Import hub in hosted mode

Signed-off-by: ldpliu <[email protected]>

manager/cmd/manager/main.go

@@ -154,6 +154,8 @@ func parseFlags() *managerconfig.ManagerConfig {
 		"enable the global resource feature")
 	pflag.BoolVar(&managerConfig.WithACM, "with-acm", false,
 		"run on Red Hat Advanced Cluster Management")
+	pflag.BoolVar(&managerConfig.ImportClusterInHosted, "import-in-hosted", false,
+		"Import the managedhub cluster in hosted mode")
 	pflag.BoolVar(&managerConfig.EnablePprof, "enable-pprof", false, "enable the pprof tool")
 	pflag.Parse()
 	// set zap logger

manager/pkg/config/manager_config.go

@@ -26,6 +26,7 @@ type ManagerConfig struct {
 	WithACM               bool
 	LaunchJobNames        string
 	EnablePprof           bool
+	ImportClusterInHosted bool
 }
 
 type SyncerConfig struct {

manager/pkg/config/manager_scheme.go

@@ -4,10 +4,12 @@
 package config
 
 import (
+	addonapi "github.com/stolostron/klusterlet-addon-controller/pkg/apis"
 	mchv1 "github.com/stolostron/multiclusterhub-operator/api/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	addonv1alpha1 "open-cluster-management.io/api/addon/v1alpha1"
 	clusterv1 "open-cluster-management.io/api/cluster/v1"
 	clusterv1alpha1 "open-cluster-management.io/api/cluster/v1alpha1"
 	clusterv1beta1 "open-cluster-management.io/api/cluster/v1beta1"
@@ -34,5 +36,7 @@ func GetRuntimeScheme() *runtime.Scheme {
 	utilruntime.Must(channelv1.AddToScheme(scheme))
 	utilruntime.Must(applicationv1beta1.AddToScheme(scheme))
 	utilruntime.Must(mchv1.AddToScheme(scheme))
+	utilruntime.Must(addonapi.AddToScheme(scheme))
+	utilruntime.Must(addonv1alpha1.AddToScheme(scheme))
 	return scheme
 }

manager/pkg/webhook/admission_handler.go

@@ -9,10 +9,10 @@ import (
 	"net/http"
 
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/klog"
 	clusterv1beta1 "open-cluster-management.io/api/cluster/v1beta1"
 	placementrulesv1 "open-cluster-management.io/multicloud-operators-subscription/pkg/apis/apps/placementrule/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	"github.com/stolostron/multicluster-global-hub/pkg/constants"
@@ -26,18 +26,16 @@ func NewAdmissionHandler(c client.Client, s *runtime.Scheme) admission.Handler {
 	}
 }
 
-var log = logf.Log.WithName("admission-handler")
-
 type admissionHandler struct {
 	client  client.Client
 	decoder admission.Decoder
 }
 
 func (a *admissionHandler) Handle(ctx context.Context, req admission.Request) admission.Response {
-	log.V(2).Info("admission webhook is called", "name", req.Name, "namespace",
-		req.Namespace, "kind", req.Kind.Kind, "operation", req.Operation)
-
-	if req.Kind.Kind == "Placement" {
+	klog.V(2).Infof("admission webhook is called, name:%v, namespace:%v, kind:%v, operation:%v", req.Name,
+		req.Namespace, req.Kind.Kind, req.Operation)
+	switch req.Kind.Kind {
+	case "Placement":
 		placement := &clusterv1beta1.Placement{}
 		err := a.decoder.Decode(req, placement)
 		if err != nil {
@@ -57,7 +55,8 @@ func (a *admissionHandler) Handle(ctx context.Context, req admission.Request) ad
 			}
 			return admission.PatchResponseFromRaw(req.Object.Raw, marshaledPlacement)
 		}
-	} else if req.Kind.Kind == "PlacementRule" {
+		return admission.Allowed("")
+	case "PlacementRule":
 		placementrule := &placementrulesv1.PlacementRule{}
 		err := a.decoder.Decode(req, placementrule)
 		if err != nil {
@@ -73,9 +72,10 @@ func (a *admissionHandler) Handle(ctx context.Context, req admission.Request) ad
 			}
 			return admission.PatchResponseFromRaw(req.Object.Raw, marshaledPlacementRule)
 		}
+		return admission.Allowed("")
+	default:
+		return admission.Allowed("")
 	}
-
-	return admission.Allowed("")
 }
 
