support getting cluster authentication info from secrets

Signed-off-by: Iceber Gu <[email protected]>

Author: Iceber

cmd/apiserver/app/options/options.go

@@ -26,6 +26,8 @@ import (
 	storageoptions "github.com/clusterpedia-io/clusterpedia/pkg/storage/options"
 )
 
+const DefaultNamespace = "clusterpedia-system"
+
 type ClusterPediaServerOptions struct {
 	MaxRequestsInFlight         int
 	MaxMutatingRequestsInFlight int
@@ -41,6 +43,7 @@ type ClusterPediaServerOptions struct {
 	Traces         *genericoptions.TracingOptions
 	Metrics        *metrics.Options
 
+	RunInNamespace string
 	Storage        *storageoptions.StorageOptions
 	ResourceServer *kubeapiserver.Options
 }
@@ -72,6 +75,7 @@ func NewServerOptions() *ClusterPediaServerOptions {
 		Traces:         genericoptions.NewTracingOptions(),
 		Metrics:        metrics.NewOptions(),
 
+		RunInNamespace: DefaultNamespace,
 		Storage:        storageoptions.NewStorageOptions(),
 		ResourceServer: kubeapiserver.NewOptions(),
 	}
@@ -101,6 +105,7 @@ func (o *ClusterPediaServerOptions) Config() (*apiserver.Config, error) {
 	if err != nil {
 		return nil, err
 	}
+	resourceServerConfig.SecretNamespace = o.RunInNamespace
 
 	if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil {
 		return nil, fmt.Errorf("error create self-signed certificates: %v", err)
@@ -171,6 +176,7 @@ func (o *ClusterPediaServerOptions) Flags() cliflag.NamedFlagSets {
 	var fss cliflag.NamedFlagSets
 
 	genericfs := fss.FlagSet("generic")
+	genericfs.StringVar(&o.RunInNamespace, "namespace", o.RunInNamespace, "The namespace in which the Pod is running.")
 	genericfs.IntVar(&o.MaxRequestsInFlight, "max-requests-inflight", o.MaxRequestsInFlight, ""+
 		"Otherwise, this flag limits the maximum number of non-mutating requests in flight, or a zero value disables the limit completely.")
 	genericfs.IntVar(&o.MaxMutatingRequestsInFlight, "max-mutating-requests-inflight", o.MaxMutatingRequestsInFlight, ""+

cmd/binding-apiserver/app/binding_apiserver.go

@@ -8,6 +8,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/util/runtime"
 	genericfeatures "k8s.io/apiserver/pkg/features"
+	clientset "k8s.io/client-go/kubernetes"
 	cliflag "k8s.io/component-base/cli/flag"
 	"k8s.io/component-base/cli/globalflag"
 	"k8s.io/component-base/featuregate"
@@ -60,12 +61,16 @@ func NewClusterPediaServerCommand(ctx context.Context) *cobra.Command {
 				return fmt.Errorf("CompletedConfig.New() called with config.StorageFactory == nil")
 			}
 
+			client, err := clientset.NewForConfig(completedConfig.ClientConfig)
+			if err != nil {
+				return err
+			}
 			crdclient, err := versioned.NewForConfig(completedConfig.ClientConfig)
 			if err != nil {
 				return err
 			}
 
-			synchromanager := synchromanager.NewManager(crdclient, config.StorageFactory, clustersynchro.ClusterSyncConfig{}, "")
+			synchromanager := synchromanager.NewManager(client, crdclient, config.StorageFactory, clustersynchro.ClusterSyncConfig{}, "", config.ExtraConfig.SecretNamespace)
 			go synchromanager.Run(1, ctx.Done())
 
 			server, err := completedConfig.New()

cmd/clustersynchro-manager/app/config/config.go

@@ -1,6 +1,7 @@
 package config
 
 import (
+	"k8s.io/client-go/kubernetes"
 	restclient "k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/record"
 	componentbaseconfig "k8s.io/component-base/config"
@@ -14,6 +15,8 @@ import (
 
