Skip to content

Commit

Permalink
address comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@britaniar
britaniar committed Nov 4, 2024
1 parent 5a6791a commit c3679c2
Show file tree
Hide file tree
Showing 13 changed files with 75 additions and 645 deletions.
73 changes: 60 additions & 13 deletions charts/member-agent/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,18 +29,65 @@ helm upgrade member-agent member-agent/ --namespace fleet-system

## Parameters

| Parameter | Description | Default |
|:-------------------------|:------------------------------------------------------|:------------------------------------------------|
| replicaCount | The number of member-agent replicas to deploy | `1` |
| image.repository | Image repository | `ghcr.io/azure/azure/fleet/member-agent` |
| image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| image.tag | The image tag to use | `v0.1.0` |
| affinity | The node affinity to use for pod scheduling | `{}` |
| tolerations | The toleration to use for pod scheduling | `[]` |
| resources | The resource request/limits for the container image | limits: "2" CPU, 4Gi, requests: 100m CPU, 128Mi |
| namespace | Namespace that this Helm chart is installed on. | `fleet-system` |
| logVerbosity | Log level. Uses V logs (klog) | `3` |
| propertyProvider | The property provider to use with the member agent; if none is specified, the Fleet member agent will start with no property provider (i.e., the agent will expose no cluster properties, and collect only limited resource usage information) | `` |
| region | The region where the member cluster resides | `` |
| Parameter | Description | Default |
|:-------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------|
| replicaCount | The number of member-agent replicas to deploy | `1` |
| image.repository | Image repository | `ghcr.io/azure/azure/fleet/member-agent` |
| image.pullPolicy | Image pullPolicy | `IfNotPresent` |
| image.tag | The image tag to use | `v0.1.0` |
| affinity | The node affinity to use for pod scheduling | `{}` |
| tolerations | The toleration to use for pod scheduling | `[]` |
| resources | The resource request/limits for the container image | limits: "2" CPU, 4Gi, requests: 100m CPU, 128Mi |
| namespace | Namespace that this Helm chart is installed on. | `fleet-system` |
| logVerbosity | Log level. Uses V logs (klog) | `3` |
| propertyProvider | The property provider to use with the member agent; if none is specified, the Fleet member agent will start with no property provider (i.e., the agent will expose no cluster properties, and collect only limited resource usage information) | `` |
| region | The region where the member cluster resides | `` |
| config.cloudConfig | The cloud provider configuration | **required if property provider is enabled** |

## Override Azure cloud config

**If PropertyProvider feature is enabled, then a cloud configuration is required.**
Cloud configuration provides resource metadata and credentials for `fleet-member-agent` to manipulate Azure resources.
It's embedded into a Kubernetes secret and mounted to the pods.
The values can be modified under `config.cloudConfig` section in values.yaml or can be provided as a separate file.


| configuration value | description | Remark |
|-------------------------------------------------------| --- |---------------------------------------------------------------------------|
| `cloud` | The cloud where resources belong. | Required. |
| `tenantId` | The AAD Tenant ID for the subscription where the Azure resources are deployed. | |
| `subscriptionId` | The ID of the subscription where resources are deployed. | |
| `useManagedIdentityExtension` | Boolean indicating whether or not to use a managed identity. | `true` or `false` |
| `userAssignedIdentityID` | ClientID of the user-assigned managed identity with RBAC access to resources. | Required for UserAssignedIdentity and omitted for SystemAssignedIdentity. |
| `aadClientId` | The ClientID for an AAD application with RBAC access to resources. | Required if `useManagedIdentityExtension` is set to `false`. |
| `aadClientSecret` | The ClientSecret for an AAD application with RBAC access to resources. | Required if `useManagedIdentityExtension` is set to `false`. |
| `resourceGroup` | The name of the resource group where cluster resources are deployed. | |
| `userAgent` | The userAgent provided when accessing resources. | |
| `location` | The region where resource group and its resources is deployed. | |
| `clusterName` | The name of the cluster where the agent is running. | |
| `clusterResourceGroup` | The resource group where the cluster is deployed. | |
| `vnetName` | The name of the virtual network where the cluster is deployed. | |
| `vnetResourceGroup` | The resource group where the virtual network is deployed. | |