 // AdmissionHandler implements admission.DecoderInjector.

operator/Makefile

@@ -183,7 +183,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.2.1
-CONTROLLER_TOOLS_VERSION ?= v0.13.0
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
@@ -229,7 +229,7 @@ bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metada
 	$(SED_COMMAND) '/relatedImage/,+10d' bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml
 	# remove bundle.Dockerfile
 	rm -rf bundle.Dockerfile
-	git diff -I 'createdAt' --exit-code
+
 
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.

operator/bundle/manifests/multicluster-global-hub-operator.clusterserviceversion.yaml

@@ -23,7 +23,7 @@ metadata:
     categories: Integration & Delivery,OpenShift Optional
     certified: "false"
     containerImage: quay.io/stolostron/multicluster-global-hub-operator:latest
-    createdAt: "2024-08-08T01:35:13Z"
+    createdAt: "2024-08-16T07:27:13Z"
     description: Manages the installation and upgrade of the Multicluster Global Hub.
     olm.skipRange: '>=1.2.0 <1.3.0'
     operatorframework.io/initialization-resource: '{"apiVersion":"operator.open-cluster-management.io/v1alpha4",
@@ -341,8 +341,11 @@ spec:
           resources:
           - addondeploymentconfigs
           verbs:
+          - create
+          - delete
           - get
           - list
+          - update
           - watch
         - apiGroups:
           - addon.open-cluster-management.io
@@ -353,6 +356,7 @@ spec:
           - delete
           - get
           - list
+          - patch
           - update
           - watch
         - apiGroups:
@@ -816,6 +820,10 @@ spec:
                   initialDelaySeconds: 15
                   periodSeconds: 20
                 name: multicluster-global-hub-operator
+                ports:
+                - containerPort: 9443
+                  name: webhook-server
+                  protocol: TCP
                 readinessProbe:
                   httpGet:
                     path: /readyz
@@ -830,10 +838,19 @@ spec:
                     memory: 100Mi
                 securityContext:
                   allowPrivilegeEscalation: false
+                volumeMounts:
+                - mountPath: /webhook-certs
+                  name: webhook-certs
+                  readOnly: true
               securityContext:
                 runAsNonRoot: true
               serviceAccountName: multicluster-global-hub-operator
               terminationGracePeriodSeconds: 10
+              volumes:
+              - name: webhook-certs
+                secret:
+                  defaultMode: 420
+                  secretName: multicluster-global-hub-webhook-certs
       permissions:
       - rules:
         - apiGroups:
@@ -949,3 +966,34 @@ spec:
     name: Red Hat, Inc
     url: https://github.com/stolostron/multicluster-global-hub
   version: 1.3.0-dev
+  webhookdefinitions:
+  - admissionReviewVersions:
+    - v1
+    - v1beta1
+    containerPort: 443
+    deploymentName: multicluster-global-hub-webhook
+    failurePolicy: Fail
+    generateName: global-hub.open-cluster-management.io
+    matchPolicy: Equivalent
+    rules:
+    - apiGroups:
+      - cluster.open-cluster-management.io
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      resources:
+      - managedclusters
+    - apiGroups:
+      - agent.open-cluster-management.io
+      apiVersions:
+      - v1
+      operations:
+      - CREATE
+      - UPDATE
+      resources:
+      - klusterletaddonconfigs
+    sideEffects: None
+    targetPort: 9443
+    type: MutatingAdmissionWebhook
+    webhookPath: /mutating

operator/bundle/manifests/multicluster-global-hub-webhook_v1_service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: multicluster-global-hub-webhook-certs
+  creationTimestamp: null
+  labels:
+    name: multicluster-global-hub-webhook
+    service: multicluster-global-hub-webhook
+  name: multicluster-global-hub-webhook
+spec:
+  ports:
+  - name: webhook-server
+    port: 443
+    protocol: TCP
+    targetPort: 9443
+  selector:
+    name: multicluster-global-hub-manager
+status:
+  loadBalancer: {}