github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-02-14 10:00:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

🌱 upgrade addon API to include driver in addon status (#1336)
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Failing after 17s
Post / images (amd64, placement) (push) Failing after 48s
Post / images (amd64, registration) (push) Failing after 41s
Post / images (amd64, registration-operator) (push) Failing after 41s
Post / images (amd64, work) (push) Failing after 40s
Post / images (arm64, addon-manager) (push) Failing after 51s
Post / images (arm64, placement) (push) Failing after 41s
Post / images (arm64, registration) (push) Failing after 39s
Post / images (arm64, registration-operator) (push) Failing after 39s
Post / images (arm64, work) (push) Failing after 41s
Post / images (amd64, addon-manager) (push) Failing after 20m22s
Post / image manifest (addon-manager) (push) Has been skipped
Post / image manifest (placement) (push) Has been skipped
Post / image manifest (registration) (push) Has been skipped
Post / image manifest (registration-operator) (push) Has been skipped
Post / image manifest (work) (push) Has been skipped
Post / trigger clusteradm e2e (push) Has been skipped
Post / coverage (push) Failing after 39m15s

Browse Source 
Signed-off-by: Yang Le <yangle@redhat.com>
This commit is contained in:
Yang Le
2026-01-19 12:26:49 +08:00
committed by GitHub
parent 7b92ecf129
commit d165060162
15 changed files with 245 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
deploy/klusterlet/config/crds/0000_00_operator.open-cluster-management.io_klusterlets.crd.yaml
View File

@@ -185,6 +185,35 @@ spec:
description: RegistrationConfiguration contains the configuration
of registration
properties:
addOnKubeClientRegistrationDriver:
description: This provides driver details required to register
add-ons with hub for kubeClient type
properties:
authType:
description: |-
AuthType is the authentication driver used for add-on registration.
Possible values are csr and token.
Currently, this field only affects kubeClient type add-on registration. The csr type add-on registration always uses csr driver.
In the future, this may be extended to customize authentication for csr type add-on registration as well.
enum:
- csr
- token
type: string
token:
description: Token contains the configuration for token-based
registration.
properties:
expirationSeconds:
description: |-
ExpirationSeconds represents the seconds of a token to expire.
If it is not set or 0, the default duration will be used, which is
the same as the certificate expiration set by the hub cluster's
kube-controller-manager (typically 1 year).
The minimum valid value for production use is 3600 (1 hour), though smaller values are allowed for testing.
format: int64
type: integer
type: object
type: object
bootstrapKubeConfigs:
description: |-
BootstrapKubeConfigs defines the ordered list of bootstrap kubeconfigs. The order decides which bootstrap kubeconfig to use first when rebootstrap.
@@ -324,7 +353,7 @@ spec:
type: integer
registrationDriver:
description: This provides driver details required to register
with hub
klusterlet agent with hub
properties:
authType:
default: csr

2
go.mod
View File

@@ -40,7 +40,7 @@ require (
k8s.io/kubectl v0.34.3
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
open-cluster-management.io/addon-framework v1.1.1-0.20251222073158-b5846d76add9
open-cluster-management.io/api v1.1.1-0.20260108015315-68cef17a0643
open-cluster-management.io/api v1.1.1-0.20260116065909-8307845802e0
open-cluster-management.io/sdk-go v1.1.1-0.20260112054941-b6c1a665df1b
sigs.k8s.io/about-api v0.0.0-20250131010323-518069c31c03
sigs.k8s.io/cluster-inventory-api v0.0.0-20251124125836-445319b6307a

4
go.sum
View File

@@ -585,8 +585,8 @@ k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
open-cluster-management.io/addon-framework v1.1.1-0.20251222073158-b5846d76add9 h1:Ll4rTS7hlg9PvEZwVjfpRqvG+Vywclcw1B08Vnf0w3E=
open-cluster-management.io/addon-framework v1.1.1-0.20251222073158-b5846d76add9/go.mod h1:St9LTEuZ5ADLY9cVXSp+rVE/ZbPJ+hzNQ7/YcsiQVd8=
open-cluster-management.io/api v1.1.1-0.20260108015315-68cef17a0643 h1:eA/8UpvFuWr79O7/aAT4bcx/tVG9kkl7+4u9o9dRShM=
open-cluster-management.io/api v1.1.1-0.20260108015315-68cef17a0643/go.mod h1:YcmA6SpGEekIMxdoeVIIyOaBhMA6ImWRLXP4g8n8T+4=
open-cluster-management.io/api v1.1.1-0.20260116065909-8307845802e0 h1:FLYkctX92dosLXm8+SQhfXm3h9K4iiKAKUwJiK88bF4=
open-cluster-management.io/api v1.1.1-0.20260116065909-8307845802e0/go.mod h1:YcmA6SpGEekIMxdoeVIIyOaBhMA6ImWRLXP4g8n8T+4=
open-cluster-management.io/sdk-go v1.1.1-0.20260112054941-b6c1a665df1b h1:r5U3cDh6kuBmzKnAUqeoYPwwVU/VS9udvpcDEkxh6g4=
open-cluster-management.io/sdk-go v1.1.1-0.20260112054941-b6c1a665df1b/go.mod h1:4haPv/uuKqQ3gxi62/PPknlrUFi132ga0KYLwj5tpx0=
sigs.k8s.io/about-api v0.0.0-20250131010323-518069c31c03 h1:1ShFiMjGQOR/8jTBkmZrk1gORxnvMwm1nOy2/DbHg4U=

