, allowed values
+ are NoSelect, PreferNoSelect and NoSelectIfNew.
+ enum:
+ - NoSelect
+ - PreferNoSelect
+ - NoSelectIfNew
+ type: string
+ key:
+ description: Key is the taint key that the toleration applies
+ to. Empty means match all taint keys. If the key is empty,
+ operator must be Exists; this combination means to match all
+ values and all keys.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ operator:
+ default: Equal
+ description: Operator represents a key's relationship to the
+ value. Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a placement
+ can tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period of time
+ the toleration (which must be of effect NoSelect/PreferNoSelect,
+ otherwise this field is ignored) tolerates the taint. The
+ default value is nil, which indicates it tolerates the taint
+ forever. The start time of counting the TolerationSeconds
+ should be the TimeAdded in Taint, not the cluster scheduled
+ time or TolerationSeconds added time.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration matches
+ to. If the operator is Exists, the value should be empty,
+ otherwise just a regular string.
+ maxLength: 1024
+ type: string
+ type: object
+ type: array
+ type: object
+ status:
+ description: Status represents the current status of the Placement
+ properties:
+ conditions:
+ description: Conditions contains the different condition status for
+ this Placement.
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ decisionGroups:
+ description: List of decision groups determined by the placement and
+ DecisionStrategy.
+ items:
+ description: Present decision groups status based on the DecisionStrategy
+ definition.
+ properties:
+ clusterCount:
+ default: 0
+ description: Total number of clusters in the decision group.
+ Clusters count is equal or less than the clusterPerDecisionGroups
+ defined in the decision strategy.
+ format: int32
+ type: integer
+ decisionGroupIndex:
+ description: Present the decision group index. If there is no
+ decision strategy defined all placement decisions will be
+ in group index 0
+ format: int32
+ type: integer
+ decisionGroupName:
+ description: Decision group name that is defined in the DecisionStrategy's
+ DecisionGroup.
+ type: string
+ decisions:
+ description: List of placement decisions names associated with
+ the decision group
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ numberOfSelectedClusters:
+ description: NumberOfSelectedClusters represents the number of selected
+ ManagedClusters
+ format: int32
+ type: integer
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/cluster-gateway-manager/crds/config.gateway.open-cluster-management.io_clustergatewayconfigurations.yaml b/charts/cluster-gateway-manager/crds/config.gateway.open-cluster-management.io_clustergatewayconfigurations.yaml
new file mode 100644
index 00000000..77781e2a
--- /dev/null
+++ b/charts/cluster-gateway-manager/crds/config.gateway.open-cluster-management.io_clustergatewayconfigurations.yaml
@@ -0,0 +1,168 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: clustergatewayconfigurations.config.gateway.open-cluster-management.io
+spec:
+ group: config.gateway.open-cluster-management.io
+ names:
+ kind: ClusterGatewayConfiguration
+ listKind: ClusterGatewayConfigurationList
+ plural: clustergatewayconfigurations
+ singular: clustergatewayconfiguration
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ egress:
+ properties:
+ clusterProxy:
+ properties:
+ credentials:
+ properties:
+ namespace:
+ type: string
+ proxyClientCASecretName:
+ type: string
+ proxyClientSecretName:
+ type: string
+ required:
+ - namespace
+ - proxyClientCASecretName
+ - proxyClientSecretName
+ type: object
+ proxyServerHost:
+ type: string
+ proxyServerPort:
+ format: int32
+ type: integer
+ required:
+ - credentials
+ - proxyServerHost
+ - proxyServerPort
+ type: object
+ type: object
+ image:
+ type: string
+ secretManagement:
+ properties:
+ managedServiceAccount:
+ properties:
+ name:
+ default: cluster-gateway
+ type: string
+ type: object
+ type:
+ default: ManagedServiceAccount
+ enum:
+ - Manual
+ - ManagedServiceAccount
+ type: string
+ type: object
+ required:
+ - egress
+ - image
+ - secretManagement
+ type: object
+ status:
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource.\n---\nThis struct is intended for
+ direct use as an array at the field path .status.conditions. For
+ example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
+ observations of a foo's current state.\n\t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
+ \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ lastObservedGeneration:
+ format: int64
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/cluster-gateway-manager/doc.yaml b/charts/cluster-gateway-manager/doc.yaml
index 8fc4c16e..554e9139 100644
--- a/charts/cluster-gateway-manager/doc.yaml
+++ b/charts/cluster-gateway-manager/doc.yaml
@@ -15,4 +15,4 @@ prerequisites:
- Kubernetes 1.21+
release:
name: cluster-gateway-manager
- namespace: open-cluster-management
+ namespace: open-cluster-management-cluster-gateway
diff --git a/charts/cluster-gateway-manager/templates/_helpers.tpl b/charts/cluster-gateway-manager/templates/_helpers.tpl
new file mode 100644
index 00000000..4a161607
--- /dev/null
+++ b/charts/cluster-gateway-manager/templates/_helpers.tpl
@@ -0,0 +1,69 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster-gateway-manager.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cluster-gateway-manager.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster-gateway-manager.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster-gateway-manager.labels" -}}
+helm.sh/chart: {{ include "cluster-gateway-manager.chart" . }}
+{{ include "cluster-gateway-manager.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster-gateway-manager.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster-gateway-manager.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cluster-gateway-manager.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cluster-gateway-manager.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Addon manager namespace
+*/}}
+{{- define "cluster-gateway-manager.namespace" -}}
+{{ ternary .Release.Namespace (required "A valid .Values.addonManagerNamespace is required!" .Values.addonManagerNamespace) (empty .Values.kubeconfigSecretName) }}
+{{- end }}
diff --git a/charts/cluster-gateway-manager/templates/addon-manager.yaml b/charts/cluster-gateway-manager/templates/addon-manager.yaml
deleted file mode 100644
index 48f9118e..00000000
--- a/charts/cluster-gateway-manager/templates/addon-manager.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: cluster-gateway-manager
- namespace: {{ .Release.Namespace }}
- labels:
- app: cluster-gateway-manager
-spec:
- replicas: {{ .Values.replicas }}
- selector:
- matchLabels:
- app: cluster-gateway-manager
- template:
- metadata:
- labels:
- app: cluster-gateway-manager
- spec:
- serviceAccount: cluster-gateway-manager
- containers:
- - name: cluster-gateway-manager
- image: {{ .Values.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }}
- imagePullPolicy: IfNotPresent
- args:
- - --leader-elect=true
\ No newline at end of file
diff --git a/charts/cluster-gateway-manager/templates/clustergatewayconfiguration.yaml b/charts/cluster-gateway-manager/templates/clustergatewayconfiguration.yaml
deleted file mode 100644
index 6736d796..00000000
--- a/charts/cluster-gateway-manager/templates/clustergatewayconfiguration.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: proxy.open-cluster-management.io/v1alpha1
-kind: ClusterGatewayConfiguration
-metadata:
- name: cluster-gateway
-spec:
- image: {{ .Values.clusterGateway.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }}
- installNamespace: {{ .Values.clusterGateway.installNamespace }}
- secretNamespace: {{ .Values.clusterGateway.secretNamespace }}
- secretManagement:
- {{ if .Values.manualSecretManagement }}
- type: Manual
- {{ else }}
- type: ManagedServiceAccount
- managedServiceAccount:
- name: cluster-gateway
- {{ end }}
- egress:
- {{ if .Values.konnectivityEgress }}
- type: ClusterProxy
- clusterProxy:
- proxyServerHost: "proxy-entrypoint.open-cluster-management-addon"
- proxyServerPort: 8090
- credentials:
- namespace: open-cluster-management-addon
- proxyClientCASecretName: proxy-server-ca
- proxyClientSecretName: proxy-client
- {{ else }}
- type: Direct
- {{ end }}
diff --git a/charts/cluster-gateway-manager/templates/clustermanagementaddon.yaml b/charts/cluster-gateway-manager/templates/clustermanagementaddon.yaml
deleted file mode 100644
index f8357119..00000000
--- a/charts/cluster-gateway-manager/templates/clustermanagementaddon.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: addon.open-cluster-management.io/v1alpha1
-kind: ClusterManagementAddOn
-metadata:
- name: cluster-gateway
-spec:
- addOnMeta:
- displayName: cluster-gateway
- description: cluster-gateway
- addOnConfiguration:
- crdName: clustergatewayconfigurations.proxy.open-cluster-management.io
- crName: cluster-gateway
diff --git a/charts/cluster-gateway-manager/templates/clusterroles.yaml b/charts/cluster-gateway-manager/templates/clusterrole.yaml
similarity index 93%
rename from charts/cluster-gateway-manager/templates/clusterroles.yaml
rename to charts/cluster-gateway-manager/templates/clusterrole.yaml
index 55776083..59fb3dd4 100644
--- a/charts/cluster-gateway-manager/templates/clusterroles.yaml
+++ b/charts/cluster-gateway-manager/templates/clusterrole.yaml
@@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:addon-manager
rules:
- apiGroups:
- cluster.open-cluster-management.io
@@ -18,13 +18,13 @@ rules:
verbs:
- "*"
- apiGroups:
- - proxy.open-cluster-management.io
+ - config.gateway.open-cluster-management.io
resources:
- clustergatewayconfigurations
verbs:
- "*"
- apiGroups:
- - cluster.core.oam.dev
+ - gateway.open-cluster-management.io
resources:
- clustergateways/health
- clustergateways/proxy
@@ -125,4 +125,4 @@ rules:
resources:
- subjectaccessreviews
verbs:
- - "*"
\ No newline at end of file
+ - "*"
diff --git a/charts/cluster-gateway-manager/templates/clusterrolebindings.yaml b/charts/cluster-gateway-manager/templates/clusterrolebinding.yaml
similarity index 63%
rename from charts/cluster-gateway-manager/templates/clusterrolebindings.yaml
rename to charts/cluster-gateway-manager/templates/clusterrolebinding.yaml
index 59e84984..a75403d8 100644
--- a/charts/cluster-gateway-manager/templates/clusterrolebindings.yaml
+++ b/charts/cluster-gateway-manager/templates/clusterrolebinding.yaml
@@ -1,11 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:addon-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:addon-manager
subjects:
- kind: ServiceAccount
name: cluster-gateway-manager
diff --git a/charts/cluster-gateway-manager/templates/deployment.yaml b/charts/cluster-gateway-manager/templates/deployment.yaml
new file mode 100644
index 00000000..70b243fe
--- /dev/null
+++ b/charts/cluster-gateway-manager/templates/deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: cluster-gateway-manager
+ namespace: {{ .Release.Namespace }}
+spec:
+ replicas: {{ .Values.replicas }}
+ selector:
+ matchLabels:
+ open-cluster-management.io/addon: cluster-gateway
+ template:
+ metadata:
+ labels:
+ open-cluster-management.io/addon: cluster-gateway
+ spec:
+ serviceAccount: cluster-gateway-manager
+ automountServiceAccountToken: true
+ containers:
+ - name: manager
+ image: {{ .Values.image }}:{{ .Values.tag | default .Chart.AppVersion }}
+ imagePullPolicy: Always
+ args:
+ {{- if gt (int .Values.replicas) 1 }}
+ - --leader-elect=true
+ {{- end }}
+ {{- if .Values.kubeconfigSecretName }}
+ - --multicluster-kubeconfig=/var/run/secrets/ocm/auth/kubeconfig
+ {{- end }}
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.kubeconfigSecretName }}
+ - name: NAMESPACE
