From 8d8c7a9b784075f4f99f5a44d8cd0f3d3ba83933 Mon Sep 17 00:00:00 2001 From: Ben Perry Date: Wed, 9 Jul 2025 10:14:01 -0500 Subject: [PATCH 1/3] Networking configuration options for webhooks Signed-off-by: Ben Perry --- ...ter-management.io_clustermanagers.crd.yaml | 101 ++++++++++++++++++ operator/v1/types_clustermanager.go | 55 +++++++++- operator/v1/zz_generated.deepcopy.go | 57 ++++++++++ test/integration/api/clustermanager_test.go | 26 ++--- 4 files changed, 223 insertions(+), 16 deletions(-) diff --git a/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml b/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml index 57c7ebd0..0cfad809 100644 --- a/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml +++ b/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml @@ -91,6 +91,71 @@ spec: DeployOption contains the options of deploying a cluster-manager Default mode is used if DeployOption is not set. properties: + default: + description: Default includes configurations for clustermanager + in the Default mode + properties: + registrationWebhookConfiguration: + description: RegistrationWebhookConfiguration represents the + customized webhook-server configuration of registration. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + workWebhookConfiguration: + description: WorkWebhookConfiguration represents the customized + webhook-server configuration of work. + properties: + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string + port: + default: 9443 + description: Port represents the port of a webhook-server. + The default value of Port is 9443. + format: int32 + maximum: 65535 + type: integer + type: object + type: object hosted: description: Hosted includes configurations we need for clustermanager in the Hosted mode. @@ -106,6 +171,24 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string port: default: 443 description: Port represents the port of a webhook-server. @@ -127,6 +210,24 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string + healthProbeBindAddress: + default: :8000 + description: |- + HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + Healthchecks may be disabled by setting a value of "0" or "". + type: string + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsBindAddress: + default: :8080 + description: |- + MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + Metrics may be disabled by setting a value of "0" or "". + type: string port: default: 443 description: Port represents the port of a webhook-server. diff --git a/operator/v1/types_clustermanager.go b/operator/v1/types_clustermanager.go index a32c7c8c..c6adb26d 100644 --- a/operator/v1/types_clustermanager.go +++ b/operator/v1/types_clustermanager.go @@ -281,19 +281,62 @@ const ( FeatureGateModeTypeDisable FeatureGateModeType = "Disable" ) +// DefaultClusterManagerConfiguration represents customized configurations for clustermanager in the Default mode +type DefaultClusterManagerConfiguration struct { + // RegistrationWebhookConfiguration represents the customized webhook-server configuration of registration. + // +optional + RegistrationWebhookConfiguration DefaultWebhookConfiguration `json:"registrationWebhookConfiguration,omitempty"` + + // WorkWebhookConfiguration represents the customized webhook-server configuration of work. + // +optional + WorkWebhookConfiguration DefaultWebhookConfiguration `json:"workWebhookConfiguration,omitempty"` +} + // HostedClusterManagerConfiguration represents customized configurations we need to set for clustermanager in the Hosted mode. type HostedClusterManagerConfiguration struct { // RegistrationWebhookConfiguration represents the customized webhook-server configuration of registration. // +optional - RegistrationWebhookConfiguration WebhookConfiguration `json:"registrationWebhookConfiguration,omitempty"` + RegistrationWebhookConfiguration HostedWebhookConfiguration `json:"registrationWebhookConfiguration,omitempty"` // WorkWebhookConfiguration represents the customized webhook-server configuration of work. // +optional - WorkWebhookConfiguration WebhookConfiguration `json:"workWebhookConfiguration,omitempty"` + WorkWebhookConfiguration HostedWebhookConfiguration `json:"workWebhookConfiguration,omitempty"` } -// WebhookConfiguration has two properties: Address and Port. +// WebhookConfiguration represents customization of webhook servers type WebhookConfiguration struct { + // HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". + // Healthchecks may be disabled by setting a value of "0" or "". + // +optional + // +kubebuilder:default=":8000" + HealthProbeBindAddress string `json:"healthProbeBindAddress"` + + // MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" + // Metrics may be disabled by setting a value