28
manifests/cluster-manager/hub/crds/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml
View File

@@ -316,6 +316,18 @@ spec:
RegistrationConfig defines the configuration of the addon agent to register to hub. The Klusterlet agent will
create a csr for the addon agent with the registrationConfig.
properties:
driver:
description: |-
driver specifies the authentication driver used by the ManagedClusterAddOn
for this registration configuration when the signer name is
`kubernetes.io/kube-apiserver-client`.
This field is ignored for other signer names.
Supported values are `csr` and `token`.
The field is set by the agent to declare which authentication driver it is using.
enum:
- csr
- token
type: string
signerName:
description: |-
Deprecated: Will be replaced with type: kubeClient and type: csr in v1beta1.
@@ -661,10 +673,10 @@ spec:
description: RegistrationConfig defines the configuration for the
addon agent to register to the hub cluster.
properties:
csr:
customSigner:
description: |-
csr holds the configuration for csr type registration.
It should be set when type is "csr".
customSigner holds the configuration for customSigner type registration.
It should be set when type is "customSigner".
properties:
signerName:
description: signerName is the name of signer that addon
@@ -700,6 +712,14 @@ spec:
kubeClient holds the configuration for kubeClient type registration.
It should be set when type is "kubeClient".
properties:
driver:
description: |-
driver is the authentication driver used by managedclusteraddon for kubeClient registration. Possible values are csr and token.
This field is set by the agent to declare which driver it is using.
enum:
- csr
- token
type: string
subject:
description: subject is the user subject of the addon agent
to be registered to the hub.
@@ -718,7 +738,7 @@ spec:
description: type specifies the type of registration configuration.
enum:
- kubeClient
- csr
- customSigner
type: string
required:
- type

2
vendor/modules.txt vendored
View File

@@ -1888,7 +1888,7 @@ open-cluster-management.io/addon-framework/pkg/agent
open-cluster-management.io/addon-framework/pkg/assets
open-cluster-management.io/addon-framework/pkg/index
open-cluster-management.io/addon-framework/pkg/utils
# open-cluster-management.io/api v1.1.1-0.20260108015315-68cef17a0643
# open-cluster-management.io/api v1.1.1-0.20260116065909-8307845802e0
## explicit; go 1.25.0
open-cluster-management.io/api/addon/v1alpha1
open-cluster-management.io/api/addon/v1beta1

12
vendor/open-cluster-management.io/api/addon/v1alpha1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml generated vendored
View File

@@ -303,6 +303,18 @@ spec:
RegistrationConfig defines the configuration of the addon agent to register to hub. The Klusterlet agent will
create a csr for the addon agent with the registrationConfig.
properties:
driver:
description: |-
driver specifies the authentication driver used by the ManagedClusterAddOn
for this registration configuration when the signer name is
`kubernetes.io/kube-apiserver-client`.
This field is ignored for other signer names.
Supported values are `csr` and `token`.
The field is set by the agent to declare which authentication driver it is using.
enum:
- csr
- token
type: string
signerName:
description: |-
Deprecated: Will be replaced with type: kubeClient and type: csr in v1beta1.

