proposal change for clusterset api

Signed-off-by: ldpliu <[email protected]>
open-cluster-management-io · Mar 29, 2022 · 8fb65eb · 8fb65eb
1 parent 8fa2df8
commit 8fb65eb
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 44 deletions.
diff --git a/enhancements/sig-architecture/30-clusterset-override/README.md b/enhancements/sig-architecture/30-clusterset-override/README.md
@@ -30,7 +30,7 @@ So, In this proposal, we change the managedClusterSets spec and want to provide
 
 ```go
 type ManagedClusterSetSpec struct {
-    // Selector represents a selector of ManagedClusters by labels and names.
+    // Selector represents a selector of ManagedClusters.
     ClusterSelector ManagedClusterSelector  `json:"clusterSelector"`
 }
 
@@ -327,62 +327,40 @@ So we could finish the migration by four steps, and step 1 and step 2 will be fi
 1. [Implement in OCM 0.7.0]Update the managedClusterSet API which only includes an exclusive way to select target managedClusters.
 
 ```go
+// ManagedClusterSetSpec describes the attributes of the ManagedClusterSet
 type ManagedClusterSetSpec struct {
-    // Selector represents a selector of ManagedClusters by labels and names.
-    ClusterSelector ManagedClusterSelector  `json:"clusterSelector"`
+	// ClusterSelector represents a selector of ManagedClusters
+	// +optional
+	// +kubebuilder:default:={selectorType: LegacyClusterSetLabel}
+	ClusterSelector ManagedClusterSelector `json:"clusterSelector,omitempty"`
 }
 
-type ManagedClusterSelector struct{
-    // "" means to use the current mechanism of matching label <cluster.open-cluster-management.io/clusterset:<ManagedClusterSet Name>.
-    // (future) "LabelSelector" means to use the LabelSelector to select target managedClusters
-    // "ExclusiveLabel" means to use a particular cluster label. It is guaranteed that clustersets with same label key are exclusive with each others
-    // +optional
-    SelectorType SelectorType `json:"selectorType"`
-
-    // ExclusiveLabel defines one label which clusterset could use to select target managedClusters. In this way, we will:
-    // 1. Guarantee clustersets with same label key are exclusive
-    // 2. Enable additional permission check when cluster joining/leaving a clusterset (the label key should start with the reserved prefix "cluster.open-cluster-management.io/" and "info.open-cluster-management.io/");
-    ExclusiveLabel *ExclusiveLabel `json:"exclusiveLabel"`
+// ManagedClusterSelector represents a selector of ManagedClusters
+type ManagedClusterSelector struct {
+	// SelectorType could only be "LegacyClusterSetLabel" now, will support more SelectorType later
+	// "LegacyClusterSetLabel" means to use label "cluster.open-cluster-management.io/clusterset:<ManagedClusterSet Name>"" to select target clusters.
+	// +kubebuilder:validation:Enum=LegacyClusterSetLabel
+	// +kubebuilder:default:=LegacyClusterSetLabel
+	// +required
+	SelectorType SelectorType `json:"selectorType,omitempty"`
 }
 
 type SelectorType string
 
 const (
-    ExclusiveLabel        SelectorType = "ExclusiveLabel"
+	LegacyClusterSetLabel SelectorType = "LegacyClusterSetLabel"
 )
-
-//ExclusiveLabel defines one cluster label
-type ExclusiveLabel struct {
-    //Key is "cluster.open-cluster-management.io/clusterset" by default and can only be cluster.open-cluster-management.io/
-    Key string `json:"key"`
-    //Value can only be empty or the name of the clusterset.
-    Value string `json:"value"`
-}
 ```
 
-- `LabelSelector` will not be included
-- `ExclusiveLabel.Key` must be `cluster.open-cluster-management.io/clusterset` and `ExclusiveLabel.Value` must be `ManagedClusterset Name`    
-- Both `managedclusterset/join` and `managedclusters/label` permission will be supported
-
 2. [Implement in OCM 0.7.0]`multicloud-operators-foundation`, `submariner-addon`, `placement` change the code to integrate with new managedClusterSet api
 
   a. `multicloud-operators-foundation` uses managedClusterSet for resource group purpose. So it should only watch the following managedClusterSets:
-  - `spec.ClusterSelector.SelectorType` is `ExclusiveLabel` and the `ExclusiveLabel.Key` must be `cluster.open-cluster-management.io/clusterset`
-  - `spec.ClusterSelector.SelectorType` is ""
-
-  b. `multicloud-operators-foundation` gives the users `join` permission to a managedClusterSet if the user has "admin" permission to the managedClusterSet. So the `join` permission should be changed with the following rule:
-    ```yaml
-    - apiGroups: ["cluster.open-cluster-management.io"]
-      resources: ["managedclusters/label"]
-      resourceNames: ["cluster.open-cluster-management.io/clusterset:<ManagedClusterSet Name>"]
-      verbs: ["create"]
-    ```
-
-  c. `submariner-addon` uses managedClusterSet group clusters based on the network. And in different managedClusterSet, the clusters should be exclusive. So it should only watch the following managedClusterSet:
-  - `spec.ClusterSelector.SelectorType` is `ExclusiveLabel` and the `ExclusiveLabel.Key` must be `cluster.open-cluster-management.io/clusterset`, the `ExclusiveLabel.Value` must be managedClusterSet name.
-  - `spec.ClusterSelector.SelectorType` is ""
-
-  d. `placement` using new `ClusterSelector` to select target clusters.
+  - `spec.ClusterSelector.SelectorType` is `LegacyClusterSetLabel`
+
+  b. `submariner-addon` uses managedClusterSet group clusters based on the network. And in different managedClusterSet, the clusters should be exclusive. So it should only watch the following managedClusterSet:
+  - `spec.ClusterSelector.SelectorType` is `LegacyClusterSetLabel`
+
+  c. `placement` using new `ClusterSelector` to select target clusters.
 
 3. [Implement in OCM 0.8.0] Update full managedClusterSet api and RBAC
 - Include `LabelSelector`

diff --git a/enhancements/sig-architecture/30-clusterset-override/metadata.yaml b/enhancements/sig-architecture/30-clusterset-override/metadata.yaml
@@ -9,5 +9,5 @@ approvers:
   - "@elgnay"
   - "@deads2k"
 creation-date: 2021-11-30
-last-updated: 2022-02-24
+last-updated: 2022-03-29
 status: provisional