share the spoke informers (#88)

Signed-off-by: Wei Liu <[email protected]>

Author: skeeey

go.mod

@@ -28,7 +28,7 @@ require (
 	k8s.io/metrics v0.27.2
 	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
 	open-cluster-management.io/api v0.11.0
-	open-cluster-management.io/ocm v0.0.0-20230606095507-6f21760b7e57
+	open-cluster-management.io/ocm v0.0.0-20230613031015-b55881d6d261
 	sigs.k8s.io/controller-runtime v0.15.0
 )
 
@@ -157,7 +157,7 @@ require (
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/crypto v0.3.0 // indirect
 	golang.org/x/net v0.10.0 // indirect
 	golang.org/x/sys v0.8.0 // indirect
 	golang.org/x/time v0.3.0 // indirect

go.sum

@@ -739,8 +739,9 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1260,8 +1261,8 @@ k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrC
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 open-cluster-management.io/api v0.11.0 h1:zBxa33Co3wseLBF4HEJobhl0P6ygj+Drhe7Wrfo0/h8=
 open-cluster-management.io/api v0.11.0/go.mod h1:WgKUCJ7+Bf40DsOmH1Gdkpyj3joco+QLzrlM6Ak39zE=
-open-cluster-management.io/ocm v0.0.0-20230606095507-6f21760b7e57 h1:QXk9xX9oNrYSfzABD5tVheY9X+n0htRdQGk7c3Nggt4=
-open-cluster-management.io/ocm v0.0.0-20230606095507-6f21760b7e57/go.mod h1:d9nPyvcSqNsQTwaZqhmXDbQGNRawEy7uolHk2ZFshUI=
+open-cluster-management.io/ocm v0.0.0-20230613031015-b55881d6d261 h1:IlSfvs+BCOmLRMBi8/mrKuDU6h70mP5LcreNhtf87jo=
+open-cluster-management.io/ocm v0.0.0-20230613031015-b55881d6d261/go.mod h1:d9nPyvcSqNsQTwaZqhmXDbQGNRawEy7uolHk2ZFshUI=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

pkg/agent/agent.go

@@ -18,6 +18,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@@ -26,10 +27,11 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 
 	"github.com/openshift/library-go/pkg/assets"
-	"github.com/openshift/library-go/pkg/controller/controllercmd"
 	"github.com/openshift/library-go/pkg/operator/events"
 	"github.com/openshift/library-go/pkg/operator/resource/resourceapply"
 
+	clusterv1client "open-cluster-management.io/api/client/cluster/clientset/versioned"
+	clusterv1informers "open-cluster-management.io/api/client/cluster/informers/externalversions"
 	workclientset "open-cluster-management.io/api/client/work/clientset/versioned"
 	workinformers "open-cluster-management.io/api/client/work/informers/externalversions"
 	ocmfeature "open-cluster-management.io/api/feature"
@@ -38,7 +40,7 @@ import (
 	ocmfeatures "open-cluster-management.io/ocm/pkg/features"
 	"open-cluster-management.io/ocm/pkg/registration/clientcert"
 	"open-cluster-management.io/ocm/pkg/registration/spoke"
-	"open-cluster-management.io/ocm/pkg/registration/spoke/managedcluster"
+	"open-cluster-management.io/ocm/pkg/registration/spoke/registration"
 	"open-cluster-management.io/ocm/pkg/work/helper"
 	"open-cluster-management.io/ocm/pkg/work/spoke/auth"
 	"open-cluster-management.io/ocm/pkg/work/spoke/controllers/appliedmanifestcontroller"
@@ -76,29 +78,27 @@ type AgentOptions struct {
 	StatusSyncInterval                     time.Duration
 	AppliedManifestWorkEvictionGracePeriod time.Duration
 
