Comments (6)
I don't think we have a mechanism for that
from controller-runtime.
Thank you for your response.
Currently, I use a custom func GetClientByControllerName(mgr mananger.Manager, controllerName string)
to replace the original mgr.GetClient()
.
func GetClientByControllerNameOrDie(mgr manager.Manager, controllerName string) client.Client {
// if controllerName is empty, return the base client of manager
if controllerName == "" {
return mgr.GetClient()
}
clientStore.lock.Lock()
defer clientStore.lock.Unlock()
if cli, ok := clientStore.clientsByName[controllerName]; ok {
return cli
}
// check if controller-specific ServiceAccount exist
_, err := getOrCreateServiceAccount(mgr.GetClient(), "kube-system", controllerName)
if err != nil {
return nil
}
// get base config
baseCfg := mgr.GetConfig()
// rename cfg user-agent
cfg := rest.CopyConfig(baseCfg)
rest.AddUserAgent(cfg, controllerName)
// add controller-specific token wrapper to cfg
cachedTokenSource := transport.NewCachedTokenSource(&tokenSourceImpl{
namespace: "kube-system",
serviceAccountName: controllerName,
cli: mgr.GetClient(),
expirationSeconds: defaultExpirationSeconds,
leewayPercent: defaultLeewayPercent,
})
cfg.Wrap(transport.ResettableTokenSourceWrapTransport(cachedTokenSource))
// construct client from cfg
clientOptions := client.Options{
Scheme: mgr.GetScheme(),
Mapper: mgr.GetRESTMapper(),
// todo: this is just a default option, we should use mgr's cache options
Cache: &client.CacheOptions{
Unstructured: false,
Reader: mgr.GetCache(),
},
}
cli, err := client.New(cfg, clientOptions)
if err != nil {
panic(err)
}
clientStore.clientsByName[controllerName] = cli
return cli
}
Using this method is sufficient for basic purposes, but the client derived from func misses access to various client build options (such as cache option) that come with manager.New(). These client build options are only employed transiently for constructing the client within the manager, and the manager lacks an interface to retrieve them. I'm considering whether we can modify the mgr.GetClient()
interface to mgr.GetClient(controllerName string)
similar to mgr.GetEventRecorderFor(name string)
in this scenario.
from controller-runtime.
Hi, @sbueringer @alvaroaleman What do you think of this idea?
from controller-runtime.
I would assume the kube-controller-manager uses impersonation rather than different tokens and that is likely something you could implement as a client wrapper
from controller-runtime.
I would assume the kube-controller-manager uses impersonation rather than different tokens
This is wrong, it uses different tokens: https://github.com/kubernetes/kubernetes/blob/fd2d352d291bc4fb36d51e52b33a6f6849f20f35/staging/src/k8s.io/controller-manager/pkg/clientbuilder/client_builder_dynamic.go#L121
So yeah, the best way to replicate this behavior in controller-runtime is to construct a new client for every component using an empty kubeconfig with a dynamic token source like the one in the KCM.
from controller-runtime.
@alvaroaleman Thank you for your reply~
the best way to replicate this behavior in controller-runtime is to construct a new client for every component using an empty kubeconfig with a dynamic token source like the one in the KCM.
I'm currently using this approach, but the client-wrapper poses an issue: it's challenging to inherit the manager
's client settings, like the caching option.
from controller-runtime.
Related Issues (20)
- Optimize patches returned by Defaulter
- DefaultLabelSelector overrides ByObject.Label in DefaultNamespaces
- Add a way to grab the controller name out of the reconcile context HOT 1
- failed to install setup-envtest HOT 1
- How to change DefaultNamespaces at runtime HOT 3
- Reconcile is triggered after status update HOT 4
- Upgrade problem (v0.15.2->v0.17.3): configuring namespace HOT 2
- [BUG]: goroutine leak when `leaderelection.NewLeaderElector` return error
- [issue] regarding horizontal scaling for operators HOT 1
- [bug] setup-envtest unable to find version for linux HOT 8
- go install fails with "zip: not a valid zip file" error message HOT 1
- setup-envtest is stuck and fails to download any k8s version HOT 2
- 【bug】controller start concurrency bug HOT 2
- controllerutil: SetControllerReference does not allow disabling BlockOwnerDeletion
- Question: update status field HOT 2
- Need help to understand the Software Architecture for my Bachelor Thesis :) HOT 1
- how to set client dial timeout HOT 3
- ENVTest - cannot delete PVCs in BDD test HOT 1
- Server-side field validation should be strict by default HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from controller-runtime.