 type Config struct {
 	Kubeconfig    *restclient.Config
+	Namespace     string
+	Client        kubernetes.Interface
 	CRDClient     *crdclientset.Clientset
 	EventRecorder record.EventRecorder
 

cmd/clustersynchro-manager/app/options/options.go

@@ -31,6 +31,8 @@ import (
 
 const (
 	ClusterSynchroManagerUserAgent = "cluster-synchro-manager"
+
+	DefaultNamespace = "clusterpedia-system"
 )
 
 type Options struct {
@@ -45,6 +47,7 @@ type Options struct {
 	Metrics          *MetricsOptions
 	KubeStateMetrics *kubestatemetrics.Options
 
+	RunInNamespace          string
 	WorkerNumber            int // WorkerNumber is the number of worker goroutines
 	PageSizeForResourceSync int64
 	ShardingName            string
@@ -59,7 +62,7 @@ func NewClusterSynchroManagerOptions() (*Options, error) {
 	componentbaseconfigv1alpha1.RecommendedDefaultClientConnectionConfiguration(&clientConnection)
 
 	leaderElection.ResourceName = "clusterpedia-clustersynchro-manager"
-	leaderElection.ResourceNamespace = "clusterpedia-system"
+	leaderElection.ResourceNamespace = DefaultNamespace
 	leaderElection.ResourceLock = resourcelock.LeasesResourceLock
 
 	clientConnection.ContentType = runtime.ContentTypeJSON
@@ -78,6 +81,7 @@ func NewClusterSynchroManagerOptions() (*Options, error) {
 	options.Storage = storageoptions.NewStorageOptions()
 	options.Metrics = NewMetricsOptions()
 	options.KubeStateMetrics = kubestatemetrics.NewOptions()
+	options.RunInNamespace = DefaultNamespace
 
 	options.WorkerNumber = 5
 	return &options, nil
@@ -92,6 +96,7 @@ func (o *Options) Flags() cliflag.NamedFlagSets {
 	genericfs.Int32Var(&o.ClientConnection.Burst, "kube-api-burst", o.ClientConnection.Burst, "Burst to use while talking with kubernetes apiserver.")
 	genericfs.IntVar(&o.WorkerNumber, "worker-number", o.WorkerNumber, "The number of worker goroutines.")
 	genericfs.StringVar(&o.ShardingName, "sharding-name", o.ShardingName, "The sharding name of manager.")
+	genericfs.StringVar(&o.RunInNamespace, "namespace", o.RunInNamespace, "The namespace in which the Pod is running.")
 
 	syncfs := fss.FlagSet("resource sync")
 	syncfs.Int64Var(&o.PageSizeForResourceSync, "page-size", o.PageSizeForResourceSync, "The requested chunk size of initial and resync watch lists for resource sync")
@@ -169,8 +174,12 @@ func (o *Options) Config() (*config.Config, error) {
 	if o.ShardingName != "" {
 		o.LeaderElection.ResourceName = fmt.Sprintf("%s-%s", o.LeaderElection.ResourceName, o.ShardingName)
 	}
+	// Override the namespace for leader election resource.
+	o.LeaderElection.ResourceNamespace = o.RunInNamespace
 
 	return &config.Config{
+		Namespace:     o.RunInNamespace,
+		Client:        client,
 		CRDClient:     crdclient,
 		Kubeconfig:    kubeconfig,
 		EventRecorder: eventRecorder,

cmd/clustersynchro-manager/app/synchro.go

@@ -92,7 +92,7 @@ func NewClusterSynchroManagerCommand(ctx context.Context) *cobra.Command {
 }
 
 func Run(ctx context.Context, c *config.Config) error {
-	synchromanager := synchromanager.NewManager(c.CRDClient, c.StorageFactory, c.ClusterSyncConfig, c.ShardingName)
+	synchromanager := synchromanager.NewManager(c.Client, c.CRDClient, c.StorageFactory, c.ClusterSyncConfig, c.ShardingName, c.Namespace)
 