-	Burst int
-	QPS   float32
-
 	KubeConfig  string
 	WorkAgentID string
 
+	SpokeKubeInformerFactory    informers.SharedInformerFactory
+	SpokeClusterInformerFactory clusterv1informers.SharedInformerFactory
+
 	eventRecorder events.Recorder
 }
 
 func NewAgentOptions() *AgentOptions {
 	return &AgentOptions{
 		RegistrationAgent:                      spoke.NewSpokeAgentOptions(),
 		eventRecorder:                          util.NewLoggingRecorder("managed-cluster-agents"),
-		Burst:                                  100,
-		QPS:                                    50,
 		StatusSyncInterval:                     10 * time.Second,
 		AppliedManifestWorkEvictionGracePeriod: 10 * time.Minute,
 	}
 }
 
 func (o *AgentOptions) AddFlags(fs *pflag.FlagSet) {
 	features.DefaultAgentMutableFeatureGate.AddFlag(fs)
-	fs.StringVar(&o.RegistrationAgent.ClusterName, "cluster-name", o.RegistrationAgent.ClusterName,
+	fs.StringVar(&o.RegistrationAgent.AgentOptions.SpokeClusterName, "cluster-name", o.RegistrationAgent.AgentOptions.SpokeClusterName,
 		"If non-empty, will use as cluster name instead of generated random name.")
 	fs.StringVar(&o.RegistrationAgent.BootstrapKubeconfig, "bootstrap-kubeconfig", o.RegistrationAgent.BootstrapKubeconfig,
 		"The path of the kubeconfig file for agent bootstrap.")
@@ -108,7 +108,7 @@ func (o *AgentOptions) AddFlags(fs *pflag.FlagSet) {
 		"The mount path of hub-kubeconfig-secret in the container.")
 	fs.StringVar(&o.KubeConfig, "kubeconfig", o.KubeConfig,
 		"The path of the kubeconfig file for current cluster. If this is not set, will try to get the kubeconfig from cluster inside")
-	fs.StringVar(&o.RegistrationAgent.SpokeKubeconfig, "spoke-kubeconfig", o.RegistrationAgent.SpokeKubeconfig,
+	fs.StringVar(&o.RegistrationAgent.AgentOptions.SpokeKubeconfigFile, "spoke-kubeconfig", o.RegistrationAgent.AgentOptions.SpokeKubeconfigFile,
 		"The path of the kubeconfig file for managed/spoke cluster. If this is not set, will use '--kubeconfig' to build client to connect to the managed cluster.")
 	fs.StringVar(&o.WorkAgentID, "work-agent-id", o.WorkAgentID, "ID of the work agent to identify the work this agent should handle after restart/recovery.")
 	fs.StringArrayVar(&o.RegistrationAgent.SpokeExternalServerURLs, "spoke-external-server-urls", o.RegistrationAgent.SpokeExternalServerURLs,
@@ -117,15 +117,17 @@ func (o *AgentOptions) AddFlags(fs *pflag.FlagSet) {
 		"The period to check managed cluster kube-apiserver health")
 	fs.IntVar(&o.RegistrationAgent.MaxCustomClusterClaims, "max-custom-cluster-claims", o.RegistrationAgent.MaxCustomClusterClaims,
 		"The max number of custom cluster claims to expose.")
-	fs.Float32Var(&o.QPS, "spoke-kube-api-qps", o.QPS, "QPS to use while talking with apiserver on spoke cluster.")
-	fs.IntVar(&o.Burst, "spoke-kube-api-burst", o.Burst, "Burst to use while talking with apiserver on spoke cluster.")
+	fs.Float32Var(&o.RegistrationAgent.AgentOptions.QPS, "spoke-kube-api-qps", o.RegistrationAgent.AgentOptions.QPS,
+		"QPS to use while talking with apiserver on spoke cluster.")
+	fs.IntVar(&o.RegistrationAgent.AgentOptions.Burst, "spoke-kube-api-burst", o.RegistrationAgent.AgentOptions.Burst,
+		"Burst to use while talking with apiserver on spoke cluster.")
 	fs.DurationVar(&o.StatusSyncInterval, "status-sync-interval", o.StatusSyncInterval, "Interval to sync resource status to hub.")
 	fs.DurationVar(&o.AppliedManifestWorkEvictionGracePeriod, "appliedmanifestwork-eviction-grace-period", o.AppliedManifestWorkEvictionGracePeriod,
 		"Grace period for appliedmanifestwork eviction")
 }
 
 func (o *AgentOptions) WithClusterName(clusterName string) *AgentOptions {
-	o.RegistrationAgent.ClusterName = clusterName
+	o.RegistrationAgent.AgentOptions.SpokeClusterName = clusterName
 	return o
 }
 
