From cf6a2b466a2a3a0a0b9879dffaa934cbab2c0e73 Mon Sep 17 00:00:00 2001 From: Joe Nathan Abellard Date: Wed, 23 Oct 2024 05:51:52 -0400 Subject: [PATCH] Onwards! Signed-off-by: Joe Nathan Abellard --- operator/pkg/constants/constants.go | 8 +-- .../pkg/controller/karmada/planner_test.go | 59 ++++++++++++++++++- .../controlplane/apiserver/apiserver_test.go | 6 ++ operator/pkg/controlplane/etcd/util.go | 26 ++++---- 4 files changed, 80 insertions(+), 19 deletions(-) diff --git a/operator/pkg/constants/constants.go b/operator/pkg/constants/constants.go index 333413765cc4..525b27d743fe 100644 --- a/operator/pkg/constants/constants.go +++ b/operator/pkg/constants/constants.go @@ -77,10 +77,10 @@ const ( KarmadaAPIserverListenClientPort = 5443 // EtcdDataVolumeName defines the name to etcd data volume EtcdDataVolumeName = "etcd-data" - // EtcClientCredentialsVolumeName defines the name of the volume for the etcd client credentials - EtcClientCredentialsVolumeName = "etcd-client" // #nosec G101 - // EtcClientCredentialsMountPath defines the mount path for the etcd client credentials data - EtcClientCredentialsMountPath = "/etc/karmada/pki/etcd-client" // #nosec G101 + // EtcdClientCredentialsVolumeName defines the name of the volume for the etcd client credentials + EtcdClientCredentialsVolumeName = "etcd-client-cert" // #nosec G101 + // EtcdClientCredentialsMountPath defines the mount path for the etcd client credentials data + EtcdClientCredentialsMountPath = "/etc/karmada/pki/etcd-client" // #nosec G101 // CaCertDataKey defines the data key for a CA cert CaCertDataKey = "ca.crt" // TLSCertDataKey defines the data key for a TLS cert diff --git a/operator/pkg/controller/karmada/planner_test.go b/operator/pkg/controller/karmada/planner_test.go index 7d60245e7cee..9377f114c018 100644 --- a/operator/pkg/controller/karmada/planner_test.go +++ b/operator/pkg/controller/karmada/planner_test.go @@ -51,6 +51,13 @@ func TestNewPlannerFor(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: name, }, + Spec: operatorv1alpha1.KarmadaSpec{ + Components: &operatorv1alpha1.KarmadaComponents{ + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, + }, + }, }, client: fake.NewFakeClient(), config: &rest.Config{}, @@ -65,8 +72,16 @@ func TestNewPlannerFor(t *testing.T) { DeletionTimestamp: &metav1.Time{ Time: time.Now().Add(-5 * time.Minute), }, + Finalizers: []string{ControllerFinalizerName}, }, + Spec: operatorv1alpha1.KarmadaSpec{ + Components: &operatorv1alpha1.KarmadaComponents{ + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, + }, + }, }, client: fake.NewFakeClient(), config: &rest.Config{}, @@ -107,6 +122,13 @@ func TestPreRunJob(t *testing.T) { Name: name, Namespace: namespace, }, + Spec: operatorv1alpha1.KarmadaSpec{ + Components: &operatorv1alpha1.KarmadaComponents{ + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, + }, + }, }, config: &rest.Config{}, action: InitAction, @@ -124,6 +146,13 @@ func TestPreRunJob(t *testing.T) { }, Finalizers: []string{ControllerFinalizerName}, }, + Spec: operatorv1alpha1.KarmadaSpec{ + Components: &operatorv1alpha1.KarmadaComponents{ + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, + }, + }, }, config: &rest.Config{}, action: DeInitAction, @@ -137,6 +166,13 @@ func TestPreRunJob(t *testing.T) { Name: name, Namespace: namespace, }, + Spec: operatorv1alpha1.KarmadaSpec{ + Components: &operatorv1alpha1.KarmadaComponents{ + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, + }, + }, }, config: &rest.Config{}, action: "UnknownAction", @@ -197,7 +233,13 @@ func TestAfterRunJob(t *testing.T) { Name: name, Namespace: namespace, }, - Spec: operatorv1alpha1.KarmadaSpec{}, + Spec: operatorv1alpha1.KarmadaSpec{ + Components: &operatorv1alpha1.KarmadaComponents{ + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, + }, + }, }, config: &rest.Config{}, action: InitAction, @@ -233,6 +275,13 @@ func TestAfterRunJob(t *testing.T) { }, Finalizers: []string{ControllerFinalizerName}, }, + Spec: operatorv1alpha1.KarmadaSpec{ + Components: &operatorv1alpha1.KarmadaComponents{ + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, + }, + }, }, config: &rest.Config{}, action: DeInitAction, @@ -288,7 +337,13 @@ func TestRunJobErr(t *testing.T) { Name: name, Namespace: namespace, }, - Spec: operatorv1alpha1.KarmadaSpec{}, + Spec: operatorv1alpha1.KarmadaSpec{ + Components: &operatorv1alpha1.KarmadaComponents{ + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, + }, + }, }, config: &rest.Config{}, jobErr: errors.New("test error"), diff --git a/operator/pkg/controlplane/apiserver/apiserver_test.go b/operator/pkg/controlplane/apiserver/apiserver_test.go index 2daa5644b1c4..6e1446fa7efe 100644 --- a/operator/pkg/controlplane/apiserver/apiserver_test.go +++ b/operator/pkg/controlplane/apiserver/apiserver_test.go @@ -54,6 +54,9 @@ func TestEnsureKarmadaAPIServer(t *testing.T) { ServiceSubnet: ptr.To(serviceSubnet), ExtraArgs: map[string]string{"cmd1": "arg1", "cmd2": "arg2"}, }, + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, } fakeClient := fakeclientset.NewSimpleClientset() @@ -90,6 +93,9 @@ func TestEnsureKarmadaAggregatedAPIServer(t *testing.T) { }, ExtraArgs: map[string]string{"cmd1": "arg1", "cmd2": "arg2"}, }, + Etcd: &operatorv1alpha1.Etcd{ + Local: &operatorv1alpha1.LocalEtcd{}, + }, } featureGates := map[string]bool{"FeatureA": true} diff --git a/operator/pkg/controlplane/etcd/util.go b/operator/pkg/controlplane/etcd/util.go index 7790641569ba..32b43f642ec8 100644 --- a/operator/pkg/controlplane/etcd/util.go +++ b/operator/pkg/controlplane/etcd/util.go @@ -32,25 +32,25 @@ import ( // ConfigureClientCredentials configures etcd client credentials for Karmada core and aggregated API servers func ConfigureClientCredentials(apiServerDeployment *appsv1.Deployment, etcdCfg *operatorv1alpha1.Etcd, name, namespace string) error { etcdClientServiceName := util.KarmadaEtcdClientName(name) - etcdCertSecretName := util.KarmadaCertSecretName(name) + etcdCertSecretName := util.EtcdCertSecretName(name) if etcdCfg.External == nil { etcdClientCredentialsArgs := []string{ - fmt.Sprintf("--etcd-cafile=%s/%s.crt", constants.EtcClientCredentialsMountPath, constants.EtcdCaCertAndKeyName), - fmt.Sprintf("--etcd-certfile=%s/%s.crt", constants.EtcClientCredentialsMountPath, constants.EtcdClientCertAndKeyName), - fmt.Sprintf("--etcd-keyfile=%s/%s.key", constants.EtcClientCredentialsMountPath, constants.EtcdClientCertAndKeyName), + fmt.Sprintf("--etcd-cafile=%s/%s.crt", constants.EtcdClientCredentialsMountPath, constants.EtcdCaCertAndKeyName), + fmt.Sprintf("--etcd-certfile=%s/%s.crt", constants.EtcdClientCredentialsMountPath, constants.EtcdClientCertAndKeyName), + fmt.Sprintf("--etcd-keyfile=%s/%s.key", constants.EtcdClientCredentialsMountPath, constants.EtcdClientCertAndKeyName), fmt.Sprintf("--etcd-servers=https://%s.%s.svc.cluster.local:%s", etcdClientServiceName, namespace, strconv.Itoa(constants.EtcdListenClientPort)), } apiServerDeployment.Spec.Template.Spec.Containers[0].Command = append(apiServerDeployment.Spec.Template.Spec.Containers[0].Command, etcdClientCredentialsArgs...) etcdClientCredentialsVolumeMount := corev1.VolumeMount{ - Name: constants.EtcClientCredentialsVolumeName, - MountPath: constants.EtcClientCredentialsMountPath, + Name: constants.EtcdClientCredentialsVolumeName, + MountPath: constants.EtcdClientCredentialsMountPath, ReadOnly: true, } apiServerDeployment.Spec.Template.Spec.Containers[0].VolumeMounts = append(apiServerDeployment.Spec.Template.Spec.Containers[0].VolumeMounts, etcdClientCredentialsVolumeMount) etcdClientCredentialsVolume := corev1.Volume{ - Name: constants.EtcClientCredentialsVolumeName, + Name: constants.EtcdClientCredentialsVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: etcdCertSecretName, @@ -61,22 +61,22 @@ func ConfigureClientCredentials(apiServerDeployment *appsv1.Deployment, etcdCfg } else { etcdServers := strings.Join(etcdCfg.External.Endpoints, ",") etcdClientCredentialsArgs := []string{ - fmt.Sprintf("--etcd-cafile=%s/%s", constants.EtcClientCredentialsMountPath, constants.CaCertDataKey), - fmt.Sprintf("--etcd-certfile=%s/%s", constants.EtcClientCredentialsMountPath, constants.TLSCertDataKey), - fmt.Sprintf("--etcd-keyfile=%s/%s", constants.EtcClientCredentialsMountPath, constants.TLSPrivateKeyDataKey), + fmt.Sprintf("--etcd-cafile=%s/%s", constants.EtcdClientCredentialsMountPath, constants.CaCertDataKey), + fmt.Sprintf("--etcd-certfile=%s/%s", constants.EtcdClientCredentialsMountPath, constants.TLSCertDataKey), + fmt.Sprintf("--etcd-keyfile=%s/%s", constants.EtcdClientCredentialsMountPath, constants.TLSPrivateKeyDataKey), fmt.Sprintf("--etcd-servers=%s", etcdServers), } apiServerDeployment.Spec.Template.Spec.Containers[0].Command = append(apiServerDeployment.Spec.Template.Spec.Containers[0].Command, etcdClientCredentialsArgs...) etcdClientCredentialsVolumeMount := corev1.VolumeMount{ - Name: constants.EtcClientCredentialsVolumeName, - MountPath: constants.EtcClientCredentialsMountPath, + Name: constants.EtcdClientCredentialsVolumeName, + MountPath: constants.EtcdClientCredentialsMountPath, ReadOnly: true, } apiServerDeployment.Spec.Template.Spec.Containers[0].VolumeMounts = append(apiServerDeployment.Spec.Template.Spec.Containers[0].VolumeMounts, etcdClientCredentialsVolumeMount) etcdClientCredentialsVolume := corev1.Volume{ - Name: constants.EtcClientCredentialsVolumeName, + Name: constants.EtcdClientCredentialsVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: etcdCfg.External.SecretRef.Name,