 	go func() {
 		metricsserver.Run(c.MetricsServerConfig)

kustomize/crds/cluster.clusterpedia.io_pediaclusters.yaml

@@ -71,6 +71,64 @@ spec:
               certData:
                 format: byte
                 type: string
+              certificationFrom:
+                properties:
+                  ca:
+                    properties:
+                      key:
+                        type: string
+                      name:
+                        description: Namespace string `json:"namespace"`
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  cert:
+                    properties:
+                      key:
+                        type: string
+                      name:
+                        description: Namespace string `json:"namespace"`
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  key:
+                    properties:
+                      key:
+                        type: string
+                      name:
+                        description: Namespace string `json:"namespace"`
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  kubeconfig:
+                    properties:
+                      key:
+                        type: string
+                      name:
+                        description: Namespace string `json:"namespace"`
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  token:
+                    properties:
+                      key:
+                        type: string
+                      name:
+                        description: Namespace string `json:"namespace"`
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                type: object
               keyData:
                 format: byte
                 type: string

pkg/apiserver/apiserver.go

@@ -124,6 +124,7 @@ func (config completedConfig) New() (*ClusterPediaServer, error) {
 	resourceServerConfig.GenericConfig.ExternalAddress = config.GenericConfig.ExternalAddress
 	resourceServerConfig.GenericConfig.LoopbackClientConfig = config.GenericConfig.LoopbackClientConfig
 	resourceServerConfig.GenericConfig.TracerProvider = config.GenericConfig.TracerProvider
+	resourceServerConfig.GenericConfig.SharedInformerFactory = config.GenericConfig.SharedInformerFactory
 	resourceServerConfig.InformerFactory = clusterpediaInformerFactory
 	resourceServerConfig.StorageFactory = config.StorageFactory
 	resourceServerConfig.InitialAPIGroupResources = initialAPIGroupResources

pkg/generated/openapi/zz_generated.openapi.go

@@ -66,6 +66,7 @@ func NewDefaultConfig() *Config {
 }
 
 type ExtraConfig struct {
+	SecretNamespace                 string
 	AllowPediaClusterConfigReuse    bool
 	ExtraProxyRequestHeaderPrefixes []string
 	AllowedProxySubresources        map[schema.GroupResource]sets.Set[string]
@@ -103,6 +104,7 @@ func (c *Config) Complete() CompletedConfig {
 type completedConfig struct {
 	GenericConfig genericapiserver.CompletedConfig
 
+	SecretNamespace          string
 	StorageFactory           storage.StorageFactory
 	InformerFactory          informers.SharedInformerFactory
 	InitialAPIGroupResources []*restmapper.APIGroupResources
@@ -138,8 +140,9 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget)
 	restManager := NewRESTManager(c.GenericConfig.Serializer, runtime.ContentTypeJSON, c.StorageFactory, c.InitialAPIGroupResources)
 	discoveryManager := discovery.NewDiscoveryManager(c.GenericConfig.Serializer, restManager, delegate)
 
+	secretLister := c.GenericConfig.SharedInformerFactory.Core().V1().Secrets().Lister().Secrets(c.ExtraConfig.SecretNamespace)
 	clusterInformer := c.InformerFactory.Cluster().V1alpha2().PediaClusters()
-	connector := proxyrest.NewProxyConnector(clusterInformer.Lister(), c.ExtraConfig.AllowPediaClusterConfigReuse, c.ExtraConfig.ExtraProxyRequestHeaderPrefixes)
+	connector := proxyrest.NewProxyConnector(clusterInformer.Lister(), secretLister, c.ExtraConfig.AllowPediaClusterConfigReuse, c.ExtraConfig.ExtraProxyRequestHeaderPrefixes)
 
 	methodSet := sets.New("GET")
 	for _, rest := range proxyrest.GetSubresourceRESTs(connector) {