@@ -135,7 +137,7 @@ func (o *AgentOptions) WithKubeconfig(kubeConfig string) *AgentOptions {
 }
 
 func (o *AgentOptions) WithSpokeKubeconfig(spokeKubeConfig string) *AgentOptions {
-	o.RegistrationAgent.SpokeKubeconfig = spokeKubeConfig
+	o.RegistrationAgent.AgentOptions.SpokeKubeconfigFile = spokeKubeConfig
 	return o
 }
 
@@ -166,19 +168,21 @@ func (o *AgentOptions) RunAgent(ctx context.Context) error {
 		}
 	}
 
-	ctrlContext := &controllercmd.ControllerContext{
-		KubeConfig:    inClusterKubeConfig,
-		EventRecorder: o.eventRecorder,
+	// building kubeconfig for the spoke/managed cluster
+	spokeKubeConfig, err := o.RegistrationAgent.AgentOptions.SpokeKubeConfig(inClusterKubeConfig)
+	if err != nil {
+		return err
 	}
 
-	// building kubeconfig for the spoke/managed cluster
-	spokeKubeConfig, err := o.spokeKubeConfig(ctrlContext)
+	spokeKubeClient, err := kubernetes.NewForConfig(spokeKubeConfig)
 	if err != nil {
 		return err
 	}
 
-	spokeKubeConfig.QPS = o.QPS
-	spokeKubeConfig.Burst = o.Burst
+	spokeClusterClient, err := clusterv1client.NewForConfig(spokeKubeConfig)
+	if err != nil {
+		return err
+	}
 
 	apiExtensionsClient, err := apiextensionsclient.NewForConfig(spokeKubeConfig)
 	if err != nil {
@@ -189,6 +193,9 @@ func (o *AgentOptions) RunAgent(ctx context.Context) error {
 		return err
 	}
 
+	o.SpokeKubeInformerFactory = informers.NewSharedInformerFactory(spokeKubeClient, 10*time.Minute)
+	o.SpokeClusterInformerFactory = clusterv1informers.NewSharedInformerFactory(spokeClusterClient, 10*time.Minute)
+
 	klog.Infof("Starting registration agent")
 	go func() {
 		// set registration features
@@ -200,7 +207,15 @@ func (o *AgentOptions) RunAgent(ctx context.Context) error {
 			klog.Fatalf("failed to set registration features, %v", err)
 		}
 
-		if err := o.RegistrationAgent.RunSpokeAgent(ctx, ctrlContext); err != nil {
+		if err := o.RegistrationAgent.RunSpokeAgentWithSpokeInformers(
+			ctx,
+			inClusterKubeConfig,
+			spokeKubeConfig,
+			spokeKubeClient,
+			o.SpokeKubeInformerFactory,
+			o.SpokeClusterInformerFactory,
+			o.eventRecorder,
+		); err != nil {
 			klog.Fatalf("failed to run registration agent, %v", err)
 		}
 	}()
@@ -217,7 +232,13 @@ func (o *AgentOptions) RunAgent(ctx context.Context) error {
 	}
 
 	klog.Infof("Starting work agent")
-	if err := o.startWorkControllers(ctx, hubRestConfig, spokeKubeConfig, o.eventRecorder); err != nil {
+	if err := o.startWorkControllers(
+		ctx,
+		hubRestConfig,
+		spokeKubeConfig,
+		o.RegistrationAgent.AgentOptions.SpokeClusterName,
+		o.eventRecorder,
+	); err != nil {
 		klog.Fatalf("failed to run work agent, %v", err)
 	}
 
@@ -277,15 +298,16 @@ func (o *AgentOptions) WaitForValidHubKubeConfig(ctx context.Context, kubeconfig
 			}
 
