Merge branch 'master' into conroller_0_11_0

Author: tehlers320

.github/workflows/build-and-test.yml

@@ -11,8 +11,7 @@ jobs:
 
       - uses: actions/setup-go@v2
         with:
-          go-version: '^1.17.6'
-
+          go-version: '~1.17'
       - name: Run tests
         run: |
           ./hack/verify-docfiles.sh && echo "Skipping build - only doc files have changed!" || \

.github/workflows/test-and-push.yml

@@ -16,8 +16,7 @@ jobs:
 
       - uses: actions/setup-go@v2
         with:
-          go-version: '^1.17.6'
-
+          go-version: '~1.17'
       - name: Run tests
         run: DOWNLOAD_BINARIES=y bash -x ./scripts/pre-commit.sh
 

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Unreleased
 
+# v0.9.1
+- [#1490](https://github.com/kubernetes-sigs/kubefed/pull/1490)
+  fix: Fix mutatingwebhookconfiguration CA cert when cert-manager is enabled
+
 # v0.9.0
 - [#1460](https://github.com/kubernetes-sigs/kubefed/pull/1460)
   feat: introduce informer cache sync timeout

charts/index.yaml

@@ -1,6 +1,20 @@
 apiVersion: v1
 entries:
   kubefed:
+  - apiVersion: v2
+    created: "2022-02-15T10:39:01.477937005Z"
+    dependencies:
+    - condition: controllermanager.enabled
+      name: controllermanager
+      repository: https://localhost/
+      version: 0.9.1
+    description: KubeFed helm chart
+    digest: a0100b39f82affb29601343214661cfebcc67c3f00fac7e38eb9983bb1359f88
+    kubeVersion: '>= 1.16.0-0'
+    name: kubefed
+    urls:
+    - https://github.com/kubernetes-sigs/kubefed/releases/download/v0.9.1/kubefed-0.9.1.tgz
+    version: 0.9.1
   - apiVersion: v2
     created: "2021-11-18T10:24:18.266620592Z"
     dependencies:
@@ -211,4 +225,4 @@ entries:
     urls:
     - https://github.com/kubernetes-sigs/kubefed/releases/download/v0.1.0-rc1/kubefed-0.1.0-rc1.tgz
     version: 0.1.0-rc1
-generated: "2021-11-18T10:24:18.264159378Z"
+generated: "2022-02-15T10:39:01.476784537Z"

charts/kubefed/Chart.yaml

@@ -1,11 +1,11 @@
 apiVersion: v2
 description: KubeFed helm chart
 name: kubefed
-version: 0.0.4
+version: 0.0.5
 kubeVersion: ">= 1.16.0-0"
 dependencies:
 - name: controllermanager
-  version: 0.0.4
+  version: 0.0.5
   repository: "https://localhost/" # Required but unused.
   condition: controllermanager.enabled
 

charts/kubefed/charts/controllermanager/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v2
 appVersion: "0.8.1"
 description: A Helm chart for KubeFed Controller Manager
 name: controllermanager
-version: 0.0.4
+version: 0.0.5

charts/kubefed/charts/controllermanager/crds/crds.yaml

@@ -457,6 +457,8 @@ spec:
     kind: KubeFedCluster
     listKind: KubeFedClusterList
     plural: kubefedclusters
+    shortNames:
+    - kfc
     singular: kubefedcluster
   scope: Namespaced
   versions:
@@ -467,6 +469,9 @@ spec:
     - jsonPath: .status.conditions[?(@.type=='Ready')].status
       name: ready
       type: string
+    - jsonPath: .status.kubernetesVersion
+      name: kubernetes-version
+      type: string
     name: v1beta1
     schema:
       openAPIV3Schema:
@@ -559,6 +564,10 @@ spec:
                   - type
                   type: object
                 type: array
+              kubernetesVersion:
+                description: KubernetesVersion is the Kubernetes git version of the
+                  cluster.
+                type: string
               region:
                 description: Region is the name of the region in which all of the
                   nodes in the cluster exist.  e.g. 'us-east1'.

