From a756dd6f9c0bde5c0cf0f321fd772779efe84fc3 Mon Sep 17 00:00:00 2001 From: jaswalkiranavtar Date: Mon, 20 Jan 2025 21:08:17 -0500 Subject: [PATCH] Add the registration-auth flag for initializing an EKS cluster as hub. (#465) Signed-off-by: Gaurav Jaswal Co-authored-by: EmilyL <70486866+dtclxy64@users.noreply.github.com> --- go.mod | 4 +- go.sum | 8 +-- pkg/cmd/init/cmd.go | 7 +++ pkg/cmd/init/exec.go | 50 +++++++++++++++++++ pkg/cmd/init/options.go | 6 +++ test/e2e/clusteradm/init_test.go | 35 +++++++++++++ vendor/modules.txt | 4 +- ...ter-management.io_clustermanagers.crd.yaml | 25 ++++++++++ .../api/operator/v1/types_clustermanager.go | 22 ++++++++ .../api/operator/v1/zz_generated.deepcopy.go | 21 ++++++++ .../v1/zz_generated.swagger_doc_generated.go | 14 +++++- ...ter-management.io_clustermanagers.crd.yaml | 25 ++++++++++ .../templates/cluster_manager.yaml | 4 ++ .../chart/cluster-manager/values.yaml | 2 + 14 files changed, 217 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 4bd6133e9..d6cb4a209 100644 --- a/go.mod +++ b/go.mod @@ -28,10 +28,10 @@ require ( k8s.io/klog/v2 v2.130.1 k8s.io/kubectl v0.31.1 k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 - open-cluster-management.io/api v0.15.1-0.20250109024121-1a5e25a78a43 + open-cluster-management.io/api v0.15.1-0.20250116010516-3a595d6a4e40 open-cluster-management.io/cluster-proxy v0.4.0 open-cluster-management.io/managed-serviceaccount v0.6.0 - open-cluster-management.io/ocm v0.15.1-0.20250116085531-34275ef1eac8 + open-cluster-management.io/ocm v0.15.1-0.20250120013556-eeb4ab31d5ab open-cluster-management.io/sdk-go v0.15.1-0.20241125015855-1536c3970f8f sigs.k8s.io/apiserver-network-proxy v0.29.0 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 diff --git a/go.sum b/go.sum index a9d0f0fbd..f2bf24641 100644 --- a/go.sum +++ b/go.sum @@ -557,14 +557,14 @@ k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24= k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM= k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -open-cluster-management.io/api v0.15.1-0.20250109024121-1a5e25a78a43 h1:9kgKRQQHMGNM1t+J+OrmF7hgZmND9kRwyRVnHIULzqw= -open-cluster-management.io/api v0.15.1-0.20250109024121-1a5e25a78a43/go.mod h1:9erZEWEn4bEqh0nIX2wA7f/s3KCuFycQdBrPrRzi0QM= +open-cluster-management.io/api v0.15.1-0.20250116010516-3a595d6a4e40 h1:LckTHZ68rcy3hDFu6wa7BVOJ9wbWItJLZXmi0bpMyh8= +open-cluster-management.io/api v0.15.1-0.20250116010516-3a595d6a4e40/go.mod h1:9erZEWEn4bEqh0nIX2wA7f/s3KCuFycQdBrPrRzi0QM= open-cluster-management.io/cluster-proxy v0.4.0 h1:rm0UDaDWe3/P3xLzwqdHtqNksKwSzsic02MkrEe6BnM= open-cluster-management.io/cluster-proxy v0.4.0/go.mod h1:gTvfDHAhGezhdg4BD3ECBn6jbg2Y5PbHhV2ceW5nrB0= open-cluster-management.io/managed-serviceaccount v0.6.0 h1:qIi5T9WQJBuoGqnYGIktXbtqfQoiN2H9XU2P/6lAQiw= open-cluster-management.io/managed-serviceaccount v0.6.0/go.mod h1:G4LUTbZiyrB8c0+rqi/xnDmGlsg7Rdr4T7MPLCWhyQI= -open-cluster-management.io/ocm v0.15.1-0.20250116085531-34275ef1eac8 h1:IDjk8EeKajwqezVM1eDNYPHyaJx4V0N/sZoSAVhIUJk= -open-cluster-management.io/ocm v0.15.1-0.20250116085531-34275ef1eac8/go.mod h1:daPkqFxkVqKb4O8UTX+7jCyEcJWarGOG7uDie9rFfck= +open-cluster-management.io/ocm v0.15.1-0.20250120013556-eeb4ab31d5ab h1:DY4DSDQUEoVQ6fCda7nSYetJRhvkyoiHPLyMppL/a8w= +open-cluster-management.io/ocm v0.15.1-0.20250120013556-eeb4ab31d5ab/go.mod h1:Mfg6rf0CylcnY5y8zJB99ClbMUMpAAUa22Rv+3ct5Lg= open-cluster-management.io/sdk-go v0.15.1-0.20241125015855-1536c3970f8f h1:zeC7QrFNarfK2zY6jGtd+mX+yDrQQmnH/J8A7n5Nh38= open-cluster-management.io/sdk-go v0.15.1-0.20241125015855-1536c3970f8f/go.mod h1:fi5WBsbC5K3txKb8eRLuP0Sim/Oqz/PHX18skAEyjiA= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= diff --git a/pkg/cmd/init/cmd.go b/pkg/cmd/init/cmd.go index cce10e701..a421b5b1f 100644 --- a/pkg/cmd/init/cmd.go +++ b/pkg/cmd/init/cmd.go @@ -14,6 +14,9 @@ import ( var example = ` # Init the hub %[1]s init + +# Initialize the hub cluster with the type of authentication. Either or both of csr,awsirsa +%[1]s init --registration-auth awsirsa --registration-auth csr --hubClusterArn arn:aws:eks:us-west-2:123456789012:cluster/hub-cluster1 ` // NewCmd ... @@ -78,6 +81,10 @@ func NewCmd(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, stream _ = clusterManagerSet.SetAnnotation("singleton-name", "singletonSet", []string{}) o.Helm.AddFlags(singletonSet) cmd.Flags().AddFlagSet(singletonSet) + cmd.Flags().StringArrayVar(&o.registrationAuth, "registration-auth", []string{}, + "The type of authentication to use for registering and authenticating with hub. Only csr and awsirsa are accepted as valid inputs. This flag can be repeated to specify multiple authentication types.") + cmd.Flags().StringVar(&o.hubClusterArn, "hub-cluster-arn", "", + "The hubCluster ARN to be passed if awsirsa is one of the registrationAuths and the cluster name in EKS kubeconfig doesn't contain hubClusterArn") return cmd } diff --git a/pkg/cmd/init/exec.go b/pkg/cmd/init/exec.go index 1040c47f4..94c963418 100644 --- a/pkg/cmd/init/exec.go +++ b/pkg/cmd/init/exec.go @@ -4,6 +4,7 @@ package init import ( "context" "fmt" + "k8s.io/apimachinery/pkg/util/sets" "os" "time" @@ -70,10 +71,15 @@ func (o *Options) complete(cmd *cobra.Command, args []string) (err error) { }, Tag: bundleVersion.OCM, } + registrationDrivers, err := getRegistrationDrivers(o) + if err != nil { + return err + } o.clusterManagerChartConfig.ClusterManager = chart.ClusterManagerConfig{ RegistrationConfiguration: operatorv1.RegistrationHubConfiguration{ FeatureGates: genericclioptionsclusteradm.ConvertToFeatureGateAPI( genericclioptionsclusteradm.HubMutableFeatureGate, ocmfeature.DefaultHubRegistrationFeatureGates), + RegistrationDrivers: registrationDrivers, }, WorkConfiguration: operatorv1.WorkConfiguration{ FeatureGates: genericclioptionsclusteradm.ConvertToFeatureGateAPI( @@ -144,6 +150,13 @@ func (o *Options) validate() error { return fmt.Errorf("registry should not be empty") } + validRegistrationDriver := sets.New[string]("csr", "awsirsa") + for _, driver := range o.registrationAuth { + if !validRegistrationDriver.Has(driver) { + return fmt.Errorf("only csr and awsirsa are valid drivers") + } + } + // If --wait is set, some information during initialize process will print to output, the output would not keep // machine readable, so this behavior should be disabled if o.wait && o.output != "text" { @@ -353,3 +366,40 @@ func (o *Options) deploySingletonControlplane(kubeClient kubernetes.Interface) e } return nil } + +func getRegistrationDrivers(o *Options) ([]operatorv1.RegistrationDriverHub, error) { + registrationDrivers := []operatorv1.RegistrationDriverHub{} + var registrationDriver operatorv1.RegistrationDriverHub + + for _, driver := range o.registrationAuth { + if driver == "csr" { + registrationDriver = operatorv1.RegistrationDriverHub{AuthType: driver} + } else if driver == "awsirsa" { + hubClusterArn, err := getHubClusterArn(o) + if err != nil { + return registrationDrivers, err + } + registrationDriver = operatorv1.RegistrationDriverHub{AuthType: driver, HubClusterArn: hubClusterArn} + } + registrationDrivers = append(registrationDrivers, registrationDriver) + } + + return registrationDrivers, nil +} + +func getHubClusterArn(o *Options) (string, error) { + hubClusterArn := o.hubClusterArn + if hubClusterArn == "" { + rawConfig, err := o.ClusteradmFlags.KubectlFactory.ToRawKubeConfigLoader().RawConfig() + if err != nil { + klog.Errorf("unable to load hub cluster kubeconfig: %v", err) + return "", err + } + hubClusterArn = rawConfig.Contexts[rawConfig.CurrentContext].Cluster + if hubClusterArn == "" { + klog.Errorf("hubClusterArn has empty value in kubeconfig") + return "", fmt.Errorf("unable to retrieve hubClusterArn from kubeconfig") + } + } + return hubClusterArn, nil +} diff --git a/pkg/cmd/init/options.go b/pkg/cmd/init/options.go index 6a98770fe..99c99a080 100644 --- a/pkg/cmd/init/options.go +++ b/pkg/cmd/init/options.go @@ -50,6 +50,12 @@ type Options struct { output string Streams genericiooptions.IOStreams + + // The type of authentication to use for initializing the hub cluster + registrationAuth []string + // The optional ARN to pass if awsirsa is one of the registrationAuths + // and the cluster name in EKS kubeconfig doesn't contain hubClusterArn + hubClusterArn string } func newOptions(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, streams genericiooptions.IOStreams) *Options { diff --git a/test/e2e/clusteradm/init_test.go b/test/e2e/clusteradm/init_test.go index a18907077..d16306644 100644 --- a/test/e2e/clusteradm/init_test.go +++ b/test/e2e/clusteradm/init_test.go @@ -34,6 +34,41 @@ var _ = ginkgo.Describe("test clusteradm with bootstrap token in singleton mode" gomega.Expect(err).NotTo(gomega.HaveOccurred()) gomega.Expect(len(cm.Spec.RegistrationConfiguration.FeatureGates)).Should(gomega.Equal(1)) + // TODO: E2e test is not recognizing the newly added flags. Uncomment below test once the problem is fixed. + //err = e2e.Clusteradm().Init( + // "--use-bootstrap-token", + // "--context", e2e.Cluster().Hub().Context(), + // "--bundle-version=latest", + // "--registration-auth awsirsa", + // "--hub-cluster-arn arn:aws:eks:us-west-2:123456789012:cluster/hub-cluster1", + //) + //gomega.Expect(err).NotTo(gomega.HaveOccurred(), "clusteradm init error") + // + //cm, err = operatorClient.OperatorV1().ClusterManagers().Get(context.TODO(), "cluster-manager", metav1.GetOptions{}) + //gomega.Expect(err).NotTo(gomega.HaveOccurred()) + //// Ensure that when only awsirsa is passed as registration-auth only awsirsa driver is available + //gomega.Expect(len(cm.Spec.RegistrationConfiguration.RegistrationDrivers)).Should(gomega.Equal(1)) + //gomega.Expect(cm.Spec.RegistrationConfiguration.RegistrationDrivers[0].AuthType).Should(gomega.Equal("awsirsa")) + // + //err = e2e.Clusteradm().Init( + // "--use-bootstrap-token", + // "--context", e2e.Cluster().Hub().Context(), + // "--bundle-version=latest", + // "--registration-auth awsirsa", + // "--registration-auth csr", + // "--hub-cluster-arn arn:aws:eks:us-west-2:123456789012:cluster/hub-cluster1", + //) + //gomega.Expect(err).NotTo(gomega.HaveOccurred(), "clusteradm init error") + // + //cm, err = operatorClient.OperatorV1().ClusterManagers().Get(context.TODO(), "cluster-manager", metav1.GetOptions{}) + //gomega.Expect(err).NotTo(gomega.HaveOccurred()) + //// Ensure that awsirsa and csr is passed as registration-auth both the values are set. + //gomega.Expect(len(cm.Spec.RegistrationConfiguration.RegistrationDrivers)).Should(gomega.Equal(2)) + //gomega.Expect(cm.Spec.RegistrationConfiguration.RegistrationDrivers[0].AuthType).Should(gomega.Equal("csr")) + //gomega.Expect(cm.Spec.RegistrationConfiguration.RegistrationDrivers[1].AuthType).Should(gomega.Equal("awsirsa")) + //gomega.Expect(cm.Spec.RegistrationConfiguration.RegistrationDrivers[1].HubClusterArn). + // Should(gomega.Equal("arn:aws:eks:us-west-2:123456789012:cluster/hub-cluster1")) + err = e2e.Clusteradm().Init( "--use-bootstrap-token", "--context", e2e.Cluster().Hub().Context(), diff --git a/vendor/modules.txt b/vendor/modules.txt index 642687d12..1ebdb1845 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1239,7 +1239,7 @@ k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/strings/slices k8s.io/utils/trace -# open-cluster-management.io/api v0.15.1-0.20250109024121-1a5e25a78a43 +# open-cluster-management.io/api v0.15.1-0.20250116010516-3a595d6a4e40 ## explicit; go 1.22.0 open-cluster-management.io/api/addon/v1alpha1 open-cluster-management.io/api/client/addon/clientset/versioned @@ -1282,7 +1282,7 @@ open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versio open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versioned/scheme open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versioned/typed/authentication/v1alpha1 open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versioned/typed/authentication/v1beta1 -# open-cluster-management.io/ocm v0.15.1-0.20250116085531-34275ef1eac8 +# open-cluster-management.io/ocm v0.15.1-0.20250120013556-eeb4ab31d5ab ## explicit; go 1.22.5 open-cluster-management.io/ocm/deploy/cluster-manager/chart open-cluster-management.io/ocm/deploy/klusterlet/chart diff --git a/vendor/open-cluster-management.io/api/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml b/vendor/open-cluster-management.io/api/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml index 8e92beeb7..c4e3864fa 100644 --- a/vendor/open-cluster-management.io/api/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml +++ b/vendor/open-cluster-management.io/api/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml @@ -255,6 +255,31 @@ spec: - feature type: object type: array + registrationDrivers: + description: |- + RegistrationDrivers represent the list of hub registration drivers that contain information used by hub to initialize the hub cluster + A RegistrationDriverHub contains details of authentication type and the hub cluster ARN + items: + properties: + authType: + default: csr + description: Type of the authentication used by hub to initialize + the Hub cluster. Possible values are csr and awsirsa. + enum: + - csr + - awsirsa + type: string + hubClusterArn: + description: |- + This represents the hub cluster ARN + Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1 + pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$ + type: string + type: object + type: array + x-kubernetes-list-map-keys: + - authType + x-kubernetes-list-type: map type: object registrationImagePullSpec: default: quay.io/open-cluster-management/registration diff --git a/vendor/open-cluster-management.io/api/operator/v1/types_clustermanager.go b/vendor/open-cluster-management.io/api/operator/v1/types_clustermanager.go index 373f87f10..d9d058e69 100644 --- a/vendor/open-cluster-management.io/api/operator/v1/types_clustermanager.go +++ b/vendor/open-cluster-management.io/api/operator/v1/types_clustermanager.go @@ -108,6 +108,28 @@ type RegistrationHubConfiguration struct { // he can set featuregate/Foo=false before upgrading. Let's say the cluster-admin wants featuregate/Foo=false. // +optional FeatureGates []FeatureGate `json:"featureGates,omitempty"` + + // RegistrationDrivers represent the list of hub registration drivers that contain information used by hub to initialize the hub cluster + // A RegistrationDriverHub contains details of authentication type and the hub cluster ARN + // +optional + // +listType=map + // +listMapKey=authType + RegistrationDrivers []RegistrationDriverHub `json:"registrationDrivers,omitempty"` +} + +type RegistrationDriverHub struct { + + // Type of the authentication used by hub to initialize the Hub cluster. Possible