of "0" or "". + // +optional + // +kubebuilder:default=":8080" + MetricsBindAddress string `json:"metricsBindAddress"` + + // HostNetwork enables running webhook pods with hostNetwork: true + // This may be required in some installations, such as EKS with Calico CNI, + // to allow the API Server to communicate with the webhook pods. + // +optional + HostNetwork bool `json:"hostNetwork,omitempty"` +} + +// DefaultWebhookConfiguration represents customization of webhook servers running in default installation mode +type DefaultWebhookConfiguration struct { + // Port represents the port of a webhook-server. The default value of Port is 9443. + // +optional + // +kubebuilder:default=9443 + // +kubebuilder:validation:Maximum=65535 + Port int32 `json:"port,omitempty"` + + WebhookConfiguration `json:",inline"` +} + +// HostedWebhookConfiguration represents customization of webhook servers running in hosted installation mode +type HostedWebhookConfiguration struct { // Address represents the address of a webhook-server. // It could be in IP format or fqdn format. // The Address must be reachable by apiserver of the hub cluster. @@ -307,6 +350,8 @@ type WebhookConfiguration struct { // +kubebuilder:default=443 // +kubebuilder:validation:Maximum=65535 Port int32 `json:"port,omitempty"` + + WebhookConfiguration `json:",inline"` } // ClusterManagerDeployOption describes the deployment options for cluster-manager @@ -323,6 +368,10 @@ type ClusterManagerDeployOption struct { // +kubebuilder:validation:Enum=Default;Hosted Mode InstallMode `json:"mode,omitempty"` + // Default includes configurations for clustermanager in the Default mode + // +optional + Default *DefaultClusterManagerConfiguration `json:"default,omitempty"` + // Hosted includes configurations we need for clustermanager in the Hosted mode. // +optional Hosted *HostedClusterManagerConfiguration `json:"hosted,omitempty"` diff --git a/operator/v1/zz_generated.deepcopy.go b/operator/v1/zz_generated.deepcopy.go index 957bb218..23f3bb82 100644 --- a/operator/v1/zz_generated.deepcopy.go +++ b/operator/v1/zz_generated.deepcopy.go @@ -169,6 +169,11 @@ func (in *ClusterManager) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterManagerDeployOption) DeepCopyInto(out *ClusterManagerDeployOption) { *out = *in + if in.Default != nil { + in, out := &in.Default, &out.Default + *out = new(DefaultClusterManagerConfiguration) + **out = **in + } if in.Hosted != nil { in, out := &in.Hosted, &out.Hosted *out = new(HostedClusterManagerConfiguration) @@ -291,6 +296,41 @@ func (in *ClusterManagerStatus) DeepCopy() *ClusterManagerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DefaultClusterManagerConfiguration) DeepCopyInto(out *DefaultClusterManagerConfiguration) { + *out = *in + out.RegistrationWebhookConfiguration = in.RegistrationWebhookConfiguration + out.WorkWebhookConfiguration = in.WorkWebhookConfiguration + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultClusterManagerConfiguration. +func (in *DefaultClusterManagerConfiguration) DeepCopy() *DefaultClusterManagerConfiguration { + if in == nil { + return nil + } + out := new(DefaultClusterManagerConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DefaultWebhookConfiguration) DeepCopyInto(out *DefaultWebhookConfiguration) { + *out = *in + out.WebhookConfiguration = in.WebhookConfiguration + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultWebhookConfiguration. +func (in *DefaultWebhookConfiguration) DeepCopy() *DefaultWebhookConfiguration { + if in == nil { + return nil + } + out := new(DefaultWebhookConfiguration) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FeatureGate) DeepCopyInto(out *FeatureGate) { *out = *in @@ -388,6 +428,23 @@ func (in *HostedClusterManagerConfiguration) DeepCopy() *HostedClusterManagerCon return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HostedWebhookConfiguration) DeepCopyInto(out *HostedWebhookConfiguration) { + *out = *in + out.WebhookConfiguration = in.WebhookConfiguration + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostedWebhookConfiguration. +func (in *HostedWebhookConfiguration) DeepCopy() *HostedWebhookConfiguration { + if in == nil { + return nil + } + out := new(HostedWebhookConfiguration) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HostnameConfig) DeepCopyInto(out *HostnameConfig) { *out = *in diff --git a/test/integration/api/clustermanager_test.go b/test/integration/api/clustermanager_test.go index a023d89b..80318302 100644 --- a/test/integration/api/clustermanager_test.go +++ b/test/integration/api/clustermanager_test.go @@ -78,10 +78,10 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() { Context("Set wrong format address", func() { It("should return