update csv

Signed-off-by: zhujian <jiazhu@redhat.com>

.gitignore

@@ -9,7 +9,6 @@ registration-operator
 dev-kubeconfig
 e2e-kubeconfig
 hub-kubeconfig
-external-managed-kubeconfig
 munge-csv
 
 # Test binary, build with `go test -c`
@@ -21,5 +20,4 @@ _output/
 
 .kubeconfig
 .hub-kubeconfig
-.external-managed-kubeconfig
 .idea

Makefile

@@ -38,16 +38,14 @@ operatorsdk_gen_dir:=$(dir $(OPERATOR_SDK))
 OLM_NAMESPACE?=olm
 OLM_VERSION?=0.16.1
 
-PWD=$(shell pwd)
-KUSTOMIZE?=$(PWD)/$(PERMANENT_TMP_GOPATH)/bin/kustomize
+KUSTOMIZE?=$(PERMANENT_TMP_GOPATH)/bin/kustomize
 KUSTOMIZE_VERSION?=v3.5.4
 KUSTOMIZE_ARCHIVE_NAME?=kustomize_$(KUSTOMIZE_VERSION)_$(GOHOSTOS)_$(GOHOSTARCH).tar.gz
 kustomize_dir:=$(dir $(KUSTOMIZE))
 
 KUBECTL?=kubectl
 KUBECONFIG?=./.kubeconfig
 HUB_KUBECONFIG?=./.hub-kubeconfig
-EXTERNAL_MANAGED_KUBECONFIG?=./.external-managed-kubeconfig
 
 OPERATOR_SDK_ARCHOS:=x86_64-linux-gnu
 ifeq ($(GOHOSTOS),darwin)
@@ -92,13 +90,8 @@ deploy-hub: deploy-hub-operator apply-hub-cr hub-kubeconfig
 
 deploy-spoke: deploy-spoke-operator apply-spoke-cr
 
-deploy-spoke-detached: deploy-spoke-operator apply-spoke-cr-detached
-
 deploy-hub-operator: ensure-kustomize
-	cp deploy/cluster-manager/config/kustomization.yaml deploy/cluster-manager/config/kustomization.yaml.tmp
-	cd deploy/cluster-manager/config && $(KUSTOMIZE) edit set image quay.io/open-cluster-management/registration-operator:latest=$(IMAGE_NAME)
 	$(KUSTOMIZE) build deploy/cluster-manager/config | $(KUBECTL) apply -f -
-	mv deploy/cluster-manager/config/kustomization.yaml.tmp deploy/cluster-manager/config/kustomization.yaml
 
 apply-hub-cr:
 	$(SED_CMD) -e "s,quay.io/open-cluster-management/registration,$(REGISTRATION_IMAGE)," -e "s,quay.io/open-cluster-management/work,$(WORK_IMAGE)," -e "s,quay.io/open-cluster-management/placement,$(PLACEMENT_IMAGE)," deploy/cluster-manager/config/samples/operator_open-cluster-management_clustermanagers.cr.yaml | $(KUBECTL) apply -f -
@@ -107,34 +100,21 @@ clean-hub: clean-hub-cr clean-hub-operator
 
 clean-spoke: clean-spoke-cr clean-spoke-operator
 
-clean-spoke-detached: clean-spoke-cr-detached clean-spoke-operator
-
 cluster-ip:
 	$(eval HUB_CONTEXT := $(shell $(KUBECTL) config current-context --kubeconfig $(HUB_KUBECONFIG)))
 	$(eval HUB_CLUSTER_IP := $(shell $(KUBECTL) get svc kubernetes -n default -o jsonpath="{.spec.clusterIP}" --kubeconfig $(HUB_KUBECONFIG)))
 	$(KUBECTL) config set clusters.$(HUB_CONTEXT).server https://$(HUB_CLUSTER_IP) --kubeconfig $(HUB_KUBECONFIG)
 
