Merge updates from ocm-plus repo

.github/workflows/kind.yml

@@ -4,11 +4,11 @@ on:
  push:
  branches:
  - main
- - release-2.3
+ - release-2.[3-9]
  pull_request:
  branches:
  - main
- - release-2.3
+ - release-2.[3-9]
 
 defaults:
  run:

Makefile

@@ -215,6 +215,7 @@ install-crds:
  kubectl apply -f test/crds/securitycontextconstraints.security.openshift.io_crd.yaml
  kubectl apply -f test/crds/apiservers.config.openshift.io_crd.yaml
  kubectl apply -f test/crds/clusterclaims.cluster.open-cluster-management.io.yaml
+ kubectl apply -f test/crds/oauths.config.openshift.io_crd.yaml
 
 install-resources:
  @echo creating namespaces
@@ -234,6 +235,9 @@ e2e-debug:
  kubectl get configurationpolicies.policy.open-cluster-management.io --all-namespaces
  kubectl describe pods -n $(KIND_NAMESPACE)
  kubectl logs $$(kubectl get pods -n $(KIND_NAMESPACE) -o name | grep $(IMG)) -n $(KIND_NAMESPACE)
+ kubectl get namespace open-cluster-management-agent-addon
+ kubectl get namespaces
+ kubectl get secrets -n open-cluster-management-agent-addon
 
 ############################################################
 # e2e test coverage

cmd/manager/main.go

@@ -52,7 +52,7 @@ func printVersion() {
 func main() {
  pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
 
- var eventOnParent string
+ var eventOnParent, clusterName, hubConfigSecretNs, hubConfigSecretName string
  var frequency uint
  var enableLease bool
  pflag.UintVar(&frequency, "update-frequency", 10,
@@ -61,6 +61,9 @@ func main() {
  "to also send status events on parent policy. options are: yes/no/ifpresent")
  pflag.BoolVar(&enableLease, "enable-lease", false,
  "If enabled, the controller will start the lease controller to report its status")
+ pflag.StringVar(&clusterName, "cluster-name", "acm-managed-cluster", "Name of the cluster")
+ pflag.StringVar(&hubConfigSecretNs, "hubconfig-secret-ns", "open-cluster-management-agent-addon", "Namespace for hub config kube-secret")
+ pflag.StringVar(&hubConfigSecretName, "hubconfig-secret-name", "policy-controller-hub-kubeconfig", "Name of the hub config kube-secret")
 
  pflag.Parse()
 
@@ -128,6 +131,7 @@ func main() {
  }
  var generatedClient kubernetes.Interface = kubernetes.NewForConfigOrDie(mgr.GetConfig())
  common.Initialize(&generatedClient, cfg)
+
  policyStatusHandler.Initialize(cfg, client, &generatedClient, mgr, namespace, eventOnParent)
  // PeriodicallyExecConfigPolicies is the go-routine that periodically checks the policies
  go policyStatusHandler.PeriodicallyExecConfigPolicies(frequency, false)
@@ -142,12 +146,22 @@ func main() {
  os.Exit(1)
  }
  } else {
+
  log.Info("Starting lease controller to report status")
  leaseUpdater := lease.NewLeaseUpdater(
  generatedClient,
  "config-policy-controller",
  operatorNs,
  )
+
+ //set hubCfg on lease updated if found
+ hubCfg, _ := common.LoadHubConfig(hubConfigSecretNs, hubConfigSecretName)
+ if hubCfg != nil {
+ leaseUpdater = leaseUpdater.WithHubLeaseConfig(hubCfg, clusterName)
+ } else {
+ log.Error(err, "HubConfig not found, HubLeaseConfig not set")
+ }
+
  go leaseUpdater.Start(ctx)
  }
  } else {

deploy/operator.yaml

@@ -20,6 +20,7 @@ spec:
  - config-policy-controller
  args:
  - "--enable-lease=true"
+ - "--hubconfig-secret-name=hub-kubeconfig"
  imagePullPolicy: Always
  env:
  - name: WATCH_NAMESPACE

go.mod

@@ -8,18 +8,17 @@ require (
  github.com/google/go-cmp v0.5.2
  github.com/onsi/ginkgo v1.14.1
  github.com/onsi/gomega v1.10.2
- github.com/open-cluster-management/addon-framework v0.0.0-20210419013051-38730a847aff
+ github.com/open-cluster-management/addon-framework v0.0.0-20210621074027-a81f712c10c2
+ github.com/open-cluster-management/go-template-utils v1.2.3
  github.com/operator-framework/operator-sdk v0.19.4
- github.com/spf13/cast v1.3.1
  github.com/spf13/pflag v1.0.5
  github.com/stretchr/testify v1.6.1
- golang.org/x/net v0.0.0-20201110031124-69a78807bb2b
+ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
  k8s.io/api v0.20.5
  k8s.io/apimachinery v0.20.5
  k8s.io/client-go v12.0.0+incompatible
  k8s.io/klog v1.0.0
  sigs.k8s.io/controller-runtime v0.6.2
- sigs.k8s.io/yaml v1.2.0
 )
 