values are csr and awsirsa. + // +required + // +kubebuilder:default:=csr + // +kubebuilder:validation:Enum=csr;awsirsa + AuthType string `json:"authType,omitempty"` + + // This represents the hub cluster ARN + // Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1 + // +optional + // +kubebuilder:validation:Pattern=`^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$` + HubClusterArn string `json:"hubClusterArn,omitempty"` } type WorkConfiguration struct { diff --git a/vendor/open-cluster-management.io/api/operator/v1/zz_generated.deepcopy.go b/vendor/open-cluster-management.io/api/operator/v1/zz_generated.deepcopy.go index 64a618ba5..96eef484b 100644 --- a/vendor/open-cluster-management.io/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/open-cluster-management.io/api/operator/v1/zz_generated.deepcopy.go @@ -557,6 +557,22 @@ func (in *RegistrationDriver) DeepCopy() *RegistrationDriver { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistrationDriverHub) DeepCopyInto(out *RegistrationDriverHub) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrationDriverHub. +func (in *RegistrationDriverHub) DeepCopy() *RegistrationDriverHub { + if in == nil { + return nil + } + out := new(RegistrationDriverHub) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegistrationHubConfiguration) DeepCopyInto(out *RegistrationHubConfiguration) { *out = *in @@ -570,6 +586,11 @@ func (in *RegistrationHubConfiguration) DeepCopyInto(out *RegistrationHubConfigu *out = make([]FeatureGate, len(*in)) copy(*out, *in) } + if in.RegistrationDrivers != nil { + in, out := &in.RegistrationDrivers, &out.RegistrationDrivers + *out = make([]RegistrationDriverHub, len(*in)) + copy(*out, *in) + } return } diff --git a/vendor/open-cluster-management.io/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/open-cluster-management.io/api/operator/v1/zz_generated.swagger_doc_generated.go index 5d63b9197..7342a4106 100644 --- a/vendor/open-cluster-management.io/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/open-cluster-management.io/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -122,9 +122,19 @@ func (NodePlacement) SwaggerDoc() map[string]string { return map_NodePlacement } +var map_RegistrationDriverHub = map[string]string{ + "authType": "Type of the authentication used by hub to initialize the Hub cluster. Possible values are csr and awsirsa.", + "hubClusterArn": "This represents the hub cluster ARN Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1", +} + +func (RegistrationDriverHub) SwaggerDoc() map[string]string { + return map_RegistrationDriverHub +} + var map_RegistrationHubConfiguration = map[string]string{ - "autoApproveUsers": "AutoApproveUser represents a list of users that can auto approve CSR and accept client. If the credential of the bootstrap-hub-kubeconfig matches to the users, the cluster created by the bootstrap-hub-kubeconfig will be auto-registered into the hub cluster. This takes effect only when ManagedClusterAutoApproval feature gate is enabled.", - "featureGates": "FeatureGates represents the list of feature gates for registration If it is set empty, default feature gates will be used. If it is set, featuregate/Foo is an example of one item in FeatureGates:\n 1. If featuregate/Foo does not exist, registration-operator will discard it\n 2. If featuregate/Foo exists and is false by default. It is now possible to set featuregate/Foo=[false|true]\n 3. If featuregate/Foo exists and is true by default. If a cluster-admin upgrading from 1 to 2 wants to continue having featuregate/Foo=false,\n \the can set featuregate/Foo=false before upgrading. Let's say the cluster-admin wants