Multi-cluster bootstrap in antctl #3474
Conversation
|
@luolanzone could please help to review? Thanks |
Codecov Report
@@ Coverage Diff @@
## main #3474 +/- ##
==========================================
- Coverage 64.33% 62.12% -2.22%
==========================================
Files 290 288 -2
Lines 41225 41252 +27
==========================================
- Hits 26524 25626 -898
- Misses 12578 13579 +1001
+ Partials 2123 2047 -76
Flags with carried forward coverage won't be shown. Click here to find out more.
|
| scheme := k8sruntime.NewScheme() | ||
| if err = mcsscheme.AddToScheme(scheme); err != nil { | ||
| return err | ||
| } | ||
| if err = antreamcscheme.AddToScheme(scheme); err != nil { | ||
| return err | ||
| } | ||
| if err = k8sscheme.AddToScheme(scheme); err != nil { | ||
| return err | ||
| } |
There was a problem hiding this comment.
I suppose this will be done in a shared place for all mc commands?
There was a problem hiding this comment.
This section is implemented in PR #3287 , so I will do rebase later and update it. Thanks
|
|
||
| func (o *memberClusterOptions) validateAndComplete() error { | ||
| if o.namespace == "" { | ||
| o.namespace = metav1.NamespaceDefault |
| return err | ||
| } | ||
|
|
||
| fmt.Fprintf(cmd.OutOrStdout(), "member-cluster %s deleted", memberClusterID) |
There was a problem hiding this comment.
s/member-cluster/member cluster/
s/deleted/is deleted/
| } | ||
| } | ||
| if len(memberClusters) == len(clusterSet.Spec.Members) { | ||
| return fmt.Errorf("member-cluster %s not found in ClusterSet %s", memberClusterID, memberClusterOpts.clusterSet) |
|
|
||
| var DeleteCmd = &cobra.Command{ | ||
| Use: "delete", | ||
| Short: "Delete Resources in a ClusterSet", |
| command.Flags().StringSliceVarP(&o.serviceAccount, "service-account", "", nil, "ServiceAccounts of the member clusters") | ||
| command.Flags().StringVarP(&o.secret, "secret", "", "", "Secret to access the leader cluster") |
There was a problem hiding this comment.
serviceAccount is required only when creating ClusterSet in leader and secret is required only when it's in member cluster. maybe add some hints about this.
| command.Flags().StringVarP(&o.leaderClusterServer, "leader-server", "", "", "Leader cluster server address of the ClusterSet") | ||
| command.Flags().StringVarP(&o.leaderClusterPort, "leader-port", "", "6443", "Leader cluster port. If not set, use 6443 as default") |
There was a problem hiding this comment.
I suggest to combine these two options as one like option in kubectl
"leader-server'' The address and port of the leader cluster's Kubernetes API server
|
|
||
| var memberClusterExamples = strings.Trim(` | ||
| Delete a member cluster in a ClusterSet | ||
| $ antctl mc delete member-cluster <MEMBER_CLUSTER> -n <NAMESPACE> --cluster-set <CLUSTER_SET> |
There was a problem hiding this comment.
s/MEMBER_CLUSTER/MEMBER_CLUSTER_ID
| return err | ||
| } | ||
|
|
||
| fmt.Fprintf(cmd.OutOrStdout(), "Member Cluster %s is deleted", memberClusterID) |
|
This pull request introduces 1 alert when merging f8b36f8 into 7be763e - view on LGTM.com new alerts:
|
|
This pull request introduces 1 alert when merging 1cfcb80 into 03b3f2b - view on LGTM.com new alerts:
|
| return err | ||
| } | ||
|
|
||
| fmt.Fprintf(cmd.OutOrStdout(), "member cluster %s is added to ClusterSet %s successfully", memberClusterID, memberClusterOpt.clusterSet) |
There was a problem hiding this comment.
s/member cluster/the member cluster/
s/ClusterSet/the ClusterSet/
make sure your error and output message format consistent.
|
This pull request introduces 1 alert when merging 5f69be5 into 7fea8d3 - view on LGTM.com new alerts:
|
53d0c1b to
cde6995
Compare
| if o.leaderCluster == "" { | ||
| return fmt.Errorf("the leader-cluster-id cannot be empty") | ||
| } | ||
| if o.secret == "" { |
There was a problem hiding this comment.
the serviceAccount field is only required when it's a ClustserSet in a leader cluster, and secret is only required when it's ClusterSet in a member cluster, Could you help to refine this kind of check? it's probably hard to check if it's member or leader, but maybe we can refine the validation here similar as below:
if o.secret == "" && o.memberClusters == nil {
return fmt.Errorf("the service accounts list is required in leader cluster, the secret is required in member cluster")
}
| command.Flags().StringVarP(&o.leaderCluster, "leader-cluster", "", "", "Leader cluster of the ClusterSet") | ||
| command.Flags().StringVarP(&o.leaderClusterServer, "leader-server", "", "", "Leader cluster server address of the ClusterSet") | ||
| command.Flags().StringVarP(&o.leaderClusterNamespace, "leader-namespace", "", "", "Leader cluster Namespace") | ||
| command.Flags().StringToStringVarP(&o.memberClusters, "member-clusters", "", nil, "clusterID-ServiceAccount of the member clusters, it is required only when creating ClusterSet in leader cluster") |
There was a problem hiding this comment.