charts/kubefed/charts/controllermanager/templates/webhook.yaml

@@ -123,6 +123,10 @@ metadata:
 {{- else }}
   name: mutation.core.kubefed.io
 {{- end }}
+  annotations:
+  {{- if .Values.certManager.enabled }}
+    cert-manager.io/inject-ca-from: {{ printf "%s/%s%s" .Release.Namespace .Release.Name "-root-certificate" | quote }}
+  {{- end }}
 webhooks:
 - name: kubefedconfigs.core.kubefed.io
   admissionReviewVersions:

cmd/controller-manager/app/leaderelection/leaderelection.go

@@ -36,8 +36,9 @@ import (
 
 func NewKubeFedLeaderElector(opts *options.Options, fnStartControllers func(*options.Options, <-chan struct{})) (*leaderelection.LeaderElector, error) {
 	const component = "kubefed-controller-manager"
-	restclient.AddUserAgent(opts.Config.KubeConfig, "kubefed-leader-election")
-	leaderElectionClient := kubeclient.NewForConfigOrDie(opts.Config.KubeConfig)
+	kubeConfig := restclient.CopyConfig(opts.Config.KubeConfig)
+	restclient.AddUserAgent(kubeConfig, "kubefed-leader-election")
+	leaderElectionClient := kubeclient.NewForConfigOrDie(kubeConfig)
 
 	hostname, err := os.Hostname()
 	if err != nil {

docs/cluster-registration.md

@@ -34,12 +34,14 @@ Check the status of the joined clusters by using the following command.
 ```bash
 kubectl -n kube-federation-system get kubefedclusters
 
-NAME       READY   AGE
-cluster1   True    1m
-cluster2   True    1m
+NAME       AGE   READY   KUBERNETES-VERSION
+cluster1   1m    True    v1.21.2
+cluster2   1m    True    v1.22.0
 
 ```
 
+The Kubernetes version is checked periodically along with the cluster health check so that it would be automatically updated within the cluster health check period after a Kubernetes upgrade/downgrade of the cluster.
+
 # Joining kind clusters on MacOS
 
 A Kubernetes cluster deployed with [kind](https://sigs.k8s.io/kind) on Docker

pkg/apis/core/common/constants.go

@@ -24,6 +24,8 @@ const (
 	ClusterReady ClusterConditionType = "Ready"
 	// ClusterOffline means the cluster is temporarily down or not reachable
 	ClusterOffline ClusterConditionType = "Offline"
+	// ClusterConfigMalformed means the cluster's configuration may be malformed.
+	ClusterConfigMalformed ClusterConditionType = "ConfigMalformed"
 )
 
 const (

pkg/apis/core/v1alpha1/zz_generated.deepcopy.go

@@ -70,6 +70,9 @@ type LocalSecretReference struct {
 type KubeFedClusterStatus struct {
 	// Conditions is an array of current cluster conditions.
 	Conditions []ClusterCondition `json:"conditions"`
+	// KubernetesVersion is the Kubernetes git version of the cluster.
+	// +optional
+	KubernetesVersion string `json:"kubernetesVersion,omitempty"`
 	// Zones are the names of availability zones in which the nodes of the cluster exist, e.g. 'us-east1-a'.
 	// +optional
 	Zones []string `json:"zones,omitempty"`
@@ -81,7 +84,8 @@ type KubeFedClusterStatus struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:printcolumn:name=age,type=date,JSONPath=.metadata.creationTimestamp
 // +kubebuilder:printcolumn:name=ready,type=string,JSONPath=.status.conditions[?(@.type=='Ready')].status
-// +kubebuilder:resource:path=kubefedclusters
+// +kubebuilder:printcolumn:name=kubernetes-version,type=string,JSONPath=.status.kubernetesVersion
+// +kubebuilder:resource:path=kubefedclusters,shortName=kfc
 // +kubebuilder:subresource:status
 
 // KubeFedCluster configures KubeFed to be aware of a Kubernetes

pkg/apis/core/v1beta1/kubefedcluster_types.go

@@ -255,7 +255,7 @@ func validateDisabledTLSValidations(disabledTLSValidations []v1beta1.TLSValidati
 func validateClusterCondition(cc *v1beta1.ClusterCondition, path *field.Path) field.ErrorList {
 	var allErrs field.ErrorList
 