 bootstrap-secret:
-	cp $(HUB_KUBECONFIG) deploy/klusterlet/config/samples/default/bootstrap/hub-kubeconfig
+	cp $(HUB_KUBECONFIG) deploy/klusterlet/config/samples/bootstrap/hub-kubeconfig
 	$(KUBECTL) get ns open-cluster-management-agent; if [ $$? -ne 0 ] ; then $(KUBECTL) create ns open-cluster-management-agent; fi
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/default/bootstrap | $(KUBECTL) apply -f -
-
-bootstrap-secret-klusterlet-detached:
-	cp $(HUB_KUBECONFIG) deploy/klusterlet/config/samples/detached/bootstrap/hub-kubeconfig
-	$(KUBECTL) get ns klusterlet; if [ $$? -ne 0 ] ; then $(KUBECTL) create ns klusterlet; fi
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/detached/bootstrap | $(KUBECTL) apply -f -
+	$(KUSTOMIZE) build deploy/klusterlet/config/samples/bootstrap | $(KUBECTL) apply -f -
 
 deploy-spoke-operator: ensure-kustomize
-	cp deploy/klusterlet/config/kustomization.yaml deploy/klusterlet/config/kustomization.yaml.tmp
-	cd deploy/klusterlet/config && $(KUSTOMIZE) edit set image quay.io/open-cluster-management/registration-operator:latest=$(IMAGE_NAME)
 	$(KUSTOMIZE) build deploy/klusterlet/config | $(KUBECTL) apply -f -
-	mv deploy/klusterlet/config/kustomization.yaml.tmp deploy/klusterlet/config/kustomization.yaml
 
 apply-spoke-cr: bootstrap-secret
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/default | $(SED_CMD) -e "s,quay.io/open-cluster-management/registration,$(REGISTRATION_IMAGE)," -e "s,quay.io/open-cluster-management/work,$(WORK_IMAGE)," | $(KUBECTL) apply -f -
-
-apply-spoke-cr-detached: bootstrap-secret-klusterlet-detached external-managed-secret
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/detached | $(SED_CMD) -e "s,quay.io/open-cluster-management/registration,$(REGISTRATION_IMAGE)," -e "s,quay.io/open-cluster-management/work,$(WORK_IMAGE)," | $(KUBECTL) apply -f -
+	$(KUSTOMIZE) build deploy/klusterlet/config/samples | $(SED_CMD) -e "s,quay.io/open-cluster-management/registration,$(REGISTRATION_IMAGE)," -e "s,quay.io/open-cluster-management/work,$(WORK_IMAGE)," | $(KUBECTL) apply -f -
 
 clean-hub-cr:
 	$(KUBECTL) delete managedcluster --all --ignore-not-found
@@ -144,18 +124,18 @@ clean-hub-operator:
 	$(KUSTOMIZE) build deploy/cluster-manager/config | $(KUBECTL) delete --ignore-not-found -f -
 
 clean-spoke-cr:
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/default | $(KUBECTL) delete --ignore-not-found -f -
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/default/bootstrap | $(KUBECTL) delete --ignore-not-found -f -
-
-clean-spoke-cr-detached:
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/detached | $(KUBECTL) delete --ignore-not-found -f -
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/detached/bootstrap | $(KUBECTL) delete --ignore-not-found -f -
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/detached/managed | $(KUBECTL) delete --ignore-not-found -f -
+	$(KUSTOMIZE) build deploy/klusterlet/config/samples | $(KUBECTL) delete --ignore-not-found -f -
+	$(KUSTOMIZE) build deploy/klusterlet/config/samples/bootstrap | $(KUBECTL) delete --ignore-not-found -f -
 
 clean-spoke-operator:
 	$(KUSTOMIZE) build deploy/klusterlet/config | $(KUBECTL) delete --ignore-not-found -f -
 	$(KUBECTL) delete ns open-cluster-management-agent --ignore-not-found
-	$(KUBECTL) delete ns klusterlet --ignore-not-found
+
+# Registration e2e expects to read bootstrap secret from open-cluster-management/e2e-bootstrap-secret
+# TODO: think about how to factor this
+e2e-bootstrap-secret: cluster-ip
+	$(KUBECTL) delete secret e2e-bootstrap-secret -n open-cluster-management --ignore-not-found
+	$(KUBECTL) create secret generic e2e-bootstrap-secret --from-file=kubeconfig=$(HUB_KUBECONFIG) -n open-cluster-management
 