maybe change clusterID-ServiceAccount of the member clusters to clusterID and ServiceAccount group of the member clusters(e.g. --member-clusters member1=sa1,member2=sa2)
| return err | ||
| } | ||
| if len(args) != 1 { | ||
| return fmt.Errorf("exactly one NAME is required, got %d", len(args)) |
There was a problem hiding this comment.
| return fmt.Errorf("exactly one NAME is required, got %d", len(args)) | |
| return fmt.Errorf("exactly one ClusterID is required, got %d", len(args)) |
| } | ||
| } | ||
| if len(memberClusters) == len(clusterSet.Spec.Members) { | ||
| return fmt.Errorf("member-cluster %s not found in ClusterSet %s", memberClusterID, memberClusterOpts.clusterSet) |
There was a problem hiding this comment.
| return fmt.Errorf("member-cluster %s not found in ClusterSet %s", memberClusterID, memberClusterOpts.clusterSet) | |
| return fmt.Errorf("member cluster %s not found in ClusterSet %s", memberClusterID, memberClusterOpts.clusterSet) |
| var memberClusterOpts *memberClusterOptions | ||
|
|
||
| var memberClusterExamples = strings.Trim(` | ||
| Create all the CRDs and resources of member cluster in namespace antrea-mcs-ns |
There was a problem hiding this comment.
| Create all the CRDs and resources of member cluster in namespace antrea-mcs-ns | |
| Create all the CRDs and resources of member cluster in Namespace antrea-mcs-ns |
| var leaderClusterOpts *leaderClusterOptions | ||
|
|
||
| var leaderClusterExamples = strings.Trim(` | ||
| Create all the CRDs and resources of leader cluster in namespace antrea-mcs-ns |
There was a problem hiding this comment.
| Create all the CRDs and resources of leader cluster in namespace antrea-mcs-ns | |
| Create all the CRDs and resources of leader cluster in Namespace antrea-mcs-ns |
| var memberClusterOpts *memberClusterOptions | ||
|
|
||
| var memberClusterExamples = strings.Trim(` | ||
| Create all the CRDs and resources of member cluster in namespace antrea-mcs-ns |
| return fmt.Errorf("the namespace cannot be empty") | ||
| } | ||
| if o.antreaVersion == "" { | ||
| return fmt.Errorf("the antrea-version cannot be empty") |
There was a problem hiding this comment.
Why this is a must? Could we detect it from Antrea? We cannot default to antctl version? @luolanzone
There was a problem hiding this comment.
Hi Jianjun. I think we could get the controller version by use antctl version code. I'm concerned about that only release version available and users may not use the antrea release verion.
There was a problem hiding this comment.
Sorry, what is the issue if users are not using a release version? antctl can return dev version as well:
$ antctl version
antctlVersion: v1.7.0-dev-ac49f476.dirty
controllerVersion: v1.6.0-dev-f619dbd9.dirty
| var leaderClusterOpts *leaderClusterOptions | ||
|
|
||
| var leaderClusterExamples = strings.Trim(` | ||
| Create all the CRDs and resources of leader cluster in Namespace antrea-mcs-ns |
There was a problem hiding this comment.
Sorry, what exact this command does? What CRDs and resources are created? Why it is called "deploy" if it is not about deployment?
There was a problem hiding this comment.
Hi Jianjun. This command will create some CRDs and resources such as ServiceAccount and Role/RoleBinding of the multi-cluster controller, the deploy the Deployment "antrea-mc-controller". And I add more comments to the command.
|
|
||
| func (o *memberClusterOptions) validateAndComplete() error { | ||
| if o.namespace == "" { | ||
| return fmt.Errorf("the namespace cannot be empty") |
2a432f5 to
3a081ab
Compare
| return fmt.Errorf("the namespace cannot be empty") | ||
| } | ||
| if o.antreaVersion == "" { | ||
| return fmt.Errorf("the antrea-version cannot be empty") |
There was a problem hiding this comment.
Sorry, what is the issue if users are not using a release version? antctl can return dev version as well:
$ antctl version
antctlVersion: v1.7.0-dev-ac49f476.dirty
controllerVersion: v1.6.0-dev-f619dbd9.dirty
066af81 to
b7be588
Compare
|
/test-multicluster-e2e |
|
/test-multicluster-e2e |
1 similar comment
|
/test-multicluster-e2e |
|
/test-multicluster-e2e |
|
/test-multicluster-e2e |
|
/test-multicluster-e2e |
|
Please fix the "Go / Verify docs and spelling" test failure. @hjiajing |
|
@jianjuns Thanks for reminding. The Docs spelling failed because I used dollar as an example without output. Then I delete the dollar it passed now. |
Add new subcommands to Create or Delete multi-cluster Resources. Signed-off-by: hjiajing <hjiajing@vmware.com>
|
/test-multicluster-e2e |
Deploy multi-cluster ClusterSet in antctl command.
The users could just input
antctl mc createorantctl mc addto create a new ClusterSet or add a member cluster to a existing ClusterSet rather than edit YAML files.There are three verb in
antctl mccommand,add,createanddelete. Use for creating ClusterSet, updating ClusterSet and deleting ClusterSet.Signed-off-by: hjiajing hjiajing@vmware.com