10
vendor/open-cluster-management.io/api/addon/v1alpha1/types_managedclusteraddon.go generated vendored
View File

@@ -73,6 +73,16 @@ type RegistrationConfig struct {
//
// +optional
Subject Subject `json:"subject,omitempty"`
// driver specifies the authentication driver used by the ManagedClusterAddOn
// for this registration configuration when the signer name is
// `kubernetes.io/kube-apiserver-client`.
// This field is ignored for other signer names.
// Supported values are `csr` and `token`.
// The field is set by the agent to declare which authentication driver it is using.
// +optional
// +kubebuilder:validation:Enum=csr;token
Driver string `json:"driver,omitempty"`
}
type AddOnConfig struct {

28
vendor/open-cluster-management.io/api/addon/v1beta1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml generated vendored
View File

@@ -303,6 +303,18 @@ spec:
RegistrationConfig defines the configuration of the addon agent to register to hub. The Klusterlet agent will
create a csr for the addon agent with the registrationConfig.
properties:
driver:
description: |-
driver specifies the authentication driver used by the ManagedClusterAddOn
for this registration configuration when the signer name is
`kubernetes.io/kube-apiserver-client`.
This field is ignored for other signer names.
Supported values are `csr` and `token`.
The field is set by the agent to declare which authentication driver it is using.
enum:
- csr
- token
type: string
signerName:
description: |-
Deprecated: Will be replaced with type: kubeClient and type: csr in v1beta1.
@@ -648,10 +660,10 @@ spec:
description: RegistrationConfig defines the configuration for the
addon agent to register to the hub cluster.
properties:
csr:
customSigner:
description: |-
csr holds the configuration for csr type registration.
It should be set when type is "csr".
customSigner holds the configuration for customSigner type registration.
It should be set when type is "customSigner".
properties:
signerName:
description: signerName is the name of signer that addon
@@ -687,6 +699,14 @@ spec:
kubeClient holds the configuration for kubeClient type registration.
It should be set when type is "kubeClient".
properties:
driver:
description: |-
driver is the authentication driver used by managedclusteraddon for kubeClient registration. Possible values are csr and token.
This field is set by the agent to declare which driver it is using.
enum:
- csr
- token
type: string
subject:
description: subject is the user subject of the addon agent
to be registered to the hub.
@@ -705,7 +725,7 @@ spec:
description: type specifies the type of registration configuration.
enum:
- kubeClient
- csr
- customSigner
type: string
required:
- type

15
vendor/open-cluster-management.io/api/addon/v1beta1/conversion.go generated vendored
View File

@@ -3,6 +3,7 @@ package v1beta1
import (
"fmt"
certificates "k8s.io/api/certificates/v1"
"k8s.io/apimachinery/pkg/conversion"
"open-cluster-management.io/api/addon/v1alpha1"
@@ -117,12 +118,13 @@ func Convert_v1beta1_RegistrationConfig_To_v1alpha1_RegistrationConfig(in *Regis
User: in.KubeClient.Subject.User,
Groups: in.KubeClient.Subject.Groups,
}
out.Driver = in.KubeClient.Driver
} else {
if in.CSR == nil {
return fmt.Errorf("nil CSR")
if in.CustomSigner == nil {
return fmt.Errorf("nil CustomSigner")
}
out.SignerName = in.CSR.SignerName
if err := Convert_v1beta1_Subject_To_v1alpha1_Subject(&in.CSR.Subject, &out.Subject, s); err != nil {
out.SignerName = in.CustomSigner.SignerName
if err := Convert_v1beta1_Subject_To_v1alpha1_Subject(&in.CustomSigner.Subject, &out.Subject, s); err != nil {
return err
}
}
@@ -141,10 +143,11 @@ func Convert_v1alpha1_RegistrationConfig_To_v1beta1_RegistrationConfig(in *v1alp
Groups: in.Subject.Groups,
},
},
Driver: in.Driver,
}
} else {
out.Type = CSR
out.CSR = &CSRConfig{
out.Type = CustomSigner
out.CustomSigner = &CustomSignerConfig{
SignerName: in.SignerName,
Subject: Subject{
BaseSubject: BaseSubject{

20
vendor/open-cluster-management.io/api/addon/v1beta1/types_managedclusteraddon.go generated vendored
View File

@@ -50,15 +50,15 @@ const (
// the hub kube-apiserver using kubeClient.
KubeClient RegistrationType = "kubeClient"
// csr represents the registration type for addon agents that need to access non-kube endpoints
// customSigner represents the registration type for addon agents that need to access non-kube endpoints
// on the hub cluster with client certificate authentication.
CSR RegistrationType = "csr"
CustomSigner RegistrationType = "customSigner"
)
// RegistrationConfig defines the configuration for the addon agent to register to the hub cluster.
type RegistrationConfig struct {
// type specifies the type of registration configuration.
// +kubebuilder:validation:Enum=kubeClient;csr
// +kubebuilder:validation:Enum=kubeClient;customSigner
// +required
Type RegistrationType `json:"type"`
@@ -67,19 +67,25 @@ type RegistrationConfig struct {
// +optional
KubeClient *KubeClientConfig `json:"kubeClient,omitempty"`
// csr holds the configuration for csr type registration.
// It should be set when type is "csr".
// customSigner holds the configuration for customSigner type registration.
// It should be set when type is "customSigner".
// +optional
CSR *CSRConfig `json:"csr,omitempty"`
CustomSigner *CustomSignerConfig `json:"customSigner,omitempty"`
}
type KubeClientConfig struct {
// subject is the user subject of the addon agent to be registered to the hub.
// +optional
Subject KubeClientSubject `json:"subject,omitempty"`
// driver is the authentication driver used by managedclusteraddon for kubeClient registration. Possible values are csr and token.
// This field is set by the agent to declare which driver it is using.
// +optional
// +kubebuilder:validation:Enum=csr;token
Driver string `json:"driver,omitempty"`
}
type CSRConfig struct {
type CustomSignerConfig struct {
// signerName is the name of signer that addon agent will use to create csr.
// +required
// +kubebuilder:validation:MaxLength=571