 			// check if the tls certificate is issued for the current cluster/agent
-			clusterName, agentName, err := managedcluster.GetClusterAgentNamesFromCertificate(certData)
+			clusterName, agentName, err := registration.GetClusterAgentNamesFromCertificate(certData)
 			if err != nil {
 				return false, nil
 			}
 
-			if clusterName != o.RegistrationAgent.ClusterName || agentName != o.RegistrationAgent.AgentName {
+			if clusterName != o.RegistrationAgent.AgentOptions.SpokeClusterName ||
+				agentName != o.RegistrationAgent.AgentName {
 				klog.V(4).Infof("Certificate in file %q is issued for agent %q instead of %q",
 					certPath, fmt.Sprintf("%s:%s", clusterName, agentName),
-					fmt.Sprintf("%s:%s", o.RegistrationAgent.ClusterName, o.RegistrationAgent.AgentName))
+					fmt.Sprintf("%s:%s", o.RegistrationAgent.AgentOptions.SpokeClusterName, o.RegistrationAgent.AgentName))
 				return false, nil
 			}
 
@@ -295,11 +317,11 @@ func (o *AgentOptions) WaitForValidHubKubeConfig(ctx context.Context, kubeconfig
 }
 
 func (o *AgentOptions) startWorkControllers(ctx context.Context,
-	hubRestConfig, spokeRestConfig *rest.Config, eventRecorder events.Recorder) error {
+	hubRestConfig, spokeRestConfig *rest.Config, clusterName string, eventRecorder events.Recorder) error {
 	hubhash := helper.HubHash(hubRestConfig.Host)
 	agentID := o.WorkAgentID
 	if len(agentID) == 0 {
-		agentID = fmt.Sprintf("%s-%s", o.RegistrationAgent.ClusterName, hubhash)
+		agentID = fmt.Sprintf("%s-%s", clusterName, hubhash)
 	}
 
 	hubWorkClient, err := workclientset.NewForConfig(hubRestConfig)
@@ -338,14 +360,14 @@ func (o *AgentOptions) startWorkControllers(ctx context.Context,
 
 	// Only watch the cluster namespace on hub
 	workInformerFactory := workinformers.NewSharedInformerFactoryWithOptions(
-		hubWorkClient, 5*time.Minute, workinformers.WithNamespace(o.RegistrationAgent.ClusterName))
+		hubWorkClient, 5*time.Minute, workinformers.WithNamespace(clusterName))
 	spokeWorkInformerFactory := workinformers.NewSharedInformerFactory(spokeWorkClient, 5*time.Minute)
 
 	validator := auth.NewFactory(
 		spokeRestConfig,
 		spokeKubeClient,
 		workInformerFactory.Work().V1().ManifestWorks(),
-		o.RegistrationAgent.ClusterName,
+		clusterName,
 		eventRecorder,
 		restMapper,
 	).NewExecutorValidator(ctx, features.DefaultAgentMutableFeatureGate.Enabled(ocmfeature.ExecutorValidatingCaches))
@@ -355,9 +377,9 @@ func (o *AgentOptions) startWorkControllers(ctx context.Context,
 		spokeDynamicClient,
 		spokeKubeClient,
 		spokeAPIExtensionClient,
-		hubWorkClient.WorkV1().ManifestWorks(o.RegistrationAgent.ClusterName),
+		hubWorkClient.WorkV1().ManifestWorks(clusterName),
 		workInformerFactory.Work().V1().ManifestWorks(),
-		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(o.RegistrationAgent.ClusterName),
+		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(clusterName),
 		spokeWorkClient.WorkV1().AppliedManifestWorks(),
 		spokeWorkInformerFactory.Work().V1().AppliedManifestWorks(),
 		hubhash,
@@ -368,9 +390,9 @@ func (o *AgentOptions) startWorkControllers(ctx context.Context,
 