You can create a file `azure.yaml` with the following content, and pass it to `helm install` command: `helm install <release-name> <chart-name> -f azure.yaml`

```yaml
config:
cloudConfig:
cloud: "AzurePublicCloud"
tenantId: "00000000-0000-0000-0000-000000000000"
subscriptionId: "00000000-0000-0000-0000-000000000000"
useManagedIdentityExtension: false
userAssignedIdentityID: "00000000-0000-0000-0000-000000000000"
aadClientId: "00000000-0000-0000-0000-000000000000"
aadClientSecret: "<your secret>"
userAgent: "fleet-member-agent"
resourceGroup: "<resource group name>"
location: "<resource group location>"
clusterName: "<cluster name>"
clusterResourceGroup: "<cluster resource group>"
vnetName: "<vnet name>"
vnetResourceGroup: "<vnet resource group>"
```
## Contributing Changes
4 changes: 4 additions & 0 deletions charts/member-agent/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,10 @@ config:
tenantId: ""
subscriptionId: ""
useManagedIdentityExtension: false
userAssignedIdentityID: ""
aadClientId: ""
aadClientSecret: ""
resourceGroup: ""
userAgent: ""
location: ""
vnetName: ""
Expand Down
16 changes: 4 additions & 12 deletions cmd/memberagent/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"time"

"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
utilrand "k8s.io/apimachinery/pkg/util/rand"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/client-go/discovery"
Expand Down Expand Up @@ -49,7 +48,6 @@ import (
fleetmetrics "go.goms.io/fleet/pkg/metrics"
"go.goms.io/fleet/pkg/propertyprovider"
"go.goms.io/fleet/pkg/propertyprovider/azure"
"go.goms.io/fleet/pkg/propertyprovider/azure/cloudconfig"
"go.goms.io/fleet/pkg/utils"
"go.goms.io/fleet/pkg/utils/httpclient"
//+kubebuilder:scaffold:imports
Expand Down Expand Up @@ -320,7 +318,7 @@ func Start(ctx context.Context, hubCfg, memberConfig *rest.Config, hubOpts, memb
discoverClient := discovery.NewDiscoveryClientForConfigOrDie(memberConfig)

if *enableV1Alpha1APIs {
gvk := schema.GroupVersionKind{Group: workv1alpha1.GroupVersion.Group, Version: workv1alpha1.GroupVersion.Version, Kind: workv1alpha1.AppliedWorkKind}
gvk := workv1alpha1.SchemeGroupVersion.WithKind(workv1alpha1.AppliedWorkKind)
if err = utils.CheckCRDInstalled(discoverClient, gvk); err != nil {
klog.ErrorS(err, "unable to find the required CRD", "GVK", gvk)
return err
Expand Down Expand Up @@ -368,17 +366,11 @@ func Start(ctx context.Context, hubCfg, memberConfig *rest.Config, hubOpts, memb
switch {
case propertyProvider != nil && *propertyProvider == azurePropertyProvider:
klog.V(2).Info("setting up the Azure property provider")
// Set cloud configuration.
cloudConfiguration, err := cloudconfig.LoadCloudConfigFromFile(*cloudConfigFile)
if err != nil {
klog.ErrorS(err, "Unable to load cloud config from file", "file", *cloudConfigFile)
return err
}
klog.V(2).Info("Cloud config loaded successfully")

// TODO: Set cloud configuration.
// Note that the property provider, though initialized here, is not started until
// the specific instance wins the leader election.
pp = azure.New(region, *cloudConfiguration)
klog.V(1).InfoS("Cloud config loaded successfully", "config", cloudConfigFile)
pp = azure.New(region)
default:
// Fall back to not using any property provider if the provided type is none or
// not recognizable.
Expand Down
25 changes: 1 addition & 24 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module go.goms.io/fleet

go 1.22.7
go 1.22.2

require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
Expand Down Expand Up @@ -31,35 +31,14 @@ require (
k8s.io/klog/v2 v2.130.1
k8s.io/metrics v0.25.2
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/cloud-provider-azure v1.28.2
sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.0.50
sigs.k8s.io/controller-runtime v0.18.5
sigs.k8s.io/work-api v0.0.0-20220407021756-586d707fdb2c
)

require (
dario.cat/mergo v1.0.0 // indirect
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.3.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
github.com/aws/karpenter-core v0.32.2-0.20231109191441-e32aafc81fb5 // indirect
github.com/beorn7/perks v1.0.1 // indirect
Expand All @@ -75,7 +54,6 @@ require (
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
Expand All @@ -101,7 +79,6 @@ require (
github.com/prometheus/procfs v0.15.1 // indirect
github.com/samber/lo v1.38.1 // indirect
go.opentelemetry.io/otel v1.31.0 // indirect
go.opentelemetry.io/otel/metric v1.31.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.28.0 // indirect
golang.org/x/net v0.30.0 // indirect
Expand Down
Loading

0 comments on commit c3679c2

Please sign in to comment.