3
vendor/open-cluster-management.io/api/addon/v1beta1/zz_generated.conversion.go generated vendored
View File

@@ -1182,13 +1182,14 @@ func Convert_v1alpha1_ProxyConfig_To_v1beta1_ProxyConfig(in *v1alpha1.ProxyConfi
func autoConvert_v1beta1_RegistrationConfig_To_v1alpha1_RegistrationConfig(in *RegistrationConfig, out *v1alpha1.RegistrationConfig, s conversion.Scope) error {
// WARNING: in.Type requires manual conversion: does not exist in peer-type
// WARNING: in.KubeClient requires manual conversion: does not exist in peer-type
// WARNING: in.CSR requires manual conversion: does not exist in peer-type
// WARNING: in.CustomSigner requires manual conversion: does not exist in peer-type
return nil
}
func autoConvert_v1alpha1_RegistrationConfig_To_v1beta1_RegistrationConfig(in *v1alpha1.RegistrationConfig, out *RegistrationConfig, s conversion.Scope) error {
// WARNING: in.SignerName requires manual conversion: does not exist in peer-type
// WARNING: in.Subject requires manual conversion: does not exist in peer-type
// WARNING: in.Driver requires manual conversion: does not exist in peer-type
return nil
}

40
vendor/open-cluster-management.io/api/addon/v1beta1/zz_generated.deepcopy.go generated vendored
View File

@@ -166,23 +166,6 @@ func (in *BaseSubject) DeepCopy() *BaseSubject {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CSRConfig) DeepCopyInto(out *CSRConfig) {
*out = *in
in.Subject.DeepCopyInto(&out.Subject)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSRConfig.
func (in *CSRConfig) DeepCopy() *CSRConfig {
if in == nil {
return nil
}
out := new(CSRConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterManagementAddOn) DeepCopyInto(out *ClusterManagementAddOn) {
*out = *in
@@ -390,6 +373,23 @@ func (in *ContainerResourceRequirements) DeepCopy() *ContainerResourceRequiremen
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CustomSignerConfig) DeepCopyInto(out *CustomSignerConfig) {
*out = *in
in.Subject.DeepCopyInto(&out.Subject)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomSignerConfig.
func (in *CustomSignerConfig) DeepCopy() *CustomSignerConfig {
if in == nil {
return nil
}
out := new(CustomSignerConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CustomizedVariable) DeepCopyInto(out *CustomizedVariable) {
*out = *in
@@ -825,9 +825,9 @@ func (in *RegistrationConfig) DeepCopyInto(out *RegistrationConfig) {
*out = new(KubeClientConfig)
(*in).DeepCopyInto(*out)
}
if in.CSR != nil {
in, out := &in.CSR, &out.CSR
*out = new(CSRConfig)
if in.CustomSigner != nil {
in, out := &in.CustomSigner, &out.CustomSigner
*out = new(CustomSignerConfig)
(*in).DeepCopyInto(*out)
}
return

31
vendor/open-cluster-management.io/api/operator/v1/0000_00_operator.open-cluster-management.io_klusterlets.crd.yaml generated vendored
View File

