Get default registration namespace from template manifest

Signed-off-by: Jian Qiu <[email protected]>
open-cluster-management-io · Apr 16, 2024 · a0eb48c · a0eb48c
1 parent f413220
commit a0eb48c
Show file tree

Hide file tree

Showing 51 changed files with 1,610 additions and 1,524 deletions.
diff --git a/go.mod b/go.mod
@@ -34,9 +34,9 @@ require (
 	k8s.io/klog/v2 v2.120.1
 	k8s.io/kube-aggregator v0.29.3
 	k8s.io/utils v0.0.0-20240310230437-4693a0247e57
-	open-cluster-management.io/addon-framework v0.9.1
+	open-cluster-management.io/addon-framework v0.9.1-0.20240416063208-ecb7f349df05
 	open-cluster-management.io/api v0.13.1-0.20240411131856-8f6aa25f111c
-	open-cluster-management.io/sdk-go v0.13.1-0.20240313075541-00a94671ced1
+	open-cluster-management.io/sdk-go v0.13.1-0.20240416030555-aa744f426379
 	sigs.k8s.io/controller-runtime v0.17.2
 	sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96
 )

diff --git a/go.sum b/go.sum
@@ -423,12 +423,12 @@ k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/A
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
 k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-open-cluster-management.io/addon-framework v0.9.1 h1:m6n/W29G/4KzMx+8mgC9P/ybuiyNHVy+O6AHEaWbfQg=
-open-cluster-management.io/addon-framework v0.9.1/go.mod h1:OEIFCEXhZKO/Grv08CB0T+TGzS0bLshw4G9u7Vw8dw0=
+open-cluster-management.io/addon-framework v0.9.1-0.20240416063208-ecb7f349df05 h1:oj4IEyxmQFMxdpnOPE/Y7Xkyfkz4hGVkcYZ4dn8WtKU=
+open-cluster-management.io/addon-framework v0.9.1-0.20240416063208-ecb7f349df05/go.mod h1:K+/TwCUz2PZ7L+svaodw6029S/iPJ7eVX21F7NMw+Kw=
 open-cluster-management.io/api v0.13.1-0.20240411131856-8f6aa25f111c h1:/iUoY6/PqBmcBq3v0+UBFvIcI39k/QPRGqpOv9XtDIc=
 open-cluster-management.io/api v0.13.1-0.20240411131856-8f6aa25f111c/go.mod h1:CuCPEzXDvOyxBB0H1d1eSeajbHqaeGEKq9c63vQc63w=
-open-cluster-management.io/sdk-go v0.13.1-0.20240313075541-00a94671ced1 h1:s3dJdi1eol+/8ek6JQuaEuoGPkK/wRyM9zowqzKHPDY=
-open-cluster-management.io/sdk-go v0.13.1-0.20240313075541-00a94671ced1/go.mod h1:sq+amR9Ls9JzMP5dypvlCx4jIGfDg45gicS67Z/MnlI=
+open-cluster-management.io/sdk-go v0.13.1-0.20240416030555-aa744f426379 h1:8jXVHfgy+wgXq1mrWC1mTieoP77WsAAHNpzILMIzWB0=
+open-cluster-management.io/sdk-go v0.13.1-0.20240416030555-aa744f426379/go.mod h1:w2OaxtCyegxeyFLU42UQ3oxUz01QdsBQkcHI17T/l48=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 h1:TgtAeesdhpm2SGwkQasmbeqDo8th5wOBA5h/AjTKA4I=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y=
 sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0=

diff --git a/pkg/addon/templateagent/template_agent.go b/pkg/addon/templateagent/template_agent.go
@@ -118,12 +118,11 @@ func (a *CRDTemplateAgentAddon) GetAgentAddonOptions() agent.AgentAddonOptions {
 		},
 		SupportedConfigGVRs: supportedConfigGVRs,
 		Registration: &agent.RegistrationOption{
-			CSRConfigurations: a.TemplateCSRConfigurationsFunc(),
-			PermissionConfig:  a.TemplatePermissionConfigFunc(),
-			CSRApproveCheck:   a.TemplateCSRApproveCheckFunc(),
-			CSRSign:           a.TemplateCSRSignFunc(),
-			AgentInstallNamespace: utils.AgentInstallNamespaceFromDeploymentConfigFunc(
-				utils.NewAddOnDeploymentConfigGetter(a.addonClient)),
+			CSRConfigurations:     a.TemplateCSRConfigurationsFunc(),
+			PermissionConfig:      a.TemplatePermissionConfigFunc(),
+			CSRApproveCheck:       a.TemplateCSRApproveCheckFunc(),
+			CSRSign:               a.TemplateCSRSignFunc(),
+			AgentInstallNamespace: a.TemplateAgentRegistrationNamespaceFunc,
 		},
 		AgentDeployTriggerClusterFilter: func(old, new *clusterv1.ManagedCluster) bool {
 			return utils.ClusterImageRegistriesAnnotationChanged(old, new) ||
@@ -233,3 +232,38 @@ func (a *CRDTemplateAgentAddon) getDesiredAddOnTemplateInner(
 
