Merge pull request #47 from agradouski/issue/20

Allow to specify external cluster for hollow pods

Author: k8s-ci-robot

api/v1alpha4/kubemarkmachine_types.go

@@ -47,6 +47,9 @@ type KubemarkMachineSpec struct {
 	// will be passed to the `kubemark` binary.
 	// +optional
 	KubemarkOptions KubemarkProcessOptions `json:"kubemarkOptions,omitempty"`
+
+	// KubemarkHollowPodClusterSecretRef is a reference to a secret with a kubeconfig for an external cluster used for kubemark pods.
+	KubemarkHollowPodClusterSecretRef *corev1.ObjectReference `json:"kubemarkHollowPodClusterSecretRef,omitempty"`
 }
 
 // Mount specifies a host volume to mount into a container.

api/v1alpha4/zz_generated.deepcopy.go

@@ -75,6 +75,44 @@ spec:
                   - name
                   type: object
                 type: array
+              kubemarkHollowPodClusterSecretRef:
+                description: KubemarkHollowPodClusterSecretRef is a reference to a
+                  secret with a kubeconfig for an external cluster used for kubemark
+                  pods.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
               kubemarkOptions:
                 description: KubemarkOptions are API representations of command line
                   flags that will be passed to the `kubemark` binary.

config/crd/bases/infrastructure.cluster.x-k8s.io_kubemarkmachines.yaml

@@ -87,6 +87,45 @@ spec:
                           - name
                           type: object
                         type: array
+                      kubemarkHollowPodClusterSecretRef:
+                        description: KubemarkHollowPodClusterSecretRef is a reference
+                          to a secret with a kubeconfig for an external cluster used
+                          for kubemark pods.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
                       kubemarkOptions:
                         description: KubemarkOptions are API representations of command
                           line flags that will be passed to the `kubemark` binary.

config/crd/bases/infrastructure.cluster.x-k8s.io_kubemarkmachinetemplates.yaml

@@ -0,0 +1,65 @@
+package controllers
+
+import (
+	gocontext "context"
+	"strings"
+
+	"github.com/pkg/errors"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/tools/clientcmd"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type KubemarkCluster interface {
+	GenerateKubemarkClusterClient(kubemarkClusterSecretRef *corev1.ObjectReference, ownerNamespace string, context gocontext.Context) (client.Client, string, error)
+}
+
+// NewKubemarkCluster creates new KubemarkCluster instance
+func NewKubemarkCluster(client client.Client) KubemarkCluster {
+	return &kubemarkCluster{
+		Client: client,
+	}
+}
+
+type kubemarkCluster struct {
+	client.Client
+}
+
+// GenerateKubemarkClusterClient creates a client for kubemark cluster.
+func (w *kubemarkCluster) GenerateKubemarkClusterClient(kubemarkClusterSecretRef *corev1.ObjectReference, ownerNamespace string, context gocontext.Context) (client.Client, string, error) {
+	if kubemarkClusterSecretRef == nil {
+		return w.Client, ownerNamespace, nil
+	}
+
+	kubemarkClusterKubeconfigSecret := &corev1.Secret{}
+	kubemarkClusterKubeconfigSecretKey := client.ObjectKey{Namespace: kubemarkClusterSecretRef.Namespace, Name: kubemarkClusterSecretRef.Name}
+	if err := w.Client.Get(context, kubemarkClusterKubeconfigSecretKey, kubemarkClusterKubeconfigSecret); err != nil {
+		return nil, "", errors.Wrapf(err, "failed to fetch kubemark cluster kubeconfig secret %s/%s", kubemarkClusterSecretRef.Namespace, kubemarkClusterSecretRef.Name)
+	}
+
+	kubeConfig, ok := kubemarkClusterKubeconfigSecret.Data["kubeconfig"]
+	if !ok {
+		return nil, "", errors.New("Failed to retrieve kubemark cluster kubeconfig from secret: 'kubeconfig' key is missing.")
+	}
+
+	namespace := "default"
+	namespaceBytes, ok := kubemarkClusterKubeconfigSecret.Data["namespace"]
+	if ok {
+		namespace = string(namespaceBytes)
+		namespace = strings.TrimSpace(namespace)
+	}
+
+	// generate REST config
+	restConfig, err := clientcmd.RESTConfigFromKubeConfig(kubeConfig)
+	if err != nil {
+		return nil, "", errors.Wrap(err, "failed to create REST config")
+	}
+
+	// create the client
+	kubemarkClusterClient, err := client.New(restConfig, client.Options{Scheme: w.Client.Scheme()})
+	if err != nil {
+		return nil, "", errors.Wrap(err, "failed to create kubemark cluster client")
+	}
+
+	return kubemarkClusterClient, namespace, nil
+}

controllers/kubemarkcluster.go

@@ -69,9 +69,10 @@ const (
 // KubemarkMachineReconciler reconciles a KubemarkMachine object
 type KubemarkMachineReconciler struct {
 	client.Client
-	Log           logr.Logger
-	Scheme        *runtime.Scheme
-	KubemarkImage string
+	KubemarkCluster KubemarkCluster
+	Log             logr.Logger
+	Scheme          *runtime.Scheme
+	KubemarkImage   string
 }
 
 // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=kubemarkmachines,verbs=get;list;watch;create;update;patch;delete
@@ -114,24 +115,34 @@ func (r *KubemarkMachineReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		}
 	}()
 
+	kubemarkClusterClient, kubemarkClusterNamespace, err := r.KubemarkCluster.GenerateKubemarkClusterClient(kubemarkMachine.Spec.KubemarkHollowPodClusterSecretRef, kubemarkMachine.Namespace, ctx)
+	if err != nil {
+		return ctrl.Result{RequeueAfter: 10 * time.Second}, err
+	}
+
+	if kubemarkClusterClient == nil {
+		logger.Info("Waiting for kubemark cluster client...")
+		return ctrl.Result{RequeueAfter: 10 * time.Second}, nil
+	}
+
 	if !kubemarkMachine.ObjectMeta.DeletionTimestamp.IsZero() {
 		logger.Info("deleting machine")
 
