From c2ef824990dee7021c8cc2a771ed43471e02e50d Mon Sep 17 00:00:00 2001 From: Zhiwei Yin Date: Thu, 16 Jan 2025 15:48:08 +0800 Subject: [PATCH] rename bootstrap sa name and remove 'delete token' cmd Signed-off-by: Zhiwei Yin --- go.mod | 2 +- go.sum | 4 +- pkg/cmd/delete/cmd.go | 2 - pkg/cmd/delete/token/cmd.go | 47 ---------- pkg/cmd/delete/token/exec.go | 91 ------------------- pkg/cmd/delete/token/options.go | 19 ---- pkg/config/env.go | 21 ++--- .../joinhubscenario_bootstrsptoken_test.go | 6 -- .../e2e/clusteradm/joinhubscenario_sa_test.go | 6 -- vendor/modules.txt | 2 +- .../templates/bootstrap_cluster_role.yaml | 2 +- .../bootstrap_cluster_role_binding.yaml | 4 +- .../templates/bootstrap_sa.yaml | 2 +- .../bootstrap_sa_cluster_role_binding.yaml | 6 +- .../templates/cluster_manager.yaml | 2 +- .../templates/cluster_role.yaml | 2 +- .../ocm/pkg/operator/helpers/chart/config.go | 4 +- 17 files changed, 24 insertions(+), 198 deletions(-) delete mode 100644 pkg/cmd/delete/token/cmd.go delete mode 100644 pkg/cmd/delete/token/exec.go delete mode 100644 pkg/cmd/delete/token/options.go diff --git a/go.mod b/go.mod index 6064822f6..396767366 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( open-cluster-management.io/api v0.15.1-0.20250109024121-1a5e25a78a43 open-cluster-management.io/cluster-proxy v0.4.0 open-cluster-management.io/managed-serviceaccount v0.6.0 - open-cluster-management.io/ocm v0.15.1-0.20250110031959-11896ccda197 + open-cluster-management.io/ocm v0.15.1-0.20250116024415-19fb9243ca2b open-cluster-management.io/sdk-go v0.15.1-0.20241125015855-1536c3970f8f sigs.k8s.io/apiserver-network-proxy v0.29.0 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 diff --git a/go.sum b/go.sum index 42542faf9..90d1fcd75 100644 --- a/go.sum +++ b/go.sum @@ -563,8 +563,8 @@ open-cluster-management.io/cluster-proxy v0.4.0 h1:rm0UDaDWe3/P3xLzwqdHtqNksKwSz open-cluster-management.io/cluster-proxy v0.4.0/go.mod h1:gTvfDHAhGezhdg4BD3ECBn6jbg2Y5PbHhV2ceW5nrB0= open-cluster-management.io/managed-serviceaccount v0.6.0 h1:qIi5T9WQJBuoGqnYGIktXbtqfQoiN2H9XU2P/6lAQiw= open-cluster-management.io/managed-serviceaccount v0.6.0/go.mod h1:G4LUTbZiyrB8c0+rqi/xnDmGlsg7Rdr4T7MPLCWhyQI= -open-cluster-management.io/ocm v0.15.1-0.20250110031959-11896ccda197 h1:ECwQuYbtUxDbKUKHfnmQYwLG2cV3i7OwsU4dJP/XrDg= -open-cluster-management.io/ocm v0.15.1-0.20250110031959-11896ccda197/go.mod h1:daPkqFxkVqKb4O8UTX+7jCyEcJWarGOG7uDie9rFfck= +open-cluster-management.io/ocm v0.15.1-0.20250116024415-19fb9243ca2b h1:zA4fOnKpgsjImN/Qc1JcwyumwYALmS7EUl9KT0lRUwk= +open-cluster-management.io/ocm v0.15.1-0.20250116024415-19fb9243ca2b/go.mod h1:daPkqFxkVqKb4O8UTX+7jCyEcJWarGOG7uDie9rFfck= open-cluster-management.io/sdk-go v0.15.1-0.20241125015855-1536c3970f8f h1:zeC7QrFNarfK2zY6jGtd+mX+yDrQQmnH/J8A7n5Nh38= open-cluster-management.io/sdk-go v0.15.1-0.20241125015855-1536c3970f8f/go.mod h1:fi5WBsbC5K3txKb8eRLuP0Sim/Oqz/PHX18skAEyjiA= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= diff --git a/pkg/cmd/delete/cmd.go b/pkg/cmd/delete/cmd.go index c85738965..629735704 100644 --- a/pkg/cmd/delete/cmd.go +++ b/pkg/cmd/delete/cmd.go @@ -5,7 +5,6 @@ import ( "github.com/spf13/cobra" "k8s.io/cli-runtime/pkg/genericiooptions" "open-cluster-management.io/clusteradm/pkg/cmd/delete/clusterset" - "open-cluster-management.io/clusteradm/pkg/cmd/delete/token" "open-cluster-management.io/clusteradm/pkg/cmd/delete/work" genericclioptionsclusteradm "open-cluster-management.io/clusteradm/pkg/genericclioptions" ) @@ -17,7 +16,6 @@ func NewCmd(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, stream Short: "delete a resource", } - cmd.AddCommand(token.NewCmd(clusteradmFlags, streams)) cmd.AddCommand(work.NewCmd(clusteradmFlags, streams)) cmd.AddCommand(clusterset.NewCmd(clusteradmFlags, streams)) diff --git a/pkg/cmd/delete/token/cmd.go b/pkg/cmd/delete/token/cmd.go deleted file mode 100644 index 2ce983d08..000000000 --- a/pkg/cmd/delete/token/cmd.go +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright Contributors to the Open Cluster Management project -package token - -import ( - "fmt" - - "open-cluster-management.io/clusteradm/pkg/helpers" - - "github.com/spf13/cobra" - "k8s.io/cli-runtime/pkg/genericiooptions" - genericclioptionsclusteradm "open-cluster-management.io/clusteradm/pkg/genericclioptions" -) - -var example = ` -# Delete the bootstrap token -%[1]s delete token -` - -// NewCmd ... -func NewCmd(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, streams genericiooptions.IOStreams) *cobra.Command { - o := newOptions(clusteradmFlags, streams) - - cmd := &cobra.Command{ - Use: "token", - Short: "delete the bootstrap token", - Example: fmt.Sprintf(example, helpers.GetExampleHeader()), - SilenceUsage: true, - PreRun: func(c *cobra.Command, args []string) { - helpers.DryRunMessage(o.ClusteradmFlags.DryRun) - }, - RunE: func(c *cobra.Command, args []string) error { - if err := o.complete(c, args); err != nil { - return err - } - if err := o.validate(); err != nil { - return err - } - if err := o.run(); err != nil { - return err - } - - return nil - }, - } - - return cmd -} diff --git a/pkg/cmd/delete/token/exec.go b/pkg/cmd/delete/token/exec.go deleted file mode 100644 index 1c1364177..000000000 --- a/pkg/cmd/delete/token/exec.go +++ /dev/null @@ -1,91 +0,0 @@ -// Copyright Contributors to the Open Cluster Management project -package token - -import ( - "context" - "fmt" - - "github.com/spf13/cobra" - apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" - "open-cluster-management.io/clusteradm/pkg/config" - "open-cluster-management.io/clusteradm/pkg/helpers" -) - -func (o *Options) complete(cmd *cobra.Command, args []string) (err error) { - return nil -} - -func (o *Options) validate() error { - restConfig, err := o.ClusteradmFlags.KubectlFactory.ToRESTConfig() - if err != nil { - return err - } - - apiExtensionsClient, err := apiextensionsclient.NewForConfig(restConfig) - if err != nil { - return err - } - installed, err := helpers.IsClusterManagerInstalled(apiExtensionsClient) - if err != nil { - return err - } - if !installed { - return fmt.Errorf("this is not a hub") - } - return err -} - -func (o *Options) run() error { - - kubeClient, err := o.ClusteradmFlags.KubectlFactory.KubernetesClientSet() - if err != nil { - return err - } - - if o.ClusteradmFlags.DryRun { - return nil - } - - return o.deleteToken(kubeClient) -} - -func (o *Options) deleteToken(kubeClient *kubernetes.Clientset) error { - //Delete bootstrap token bindings - err := kubeClient.RbacV1().ClusterRoleBindings().Delete(context.TODO(), config.BootstrapClusterRoleBindingName, metav1.DeleteOptions{}) - if err != nil && !errors.IsNotFound(err) { - return err - } - err = kubeClient.RbacV1().ClusterRoleBindings().Delete(context.TODO(), config.BootstrapClusterRoleBindingSAName, metav1.DeleteOptions{}) - if err != nil && !errors.IsNotFound(err) { - return err - } - - //Delete Roles - err = kubeClient.RbacV1().ClusterRoles().Delete(context.TODO(), config.BootstrapClusterRoleName, metav1.DeleteOptions{}) - if err != nil && !errors.IsNotFound(err) { - return err - } - - //Detele bootstrap token secret - secret, err := helpers.GetBootstrapSecret(context.TODO(), kubeClient) - if err == nil { - err = kubeClient.CoreV1().Secrets(secret.Namespace).Delete(context.TODO(), secret.Name, metav1.DeleteOptions{}) - if err != nil && !errors.IsNotFound(err) { - return err - } - } - if err != nil && !errors.IsNotFound(err) { - return err - } - //Delete service account - err = kubeClient.CoreV1().ServiceAccounts(config.OpenClusterManagementNamespace).Delete(context.TODO(), config.BootstrapSAName, metav1.DeleteOptions{}) - if err != nil && !errors.IsNotFound(err) { - return err - } - //No need to delete the secret containing the token - //as it will be automatically deleted because the SA is deleted - return nil -} diff --git a/pkg/cmd/delete/token/options.go b/pkg/cmd/delete/token/options.go deleted file mode 100644 index 19a19f312..000000000 --- a/pkg/cmd/delete/token/options.