 	return template.DeepCopy(), nil
 }
+
+// TemplateAgentRegistrationNamespaceFunc reads deployment resource in the manifests and use that namespace as the default
+// registration namespace. If addonDeploymentConfig is set, uses the namespace in it.
+func (a *CRDTemplateAgentAddon) TemplateAgentRegistrationNamespaceFunc(addon *addonapiv1alpha1.ManagedClusterAddOn) (string, error) {
+	template, err := a.getDesiredAddOnTemplateInner(addon.Name, addon.Status.ConfigReferences)
+	if err != nil {
+		return "", err
+	}
+
+	// pick the namespace of the first deployment
+	var desiredNS = "open-cluster-management-agent-addon"
+	for _, manifest := range template.Spec.AgentSpec.Workload.Manifests {
+		object := &unstructured.Unstructured{}
+		if err := object.UnmarshalJSON(manifest.Raw); err != nil {
+			a.logger.Error(err, "failed to extract the object")
+			continue
+		}
+		if object.GetKind() != "Deployment" {
+			continue
+		}
+
+		desiredNS = object.GetNamespace()
+		break
+	}
+
+	overrideNs, err := utils.AgentInstallNamespaceFromDeploymentConfigFunc(
+		utils.NewAddOnDeploymentConfigGetter(a.addonClient))(addon)
+	if err != nil {
+		return "", err
+	}
+	if len(overrideNs) > 0 {
+		desiredNS = overrideNs
+	}
+	return desiredNS, nil
+}
diff --git a/vendor/helm.sh/helm/v3/pkg/release/hook.go b/vendor/helm.sh/helm/v3/pkg/release/hook.go
@@ -0,0 +1,106 @@
+/*
+Copyright The Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package release
+
+import (
+	"helm.sh/helm/v3/pkg/time"
+)
+
+// HookEvent specifies the hook event
+type HookEvent string
+
+// Hook event types
+const (
+	HookPreInstall   HookEvent = "pre-install"
+	HookPostInstall  HookEvent = "post-install"
+	HookPreDelete    HookEvent = "pre-delete"
+	HookPostDelete   HookEvent = "post-delete"
+	HookPreUpgrade   HookEvent = "pre-upgrade"
+	HookPostUpgrade  HookEvent = "post-upgrade"
+	HookPreRollback  HookEvent = "pre-rollback"
+	HookPostRollback HookEvent = "post-rollback"
+	HookTest         HookEvent = "test"
+)
+
+func (x HookEvent) String() string { return string(x) }
+
+// HookDeletePolicy specifies the hook delete policy
+type HookDeletePolicy string
+
+// Hook delete policy types
+const (
+	HookSucceeded          HookDeletePolicy = "hook-succeeded"
+	HookFailed             HookDeletePolicy = "hook-failed"
+	HookBeforeHookCreation HookDeletePolicy = "before-hook-creation"
+)
+
+func (x HookDeletePolicy) String() string { return string(x) }
+
+// HookAnnotation is the label name for a hook
+const HookAnnotation = "helm.sh/hook"
+
+// HookWeightAnnotation is the label name for a hook weight
+const HookWeightAnnotation = "helm.sh/hook-weight"
+
+// HookDeleteAnnotation is the label name for the delete policy for a hook
+const HookDeleteAnnotation = "helm.sh/hook-delete-policy"
+
+// Hook defines a hook object.
+type Hook struct {
+	Name string `json:"name,omitempty"`
+	// Kind is the Kubernetes kind.
+	Kind string `json:"kind,omitempty"`
+	// Path is the chart-relative path to the template.
+	Path string `json:"path,omitempty"`
+	// Manifest is the manifest contents.
+	Manifest string `json:"manifest,omitempty"`
+	// Events are the events that this hook fires on.
+	Events []HookEvent `json:"events,omitempty"`
+	// LastRun indicates the date/time this was last run.
+	LastRun HookExecution `json:"last_run,omitempty"`
+	// Weight indicates the sort order for execution among similar Hook type
+	Weight int `json:"weight,omitempty"`
+	// DeletePolicies are the policies that indicate when to delete the hook
+	DeletePolicies []HookDeletePolicy `json:"delete_policies,omitempty"`
+}
+
+// A HookExecution records the result for the last execution of a hook for a given release.
+type HookExecution struct {
+	// StartedAt indicates the date/time this hook was started
+	StartedAt time.Time `json:"started_at,omitempty"`
+	// CompletedAt indicates the date/time this hook was completed.
+	CompletedAt time.Time `json:"completed_at,omitempty"`
+	// Phase indicates whether the hook completed successfully
+	Phase HookPhase `json:"phase"`
+}
+
+// A HookPhase indicates the state of a hook execution
