Auto update ClusterSet in leader cluster

antrea-io · Jun 30, 2022 · 452e741 · 452e741
1 parent 0aad945
commit 452e741
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 21 deletions.
diff --git a/multicluster/cmd/multicluster-controller/memberclusterannounce_webhook.go b/multicluster/cmd/multicluster-controller/memberclusterannounce_webhook.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"net/http"
 
-	"k8s.io/apiserver/pkg/authentication/serviceaccount"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
@@ -47,13 +46,6 @@ func (v *memberClusterAnnounceValidator) Handle(ctx context.Context, req admissi
 		return admission.Errored(http.StatusBadRequest, e)
 	}
 
-	ui := req.UserInfo
-	_, saName, err := serviceaccount.SplitUsername(ui.Username)
-	if err != nil {
-		klog.ErrorS(err, "Error getting ServiceAccount name", "request", req)
-		return admission.Errored(http.StatusBadRequest, err)
-	}
-
 	// read the ClusterSet info
 	clusterSetList := &multiclusterv1alpha1.ClusterSetList{}
 	if err := v.Client.List(context.TODO(), clusterSetList, client.InNamespace(v.namespace)); err != nil {
@@ -68,16 +60,7 @@ func (v *memberClusterAnnounceValidator) Handle(ctx context.Context, req admissi
 
 	clusterSet := clusterSetList.Items[0]
 	if clusterSet.Name == memberClusterAnnounce.ClusterSetID {
-		for _, member := range clusterSet.Spec.Members {
-			if member.ClusterID == memberClusterAnnounce.ClusterID {
-				// validate the ServiceAccount used is correct
-				if member.ServiceAccount == saName {
-					return admission.Allowed("")
-				} else {
-					return admission.Denied("Member does not have permissions")
-				}
-			}
-		}
+		return admission.Allowed("")
 	}
 
 	return admission.Denied("Unknown member")

diff --git a/multicluster/controllers/multicluster/member_clusterset_controller.go b/multicluster/controllers/multicluster/member_clusterset_controller.go
@@ -87,6 +87,9 @@ func (r *MemberClusterSetReconciler) Reconcile(ctx context.Context, req ctrl.Req
 			return ctrl.Result{}, err
 		}
 		klog.InfoS("Received ClusterSet delete", "clusterset", klog.KObj(clusterSet))
+		if err := r.deleteMemberAnnounce(); err != nil {
+			return ctrl.Result{}, err
+		}
 		stopErr := r.remoteCommonAreaManager.Stop()
 		r.remoteCommonAreaManager = nil
 		r.clusterSetConfig = nil
@@ -338,3 +341,27 @@ func (r *MemberClusterSetReconciler) GetRemoteCommonAreaAndLocalID() (commonarea
 	}
 	return nil, "", errors.New("no connected remote common area")
 }
+
+func (r *MemberClusterSetReconciler) deleteMemberAnnounce() error {
+	memberClusterAnnounce := &multiclusterv1alpha1.MemberClusterAnnounce{}
+
+	commonArea, ok := r.remoteCommonAreaManager.GetRemoteCommonAreas()[r.remoteCommonAreaManager.GetElectedLeaderClusterID()]
+	if !ok {
+		return fmt.Errorf("no common area for ClusetSet %s", r.clusterSetID)
+	}
+
+	if err := commonArea.Get(context.TODO(), types.NamespacedName{
+		Namespace: commonArea.GetNamespace(),
+		Name:      "member-announce-from-" + string(r.clusterID),
+	}, memberClusterAnnounce); err != nil {
+		klog.Errorf("Failed to get MemberClusterAnnounce %s in leader cluster", "member-announce-from-"+string(r.clusterID))
+		return err
+	}
+	memberClusterAnnounce.Annotations[IsDeletedAnnotation] = "true"
+	if err := commonArea.Update(context.TODO(), memberClusterAnnounce); err != nil {
+		klog.Errorf("Failed to update memberClusterAnnounce %s\n", "member-announce-from-"+string(r.clusterID))
+		return err
+	}
+
+	return nil
+}
diff --git a/multicluster/controllers/multicluster/memberclusterannounce_controller.go b/multicluster/controllers/multicluster/memberclusterannounce_controller.go
@@ -27,6 +27,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -44,6 +45,8 @@ var (
 
 	TimerInterval     = 5 * time.Second
 	ConnectionTimeout = 3 * TimerInterval
+
+	IsDeletedAnnotation = "antrea.io/is-member-deleted"
 )
 
 type leaderStatus struct {
@@ -137,10 +140,57 @@ func (r *MemberClusterAnnounceReconciler) Reconcile(ctx context.Context, req ctr
 				}
 			}
 		}
-		// If err != nil, probably ClusterClaims were deleted during the processing of MemberClusterAnnounce.
-		// Nothing to handle in this case and MemberClusterAnnounce will also be deleted soon.
-		// TODO: Add ClusterClaim webhook to make sure it cannot be deleted while ClusterSet is present.
 	}
+	// If err != nil, probably ClusterClaims were deleted during the processing of MemberClusterAnnounce.
+	// Nothing to handle in this case and MemberClusterAnnounce will also be deleted soon.
+	// TODO: Add ClusterClaim webhook to make sure it cannot be deleted while ClusterSet is present.
+
+	clusterSetID := memberAnnounce.ClusterSetID
+	clusterSet := &multiclusterv1alpha1.ClusterSet{}
+	if err := r.Get(context.TODO(), types.NamespacedName{Namespace: memberAnnounce.Namespace, Name: clusterSetID}, clusterSet); err != nil {
+		if errors.IsNotFound(err) {
+			klog.Errorf("ClusterSet %s not found in leader cluster\n", clusterSetID)
+			return ctrl.Result{}, err
+		}
+		klog.Errorf("Failed to get ClusterSet %s in leader cluster\n", clusterSetID)
+		return ctrl.Result{}, err
+	}
+	if memberAnnounce.Annotations[IsDeletedAnnotation] == "true" {
+		newMembers := []multiclusterv1alpha1.MemberCluster{}
+
+		for _, member := range clusterSet.Spec.Members {
+			if member.ClusterID != memberAnnounce.ClusterID {
+				newMembers = append(newMembers, member)
+			}
+		}
+		clusterSet.Spec.Members = newMembers
+		if err := r.Update(context.TODO(), clusterSet); err != nil {
+			klog.Errorf("Failed to delete member cluster %s in ClusterSet %s\n", memberAnnounce.ClusterID, clusterSet.Name)
+			return ctrl.Result{}, err
+		}
+
+		if err := r.Delete(context.TODO(), memberAnnounce); err != nil {
+			klog.Errorf("Failed to delete MemberAnnounce %s", memberAnnounce.Name)
+			return ctrl.Result{}, err
+		}
+	} else {
+		isExist := false
+		for _, member := range clusterSet.Spec.Members {
+			if member.ClusterID == memberAnnounce.ClusterID {
+				isExist = true
+				break
+			}
+		}
+
+		if !isExist {
+			clusterSet.Spec.Members = append(clusterSet.Spec.Members, multiclusterv1alpha1.MemberCluster{ClusterID: memberAnnounce.ClusterID})
+			if err := r.Update(context.TODO(), clusterSet); err != nil {
+				klog.Errorf("Failed to add member cluster %s in ClusterSet %s\n", memberAnnounce.ClusterID, clusterSet.Name)
+				return ctrl.Result{}, err
+			}
+		}
+	}
+
 	// Member not found. If this happens, the MemberClusterAnnounce should soon be deleted.
 	// Nothing to do here.