+ value: {{ include "cluster-gateway-manager.namespace" . }}
+ {{- end }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ {{- if .Values.kubeconfigSecretName }}
+ - mountPath: /var/run/secrets/ocm/auth
+ name: ocm-auth
+ {{- end }}
+ volumes:
+ {{- if .Values.kubeconfigSecretName }}
+ - name: ocm-auth
+ secret:
+ defaultMode: 420
+ secretName: {{ .Values.kubeconfigSecretName }}
+ {{- end }}
diff --git a/charts/cluster-gateway-manager/templates/k8s/addon.yaml b/charts/cluster-gateway-manager/templates/k8s/addon.yaml
new file mode 100644
index 00000000..e68d3952
--- /dev/null
+++ b/charts/cluster-gateway-manager/templates/k8s/addon.yaml
@@ -0,0 +1,15 @@
+{{- if not .Values.kubeconfigSecretName }}
+
+{{- $restpl := $.Files.Get "common/addon/clustermanagementaddon.yaml" -}}
+{{ tpl $restpl $ }}
+---
+{{- $restpl := $.Files.Get "common/addon/clustersetbinding.yaml" -}}
+{{ tpl $restpl $ }}
+---
+{{- $restpl := $.Files.Get "common/addon/placement.yaml" -}}
+{{ tpl $restpl $ }}
+---
+{{- $restpl := $.Files.Get "common/addon/clustergatewayconfiguration.yaml" -}}
+{{ tpl $restpl $ }}
+
+{{- end }}
diff --git a/charts/cluster-gateway-manager/templates/ocm-mc/addon.yaml b/charts/cluster-gateway-manager/templates/ocm-mc/addon.yaml
new file mode 100644
index 00000000..4c5f6c59
--- /dev/null
+++ b/charts/cluster-gateway-manager/templates/ocm-mc/addon.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.kubeconfigSecretName }}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: cluster-gateway-configure-addon
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook": post-install,post-upgrade,post-rollback
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+spec:
+ ttlSecondsAfterFinished: 0
+ backoffLimit: 3
+ template:
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: kubectl
+ image: {{ .Values.kubectl.image }}
+ workingDir: /var/run/secrets/ocm
+ command:
+ - sh
+ - -c
+ - |
+ sleep 2; \
+ kubectl --kubeconfig=auth/kubeconfig create ns {{ include "cluster-gateway-manager.namespace" $ }} || true; \
+ kubectl --kubeconfig=auth/kubeconfig apply -f - <oamdev/cluster-gateway |
-| tag | |
|
-| replicas | Number of replicas | 1
|
-| secretNamespace | A secured namespace for reading cluster secrets | open-cluster-management-credentials
|
-| ocmIntegration.enabled | | false
|
-| ocmIntegration.clusterProxy.enabled | | false
|
-| ocmIntegration.clusterProxy.endpoint.host | | proxy-entrypoint.open-cluster-management-cluster-proxy
|
-| ocmIntegration.clusterProxy.endpoint.port | | 8090
|
-| featureGate.healthiness | | false
|
-| featureGate.secretCache | | false
|
+| Parameter | Description | Default |
+|----------------------------|----------------------------------------|---------------------------------------------------------------------|
+| image | Image of the cluster-gateway instances | ghcr.io/kluster-manager/cluster-gateway
|
+| tag | |
|
+| replicas | Number of replicas | 1
|
+| clusterProxy.enabled | | true
|
+| clusterProxy.endpoint.host | | proxy-entrypoint.open-cluster-management-cluster-proxy
|
+| clusterProxy.endpoint.port | | 8090
|
+| featureGate.healthiness | | false
|
Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
```bash
-$ helm upgrade -i cluster-gateway appscode/cluster-gateway -n open-cluster-management --create-namespace --version=v2024.2.25 --set image=oamdev/cluster-gateway
+$ helm upgrade -i cluster-gateway appscode/cluster-gateway -n open-cluster-management --create-namespace --version=v2024.2.25 --set image=ghcr.io/kluster-manager/cluster-gateway
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while
diff --git a/charts/cluster-gateway/templates/apiservice.yaml b/charts/cluster-gateway/templates/apiservice.yaml
index 48e42b3b..3fbeaa54 100644
--- a/charts/cluster-gateway/templates/apiservice.yaml
+++ b/charts/cluster-gateway/templates/apiservice.yaml
@@ -1,17 +1,17 @@
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
- name: v1alpha1.cluster.core.oam.dev
