search

keikoproj / manager

Multi K8s cluster Namespace Management
Apache License 2.0
9 stars 3 forks source link

Register/unregister cluster with Keiko-manager #8

Closed mnkg561 closed 4 years ago

mnkg561 commented 4 years ago

close https://github.com/keikoproj/manager/issues/5 & close https://github.com/keikoproj/manager/issues/7 & close https://github.com/keikoproj/manager/issues/14 & close https://github.com/keikoproj/manager/issues/13 & close https://github.com/keikoproj/manager/issues/10 & close https://github.com/keikoproj/manager/issues/11

Could you share the solution in high level? For managed cluster registration,

Assumption:

  1. CLI register/unregister commands must be run by cluster administrator who has kubeconfig downloaded in their local machine.
  2. User can also create service account, cluster role(with * access) and cluster role binding to service account by themself and just pass service account name to the cli command.
  3. If the service account is not provided, cli creates all the necessary RBAC resources including sa, cluster role and cluster role binding.

Could you share the test results? Registration:

mtvl15367e28a:manager nmogulla$ go run cli/manager/main.go cluster register -c admins@iksm-ppd-usw2-k8s
token received successfully
mtvl15367e28a:manager nmogulla$ 

mtvl15367e28a:manager nmogulla$ k get sa keiko-manager-sa -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: "2020-03-13T22:31:35Z"
  name: keiko-manager-sa
  namespace: kube-system
  resourceVersion: "19728716"
  selfLink: /api/v1/namespaces/kube-system/serviceaccounts/keiko-manager-sa
  uid: 65d282ee-657a-11ea-adfa-0290a4e7fa7c
secrets:
- name: keiko-manager-sa-token-9q28c
mtvl15367e28a:manager nmogulla$

Unregister the cluster: This will remove the service account, cluster role and rolebinding from the target cluster

mtvl15367e28a:manager nmogulla$ go run cli/manager/main.go cluster unregister -c admins@iksm-ppd-usw2-k8s
mtvl15367e28a:manager nmogulla$ 
mtvl15367e28a:manager nmogulla$ 
mtvl15367e28a:manager nmogulla$ k get secrets keiko-manager-sa-token-9q28c -o yaml|base64
Error from server (NotFound): secrets "keiko-manager-sa-token-9q28c" not found

mtvl15367e28a:manager nmogulla$ 
mtvl15367e28a:manager nmogulla$ k get sa keiko-manager-sa -o yaml
Error from server (NotFound): serviceaccounts "keiko-manager-sa" not found
mtvl15367e28a:manager nmogulla$

This is just CLI part. Server and Controller is in work in progress

codecov[bot] commented 4 years ago

Codecov Report

:exclamation: No coverage uploaded for pull request base (master@92aa376). Click here to learn what that means. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master       #8   +/-   ##
=========================================
  Coverage          ?   31.41%           
=========================================
  Files             ?        8           
  Lines             ?      468           
  Branches          ?        0           
=========================================
  Hits              ?      147           
  Misses            ?      311           
  Partials          ?       10

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 92aa376...af97059. Read the comment docs.

mnkg561 commented 4 years ago

i will overwrite that but i'd see if i can include cluster_types.go too as i'm currently working on server part and include that also in the same PR so i'm not blocked.

mnkg561 commented 4 years ago

Cluster registration from server:

2020-03-25T01:36:50.426Z    INFO    server.cluster.RegisterCluster  Request received
2020-03-25T01:36:50.427Z    INFO    server.cluster.RegisterCluster  cluster name from the request   {"name": "ops-prim-ppd.cluster.k8s.local"}
2020-03-25T01:36:50.427Z    DEBUG   server.cluster.RegisterCluster  cluster name after sanitizing   {"name": "ops-prim-ppd-cluster-k8s-local"}
2020-03-25T01:36:50.444Z    INFO    pkg.k8s.resources.CreateNamespace   Successfully created namespace  {"name": "ops-prim-ppd-cluster-k8s-local"}
2020-03-25T01:36:50.470Z    INFO    pkg.k8s.rbac.CreateK8sSecret    Successfully created/updated secret {"secret_name": "ops-prim-ppd-cluster-k8s-local-secrets", "namespace": "ops-prim-ppd-cluster-k8s-local"}
2020-03-25T01:36:50.505Z    INFO    pkg.k8s.resources.CreateNamespace   Successfully cluster CR created/updated

2020-03-25T01:40:23.331Z    INFO    server.cluster.RegisterCluster  Request received
2020-03-25T01:40:23.331Z    INFO    server.cluster.RegisterCluster  cluster name from the request   {"name": "docker-desktop"}
2020-03-25T01:40:23.331Z    DEBUG   server.cluster.RegisterCluster  cluster name after sanitizing   {"name": "docker-desktop"}
2020-03-25T01:40:23.371Z    INFO    pkg.k8s.resources.CreateNamespace   Successfully created namespace  {"name": "docker-desktop"}
2020-03-25T01:40:23.388Z    INFO    pkg.k8s.rbac.CreateK8sSecret    Successfully created/updated secret {"secret_name": "docker-desktop-secrets", "namespace": "docker-desktop"}
2020-03-25T01:40:23.419Z    INFO    pkg.k8s.resources.CreateNamespace   Successfully cluster CR created/updated