@@ -185,6 +185,35 @@ spec:
description: RegistrationConfiguration contains the configuration
of registration
properties:
addOnKubeClientRegistrationDriver:
description: This provides driver details required to register
add-ons with hub for kubeClient type
properties:
authType:
description: |-
AuthType is the authentication driver used for add-on registration.
Possible values are csr and token.
Currently, this field only affects kubeClient type add-on registration. The csr type add-on registration always uses csr driver.
In the future, this may be extended to customize authentication for csr type add-on registration as well.
enum:
- csr
- token
type: string
token:
description: Token contains the configuration for token-based
registration.
properties:
expirationSeconds:
description: |-
ExpirationSeconds represents the seconds of a token to expire.
If it is not set or 0, the default duration will be used, which is
the same as the certificate expiration set by the hub cluster's
kube-controller-manager (typically 1 year).
The minimum valid value for production use is 3600 (1 hour), though smaller values are allowed for testing.
format: int64
type: integer
type: object
type: object
bootstrapKubeConfigs:
description: |-
BootstrapKubeConfigs defines the ordered list of bootstrap kubeconfigs. The order decides which bootstrap kubeconfig to use first when rebootstrap.
@@ -324,7 +353,7 @@ spec:
type: integer
registrationDriver:
description: This provides driver details required to register
with hub
klusterlet agent with hub
properties:
authType:
default: csr

30
vendor/open-cluster-management.io/api/operator/v1/types_klusterlet.go generated vendored
View File

@@ -178,10 +178,14 @@ type RegistrationConfiguration struct {
// +optional
BootstrapKubeConfigs BootstrapKubeConfigs `json:"bootstrapKubeConfigs,omitempty"`
// This provides driver details required to register with hub
// This provides driver details required to register klusterlet agent with hub
// +optional
RegistrationDriver RegistrationDriver `json:"registrationDriver,omitempty"`
// This provides driver details required to register add-ons with hub for kubeClient type
// +optional
AddOnKubeClientRegistrationDriver AddOnRegistrationDriver `json:"addOnKubeClientRegistrationDriver,omitempty"`
// ClusterClaimConfiguration represents the configuration of ClusterClaim
// Effective only when the `ClusterClaim` feature gate is enabled.
// +optional
@@ -232,6 +236,30 @@ type AwsIrsa struct {
ManagedClusterArn string `json:"managedClusterArn"`
}
type AddOnRegistrationDriver struct {
// AuthType is the authentication driver used for add-on registration.
// Possible values are csr and token.
// Currently, this field only affects kubeClient type add-on registration. The csr type add-on registration always uses csr driver.
// In the future, this may be extended to customize authentication for csr type add-on registration as well.
// +optional
// +kubebuilder:validation:Enum=csr;token
AuthType string `json:"authType,omitempty"`
// Token contains the configuration for token-based registration.
// +optional
Token *TokenConfig `json:"token,omitempty"`
}
type TokenConfig struct {
// ExpirationSeconds represents the seconds of a token to expire.
// If it is not set or 0, the default duration will be used, which is
// the same as the certificate expiration set by the hub cluster's
// kube-controller-manager (typically 1 year).
// The minimum valid value for production use is 3600 (1 hour), though smaller values are allowed for testing.
// +optional
ExpirationSeconds int64 `json:"expirationSeconds,omitempty"`
}
type TypeBootstrapKubeConfigs string
const (

38
vendor/open-cluster-management.io/api/operator/v1/zz_generated.deepcopy.go generated vendored
View File

@@ -33,6 +33,27 @@ func (in *AddOnManagerConfiguration) DeepCopy() *AddOnManagerConfiguration {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AddOnRegistrationDriver) DeepCopyInto(out *AddOnRegistrationDriver) {
*out = *in
if in.Token != nil {
in, out := &in.Token, &out.Token
*out = new(TokenConfig)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddOnRegistrationDriver.
func (in *AddOnRegistrationDriver) DeepCopy() *AddOnRegistrationDriver {
if in == nil {
return nil
}
out := new(AddOnRegistrationDriver)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AwsIrsa) DeepCopyInto(out *AwsIrsa) {
*out = *in
@@ -830,6 +851,7 @@ func (in *RegistrationConfiguration) DeepCopyInto(out *RegistrationConfiguration
}
in.BootstrapKubeConfigs.DeepCopyInto(&out.BootstrapKubeConfigs)
in.RegistrationDriver.DeepCopyInto(&out.RegistrationDriver)
in.AddOnKubeClientRegistrationDriver.DeepCopyInto(&out.AddOnKubeClientRegistrationDriver)
if in.ClusterClaimConfiguration != nil {
in, out := &in.ClusterClaimConfiguration, &out.ClusterClaimConfiguration
*out = new(ClusterClaimConfiguration)
@@ -1045,6 +1067,22 @@ func (in *ServerURL) DeepCopy() *ServerURL {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TokenConfig) DeepCopyInto(out *TokenConfig) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenConfig.
func (in *TokenConfig) DeepCopy() *TokenConfig {
if in == nil {
return nil
}
out := new(TokenConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WorkAgentConfiguration) DeepCopyInto(out *WorkAgentConfiguration) {
*out = *in