Merge pull request #5509 from jabellard/volumes_bindings_api_server

Support to Specify Extra Volumes and Volume Mounts for Karmada API Server Component
karmada-io · Sep 12, 2024 · 4dfff39 · 4dfff39
2 parents 071fb3d + c45b817
commit 4dfff39
Show file tree

Hide file tree

Showing 6 changed files with 3,804 additions and 13 deletions.
diff --git a/charts/karmada-operator/crds/operator.karmada.io_karmadas.yaml b/charts/karmada-operator/crds/operator.karmada.io_karmadas.yaml
diff --git a/operator/config/crds/operator.karmada.io_karmadas.yaml b/operator/config/crds/operator.karmada.io_karmadas.yaml
diff --git a/operator/pkg/apis/operator/v1alpha1/type.go b/operator/pkg/apis/operator/v1alpha1/type.go
@@ -290,6 +290,24 @@ type KarmadaAPIServer struct {
 	// +optional
 	ExtraArgs map[string]string `json:"extraArgs,omitempty"`
 
+	// ExtraVolumes specifies a list of extra volumes for the API server's pod
+	// To fulfil the base functionality required for a functioning control plane, when provisioning a new Karmada instance,
+	// the operator will automatically attach volumes for the API server pod needed to configure things such as TLS,
+	// SA token issuance/signing and secured connection to etcd, amongst others. However, given the wealth of options for configurability,
+	// there are additional features (e.g., encryption at rest and custom AuthN webhook) that can be configured. ExtraVolumes, in conjunction
+	// with ExtraArgs and ExtraVolumeMounts can be used to fulfil those use cases.
+	// +optional
+	ExtraVolumes []corev1.Volume `json:"extraVolumes,omitempty"`
+
+	// ExtraVolumeMounts specifies a list of extra volume mounts to be mounted into the API server's container
+	// To fulfil the base functionality required for a functioning control plane, when provisioning a new Karmada instance,
+	// the operator will automatically mount volumes into the API server container needed to configure things such as TLS,
+	// SA token issuance/signing and secured connection to etcd, amongst others. However, given the wealth of options for configurability,
+	// there are additional features (e.g., encryption at rest and custom AuthN webhook) that can be configured. ExtraVolumeMounts, in conjunction
+	// with ExtraArgs and ExtraVolumes can be used to fulfil those use cases.
+	// +optional
+	ExtraVolumeMounts []corev1.VolumeMount `json:"extraVolumeMounts,omitempty"`
+
 	// CertSANs sets extra Subject Alternative Names for the API Server signing cert.
 	// +optional
 	CertSANs []string `json:"certSANs,omitempty"`

diff --git a/operator/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go b/operator/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go
diff --git a/operator/pkg/controlplane/apiserver/apiserver.go b/operator/pkg/controlplane/apiserver/apiserver.go
@@ -77,7 +77,8 @@ func installKarmadaAPIServer(client clientset.Interface, cfg *operatorv1alpha1.K
 		return fmt.Errorf("error when decoding karmadaApiserver deployment: %w", err)
 	}
 	patcher.NewPatcher().WithAnnotations(cfg.Annotations).WithLabels(cfg.Labels).
-		WithExtraArgs(cfg.ExtraArgs).WithResources(cfg.Resources).ForDeployment(apiserverDeployment)
+		WithExtraArgs(cfg.ExtraArgs).WithExtraVolumeMounts(cfg.ExtraVolumeMounts).
+		WithExtraVolumes(cfg.ExtraVolumes).WithResources(cfg.Resources).ForDeployment(apiserverDeployment)
 
 	if err := apiclient.CreateOrUpdateDeployment(client, apiserverDeployment); err != nil {
 		return fmt.Errorf("error when creating deployment for %s, err: %w", apiserverDeployment.Name, err)

diff --git a/operator/pkg/util/patcher/pather.go b/operator/pkg/util/patcher/pather.go
@@ -35,12 +35,14 @@ import (
 
 // Patcher defines multiple variables that need to be patched.
 type Patcher struct {
-	labels       map[string]string
-	annotations  map[string]string
-	extraArgs    map[string]string
-	featureGates map[string]bool
-	volume       *operatorv1alpha1.VolumeData
-	resources    corev1.ResourceRequirements
+	labels            map[string]string
+	annotations       map[string]string
+	extraArgs         map[string]string
+	extraVolumes      []corev1.Volume
+	extraVolumeMounts []corev1.VolumeMount
+	featureGates      map[string]bool
+	volume            *operatorv1alpha1.VolumeData
+	resources         corev1.ResourceRequirements
 }
 
 // NewPatcher returns a patcher.
@@ -66,6 +68,18 @@ func (p *Patcher) WithExtraArgs(extraArgs map[string]string) *Patcher {
 	return p
 }
 
+// WithExtraVolumes sets extra volumes for the patcher.
+func (p *Patcher) WithExtraVolumes(extraVolumes []corev1.Volume) *Patcher {
+	p.extraVolumes = extraVolumes
+	return p
+}
+
+// WithExtraVolumeMounts sets extra volume mounts for the patcher.
+func (p *Patcher) WithExtraVolumeMounts(extraVolumeMounts []corev1.VolumeMount) *Patcher {
+	p.extraVolumeMounts = extraVolumeMounts
+	return p
+}
+
 // WithFeatureGates sets featureGates to the patcher.
 func (p *Patcher) WithFeatureGates(featureGates map[string]bool) *Patcher {
 	p.featureGates = featureGates
@@ -122,6 +136,10 @@ func (p *Patcher) ForDeployment(deployment *appsv1.Deployment) {
 		command = append(command, buildArgumentListFromMap(argsMap, overrideArgs)...)
 		deployment.Spec.Template.Spec.Containers[0].Command = command
 	}
+	// Add extra volumes and volume mounts
+	// First container in the pod is expected to contain the Karmada component
+	deployment.Spec.Template.Spec.Volumes = append(deployment.Spec.Template.Spec.Volumes, p.extraVolumes...)
+	deployment.Spec.Template.Spec.Containers[0].VolumeMounts = append(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, p.extraVolumeMounts...)
 }
 
 // ForStatefulSet patches the statefulset manifest.