Import hub in hosted mode #1059
Conversation
ldpliu
force-pushed
the
add-hosted-import
branch
from
f739d3c to
219bf87
Compare
ldpliu
force-pushed
the
add-hosted-import
branch
2 times, most recently
from
fbbdc2b to
9e7b640
Compare
|
Please retry analysis of this Pull-Request directly on SonarCloud |
ldpliu
force-pushed
the
add-hosted-import
branch
from
9e7b640 to
6f91ea2
Compare
|
Please retry analysis of this Pull-Request directly on SonarCloud |
ldpliu
force-pushed
the
add-hosted-import
branch
from
6f91ea2 to
5af9ba9
Compare
|
Please retry analysis of this Pull-Request directly on SonarCloud |
ldpliu
force-pushed
the
add-hosted-import
branch
5 times, most recently
from
ca4a4ef to
a7850c9
Compare
ldpliu
force-pushed
the
add-hosted-import
branch
from
a7850c9 to
69464b8
Compare
|
Please retry analysis of this Pull-Request directly on SonarCloud |
ldpliu
force-pushed
the
add-hosted-import
branch
2 times, most recently
from
1ac534c to
80146b4
Compare
|
Please retry analysis of this Pull-Request directly on SonarCloud |
ldpliu
force-pushed
the
add-hosted-import
branch
from
80146b4 to
b5d433c
Compare
|
Please retry analysis of this Pull-Request directly on SonarCloud |
ldpliu
force-pushed
the
add-hosted-import
branch
from
b5d433c to
335d469
Compare
|
Please retry analysis of this Pull-Request directly on SonarCloud |
ldpliu
force-pushed
the
add-hosted-import
branch
2 times, most recently
from
a44b82a to
2b1f4d0
Compare
ldpliu
force-pushed
the
add-hosted-import
branch
2 times, most recently
from
cd97a8d to
c32a1ae
Compare
|
/retest |
ldpliu
force-pushed
the
add-hosted-import
branch
from
c32a1ae to
70cf3c9
Compare
|
/retest |
1 similar comment
|
/retest |
ldpliu
force-pushed
the
add-hosted-import
branch
from
70cf3c9 to
6dfe161
Compare
ldpliu
force-pushed
the
add-hosted-import
branch
4 times, most recently
from
b51a8c3 to
2853532
Compare
| @@ -698,10 +706,19 @@ spec: | |||
| memory: 100Mi | |||
| securityContext: | |||
| allowPrivilegeEscalation: false | |||
| volumeMounts: | |||
| - mountPath: /tmp/k8s-webhook-server/serving-certs | |||
There was a problem hiding this comment.
why do you mount to /tmp? It can be deleted automatically.
There was a problem hiding this comment.
This is the default webhook serving cert dir. Obs do it in this way.: https://github.com/stolostron/multicluster-observability-operator/blob/04288c77e5a9e244fa95478bfb01f42d6934d3ee/operators/multiclusterobservability/config/manager/manager_webhook_patch.yaml#L15
Actually, there are many repos using this way: https://github.com/search?q=org%3Astolostron%20k8s-webhook-server&type=code
doc/reserved_names/README.md
Outdated
| @@ -19,7 +19,7 @@ List all annotations are used by multicluster global hub. | |||
| | global-hub.open-cluster-management.io/managed-by= | This annotation is used to identify which managed cluster is managed by which managed hub cluster. | | |||
| | global-hub.open-cluster-management.io/origin-ownerreference-uid= | This annotation is used to identify that the resource is from the global hub cluster. The global hub agent is only handled with the resource which has this annotation. | | |||
| | mgh-image-repository= | This annotation is used on the MCGH/MGH custom resource to identify a custom image repository. | | |||
|
|
|||
| |import-cluster-in-hosted=true\|false | This annotation is used to identify if managedhub cluster should be imported in hosted mode | | |||
There was a problem hiding this comment.
I would like to use global-hub.open-cluster-management.io/ as prefix for our annotations
| @@ -671,6 +677,10 @@ func (r *GlobalHubReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( | |||
| return ctrl.Result{}, err | |||
| } | |||
|
|
|||
| if err := r.webhookReconciler.Reconcile(ctx, mgh); err != nil { | |||
There was a problem hiding this comment.
move it into if config.IsACMResourceReady() {
| @@ -181,5 +181,5 @@ spec: | |||
| secretName: nonk8s-apiserver-cookie-secret | |||
| - name: webhook-certs | |||
| secret: | |||
| secretName: multicluster-global-hub-webhook-certs | |||
| secretName: multicluster-global-hub-global-webhook-certs | |||
There was a problem hiding this comment.
maybe use multicluster-global-hub-manager-webhook-certs
| clientConfig: | ||
| service: | ||
| name: multicluster-global-hub-webhook | ||
| namespace: multicluster-global-hub |
There was a problem hiding this comment.
use {{.Namespace}} instead
ldpliu
force-pushed
the
add-hosted-import
branch
from
2853532 to
7bd4869
Compare
ldpliu
force-pushed
the
add-hosted-import
branch
from
7bd4869 to
277efe4
Compare
Signed-off-by: ldpliu <[email protected]>
ldpliu
force-pushed
the
add-hosted-import
branch
from
277efe4 to
f173cb7
Compare
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: clyang82, ldpliu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Summary
User could set an annotation
import-cluster-in-hostedin mgh cr, then we will:Use webhook to
1. add two annotations to new managedcluster:
2. update klusterletaddonconfig to disable application and policy related addons
Use controller to update clustermanagementconfig
work-manager,cluster-proxy,managed-serviceaccount, will change default ns about them.Related issue(s)
https://issues.redhat.com/browse/ACM-12718
Fixes #