+ name: v1alpha1.gateway.open-cluster-management.io
labels:
api: cluster-extension-apiserver
apiserver: "true"
spec:
version: v1alpha1
- group: cluster.core.oam.dev
+ group: gateway.open-cluster-management.io
groupPriorityMinimum: 2000
service:
name: gateway-service
- namespace: {{ .Release.Namespace }}
+ namespace: {{ .Release.Namespace }}
port: 9443
versionPriority: 10
insecureSkipTLSVerify: true
\ No newline at end of file
diff --git a/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml b/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml
index b535a80a..a2cd3198 100644
--- a/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml
+++ b/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml
@@ -25,24 +25,20 @@ spec:
secretName: proxy-server-ca
containers:
- name: gateway
- image: {{ .Values.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }}
+ image: {{ .Values.image }}:{{ .Values.tag | default .Chart.AppVersion }}
imagePullPolicy: IfNotPresent
args:
- --secure-port=9443
- - --secret-namespace={{ .Values.secretNamespace }}
- {{ if .Values.ocmIntegration.enabled }}
- - --ocm-integration=true
- {{ if .Values.ocmIntegration.clusterProxy.enabled }}
- - --proxy-host={{ .Values.ocmIntegration.clusterProxy.endpoint.host }}
- - --proxy-port={{ .Values.ocmIntegration.clusterProxy.endpoint.port }}
+ {{ if .Values.clusterProxy.enabled }}
+ - --proxy-host={{ .Values.clusterProxy.endpoint.host }}
+ - --proxy-port={{ .Values.clusterProxy.endpoint.port }}
- --proxy-ca-cert=/etc/ca/ca.crt
- --proxy-cert=/etc/tls/tls.crt
- --proxy-key=/etc/tls/tls.key
{{ end }}
- {{ end }}
- - --feature-gates={{ if .Values.featureGate.healthiness }}HealthinessCheck=true,{{ end }}{{ if .Values.featureGate.secretCache }}SecretCache=true,{{ end }}
+ - --feature-gates={{ if .Values.featureGate.healthiness }}HealthinessCheck=true,{{ end }}
# TODO: certificate rotation, otherwise the self-signed will expire in 1 year
- {{ if .Values.ocmIntegration.clusterProxy.enabled }}
+ {{ if .Values.clusterProxy.enabled }}
volumeMounts:
- name: proxy-client
mountPath: "/etc/tls/"
diff --git a/charts/cluster-gateway/templates/clusterrolebindings.yaml b/charts/cluster-gateway/templates/clusterrolebindings.yaml
index 9e4264d1..75172f91 100644
--- a/charts/cluster-gateway/templates/clusterrolebindings.yaml
+++ b/charts/cluster-gateway/templates/clusterrolebindings.yaml
@@ -1,11 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:apiserver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:apiserver
subjects:
- kind: ServiceAccount
name: cluster-gateway
diff --git a/charts/cluster-gateway/templates/clusterroles.yaml b/charts/cluster-gateway/templates/clusterroles.yaml
index 898c48d9..a280316c 100644
--- a/charts/cluster-gateway/templates/clusterroles.yaml
+++ b/charts/cluster-gateway/templates/clusterroles.yaml
@@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: open-cluster-management:cluster-gateway:managedcluster-reader
+ name: open-cluster-management:cluster-gateway:apiserver
rules:
- apiGroups:
- cluster.open-cluster-management.io
@@ -42,4 +42,27 @@ rules:
resources:
- subjectaccessreviews
verbs:
- - "*"
\ No newline at end of file
+ - "*"
+ # read/update managed cluster addons
+ - apiGroups:
+ - addon.open-cluster-management.io
+ resources:
+ - managedclusteraddons
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ # read managed service account credentials
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ resourceNames:
+ - cluster-gateway
diff --git a/charts/cluster-gateway/templates/rolebindings.yaml b/charts/cluster-gateway/templates/rolebindings.yaml
index 534c2301..21579835 100644
--- a/charts/cluster-gateway/templates/rolebindings.yaml
+++ b/charts/cluster-gateway/templates/rolebindings.yaml
@@ -1,7 +1,8 @@
+# to read the config for terminating authentication
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: system:extension-apiserver-authentication-reader:cluster-gateway
+ name: extension-apiserver-authentication-reader:cluster-gateway