 replace (

go.sum

@@ -697,10 +697,12 @@ github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoT
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.10.2 h1:aY/nuoWlKJud2J6U0E3NWsjlg+0GtwXxgEqthRdzlcs=
 github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/open-cluster-management/addon-framework v0.0.0-20210419013051-38730a847aff h1:ZFFgtkVySNuIQBO/DHxGodfHARzHqlnJgNFJdqRUZag=
-github.com/open-cluster-management/addon-framework v0.0.0-20210419013051-38730a847aff/go.mod h1:mcpd6pc0j/L+WLFwV2MXHVMr+86ri2iUdTK2M8RHJ7U=
+github.com/open-cluster-management/addon-framework v0.0.0-20210621074027-a81f712c10c2 h1:oHFveB+YtcfOF6zSTkGjgSWEHHkQUkwit7enNj5RRsI=
+github.com/open-cluster-management/addon-framework v0.0.0-20210621074027-a81f712c10c2/go.mod h1:mcpd6pc0j/L+WLFwV2MXHVMr+86ri2iUdTK2M8RHJ7U=
 github.com/open-cluster-management/api v0.0.0-20210409125704-06f2aec1a73f h1:s6z3k0jV0ccoYDPJWMSqVNevO1UoQLYb8f7dYFALSNk=
 github.com/open-cluster-management/api v0.0.0-20210409125704-06f2aec1a73f/go.mod h1:ot+A1DWq+v1IV+e1S7nhIteYAmNByFgtazvzpoeAfRQ=
+github.com/open-cluster-management/go-template-utils v1.2.3 h1:eeSayCDXV0IJAJjr083yuIY95NSQmQSIgTqeJ44GO2g=
+github.com/open-cluster-management/go-template-utils v1.2.3/go.mod h1:+D8buOYN/VMVuTEd8WnnJQn+Z1oU4sT2OXbYZE+mIDk=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -1063,8 +1065,9 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1144,8 +1147,12 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd h1:5CtCZbICpIOFdgO940moixOPjc0178IU44m4EjOO5IY=
 golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007 h1:gG67DSER+11cZvqIMb8S8bt0vZtiN6xWYARwirrOSfE=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1348,8 +1355,9 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 helm.sh/helm/v3 v3.2.4/go.mod h1:ZaXz/vzktgwjyGGFbUWtIQkscfE7WYoRGP2szqAFHR0=

pkg/common/kubeClient.go

@@ -4,8 +4,14 @@
 package common
 
 import (
+ "context"
+ base64 "encoding/base64"
+ "github.com/golang/glog"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "k8s.io/client-go/kubernetes"
  "k8s.io/client-go/rest"
+ "k8s.io/client-go/tools/clientcmd"
+ "regexp"
 )
 
 // KubeClient a k8s client used for k8s native resources
@@ -14,8 +20,46 @@ var KubeClient *kubernetes.Interface
 // KubeConfig is the given kubeconfig at startup
 var KubeConfig *rest.Config
 
-// Initialize to initialize some controller variables
+var HubConfig *rest.Config
+
+// Initialize to initialize some controller varaibles
 func Initialize(kClient *kubernetes.Interface, cfg *rest.Config) {
+
  KubeClient = kClient
  KubeConfig = cfg
 }
+
+func LoadHubConfig(namespace string, secretname string) (*rest.Config, error) {
+
+ if HubConfig == nil {
+
+ secretsClient := (*KubeClient).CoreV1().Secrets(namespace)
+ hubSecret, err := secretsClient.Get(context.TODO(), secretname, metav1.GetOptions{})
+
+ if err != nil {
+ glog.Errorf("Error Getting HubConfig Secret: %v", err)
+ return nil, err
+ }
+
+ secretkconfig := string(hubSecret.Data["kubeconfig"])
+ crt := base64.StdEncoding.EncodeToString(hubSecret.Data["tls.crt"])
+ key := base64.StdEncoding.EncodeToString(hubSecret.Data["tls.key"])
+
+ re := regexp.MustCompile(`(client-certificate:\s+tls.crt)`)
+ secretkconfig = re.ReplaceAllString(secretkconfig, "client-certificate-data: "+crt)
+
+ re = regexp.MustCompile(`(client-key:\s+tls.key)`)
+ secretkconfig = re.ReplaceAllString(secretkconfig, "client-key-data: "+key)
+
+ //glog.Errorf("After Secret Value: %v", string(secretkconfig))
+
+ HubConfig, err = clientcmd.RESTConfigFromKubeConfig([]byte(secretkconfig))
+ if err != nil {
+ glog.Errorf("Error getting Rest config for Hub: %v", err)
+ return nil, err
+ }
+
+ //glog.Errorf("HubConfig: %v", HubConfig)
+ }
+ return HubConfig, nil
+}