-	allErrs = append(allErrs, validateEnumStrings(path.Child("type"), string(cc.Type), []string{string(common.ClusterReady), string(common.ClusterOffline)})...)
+	allErrs = append(allErrs, validateEnumStrings(path.Child("type"), string(cc.Type), []string{string(common.ClusterReady), string(common.ClusterOffline), string(common.ClusterConfigMalformed)})...)
 	allErrs = append(allErrs, validateEnumStrings(path.Child("status"), string(cc.Status), []string{string(corev1.ConditionTrue), string(corev1.ConditionFalse), string(corev1.ConditionUnknown)})...)
 
 	if cc.LastProbeTime.IsZero() {

pkg/apis/core/v1beta1/validation/validation.go

@@ -18,6 +18,7 @@ package kubefedcluster
 
 import (
 	"context"
+	"fmt"
 	"strings"
 	"time"
 
@@ -46,14 +47,16 @@ const (
 	LabelZoneRegion        = "failure-domain.beta.kubernetes.io/region"
 
 	// Common ClusterConditions for KubeFedClusterStatus
-	ClusterReady              = "ClusterReady"
-	HealthzOk                 = "/healthz responded with ok"
-	ClusterNotReady           = "ClusterNotReady"
-	HealthzNotOk              = "/healthz responded without ok"
-	ClusterNotReachableReason = "ClusterNotReachable"
-	ClusterNotReachableMsg    = "cluster is not reachable"
-	ClusterReachableReason    = "ClusterReachable"
-	ClusterReachableMsg       = "cluster is reachable"
+	ClusterReady                 = "ClusterReady"
+	HealthzOk                    = "/healthz responded with ok"
+	ClusterNotReady              = "ClusterNotReady"
+	HealthzNotOk                 = "/healthz responded without ok"
+	ClusterNotReachableReason    = "ClusterNotReachable"
+	ClusterNotReachableMsg       = "cluster is not reachable"
+	ClusterReachableReason       = "ClusterReachable"
+	ClusterReachableMsg          = "cluster is reachable"
+	ClusterConfigMalformedReason = "ClusterConfigMalformed"
+	ClusterConfigMalformedMsg    = "cluster's configuration may be malformed"
 )
 
 // ClusterClient provides methods for determining the status and zones of a
@@ -67,21 +70,18 @@ type ClusterClient struct {
 // The kubeClient is used to configure the ClusterClient's internal client
 // with information from a kubeconfig stored in a kubernetes secret.
 func NewClusterClientSet(c *fedv1b1.KubeFedCluster, client generic.Client, fedNamespace string, timeout time.Duration) (*ClusterClient, error) {
+	var clusterClientSet = ClusterClient{clusterName: c.Name}
 	clusterConfig, err := util.BuildClusterConfig(c, client, fedNamespace)
 	if err != nil {
-		return nil, err
+		return &clusterClientSet, err
 	}
 	clusterConfig.Timeout = timeout
-	var clusterClientSet = ClusterClient{clusterName: c.Name}
-	clusterClientSet.kubeClient = kubeclientset.NewForConfigOrDie((restclient.AddUserAgent(clusterConfig, UserAgentName)))
-	if clusterClientSet.kubeClient == nil {
-		return nil, nil
-	}
-	return &clusterClientSet, nil
+	clusterClientSet.kubeClient, err = kubeclientset.NewForConfig(restclient.AddUserAgent(clusterConfig, UserAgentName))
+	return &clusterClientSet, err
 }
 