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -10,4 +11,18 @@ roleRef:
subjects:
- kind: ServiceAccount
name: cluster-gateway
- namespace: {{ .Release.Namespace }}
\ No newline at end of file
+ namespace: {{ .Release.Namespace }}
+---
+# to delegate authentication and authorization
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: auth-delegator:cluster-gateway
+roleRef:
+ kind: ClusterRole
+ apiGroup: rbac.authorization.k8s.io
+ name: system:auth-delegator
+subjects:
+ - kind: ServiceAccount
+ name: cluster-gateway
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/cluster-gateway/templates/secret-namespace.yaml b/charts/cluster-gateway/templates/secret-namespace.yaml
deleted file mode 100644
index 9d2f362d..00000000
--- a/charts/cluster-gateway/templates/secret-namespace.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
- name: {{ .Values.secretNamespace }}
\ No newline at end of file
diff --git a/charts/cluster-gateway/templates/secret-rolebindings.yaml b/charts/cluster-gateway/templates/secret-rolebindings.yaml
deleted file mode 100644
index ad3d6706..00000000
--- a/charts/cluster-gateway/templates/secret-rolebindings.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: cluster-gateway-secret-reader
- namespace: {{ .Values.secretNamespace }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: cluster-gateway-secret-reader
-subjects:
- - kind: ServiceAccount
- name: cluster-gateway
- namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/cluster-gateway/templates/secret-roles.yaml b/charts/cluster-gateway/templates/secret-roles.yaml
deleted file mode 100644
index 2db55f10..00000000
--- a/charts/cluster-gateway/templates/secret-roles.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: cluster-gateway-secret-reader
- namespace: {{ .Values.secretNamespace }}
-rules:
- - apiGroups:
- - ""
- resources:
- - "secrets"
- verbs:
- - "*"
diff --git a/charts/cluster-gateway/values.yaml b/charts/cluster-gateway/values.yaml
index 4d1b13d1..145b8d96 100644
--- a/charts/cluster-gateway/values.yaml
+++ b/charts/cluster-gateway/values.yaml
@@ -1,21 +1,16 @@
# Image of the cluster-gateway instances
-image: oamdev/cluster-gateway
+image: ghcr.io/kluster-manager/cluster-gateway
tag:
# Number of replicas
replicas: 1
-# A secured namespace for reading cluster secrets
-secretNamespace: open-cluster-management-credentials
-ocmIntegration:
- enabled: false
- clusterProxy:
- enabled: false
- endpoint:
- host: proxy-entrypoint.open-cluster-management-cluster-proxy
- port: 8090
+clusterProxy:
+ enabled: true
+ endpoint:
+ host: proxy-entrypoint.open-cluster-management-cluster-proxy
+ port: 8090
featureGate:
healthiness: false
- secretCache: false
\ No newline at end of file
diff --git a/hack/scripts/import-crds.sh b/hack/scripts/import-crds.sh
index e26cf409..77338794 100755
--- a/hack/scripts/import-crds.sh
+++ b/hack/scripts/import-crds.sh
@@ -34,8 +34,10 @@ crd-importer \
--out=./charts/cluster-auth-manager/crds
crd-importer \
- --input=https://github.com/kluster-manager/cluster-gateway/raw/master/hack/crd/bases/proxy.open-cluster-management.io_clustergatewayconfigurations.yaml \
+ --input=https://github.com/kluster-manager/cluster-gateway/raw/master/hack/crd/bases/config.gateway.open-cluster-management.io_clustergatewayconfigurations.yaml \
--input=https://github.com/open-cluster-management-io/api/raw/${OPEN_CLUSTER_MANAGEMENT_IO_API_TAG}/addon/v1alpha1/0000_00_addon.open-cluster-management.io_clustermanagementaddons.crd.yaml \
+ --input=https://github.com/open-cluster-management-io/api/raw/${OPEN_CLUSTER_MANAGEMENT_IO_API_TAG}/cluster/v1beta1/0000_02_clusters.open-cluster-management.io_placements.crd.yaml \
+ --input=https://github.com/open-cluster-management-io/api/raw/${OPEN_CLUSTER_MANAGEMENT_IO_API_TAG}/cluster/v1beta2/0000_01_clusters.open-cluster-management.io_managedclustersetbindings.crd.yaml \
--out=./charts/cluster-gateway-manager/crds
crd-importer \