err", func() { clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{ - RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{ + RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "test:test", }, - WorkWebhookConfiguration: operatorv1.WebhookConfiguration{ + WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "test:test", }, } @@ -93,10 +93,10 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() { Context("Set IPV4 format addresses", func() { It("should create successfully", func() { clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{ - RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{ + RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "192.168.2.3", }, - WorkWebhookConfiguration: operatorv1.WebhookConfiguration{ + WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "192.168.2.4", }, } @@ -108,10 +108,10 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() { Context("Set FQDN format addresses", func() { It("should create successfully", func() { clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{ - RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{ + RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "localhost", }, - WorkWebhookConfiguration: operatorv1.WebhookConfiguration{ + WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "foo.com", }, } @@ -121,12 +121,12 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() { }) Context("Set nothing in ports", func() { - It("should has 443 as default value", func() { + It("should have 443 as default value in hosted mode", func() { clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{ - RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{ + RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "localhost", }, - WorkWebhookConfiguration: operatorv1.WebhookConfiguration{ + WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "foo.com", }, } @@ -140,11 +140,11 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() { Context("Set port bigger than 65535", func() { It("should return err", func() { clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{ - RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{ + RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "localhost", Port: 65536, }, - WorkWebhookConfiguration: operatorv1.WebhookConfiguration{ + WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "foo.com", }, } @@ -156,11 +156,11 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() { Context("Set customized WebhookConfiguration", func() { It("should have euqually value after create", func() { clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{ - RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{ + RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "foo1.com", Port: 1443, }, - WorkWebhookConfiguration: operatorv1.WebhookConfiguration{ + WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{ Address: "foo2.com", Port: 2443, }, From 0294dea62d2473ac1b9a287e91e144fe8b1a0d58 Mon Sep 17 00:00:00 2001 From: Ben Perry Date: Mon, 18 Aug 2025 11:09:46 -0500 Subject: [PATCH 2/3] BindConfiguration with int ports Signed-off-by: Ben Perry --- ...ter-management.io_clustermanagers.crd.yaml | 230 +++++++++++------- operator/v1/types_clustermanager.go | 48 ++-- operator/v1/zz_generated.deepcopy.go | 56 +++-- 3 files changed, 198 insertions(+), 136 deletions(-) diff --git a/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml b/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml index 0cfad809..8ac4c19a 100644 --- a/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml +++ b/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml @@ -92,68 +92,86 @@ spec: Default mode is used if DeployOption is not set. properties: default: - description: Default includes configurations for clustermanager - in the Default mode + description: Default includes optional configurations for clustermanager + in the Default mode. properties: registrationWebhookConfiguration: description: RegistrationWebhookConfiguration represents the customized webhook-server configuration of registration. properties: - healthProbeBindAddress: - default: :8000 - description: |- - HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". - Healthchecks may be disabled by setting a value of "0" or "". - type: string - hostNetwork: - description: |- - HostNetwork enables running webhook pods with hostNetwork: true - This may be required in some installations, such as EKS with Calico CNI, - to allow the API Server to communicate with the webhook pods. - type: boolean - metricsBindAddress: - default: :8080 - description: |- - MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" - Metrics may be disabled by setting a value of "0" or "". - type: string - port: - default: 9443 - description: Port represents the port of a webhook-server. - The