 install-olm: ensure-operator-sdk
 	$(KUBECTL) get crds | grep clusterserviceversion ; if [ $$? -ne 0 ] ; then $(OPERATOR_SDK) olm install --version $(OLM_VERSION); fi
@@ -172,7 +152,7 @@ deploy-spoke-operator-olm: install-olm bootstrap-secret
 	$(OPERATOR_SDK) run packagemanifests deploy/klusterlet/olm-catalog/klusterlet/ --namespace open-cluster-management --version $(CSV_VERSION) --install-mode OwnNamespace --timeout=10m
 
 clean-spoke-olm: ensure-operator-sdk
-	$(KUBECTL) delete -f deploy/klusterlet/config/samples/default/operator_open-cluster-management_klusterlets.cr.yaml --ignore-not-found
+	$(KUBECTL) delete -f deploy/klusterlet/config/samples/operator_open-cluster-management_klusterlets.cr.yaml --ignore-not-found
 	$(OPERATOR_SDK) cleanup klusterlet --namespace open-cluster-management --timeout 10m
 
 test-e2e: deploy-hub deploy-spoke-operator run-e2e
@@ -184,11 +164,6 @@ run-e2e: cluster-ip bootstrap-secret
 clean-e2e:
 	$(RM) ./e2e.test
 
-external-managed-secret:
-	cp $(EXTERNAL_MANAGED_KUBECONFIG) deploy/klusterlet/config/samples/detached/managed/external-managed-kubeconfig
-	$(KUBECTL) get ns klusterlet; if [ $$? -ne 0 ] ; then $(KUBECTL) create ns klusterlet; fi
-	$(KUSTOMIZE) build deploy/klusterlet/config/samples/detached/managed | $(KUBECTL) apply -f -
-
 ensure-operator-sdk:
 ifeq "" "$(wildcard $(OPERATOR_SDK))"
 	$(info Installing operator-sdk into '$(OPERATOR_SDK)')

README.md

@@ -86,49 +86,6 @@ We mainly provide deployment in two scenarios:
    make clean-spoke
    ``` 
 