-// GetClusterHealthStatus gets the kubernetes cluster health status by requesting "/healthz"
-func (c *ClusterClient) GetClusterHealthStatus() (*fedv1b1.KubeFedClusterStatus, error) {
+// GetClusterStatus gets the kubernetes cluster's health and version status
+func (c *ClusterClient) GetClusterStatus() (*fedv1b1.KubeFedClusterStatus, error) {
 	clusterStatus := fedv1b1.KubeFedClusterStatus{}
 	currentTime := metav1.Now()
 	clusterReady := ClusterReady
@@ -124,9 +124,26 @@ func (c *ClusterClient) GetClusterHealthStatus() (*fedv1b1.KubeFedClusterStatus,
 		LastProbeTime:      currentTime,
 		LastTransitionTime: &currentTime,
 	}
+	clusterConfigMalformedReason := ClusterConfigMalformedReason
+	clusterConfigMalformedMsg := ClusterConfigMalformedMsg
+	newClusterConfigMalformedCondition := fedv1b1.ClusterCondition{
+		Type:               fedcommon.ClusterConfigMalformed,
+		Status:             corev1.ConditionTrue,
+		Reason:             &clusterConfigMalformedReason,
+		Message:            &clusterConfigMalformedMsg,
+		LastProbeTime:      currentTime,
+		LastTransitionTime: &currentTime,
+	}
+	if c.kubeClient == nil {
+		clusterStatus.Conditions = append(clusterStatus.Conditions, newClusterConfigMalformedCondition)
+		metrics.RegisterKubefedClusterTotal(metrics.ClusterNotReady, c.clusterName)
+		return &clusterStatus, nil
+	}
 	body, err := c.kubeClient.DiscoveryClient.RESTClient().Get().AbsPath("/healthz").Do(context.Background()).Raw()
 	if err != nil {
 		runtime.HandleError(errors.Wrapf(err, "Failed to do cluster health check for cluster %q", c.clusterName))
+		msg := fmt.Sprintf("%s: %v", ClusterNotReachableMsg, err)
+		newClusterOfflineCondition.Message = &msg
 		clusterStatus.Conditions = append(clusterStatus.Conditions, newClusterOfflineCondition)
 		metrics.RegisterKubefedClusterTotal(metrics.ClusterOffline, c.clusterName)
 	} else {
@@ -136,6 +153,13 @@ func (c *ClusterClient) GetClusterHealthStatus() (*fedv1b1.KubeFedClusterStatus,
 		} else {
 			metrics.RegisterKubefedClusterTotal(metrics.ClusterReady, c.clusterName)
 			clusterStatus.Conditions = append(clusterStatus.Conditions, newClusterReadyCondition)
+
+			version, err := c.kubeClient.DiscoveryClient.ServerVersion()
+			if err != nil {
+				runtime.HandleError(errors.Wrapf(err, "Failed to get Kubernetes version of cluster %q", c.clusterName))
+			} else {
+				clusterStatus.KubernetesVersion = version.GitVersion
+			}
 		}
 	}
 

pkg/apis/core/v1beta1/zz_generated.deepcopy.go

@@ -96,7 +96,8 @@ func StartClusterController(config *util.ControllerConfig, clusterHealthCheckCon
 func newClusterController(config *util.ControllerConfig, clusterHealthCheckConfig *util.ClusterHealthCheckConfig) (*ClusterController, error) {
 	kubeConfig := restclient.CopyConfig(config.KubeConfig)
 	kubeConfig.Timeout = clusterHealthCheckConfig.Timeout
-	client := genericclient.NewForConfigOrDieWithUserAgent(kubeConfig, "cluster-controller")
+	restclient.AddUserAgent(kubeConfig, "cluster-controller")
+	client := genericclient.NewForConfigOrDie(kubeConfig)
 
 	cc := &ClusterController{
 		client:                   client,
@@ -175,18 +176,17 @@ func (cc *ClusterController) addToClusterSet(obj *fedv1b1.KubeFedCluster) {
 	cc.mu.Lock()
 	defer cc.mu.Unlock()
 	clusterData := cc.clusterDataMap[obj.Name]
-	if clusterData != nil && clusterData.clusterKubeClient != nil {
+	if clusterData != nil && clusterData.clusterKubeClient.kubeClient != nil {
 		return
 	}
 
 	klog.V(1).Infof("ClusterController observed a new cluster: %v", obj.Name)
 