default value of Port is 9443. - format: int32 - maximum: 65535 - type: integer + bindConfiguration: + description: BindConfiguration represents server bind + configuration for the webhook server + properties: + healthProbePort: + default: 8000 + description: |- + HealthProbePort represents the bind port of a webhook-server's healthcheck endpoint. The default value is 8000. + Healthchecks may be disabled by setting a value less than or equal to 0. + format: int32 + maximum: 65535 + type: integer + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsPort: + default: 8080 + description: |- + MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080 + Metrics may be disabled by setting a value less than or equal to 0. + format: int32 + maximum: 65535 + type: integer + port: + default: 9443 + description: BindAddress represents the primary listen + port of a server. The default value is 9443. + format: int32 + maximum: 65535 + type: integer + type: object type: object workWebhookConfiguration: description: WorkWebhookConfiguration represents the customized webhook-server configuration of work. properties: - healthProbeBindAddress: - default: :8000 - description: |- - HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". - Healthchecks may be disabled by setting a value of "0" or "". - type: string - hostNetwork: - description: |- - HostNetwork enables running webhook pods with hostNetwork: true - This may be required in some installations, such as EKS with Calico CNI, - to allow the API Server to communicate with the webhook pods. - type: boolean - metricsBindAddress: - default: :8080 - description: |- - MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" - Metrics may be disabled by setting a value of "0" or "". - type: string - port: - default: 9443 - description: Port represents the port of a webhook-server. - The default value of Port is 9443. - format: int32 - maximum: 65535 - type: integer + bindConfiguration: + description: BindConfiguration represents server bind + configuration for the webhook server + properties: + healthProbePort: + default: 8000 + description: |- + HealthProbePort represents the bind port of a webhook-server's healthcheck endpoint. The default value is 8000. + Healthchecks may be disabled by setting a value less than or equal to 0. + format: int32 + maximum: 65535 + type: integer + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsPort: + default: 8080 + description: |- + MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080 + Metrics may be disabled by setting a value less than or equal to 0. + format: int32 + maximum: 65535 + type: integer + port: + default: 9443 + description: BindAddress represents the primary listen + port of a server. The default value is 9443. + format: int32 + maximum: 65535 + type: integer + type: object type: object type: object hosted: @@ -171,27 +189,43 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string - healthProbeBindAddress: - default: :8000 - description: |- - HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". - Healthchecks may be disabled by setting a value of "0" or "". - type: string - hostNetwork: - description: |- - HostNetwork enables running webhook pods with hostNetwork: true - This may be required in some installations, such as EKS with Calico CNI, - to allow the API Server to communicate with the webhook pods. - type: boolean - metricsBindAddress: - default: :8080 - description: |- - MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" - Metrics may be disabled by setting a value of "0" or "". - type: string + bindConfiguration: + description: BindConfiguration represents server bind + configuration for the webhook server + properties: + healthProbePort: + default: 8000 + description: |- + HealthProbePort represents the bind port of a webhook-server's healthcheck endpoint. The default value is 8000. + Healthchecks may be disabled by setting a value less than or equal to 0. + format: int32 + maximum: 65535 + type: integer + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsPort: + default: 8080 + description: |- + MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080 + Metrics may be disabled by setting a value less than or equal to 0. + format: int32 + maximum: 65535 + type: integer + port: + default: 9443 + description: BindAddress represents the primary listen + port of a server. The default value is 9443. + format: int32 + maximum: 65535 + type: integer + type: object port: default: 443 - description: Port represents the port of a webhook-server. + description: Port represents the external port of a webhook-server. The default value of Port is 443. format: int32 maximum: 65535 @@ -210,27 +244,43 @@ spec: The Address must be reachable by apiserver of