Support hub api-server host alias

Question

Support hub api-server host alias

promacanthus opened this issue 2 years ago · 3 comments

In some cases, the server in the Hub cluster kubeconfig file is a domain name. For example, as shown in the example below.

apiVersion: v1
kind: Config
clusters:
- cluster:
    server: https://xxx.yyy.com

The contents of this kubeconfig file will be stored in the namespace(open-cluster-manager-agent) in the secret(bootstrap-hub-kubeconfig) as the startup configuration when the managed cluster is registered.

The registration-agent will use this bootstrap-hub-kubeconfig to create CRD(managedCluster) and CSR, but the following error message will be encountered in the logs.

E0623 03:02:35.268397       1 reflector.go:138] k8s.io/client-go@v0.23.0/tools/cache/reflector.go:167: Failed to watch *v1.CertificateSigningRequest: failed to list *v1.CertificateSigningRequest: Get "https://xxx.yyy.com/apis/certificates.k8s.io/v1/certificatesigningrequests?limit=500&resourceVersion=0": dial tcp: lookup xxx.yyy.com on 10.xx.yy.zz:53: no such host

This is because the domain name of the Hub Cluster API Server is not available in the managed cluster's DNS servers. The solution to this problem is simply to write the host alias to the registration-agent pod. This is shown below.

spec:
hostAliases:
- ip: "xx.xx.xx.xx"
  hostnames:
  -  "xxx.yyy.com"

For the above problem and solution, the API needs to be modified, and the specific design and implementation are as follows.

Add a new field named HubApiServerHostAlias to the KlusterletSpec.

type KlusterletSpec struct {

	// ...

	// HubApiServerHostAlias contains the host alias for hub api server
	// +optional
	HubApiServerHostAlias *v1.HostAlias `json:"hub_api_server_host_alias,omitempty"`
}

Registration-operator Repo

Add a new rendering logic to manifests/klusterlet/management/klusterlet-registration-deployment.yaml template.

spec:
{{if .HostAlias }}
hostAliases:
- ip: {{ .HostAlias.Ip }}
  hostnames:
  {{range .HostAlias.Hostnames }}
  - {{ . }}
  {{end}}
{{end}}

Add helper function in pkg/helpers/helpers.go to get the value to be rendered from the Klusterlet configuration file.

func HubApiServerHostAlias(klusterlet *operatorapiv1.Klusterlet) *corev1.HostAlias {
	if len(klusterlet.Spec.HubApiServerHostAlias) == 0 {
		return nil
	}

	return &corev1.HostAlias{
		IP: klusterlet.Spec.HubApiServerHostAlias.IP,
		Hostnames: klusterlet.Spec.HubApiServerHostAlias.Hostnames,
	}
}

Answer 1 · 2022-06-25T01:52:26.000Z

Maybe it would be better to add the HubApiServerHostAlias to KlusterletDeployOption, as shown in the example below.

type KlusterletDeployOption struct {
	// +optional
	Mode InstallMode `json:"mode"`

	// HubApiServerHostAlias contains the host alias for hub api server
	// +optional
	HubApiServerHostAlias *v1.HostAlias `json:"hub_api_server_host_alias,omitempty"`
}

Answer 2 · 2022-07-11T07:53:30.000Z

this is done

/close

Answer 3 · 2022-07-11T07:53:33.000Z

@qiujian16: Closing this issue.

In response to this:

this is done

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.