+type HookPhase string
+
+const (
+	// HookPhaseUnknown indicates that a hook is in an unknown state
+	HookPhaseUnknown HookPhase = "Unknown"
+	// HookPhaseRunning indicates that a hook is currently executing
+	HookPhaseRunning HookPhase = "Running"
+	// HookPhaseSucceeded indicates that hook execution succeeded
+	HookPhaseSucceeded HookPhase = "Succeeded"
+	// HookPhaseFailed indicates that hook execution failed
+	HookPhaseFailed HookPhase = "Failed"
+)
+
+// String converts a hook phase to a printable string
+func (x HookPhase) String() string { return string(x) }
diff --git a/vendor/helm.sh/helm/v3/pkg/release/info.go b/vendor/helm.sh/helm/v3/pkg/release/info.go
@@ -0,0 +1,40 @@
+/*
+Copyright The Helm Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package release
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+
+	"helm.sh/helm/v3/pkg/time"
+)
+
+// Info describes release information.
+type Info struct {
+	// FirstDeployed is when the release was first deployed.
+	FirstDeployed time.Time `json:"first_deployed,omitempty"`
+	// LastDeployed is when the release was last deployed.
+	LastDeployed time.Time `json:"last_deployed,omitempty"`
+	// Deleted tracks when this object was deleted.
+	Deleted time.Time `json:"deleted"`
+	// Description is human-friendly "log entry" about this release.
+	Description string `json:"description,omitempty"`
+	// Status is the current state of the release
+	Status Status `json:"status,omitempty"`
+	// Contains the rendered templates/NOTES.txt if available
+	Notes string `json:"notes,omitempty"`
+	// Contains the deployed resources information
+	Resources map[string][]runtime.Object `json:"resources,omitempty"`
+}
diff --git a/vendor/helm.sh/helm/v3/pkg/release/mock.go b/vendor/helm.sh/helm/v3/pkg/release/mock.go
@@ -0,0 +1,116 @@
+/*
+Copyright The Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package release
+
+import (
+	"fmt"
+	"math/rand"
+
+	"helm.sh/helm/v3/pkg/chart"
+	"helm.sh/helm/v3/pkg/time"
+)
+
+// MockHookTemplate is the hook template used for all mock release objects.
+var MockHookTemplate = `apiVersion: v1
+kind: Job
+metadata:
+  annotations:
+    "helm.sh/hook": pre-install
+`
+
+// MockManifest is the manifest used for all mock release objects.
+var MockManifest = `apiVersion: v1
+kind: Secret
+metadata:
+  name: fixture
+`
+
+// MockReleaseOptions allows for user-configurable options on mock release objects.
+type MockReleaseOptions struct {
+	Name      string
+	Version   int
+	Chart     *chart.Chart
+	Status    Status
+	Namespace string
+}
+
+// Mock creates a mock release object based on options set by MockReleaseOptions. This function should typically not be used outside of testing.
+func Mock(opts *MockReleaseOptions) *Release {
+	date := time.Unix(242085845, 0).UTC()
+
+	name := opts.Name
+	if name == "" {
+		name = "testrelease-" + fmt.Sprint(rand.Intn(100))
+	}
+
+	version := 1
+	if opts.Version != 0 {
+		version = opts.Version
+	}
+
+	namespace := opts.Namespace
+	if namespace == "" {
+		namespace = "default"
+	}
+
+	ch := opts.Chart
+	if opts.Chart == nil {
+		ch = &chart.Chart{
+			Metadata: &chart.Metadata{
+				Name:       "foo",
+				Version:    "0.1.0-beta.1",
+				AppVersion: "1.0",
+			},
+			Templates: []*chart.File{
+				{Name: "templates/foo.tpl", Data: []byte(MockManifest)},
+			},
+		}
+	}
+
+	scode := StatusDeployed
+	if len(opts.Status) > 0 {
+		scode = opts.Status
+	}
+
+	info := &Info{
+		FirstDeployed: date,
+		LastDeployed:  date,
+		Status:        scode,
+		Description:   "Release mock",
+		Notes:         "Some mock release notes!",
+	}
+
+	return &Release{
+		Name:      name,
+		Info:      info,
+		Chart:     ch,
+		Config:    map[string]interface{}{"name": "value"},
+		Version:   version,
+		Namespace: namespace,
+		Hooks: []*Hook{
+			{
+				Name:     "pre-install-hook",
+				Kind:     "Job",
+				Path:     "pre-install-hook.yaml",
+				Manifest: MockHookTemplate,
+				LastRun:  HookExecution{},
+				Events:   []HookEvent{HookPreInstall},
+			},
+		},
+		Manifest: MockManifest,
+	}
+}