the hub cluster. pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ type: string - healthProbeBindAddress: - default: :8000 - description: |- - HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". - Healthchecks may be disabled by setting a value of "0" or "". - type: string - hostNetwork: - description: |- - HostNetwork enables running webhook pods with hostNetwork: true - This may be required in some installations, such as EKS with Calico CNI, - to allow the API Server to communicate with the webhook pods. - type: boolean - metricsBindAddress: - default: :8080 - description: |- - MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" - Metrics may be disabled by setting a value of "0" or "". - type: string + bindConfiguration: + description: BindConfiguration represents server bind + configuration for the webhook server + properties: + healthProbePort: + default: 8000 + description: |- + HealthProbePort represents the bind port of a webhook-server's healthcheck endpoint. The default value is 8000. + Healthchecks may be disabled by setting a value less than or equal to 0. + format: int32 + maximum: 65535 + type: integer + hostNetwork: + description: |- + HostNetwork enables running webhook pods with hostNetwork: true + This may be required in some installations, such as EKS with Calico CNI, + to allow the API Server to communicate with the webhook pods. + type: boolean + metricsPort: + default: 8080 + description: |- + MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080 + Metrics may be disabled by setting a value less than or equal to 0. + format: int32 + maximum: 65535 + type: integer + port: + default: 9443 + description: BindAddress represents the primary listen + port of a server. The default value is 9443. + format: int32 + maximum: 65535 + type: integer + type: object port: default: 443 - description: Port represents the port of a webhook-server. + description: Port represents the external port of a webhook-server. The default value of Port is 443. format: int32 maximum: 65535 diff --git a/operator/v1/types_clustermanager.go b/operator/v1/types_clustermanager.go index c6adb26d..30bc1f94 100644 --- a/operator/v1/types_clustermanager.go +++ b/operator/v1/types_clustermanager.go @@ -281,7 +281,7 @@ const ( FeatureGateModeTypeDisable FeatureGateModeType = "Disable" ) -// DefaultClusterManagerConfiguration represents customized configurations for clustermanager in the Default mode +// DefaultClusterManagerConfiguration represents customized configurations for clustermanager in the Default mode. type DefaultClusterManagerConfiguration struct { // RegistrationWebhookConfiguration represents the customized webhook-server configuration of registration. // +optional @@ -303,21 +303,29 @@ type HostedClusterManagerConfiguration struct { WorkWebhookConfiguration HostedWebhookConfiguration `json:"workWebhookConfiguration,omitempty"` } -// WebhookConfiguration represents customization of webhook servers -type WebhookConfiguration struct { - // HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000". - // Healthchecks may be disabled by setting a value of "0" or "". +// BindConfiguration represents customization of server bindings +type BindConfiguration struct { + // Port represents the primary bind port of a server. The default value is 9443. // +optional - // +kubebuilder:default=":8000" - HealthProbeBindAddress string `json:"healthProbeBindAddress"` + // +kubebuilder:default=9443 + // +kubebuilder:validation:Maximum=65535 + Port int32 `json:"port,omitempty"` + + // HealthProbePort represents the bind port of a webhook-server's healthcheck endpoint. The default value is 8000. + // Healthchecks may be disabled by setting a value less than or equal to 0. + // +optional + // +kubebuilder:default=8000 + // +kubebuilder:validation:Maximum=65535 + HealthProbePort int32 `json:"healthProbePort"` - // MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080" - // Metrics may be disabled by setting a value of "0" or "". + // MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080. + // Metrics may be disabled by setting a value less than or equal to 0. // +optional - // +kubebuilder:default=":8080" - MetricsBindAddress string `json:"metricsBindAddress"` + // +kubebuilder:default=8080 + // +kubebuilder:validation:Maximum=65535 + MetricsPort int32 `json:"metricsPort"` - // HostNetwork enables running webhook pods with hostNetwork: true + // HostNetwork enables running webhook pods in host networking mode. // This may be required in some installations, such as EKS with Calico CNI, // to allow the API Server to communicate with the webhook pods. // +optional @@ -326,13 +334,8 @@ type WebhookConfiguration struct { // DefaultWebhookConfiguration represents customization