-### Deploy spoke(Klusterlet) with Detached mode
-
-We support deploy the Klusterlet(registration-agent, work-agent) outside of managed cluster, called `Detached` mode, and we define the cluster where the Klusterlet runs as management-cluster.
-
-1. Set env variables.
-   ```shell
-   export KUBECONFIG=$HOME/.kube/config
-   ```
-2. Switch to hub context and deploy hub components.
-   ```
-   kubectl config use-context {hub-context}
-   make deploy-hub
-   ```
-   **PLEASE NOTE**: If you're running kubernetes in docker, the `server` address in kubeconfig may not be accessible for other clusters. In this case, you need to set `HUB_KUBECONFIG` explicitly.
-
-   For example, if your clusters are created by kind, you need to use kind's command to export a kubeconfig of hub with an accessible `server` address. ([The related issue](https://github.com/kubernetes-sigs/kind/issues/1305))
-
-   ```shell
-   kind get kubeconfig --name {your kind hub cluster name} --internal > ./.hub-kubeconfig # ./.hub-kubeconfig is default value of HUB_KUBECONFIG 
-   ```
-3. Switch to management context and deploy agent components on management cluster.
-    ```
-    kubectl config use-context {management-context}
-    make deploy-spoke-detached
-    ```
-
-   **PLEASE NOTE**: If you're running kubernetes in docker, the `server` address in kubeconfig may not be accessible for other clusters. In this case, you need to set `EXTERNAL_MANAGED_KUBECONFIG` explicitly.
-
-   For example, if your clusters are created by kind, you need to use kind's command to export a kubeconfig of managed/spoke cluster with an accessible `server` address. ([The related issue](https://github.com/kubernetes-sigs/kind/issues/1305))
-
-   ```shell
-   kind get kubeconfig --name {your kind managed cluster name} --internal > ./.external-managed-kubeconfig # ./.external-managed-kubeconfig is default value of EXTERNAL_MANAGED_KUBECONFIG, it is only useful in Detached mode.
-   ```
-4. To clean the hub environment.
-   ```shell
-   kubectl config use-context {hub-context} 
-   make clean-hub
-   ```
-5. To clean the spoke environment.
-   ```shell
-   kubectl config use-context {management-context}
-   make clean-spoke-detached
-
 ## What is next
 
 After a successful deployment, a `certificatesigningrequest` and a `managedcluster` will

deploy/cluster-manager/olm-catalog/cluster-manager/manifests/operator.open-cluster-management.io_clustermanagers.yaml

@@ -15,7 +15,7 @@ spec:
   - name: v1
     schema:
       openAPIV3Schema:
-        description: ClusterManager configures the controllers on the hub that govern registration and work distribution for attached Klusterlets. ClusterManager will only be deployed in open-cluster-management-hub namespace.
+        description: ClusterManager configures the controllers on the hub that govern registration and work distribution for attached Klusterlets. In Default mode, ClusterManager will only be deployed in open-cluster-management-hub namespace. In Detached mode, ClusterManager will be deployed in <cluster-manager's name>-open-cluster-management-hub namespace.
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
@@ -28,6 +28,21 @@ spec:
           spec:
             description: Spec represents a desired deployment configuration of controllers that govern registration and work distribution for attached Klusterlets.
             properties:
+              deployOption:
+                default:
+                  mode: Default
+                description: DeployOption contains the options of deploying a cluster-manager Default mode is used if DeployOption is not set.
+                properties:
+                  mode:
+                    default: Default
+                    description: "Mode can be Default or Detached. For cluster-manager:   - In Default mode, the Hub is installed as a whole and all parts of Hub are deployed in the same cluster.   - In Detached mode, only crd and configurations are installed on one cluster(defined as hub-cluster). Controllers run in another cluster (defined as management-cluster) and connect to the hub with the kubeconfig in secret of \"external-hub-kubeconfig\"(a kubeconfig of hub-cluster with cluster-admin permission). For klusterlet:   - In Default mode, all klusterlet related resources are deployed on the managed cluster.   - In Detached mode, only crd and configurations are installed on the spoke/managed cluster. Controllers run in another cluster (defined as management-cluster) and connect to the mangaged cluster with the kubeconfig in secret of \"external-managed-kubeconfig\"(a kubeconfig of managed-cluster with cluster-admin permission). The purpose of Detached mode is to give it more flexibility, for example we can install a hub on a cluster with no worker nodes, meanwhile running all deployments on another more powerful cluster. And we can also register a managed cluster to the hub that has some firewall rules preventing access from the managed cluster. \n Note: Do not modify the Mode field once it's applied."
+                    enum:
+                    - Default
+                    - Detached
+                    type: string
+                required:
+                - mode
+                type: object
               nodePlacement:
                 description: NodePlacement enables explicit control over the scheduling of the deployed pods.
                 properties:

deploy/klusterlet/config/rbac/cluster_role.yaml

@@ -39,3 +39,7 @@ rules:
 - apiGroups: ["operator.open-cluster-management.io"]
   resources: ["klusterlets/status"]
   verbs: ["update", "patch"]
+# Allow the registration-operator to update the appliedmanifestworks finalizer.
+- apiGroups: ["work.open-cluster-management.io"]
+  resources: ["appliedmanifestworks"]
+  verbs: ["get", "list", "watch", "update"]

deploy/klusterlet/olm-catalog/klusterlet/manifests/klusterlet.clusterserviceversion.yaml

@@ -12,17 +12,17 @@ metadata:
           },
           "spec": {
             "clusterName": "cluster1",
+            "deployOption": {
+              "mode": "Default"
+            },
             "externalServerURLs": [
               {
                 "url": "https://localhost"
               }
             ],
             "namespace": "open-cluster-management-agent",
             "registrationImagePullSpec": "quay.io/open-cluster-management/registration",
-            "workImagePullSpec": "quay.io/open-cluster-management/work",
-            "deployOption": {
-              "mode": "Default"
-            }
+            "workImagePullSpec": "quay.io/open-cluster-management/work"
           }
         }
       ]