kubernetes-retired / cluster-api-provider-nested

Cluster API Provider for Nested Clusters
Apache License 2.0
301 stars 67 forks source link

OLM need work on aggregation API but it's disabled by Virtual Cluster #166

Closed jinsongo closed 3 years ago

jinsongo commented 3 years ago

What steps did you take and what happened: [A clear and concise description on how to REPRODUCE the bug.]

OLM needs to work on Aggregation API for extension apiserver packageserver, but it's disabled by Virtual Cluster. Please enable the aggregation layer via the following kube-apiserver flags, follows a example:

        - --enable-aggregator-routing=true
        - --requestheader-client-ca-file=/etc/kubernetes/pki/root/tls.crt
        - --requestheader-allowed-names=""
        - --requestheader-username-headers=X-Remote-User
        - --requestheader-group-headers=X-Remote-Group
        - --requestheader-extra-headers-prefix=X-Remote-Extra-
        - --proxy-client-key-file=/etc/kubernetes/pki/apiserver/tls.key
        - --proxy-client-cert-file=/etc/kubernetes/pki/apiserver/tls.crt

Otherwise,

# oc get apiservice v1.packages.operators.coreos.com
NAME                                          SERVICE                     AVAILABLE                      AGE
v1.packages.operators.coreos.com              olm/packageserver-service   False (FailedDiscoveryCheck)   3h38m

# oc get csv packageserver -n olm
NAME            DISPLAY          VERSION   REPLACES   PHASE
packageserver   Package Server   0.18.1               Installing

Please reference more from: https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/

What did you expect to happen: The OLM can be installed successfully.

# oc get apiservice v1.packages.operators.coreos.com
NAME                               SERVICE                     AVAILABLE   AGE
v1.packages.operators.coreos.com   olm/packageserver-service   True        7h33m

# oc get csv packageserver -n olm
NAME            DISPLAY          VERSION   REPLACES   PHASE
packageserver   Package Server   0.18.1               Succeeded

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

I validated the solution by the following workaround: oc edit sts apiserver -n default-394ccf-vc-sample-1 To add the following flags in args:

        - --enable-aggregator-routing=true
        - --requestheader-client-ca-file=/etc/kubernetes/pki/root/tls.crt
        - --requestheader-allowed-names=""
        - --requestheader-username-headers=X-Remote-User
        - --requestheader-group-headers=X-Remote-Group
        - --requestheader-extra-headers-prefix=X-Remote-Extra-
        - --proxy-client-key-file=/etc/kubernetes/pki/apiserver/tls.key
        - --proxy-client-cert-file=/etc/kubernetes/pki/apiserver/tls.crt

Then, delete to restart apiserver-0 in default-394ccf-vc-sample-1 for enabling Aggregation API feature.

Environment:

/kind bug [One or more /area label. See https://github.com/kubernetes-sigs/cluster-api-provider-nested/labels?q=area for the list of labels]

jinsongo commented 3 years ago

@Fei-Guo @christopherhein @gyliu513 @vincent-pli

Fei-Guo commented 3 years ago

I don't have objection to add this to the default apiserver template if it has no side effect for normal usage. @christopherhein What do you think?

jinsongo commented 3 years ago

@Fei-Guo @christopherhein Aggregation API is the feature of standard Kubernetes for extending Kubernetes: https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/

christopherhein commented 3 years ago

Agreed, I don't have any reason why this couldn't be included. I will review that PR today.