featuregate/Foo=false.", + "autoApproveUsers": "AutoApproveUser represents a list of users that can auto approve CSR and accept client. If the credential of the bootstrap-hub-kubeconfig matches to the users, the cluster created by the bootstrap-hub-kubeconfig will be auto-registered into the hub cluster. This takes effect only when ManagedClusterAutoApproval feature gate is enabled.", + "featureGates": "FeatureGates represents the list of feature gates for registration If it is set empty, default feature gates will be used. If it is set, featuregate/Foo is an example of one item in FeatureGates:\n 1. If featuregate/Foo does not exist, registration-operator will discard it\n 2. If featuregate/Foo exists and is false by default. It is now possible to set featuregate/Foo=[false|true]\n 3. If featuregate/Foo exists and is true by default. If a cluster-admin upgrading from 1 to 2 wants to continue having featuregate/Foo=false,\n \the can set featuregate/Foo=false before upgrading. Let's say the cluster-admin wants featuregate/Foo=false.", + "registrationDrivers": "RegistrationDrivers represent the list of hub registration drivers that contain information used by hub to initialize the hub cluster A RegistrationDriverHub contains details of authentication type and the hub cluster ARN", } func (RegistrationHubConfiguration) SwaggerDoc() map[string]string { diff --git a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml index 8e92beeb7..c4e3864fa 100644 --- a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml +++ b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml @@ -255,6 +255,31 @@ spec: - feature type: object type: array + registrationDrivers: + description: |- + RegistrationDrivers represent the list of hub registration drivers that contain information used by hub to initialize the hub cluster + A RegistrationDriverHub contains details of authentication type and the hub cluster ARN + items: + properties: + authType: + default: csr + description: Type of the authentication used by hub to initialize + the Hub cluster. Possible values are csr and awsirsa. + enum: + - csr + - awsirsa + type: string + hubClusterArn: + description: |- + This represents the hub cluster ARN + Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1 + pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$ + type: string + type: object + type: array + x-kubernetes-list-map-keys: + - authType + x-kubernetes-list-type: map type: object registrationImagePullSpec: default: quay.io/open-cluster-management/registration diff --git a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_manager.yaml b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_manager.yaml index 14172e71a..ecee98daa 100644 --- a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_manager.yaml +++ b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_manager.yaml @@ -29,6 +29,10 @@ spec: featureGates: {{- toYaml . | nindent 6 }} {{- end }} + {{- with .Values.clusterManager.registrationConfiguration.registrationDrivers }} + registrationDrivers: + {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.clusterManager.workConfiguration }} workConfiguration: {{- toYaml . | nindent 4 }} diff --git a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/values.yaml b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/values.yaml index 7d5ac7545..bf1b4c65d 100644 --- a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/values.yaml +++ b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/values.yaml @@ -95,6 +95,8 @@ clusterManager: featureGates: - feature: DefaultClusterSet mode: Enable + registrationDrivers: + - authType: csr workConfiguration: workDriver: kube addOnManagerConfiguration: {}