 	// create the restclient of cluster
 	restClient, err := NewClusterClientSet(obj, cc.client, cc.fedNamespace, cc.clusterHealthCheckConfig.Timeout)
-	if err != nil || restClient == nil {
+	if err != nil || restClient.kubeClient == nil {
 		cc.RecordError(obj, "MalformedClusterConfig", errors.Wrap(err, "The configuration for this cluster may be malformed"))
-		klog.Errorf("The configuration for cluster %s may be malformed", obj.Name)
-		return
+		klog.Errorf("The configuration for cluster %q may be malformed: %v", obj.Name, err)
 	}
 	cc.clusterDataMap[obj.Name] = &ClusterData{clusterKubeClient: restClient, cachedObj: obj.DeepCopy()}
 }
@@ -217,7 +217,7 @@ func (cc *ClusterController) updateClusterStatus() error {
 		cluster := obj.DeepCopy()
 		clusterData := cc.clusterDataMap[cluster.Name]
 		cc.mu.RUnlock()
-		if clusterData == nil {
+		if clusterData == nil || clusterData.clusterKubeClient.kubeClient == nil {
 			// Retry adding cluster client
 			cc.addToClusterSet(cluster)
 			cc.mu.RLock()
@@ -243,7 +243,7 @@ func (cc *ClusterController) updateIndividualClusterStatus(cluster *fedv1b1.Kube
 
 	clusterClient := storedData.clusterKubeClient
 
-	currentClusterStatus, err := clusterClient.GetClusterHealthStatus()
+	currentClusterStatus, err := clusterClient.GetClusterStatus()
 	if err != nil {
 		cc.RecordError(cluster, "RetrievingClusterHealthFailed", errors.Wrap(err, "Failed to retrieve health of the cluster"))
 		klog.Errorf("Failed to retrieve health of the cluster %s: %v", cluster.Name, err)
@@ -279,7 +279,7 @@ func thresholdAdjustedClusterStatus(clusterStatus *fedv1b1.KubeFedClusterStatus,
 	if storedData.resultRun < threshold {
 		// Success/Failure is below threshold - leave the probe state unchanged.
 		probeTime := clusterStatus.Conditions[0].LastProbeTime
-		clusterStatus = storedData.clusterStatus
+		clusterStatus.Conditions = storedData.clusterStatus.Conditions
 		setProbeTime(clusterStatus, probeTime)
 	} else if clusterStatusEqual(clusterStatus, storedData.clusterStatus) {
 		// preserve the last transition time

pkg/apis/scheduling/v1alpha1/zz_generated.deepcopy.go

@@ -137,7 +137,7 @@ func newSchedulingPreferenceController(config *util.ControllerConfig, scheduling
 	s.clusterDeliverer = util.NewDelayingDeliverer()
 
 	s.store, s.controller, err = util.NewGenericInformer(
-		config.KubeConfig,
+		kubeConfig,
 		config.TargetNamespace,
 		s.scheduler.ObjectType(),
 		util.NoResyncPeriod,

pkg/controller/kubefedcluster/clusterclient.go

@@ -25,6 +25,7 @@ import (
 	"time"
 
 	"k8s.io/apimachinery/pkg/util/wait"
+	restclient "k8s.io/client-go/rest"
 
 	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -104,14 +105,16 @@ func newKubeFedStatusController(controllerConfig *util.ControllerConfig, typeCon
 		return nil, errors.Errorf("Status collection is not supported for %q", federatedAPIResource.Kind)
 	}
 	userAgent := fmt.Sprintf("%s-controller", strings.ToLower(statusAPIResource.Kind))
-	client := genericclient.NewForConfigOrDieWithUserAgent(controllerConfig.KubeConfig, userAgent)
+	kubeConfig := restclient.CopyConfig(controllerConfig.KubeConfig)
+	restclient.AddUserAgent(kubeConfig, userAgent)
+	client := genericclient.NewForConfigOrDie(kubeConfig)
 
-	federatedTypeClient, err := util.NewResourceClient(controllerConfig.KubeConfig, &federatedAPIResource)
+	federatedTypeClient, err := util.NewResourceClient(kubeConfig, &federatedAPIResource)
 	if err != nil {
 		return nil, err
 	}
 
-	statusClient, err := util.NewResourceClient(controllerConfig.KubeConfig, statusAPIResource)
+	statusClient, err := util.NewResourceClient(kubeConfig, statusAPIResource)
 	if err != nil {
 		return nil, err
 	}