-		if err := r.Delete(ctx, &v1.Pod{
+		if err := kubemarkClusterClient.Delete(ctx, &v1.Pod{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      kubemarkMachine.Name,
-				Namespace: kubemarkMachine.Namespace,
+				Namespace: kubemarkClusterNamespace,
 			},
 		}); err != nil {
 			if !apierrors.IsNotFound(err) {
 				logger.Error(err, "error deleting kubemark pod")
 				return ctrl.Result{}, err
 			}
 		}
-		if err := r.Delete(ctx, &v1.Secret{
+		if err := kubemarkClusterClient.Delete(ctx, &v1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      kubemarkMachine.Name,
-				Namespace: kubemarkMachine.Namespace,
+				Namespace: kubemarkClusterNamespace,
 			},
 		}); err != nil {
 			if !apierrors.IsNotFound(err) {
@@ -266,14 +277,14 @@ func (r *KubemarkMachineReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 	secret := &v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      kubemarkMachine.Name,
-			Namespace: kubemarkMachine.Namespace,
+			Namespace: kubemarkClusterNamespace,
 		},
 		Data: map[string][]byte{
 			"kubeconfig": kubeconfig,
 			"cert.pem":   stackedCert.Bytes(),
 		},
 	}
-	if err := r.Create(ctx, secret); err != nil {
+	if err := kubemarkClusterClient.Create(ctx, secret); err != nil {
 		if !apierrors.IsAlreadyExists(err) {
 			logger.Error(err, "failed to create secret")
 			return ctrl.Result{}, err
@@ -323,7 +334,7 @@ func (r *KubemarkMachineReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      kubemarkMachine.Name,
 			Labels:    map[string]string{"app": kubemarkName},
-			Namespace: kubemarkMachine.Namespace,
+			Namespace: kubemarkClusterNamespace,
 		},
 		Spec: v1.PodSpec{
 			Containers: []v1.Container{
@@ -391,7 +402,7 @@ func (r *KubemarkMachineReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 			})
 	}
 
-	if err = r.Create(ctx, pod); err != nil {
+	if err = kubemarkClusterClient.Create(ctx, pod); err != nil {
 		if !apierrors.IsAlreadyExists(err) {
 			logger.Error(err, "failed to create pod")
 			return ctrl.Result{}, err

controllers/kubemarkmachine_controller.go

@@ -5,6 +5,7 @@ go 1.16
 require (
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/go-logr/logr v0.4.0
+	github.com/pkg/errors v0.9.1 // indirect
 	k8s.io/api v0.21.3
 	k8s.io/apimachinery v0.22.0-alpha.0.0.20210417144234-8daf28983e6e
 	k8s.io/client-go v0.21.3

go.mod

@@ -0,0 +1,66 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: MachineDeployment
+metadata:
+  annotations:
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "5"
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "1"
+  name: km-wl-kubemark-external-md-0
+  namespace: default
+spec:
+  clusterName: km-cp
+  replicas: 4
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/cluster-name: km-cp
+      cluster.x-k8s.io/deployment-name: km-wl-kubemark-external-md-0
+  template:
+    metadata:
+      labels:
+        cluster.x-k8s.io/cluster-name: km-cp
+        cluster.x-k8s.io/deployment-name: km-wl-kubemark-external-md-0
+    spec:
+      bootstrap:
+        configRef:
+          apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+          kind: KubeadmConfigTemplate
+          name: km-wl-kubemark-external-md-0
+      clusterName: km-cp
+      infrastructureRef:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+        kind: KubemarkMachineTemplate
+        name: km-wl-kubemark-external-md-0
+      version: 1.21.1
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+kind: KubemarkMachineTemplate
+metadata:
+  labels:
+    cluster.x-k8s.io/cluster-name: km-cp
+  name: km-wl-kubemark-external-md-0
+  namespace: default
+spec:
+  template:
+    spec:
+      extraMounts:
+        - name: containerd-sock
+          containerPath: /run/containerd/containerd.sock
+          hostPath: /run/containerd/containerd.sock
+          type: Socket
+      kubemarkHollowPodClusterSecretRef:
+        apiVersion: v1
+        kind: Secret
+        name: kubemark-cluster-kubeconfig
+        namespace: capk-system
+---
+apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+kind: KubeadmConfigTemplate
+metadata:
+  name: km-wl-kubemark-external-md-0
+  namespace: default
+spec:
+  template:
+    spec:
+      joinConfiguration:
+        nodeRegistration:
+          name: ''
+

hack/tests/resources/kubemark-machine-deployment-external-cluster.yaml

@@ -75,10 +75,11 @@ func main() {
 	}
 	ctx := ctrl.SetupSignalHandler()
 	if err = (&controllers.KubemarkMachineReconciler{
-		Client:        mgr.GetClient(),
-		Log:           ctrl.Log.WithName("controllers").WithName("KubemarkMachine"),
-		Scheme:        mgr.GetScheme(),
-		KubemarkImage: kubemarkImage,
+		Client:          mgr.GetClient(),
+		KubemarkCluster: controllers.NewKubemarkCluster(mgr.GetClient()),
+		Log:             ctrl.Log.WithName("controllers").WithName("KubemarkMachine"),
+		Scheme:          mgr.GetScheme(),
+		KubemarkImage:   kubemarkImage,
 	}).SetupWithManager(ctx, mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "KubemarkMachine")
 		os.Exit(1)