feat: improve yurthub configmap management (#2275)

Signed-off-by: rambohe-ch <[email protected]>
openyurtio · Jan 24, 2025 · a382ab9 · a382ab9
1 parent 470292f
commit a382ab9
Show file tree

Hide file tree

Showing 34 changed files with 823 additions and 1,267 deletions.
diff --git a/cmd/yurthub/app/config/config.go b/cmd/yurthub/app/config/config.go
@@ -51,6 +51,7 @@ import (
 	"github.com/openyurtio/openyurt/pkg/yurthub/cachemanager"
 	"github.com/openyurtio/openyurt/pkg/yurthub/certificate"
 	certificatemgr "github.com/openyurtio/openyurt/pkg/yurthub/certificate/manager"
+	"github.com/openyurtio/openyurt/pkg/yurthub/configuration"
 	"github.com/openyurtio/openyurt/pkg/yurthub/filter"
 	"github.com/openyurtio/openyurt/pkg/yurthub/filter/initializer"
 	"github.com/openyurtio/openyurt/pkg/yurthub/filter/manager"
@@ -121,6 +122,7 @@ type YurtHubConfiguration struct {
 	PostStartHooks                  map[string]func() error
 	RequestMultiplexerManager       multiplexer.MultiplexerManager
 	MultiplexerResources            []schema.GroupVersionResource
+	ConfigManager                   *configuration.Manager
 }
 
 // Complete converts *options.YurtHubOptions to *YurtHubConfiguration
@@ -158,7 +160,9 @@ func Complete(options *options.YurtHubOptions) (*YurtHubConfiguration, error) {
 	}
 	tenantNs := util.ParseTenantNsFromOrgs(options.YurtHubCertOrganizations)
 	registerInformers(options, sharedFactory, workingMode, tenantNs)
-	filterFinder, err := manager.NewFilterManager(options, sharedFactory, dynamicSharedFactory, proxiedClient, serializerManager)
+
+	configManager := configuration.NewConfigurationManager(options.NodeName, sharedFactory)
+	filterFinder, err := manager.NewFilterManager(options, sharedFactory, dynamicSharedFactory, proxiedClient, serializerManager, configManager)
 	if err != nil {
 		klog.Errorf("could not create filter manager, %v", err)
 		return nil, err
@@ -198,6 +202,7 @@ func Complete(options *options.YurtHubOptions) (*YurtHubConfiguration, error) {
 		HostControlPlaneAddr:      options.HostControlPlaneAddr,
 		MultiplexerResources:      AllowedMultiplexerResources,
 		RequestMultiplexerManager: newMultiplexerCacheManager(options),
+		ConfigManager:             configManager,
 	}
 
 	// if yurthub is in local mode, certMgr and networkMgr are no need to start

diff --git a/cmd/yurthub/app/options/filters.go b/cmd/yurthub/app/options/filters.go
@@ -31,15 +31,56 @@ var (
 	// DisabledInCloudMode contains the filters that should be disabled when yurthub is working in cloud mode.
 	DisabledInCloudMode = []string{discardcloudservice.FilterName, forwardkubesvctraffic.FilterName, serviceenvupdater.FilterName}
 
-	// SupportedComponentsForFilter is used for specifying which components are supported by filters as default setting.
-	SupportedComponentsForFilter = map[string]string{
-		masterservice.FilterName:         "kubelet",
-		discardcloudservice.FilterName:   "kube-proxy",
-		servicetopology.FilterName:       "kube-proxy, coredns, nginx-ingress-controller",
-		inclusterconfig.FilterName:       "kubelet",
-		nodeportisolation.FilterName:     "kube-proxy",
-		forwardkubesvctraffic.FilterName: "kube-proxy",
-		serviceenvupdater.FilterName:     "kubelet",
+	// FilterToComponentsResourcesAndVerbs is used to specify which request with resource and verb from component is supported by the filter.
+	// When adding a new filter, It is essential to update the FilterToComponentsResourcesAndVerbs map
+	// to include this new filter along with the component, resource and request verbs it supports.
+	FilterToComponentsResourcesAndVerbs = map[string]struct {
+		DefaultComponents []string
+		ResourceAndVerbs  map[string][]string
+	}{
+		masterservice.FilterName: {
+			DefaultComponents: []string{"kubelet"},
+			ResourceAndVerbs: map[string][]string{
+				"services": {"list", "watch"},
+			},
+		},
+		discardcloudservice.FilterName: {
+			DefaultComponents: []string{"kube-proxy"},
+			ResourceAndVerbs: map[string][]string{
+				"services": {"list", "watch"},
+			},
+		},
+		servicetopology.FilterName: {
+			DefaultComponents: []string{"kube-proxy", "coredns", "nginx-ingress-controller"},
+			ResourceAndVerbs: map[string][]string{
+				"endpoints":      {"list", "watch"},
+				"endpointslices": {"list", "watch"},
+			},
+		},
+		inclusterconfig.FilterName: {
+			DefaultComponents: []string{"kubelet"},
+			ResourceAndVerbs: map[string][]string{
+				"configmaps": {"get", "list", "watch"},
+			},
+		},
+		nodeportisolation.FilterName: {
+			DefaultComponents: []string{"kube-proxy"},
+			ResourceAndVerbs: map[string][]string{
+				"services": {"list", "watch"},
+			},
+		},
+		forwardkubesvctraffic.FilterName: {
+			DefaultComponents: []string{"kube-proxy"},
+			ResourceAndVerbs: map[string][]string{
+				"endpointslices": {"list", "watch"},
+			},
+		},
+		serviceenvupdater.FilterName: {
+			DefaultComponents: []string{"kubelet"},
+			ResourceAndVerbs: map[string][]string{
+				"pods": {"list", "watch", "get", "patch"},
+			},
+		},
 	}
 )
 

diff --git a/cmd/yurthub/app/start.go b/cmd/yurthub/app/start.go
@@ -136,7 +136,7 @@ func Run(ctx context.Context, cfg *config.YurtHubConfiguration) error {
 		var cacheMgr cachemanager.CacheManager
 		if cfg.WorkingMode == util.WorkingModeEdge {
 			klog.Infof("%d. new cache manager with storage wrapper and serializer manager", trace)
-			cacheMgr = cachemanager.NewCacheManager(cfg.NodeName, cfg.StorageWrapper, cfg.SerializerManager, cfg.RESTMapperManager, cfg.SharedFactory)
+			cacheMgr = cachemanager.NewCacheManager(cfg.StorageWrapper, cfg.SerializerManager, cfg.RESTMapperManager, cfg.ConfigManager)
 		} else {
 			klog.Infof("%d. disable cache manager for node %s because it is a cloud node", trace, cfg.NodeName)
 		}

diff --git a/pkg/yurthub/cachemanager/cache_agent.go b/pkg/yurthub/cachemanager/cache_agent.go
diff --git a/pkg/yurthub/cachemanager/cache_agent_test.go b/pkg/yurthub/cachemanager/cache_agent_test.go