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright Contributors to the Open Cluster Management project -package token - -import ( - "k8s.io/cli-runtime/pkg/genericiooptions" - genericclioptionsclusteradm "open-cluster-management.io/clusteradm/pkg/genericclioptions" -) - -// Options is holding all the command-line options -type Options struct { - //ClusteradmFlags: The generic options from the clusteradm cli-runtime. - ClusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags -} - -func newOptions(clusteradmFlags *genericclioptionsclusteradm.ClusteradmFlags, streams genericiooptions.IOStreams) *Options { - return &Options{ - ClusteradmFlags: clusteradmFlags, - } -} diff --git a/pkg/config/env.go b/pkg/config/env.go index ecd6d36bf..0825ee7e9 100644 --- a/pkg/config/env.go +++ b/pkg/config/env.go @@ -3,16 +3,13 @@ package config const ( - OpenClusterManagementNamespace = "open-cluster-management" - BootstrapSAName = "cluster-bootstrap" - BootstrapClusterRoleBindingName = "cluster-bootstrap" - BootstrapClusterRoleBindingSAName = "cluster-bootstrap-sa" - BootstrapClusterRoleName = "system:open-cluster-management:bootstrap" - ClusterManagerName = "cluster-manager" - LabelApp = "app" - BootstrapSecretPrefix = "bootstrap-token-" - HubClusterNamespace = "open-cluster-management-hub" - ManagedClusterNamespace = "open-cluster-management-agent" - ManagedProxyConfigurationName = "cluster-proxy" - ImagePullSecret = "open-cluster-management-image-pull-credentials" + OpenClusterManagementNamespace = "open-cluster-management" + BootstrapSAName = "agent-registration-bootstrap" + ClusterManagerName = "cluster-manager" + LabelApp = "app" + BootstrapSecretPrefix = "bootstrap-token-" + HubClusterNamespace = "open-cluster-management-hub" + ManagedClusterNamespace = "open-cluster-management-agent" + ManagedProxyConfigurationName = "cluster-proxy" + ImagePullSecret = "open-cluster-management-image-pull-credentials" ) diff --git a/test/e2e/clusteradm/joinhubscenario_bootstrsptoken_test.go b/test/e2e/clusteradm/joinhubscenario_bootstrsptoken_test.go index 62190dd46..f22cfa0af 100644 --- a/test/e2e/clusteradm/joinhubscenario_bootstrsptoken_test.go +++ b/test/e2e/clusteradm/joinhubscenario_bootstrsptoken_test.go @@ -54,12 +54,6 @@ var _ = ginkgo.Describe("test clusteradm with bootstrap token", func() { originalToken = e2e.CommandResult().RawCommand() - ginkgo.By("delete token") - err = e2e.Clusteradm().Delete( - "token", - ) - gomega.Expect(err).NotTo(gomega.HaveOccurred(), "clusteradm delete token error") - ginkgo.By("get token from hub") err = e2e.Clusteradm().Get( "token", diff --git a/test/e2e/clusteradm/joinhubscenario_sa_test.go b/test/e2e/clusteradm/joinhubscenario_sa_test.go index 5dd1eaf08..449d9f9c6 100644 --- a/test/e2e/clusteradm/joinhubscenario_sa_test.go +++ b/test/e2e/clusteradm/joinhubscenario_sa_test.go @@ -50,12 +50,6 @@ var _ = ginkgo.Describe("test clusteradm with service account", func() { originalToken = e2e.CommandResult().RawCommand() - ginkgo.By("delete token") - err = e2e.Clusteradm().Delete( - "token", - ) - gomega.Expect(err).NotTo(gomega.HaveOccurred(), "clusteradm delete token error") - ginkgo.By("get token from hub") err = e2e.Clusteradm().Get( "token", diff --git a/vendor/modules.txt b/vendor/modules.txt index 3149fc75a..cde546fd8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1282,7 +1282,7 @@ open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versio open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versioned/scheme open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versioned/typed/authentication/v1alpha1 open-cluster-management.io/managed-serviceaccount/pkg/generated/clientset/versioned/typed/authentication/v1beta1 -# open-cluster-management.io/ocm v0.15.1-0.20250110031959-11896ccda197 +# open-cluster-management.io/ocm v0.15.1-0.20250116024415-19fb9243ca2b ## explicit; go 1.22.5 open-cluster-management.io/ocm/deploy/cluster-manager/chart open-cluster-management.io/ocm/deploy/klusterlet/chart diff --git a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role.yaml b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role.yaml index eec51cb13..0aacd086f 100644 --- a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role.yaml +++ b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: system:open-cluster-management:bootstrap + name: open-cluster-management:bootstrap rules: - apiGroups: - "" diff --git a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role_binding.yaml b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role_binding.yaml index 60a261a31..b31545052 100644 --- a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role_binding.yaml +++ b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role_binding.yaml @@ -2,11 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: cluster-bootstrap + name: open-cluster-management:bootstrap:managedcluster roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: system:open-cluster-management:bootstrap + name: open-cluster-management:bootstrap subjects: - kind: Group apiGroup: rbac.authorization.k8s.io diff --git a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa.yaml b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa.yaml index f97cda884..2edf9cf48 100644 --- a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa.yaml +++ b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa.yaml @@ -2,6 +2,6 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: cluster-bootstrap + name: agent-registration-bootstrap namespace: {{ .Release.Namespace }} {{- end }} diff --git a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa_cluster_role_binding.yaml b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa_cluster_role_binding.yaml index e299bb38d..e6f2340cb 100644 --- a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa_cluster_role_binding.yaml +++ b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa_cluster_role_binding.yaml @@ -2,13 +2,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: cluster-bootstrap-sa + name: open-cluster-management:bootstrap:agent-registration roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: system:open-cluster-management:bootstrap + name: open-cluster-management:bootstrap subjects: - kind: ServiceAccount - name: cluster-bootstrap + name: agent-registration-bootstrap namespace: {{ .Release.Namespace }} {{- end }} diff --git a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_manager.yaml b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_manager.yaml index 7f330c977..14172e71a 100644 --- a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_manager.yaml +++ b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_manager.yaml @@ -22,7 +22,7 @@ spec: - system:bootstrap:bootstrap-token-ocmhub {{- end }} {{- if .Values.createBootstrapSA }} - - system:serviceaccount:open-cluster-management:cluster-bootstrap + - system:serviceaccount:{{ .Release.Namespace }}:agent-registration-bootstrap {{- end }} {{- end }} {{- with .Values.clusterManager.registrationConfiguration.featureGates }} diff --git a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_role.yaml b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_role.yaml index 4f6dab7bf..3ba2c25dd 100644 --- a/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_role.yaml +++ b/vendor/open-cluster-management.io/ocm/deploy/cluster-manager/chart/cluster-manager/templates/cluster_role.yaml @@ -10,7 +10,7 @@ rules: - apiGroups: [""] resources: ["serviceaccounts/token"] resourceNames: - - "cluster-bootstrap" + - "agent-registration-bootstrap" verbs: ["get", "create"] - apiGroups: [""] resources: ["pods"] diff --git a/vendor/open-cluster-management.io/ocm/pkg/operator/helpers/chart/config.go b/vendor/open-cluster-management.io/ocm/pkg/operator/helpers/chart/config.go index fd7721ad7..db536125e 100644 --- a/vendor/open-cluster-management.io/ocm/pkg/operator/helpers/chart/config.go +++ b/vendor/open-cluster-management.io/ocm/pkg/operator/helpers/chart/config.go @@ -20,7 +20,7 @@ type ClusterManagerChartConfig struct { // Resources is the resource requirements of the operator deployment Resources corev1.ResourceRequirements `json:"resources,omitempty"` // NodeSelector is the nodeSelector of the operator deployment - NodeSelector corev1.NodeSelector `json:"nodeSelector,omitempty"` + NodeSelector *corev1.NodeSelector `json:"nodeSelector,omitempty"` // Tolerations is the tolerations of the operator deployment Tolerations []corev1.Toleration `json:"tolerations,omitempty"` // Affinity is the affinity of the operator deployment @@ -47,7 +47,7 @@ type KlusterletChartConfig struct { // Resources is the resource requirements of the operator deployment Resources corev1.ResourceRequirements `json:"resources,omitempty"` // NodeSelector is the nodeSelector of the operator deployment - NodeSelector corev1.NodeSelector `json:"nodeSelector,omitempty"` + NodeSelector *corev1.NodeSelector `json:"nodeSelector,omitempty"` // Tolerations is the tolerations of the operator deployment Tolerations []corev1.Toleration `json:"tolerations,omitempty"` // Affinity is the affinity of the operator deployment