of webhook servers running in default installation mode type DefaultWebhookConfiguration struct { - // Port represents the port of a webhook-server. The default value of Port is 9443. - // +optional - // +kubebuilder:default=9443 - // +kubebuilder:validation:Maximum=65535 - Port int32 `json:"port,omitempty"` - - WebhookConfiguration `json:",inline"` + // BindConfiguration represents server bind configuration for the webhook server + BindConfiguration *BindConfiguration `json:"bindConfiguration,omitempty"` } // HostedWebhookConfiguration represents customization of webhook servers running in hosted installation mode @@ -345,13 +348,14 @@ type HostedWebhookConfiguration struct { // +kubebuilder:validation:Pattern=^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ Address string `json:"address"` - // Port represents the port of a webhook-server. The default value of Port is 443. + // Port represents the external port of a webhook-server. The default value of Port is 443. // +optional // +kubebuilder:default=443 // +kubebuilder:validation:Maximum=65535 Port int32 `json:"port,omitempty"` - WebhookConfiguration `json:",inline"` + // BindConfiguration represents server bind configuration for the webhook server + BindConfiguration *BindConfiguration `json:"bindConfiguration,omitempty"` } // ClusterManagerDeployOption describes the deployment options for cluster-manager @@ -368,7 +372,7 @@ type ClusterManagerDeployOption struct { // +kubebuilder:validation:Enum=Default;Hosted Mode InstallMode `json:"mode,omitempty"` - // Default includes configurations for clustermanager in the Default mode + // Default includes optional configurations for clustermanager in the Default mode. // +optional Default *DefaultClusterManagerConfiguration `json:"default,omitempty"` diff --git a/operator/v1/zz_generated.deepcopy.go b/operator/v1/zz_generated.deepcopy.go index 23f3bb82..cf351f3f 100644 --- a/operator/v1/zz_generated.deepcopy.go +++ b/operator/v1/zz_generated.deepcopy.go @@ -75,6 +75,22 @@ func (in *AwsIrsaConfig) DeepCopy() *AwsIrsaConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BindConfiguration) DeepCopyInto(out *BindConfiguration) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BindConfiguration. +func (in *BindConfiguration) DeepCopy() *BindConfiguration { + if in == nil { + return nil + } + out := new(BindConfiguration) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootstrapKubeConfigs) DeepCopyInto(out *BootstrapKubeConfigs) { *out = *in @@ -172,12 +188,12 @@ func (in *ClusterManagerDeployOption) DeepCopyInto(out *ClusterManagerDeployOpti if in.Default != nil { in, out := &in.Default, &out.Default *out = new(DefaultClusterManagerConfiguration) - **out = **in + (*in).DeepCopyInto(*out) } if in.Hosted != nil { in, out := &in.Hosted, &out.Hosted *out = new(HostedClusterManagerConfiguration) - **out = **in + (*in).DeepCopyInto(*out) } return } @@ -299,8 +315,8 @@ func (in *ClusterManagerStatus) DeepCopy() *ClusterManagerStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DefaultClusterManagerConfiguration) DeepCopyInto(out *DefaultClusterManagerConfiguration) { *out = *in - out.RegistrationWebhookConfiguration = in.RegistrationWebhookConfiguration - out.WorkWebhookConfiguration = in.WorkWebhookConfiguration + in.RegistrationWebhookConfiguration.DeepCopyInto(&out.RegistrationWebhookConfiguration) + in.WorkWebhookConfiguration.DeepCopyInto(&out.WorkWebhookConfiguration) return } @@ -317,7 +333,11 @@ func (in *DefaultClusterManagerConfiguration) DeepCopy() *DefaultClusterManagerC // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DefaultWebhookConfiguration) DeepCopyInto(out *DefaultWebhookConfiguration) { *out = *in - out.WebhookConfiguration = in.WebhookConfiguration + if in.BindConfiguration != nil { + in, out := &in.BindConfiguration, &out.BindConfiguration + *out = new(BindConfiguration) + **out = **in + } return } @@ -413,8 +433,8 @@ func (in *GenerationStatus) DeepCopy() *GenerationStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HostedClusterManagerConfiguration) DeepCopyInto(out *HostedClusterManagerConfiguration) { *out = *in - out.RegistrationWebhookConfiguration = in.RegistrationWebhookConfiguration - out.WorkWebhookConfiguration = in.WorkWebhookConfiguration + in.RegistrationWebhookConfiguration.DeepCopyInto(&out.RegistrationWebhookConfiguration) + in.WorkWebhookConfiguration.DeepCopyInto(&out.WorkWebhookConfiguration) return } @@ -431,7 +451,11 @@ func (in *HostedClusterManagerConfiguration) DeepCopy() *HostedClusterManagerCon // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HostedWebhookConfiguration) DeepCopyInto(out *HostedWebhookConfiguration) { *out = *in - out.WebhookConfiguration = in.WebhookConfiguration + if in.BindConfiguration != nil { + in, out := &in.BindConfiguration, &out.BindConfiguration + *out = new(BindConfiguration) + **out = **in + } return } @@ -884,22 +908,6 @@ func (in *ServerURL) DeepCopy() *ServerURL { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WebhookConfiguration) DeepCopyInto(out *WebhookConfiguration) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookConfiguration. -func (in *WebhookConfiguration) DeepCopy() *WebhookConfiguration { - if in == nil { - return nil - } - out := new(WebhookConfiguration) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkAgentConfiguration) DeepCopyInto(out *WorkAgentConfiguration) { *out = *in From 7da2192b7e180e0ea97c027dcd8f057c2212704a Mon Sep 17 00:00:00 2001 From: Ben Perry Date: Thu, 21 Aug 2025 15:01:30 -0500 Subject: [PATCH 3/3] Update Signed-off-by: Ben Perry --- ...ter-management.io_clustermanagers.crd.yaml | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml b/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml index 8ac4c19a..c42c706b 100644 --- a/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml +++ b/operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml @@ -113,22 +113,22 @@ spec: type: integer hostNetwork: description: |- - HostNetwork enables running webhook pods with hostNetwork: true + HostNetwork enables running webhook pods in host networking mode. This may be required in some installations, such as EKS with Calico CNI, to allow the API Server to communicate with the webhook pods. type: boolean metricsPort: default: 8080 description: |- - MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080 + MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080. Metrics may be disabled by setting a value less than or equal to 0. format: int32 maximum: 65535 type: integer port: default: 9443 - description: BindAddress represents the primary listen - port of a server. The default value is 9443. + description: Port represents the primary bind port + of a server. The default value is 9443. format: int32 maximum: 65535 type: integer @@ -152,22 +152,22 @@ spec: type: integer hostNetwork: description: |- - HostNetwork enables running webhook pods with hostNetwork: true + HostNetwork enables running webhook pods in host networking mode. This may be required in some installations, such as EKS with Calico CNI, to allow the API Server to communicate with the webhook pods. type: boolean metricsPort: default: 8080 description: |- - MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080 + MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080. Metrics may be disabled by setting a value less than or equal to 0. format: int32 maximum: 65535 type: integer port: default: 9443 - description: BindAddress represents the primary listen - port of a server. The default value is 9443. + description: Port represents the primary bind port + of a server. The default value is 9443. format: int32 maximum: 65535 type: integer @@ -203,22 +203,22 @@ spec: type: integer hostNetwork: description: |- - HostNetwork enables running webhook pods with hostNetwork: true + HostNetwork enables running webhook pods in host networking mode. This may be required in some installations, such as EKS with Calico CNI, to allow the API Server to communicate with the webhook pods. type: boolean metricsPort: default: 8080 description: |- - MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080 + MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080. Metrics may be disabled by setting a value less than or equal to 0. format: int32 maximum: 65535 type: integer port: default: 9443 - description: BindAddress represents the primary listen - port of a server. The default value is 9443. + description: Port represents the primary bind port + of a server. The default value is 9443. format: int32 maximum: 65535 type: integer @@ -258,22 +258,22 @@ spec: type: integer hostNetwork: description: |- - HostNetwork enables running webhook pods with hostNetwork: true + HostNetwork enables running webhook pods in host networking mode. This may be required in some installations, such as EKS with Calico CNI, to allow the API Server to communicate with the webhook pods. type: boolean metricsPort: default: 8080 description: |- - MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080 + MetricsPort represents the bind port for a webhook-server's metric endpoint. The default value is 8080. Metrics may be disabled by setting a value less than or equal to 0. format: int32 maximum: 65535 type: integer port: default: 9443 - description: BindAddress represents the primary listen - port of a server. The default value is 9443. + description: Port represents the primary bind port + of a server. The default value is 9443. format: int32 maximum: 65535 type: integer