 	addFinalizerController := finalizercontroller.NewAddFinalizerController(
 		eventRecorder,
-		hubWorkClient.WorkV1().ManifestWorks(o.RegistrationAgent.ClusterName),
+		hubWorkClient.WorkV1().ManifestWorks(clusterName),
 		workInformerFactory.Work().V1().ManifestWorks(),
-		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(o.RegistrationAgent.ClusterName),
+		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(clusterName),
 	)
 
 	appliedManifestWorkFinalizeController := finalizercontroller.NewAppliedManifestWorkFinalizeController(
@@ -383,9 +405,9 @@ func (o *AgentOptions) startWorkControllers(ctx context.Context,
 
 	manifestWorkFinalizeController := finalizercontroller.NewManifestWorkFinalizeController(
 		eventRecorder,
-		hubWorkClient.WorkV1().ManifestWorks(o.RegistrationAgent.ClusterName),
+		hubWorkClient.WorkV1().ManifestWorks(clusterName),
 		workInformerFactory.Work().V1().ManifestWorks(),
-		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(o.RegistrationAgent.ClusterName),
+		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(clusterName),
 		spokeWorkClient.WorkV1().AppliedManifestWorks(),
 		spokeWorkInformerFactory.Work().V1().AppliedManifestWorks(),
 		hubhash,
@@ -394,7 +416,7 @@ func (o *AgentOptions) startWorkControllers(ctx context.Context,
 	unmanagedAppliedManifestWorkController := finalizercontroller.NewUnManagedAppliedWorkController(
 		eventRecorder,
 		workInformerFactory.Work().V1().ManifestWorks(),
-		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(o.RegistrationAgent.ClusterName),
+		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(clusterName),
 		spokeWorkClient.WorkV1().AppliedManifestWorks(),
 		spokeWorkInformerFactory.Work().V1().AppliedManifestWorks(),
 		o.AppliedManifestWorkEvictionGracePeriod,
@@ -405,9 +427,9 @@ func (o *AgentOptions) startWorkControllers(ctx context.Context,
 	appliedManifestWorkController := appliedmanifestcontroller.NewAppliedManifestWorkController(
 		eventRecorder,
 		spokeDynamicClient,
-		hubWorkClient.WorkV1().ManifestWorks(o.RegistrationAgent.ClusterName),
+		hubWorkClient.WorkV1().ManifestWorks(clusterName),
 		workInformerFactory.Work().V1().ManifestWorks(),
-		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(o.RegistrationAgent.ClusterName),
+		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(clusterName),
 		spokeWorkClient.WorkV1().AppliedManifestWorks(),
 		spokeWorkInformerFactory.Work().V1().AppliedManifestWorks(),
 		hubhash,
@@ -416,9 +438,9 @@ func (o *AgentOptions) startWorkControllers(ctx context.Context,
 	availableStatusController := statuscontroller.NewAvailableStatusController(
 		eventRecorder,
 		spokeDynamicClient,
-		hubWorkClient.WorkV1().ManifestWorks(o.RegistrationAgent.ClusterName),
+		hubWorkClient.WorkV1().ManifestWorks(clusterName),
 		workInformerFactory.Work().V1().ManifestWorks(),
-		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(o.RegistrationAgent.ClusterName),
+		workInformerFactory.Work().V1().ManifestWorks().Lister().ManifestWorks(clusterName),
 		o.StatusSyncInterval,
 	)
 
@@ -435,15 +457,3 @@ func (o *AgentOptions) startWorkControllers(ctx context.Context,
 
 	return nil
 }
-
-func (o *AgentOptions) spokeKubeConfig(controllerContext *controllercmd.ControllerContext) (*rest.Config, error) {
-	if o.RegistrationAgent.SpokeKubeconfig == "" {
-		return controllerContext.KubeConfig, nil
-	}
-
-	spokeRestConfig, err := clientcmd.BuildConfigFromFlags("", o.RegistrationAgent.SpokeKubeconfig)
-	if err != nil {
-		return nil, fmt.Errorf("unable to load spoke kubeconfig from file %q: %v", o.RegistrationAgent.SpokeKubeconfig, err)
-	}
-	return spokeRestConfig, nil
-}