Cluster Registration from controller:

2020-03-25T01:40:23.462Z    INFO    controllers.cluster_controller.Reconcile    Start of the request    {"request_id": "019144c9-808a-4950-b678-1bfd49dc0faf"}
2020-03-25T01:40:23.471Z    INFO    pkg.k8s.rbac.GetK8sSecret   secret found    {"request_id": "019144c9-808a-4950-b678-1bfd49dc0faf", "secret_name": "docker-desktop-secrets"}
2020-03-25T01:40:23.471Z    INFO    controllers.cluster_controller.Reconcile    New cluster resource. Adding the finalizer  {"request_id": "019144c9-808a-4950-b678-1bfd49dc0faf", "finalizer": "cluster.finalizers.manager.keikoproj.io"}
2020-03-25T01:40:23.483Z    INFO    controllers.cluster_controller.HandleReconcile  state of the custom resource    {"request_id": "019144c9-808a-4950-b678-1bfd49dc0faf", "state": ""}
I0325 01:40:23.578652       1 event.go:281] Event(v1.ObjectReference{Kind:"Cluster", Namespace:"docker-desktop", Name:"docker-desktop", UID:"98352719-6e39-11ea-bfe9-025000000001", APIVersion:"manager.keikoproj.io/v1alpha1", ResourceVersion:"5173538", FieldPath:""}): type: 'Normal' reason: 'Ready' Successfully validated the target cluster
2020-03-25T01:40:23.663Z    INFO    controllers.cluster_controller.HandleReconcile  SUCCESSFUL  {"request_id": "019144c9-808a-4950-b678-1bfd49dc0faf", "version": "1.14"}

Cluster unregistration from controller:

2020-03-25T01:41:29.266Z    INFO    controllers.cluster_controller.Reconcile    Start of the request    {"request_id": "916cac56-f90f-4372-bcaa-0b200d7e22e3"}
2020-03-25T01:41:29.279Z    INFO    pkg.k8s.rbac.GetK8sSecret   secret found    {"request_id": "916cac56-f90f-4372-bcaa-0b200d7e22e3", "secret_name": "ops-prim-ppd-cluster-k8s-local-secrets"}
2020-03-25T01:41:29.279Z    INFO    controllers.cluster_controller.Reconcile    Cluster delete request  {"request_id": "916cac56-f90f-4372-bcaa-0b200d7e22e3"}
2020-03-25T01:41:29.359Z    INFO    pkg.k8s.client.DeleteServiceAccount Service account removed successfully    {"request_id": "916cac56-f90f-4372-bcaa-0b200d7e22e3", "serviceAccount": "keiko-manager-sa", "namespace": "kube-system"}
2020-03-25T01:41:29.359Z    INFO    controllers.cluster_controller.Reconcile    Removing finalizer from Cluster {"request_id": "916cac56-f90f-4372-bcaa-0b200d7e22e3"}
2020-03-25T01:41:29.395Z    INFO    controllers.cluster_controller.Reconcile    Successfully deleted cluster    {"request_id": "916cac56-f90f-4372-bcaa-0b200d7e22e3"}
2020-03-25T01:41:29.395Z    DEBUG   controller-runtime.controller   Successfully Reconciled {"controller": "cluster", "request": "ops-prim-ppd-cluster-k8s-local/ops-prim-ppd-cluster-k8s-local"}
I0325 01:41:29.395996       1 event.go:281] Event(v1.ObjectReference{Kind:"Cluster", Namespace:"ops-prim-ppd-cluster-k8s-local", Name:"ops-prim-ppd-cluster-k8s-local", UID:"194ba969-6e39-11ea-bfe9-025000000001", APIVersion:"manager.keikoproj.io/v1alpha1", ResourceVersion:"5173630", FieldPath:""}): type: 'Normal' reason: 'Deleted' Successfully deleted cluster

Cluster unregistration from server:

2020-03-25T01:41:29.243Z    INFO    server.cluster.UnregisterCluster    cluster name from the request   {"name": "ops-prim-ppd.cluster.k8s.local"}
2020-03-25T01:41:29.243Z    DEBUG   server.cluster.UnregisterCluster    cluster name after sanitizing   {"name": "ops-prim-ppd-cluster-k8s-local"}
2020-03-25T01:41:29.304Z    INFO    pkg.k8s.resources.DeleteNamespace   Successfully deleted namespace  {"name": "ops-prim-ppd-cluster-k8s-local"}
mnkg561 commented 4 years ago

To list the clusters:

mtvl15367e28a:manager nmogulla$ k get clusters --all-namespaces
NAMESPACE                        NAME                             STATE   RETRYCOUNT   AGE
docker-desktop                   docker-desktop                   Ready   0            20s
ops-prim-ppd-cluster-k8s-local   ops-prim-ppd-cluster-k8s-local   Ready   0            3m53s