Revise cluster-gateway charts

Signed-off-by: Tamal Saha <[email protected]>

charts/cluster-gateway-manager/README.md

@@ -45,22 +45,21 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following table lists the configurable parameters of the `cluster-gateway-manager` chart and their default values.
 
-|            Parameter            |              Description               |                     Default                      |
-|---------------------------------|----------------------------------------|--------------------------------------------------|
-| image                           | Image of the cluster-gateway instances | <code>oamdev/cluster-gateway-manager</code>      |
-| tag                             |                                        | <code></code>                                    |
-| clusterGateway.image            |                                        | <code>oamdev/cluster-gateway</code>              |
-| clusterGateway.installNamespace |                                        | <code>vela-system</code>                         |
-| clusterGateway.secretNamespace  |                                        | <code>open-cluster-management-credentials</code> |
-| replicas                        | Number of replicas                     | <code>1</code>                                   |
-| manualSecretManagement          |                                        | <code>true</code>                                |
-| konnectivityEgress              |                                        | <code>false</code>                               |
+|            Parameter            |              Description               |                           Default                            |
+|---------------------------------|----------------------------------------|--------------------------------------------------------------|
+| image                           | Image of the cluster-gateway instances | <code>ghcr.io/kluster-manager/cluster-gateway-manager</code> |
+| tag                             |                                        | <code></code>                                                |
+| clusterGateway.image            |                                        | <code>ghcr.io/kluster-manager/cluster-gateway</code>         |
+| clusterGateway.installNamespace |                                        | <code>cluster-gateway</code>                                 |
+| replicas                        | Number of replicas                     | <code>1</code>                                               |
+| manualSecretManagement          |                                        | <code>false</code>                                           |
+| clusterProxy.enabled            |                                        | <code>false</code>                                           |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
 
 ```bash
-$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management --create-namespace --version=v2024.2.25 --set image=oamdev/cluster-gateway-manager
+$ helm upgrade -i cluster-gateway-manager appscode/cluster-gateway-manager -n open-cluster-management --create-namespace --version=v2024.2.25 --set image=ghcr.io/kluster-manager/cluster-gateway-manager
 ```
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while

charts/cluster-gateway-manager/crds/clustergatewayconfigurations.yaml → charts/cluster-gateway-manager/crds/proxy.open-cluster-management.io_clustergatewayconfigurations.yaml

@@ -1,11 +1,8 @@
-
----
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.4.1
-  creationTimestamp: null
   name: clustergatewayconfigurations.proxy.open-cluster-management.io
 spec:
   group: proxy.open-cluster-management.io
@@ -174,9 +171,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/cluster-gateway-manager/templates/clustergatewayconfiguration.yaml

@@ -1,11 +1,10 @@
-apiVersion: proxy.open-cluster-management.io/v1alpha1
+apiVersion: config.gateway.open-cluster-management.io/v1alpha1
 kind: ClusterGatewayConfiguration
 metadata:
   name: cluster-gateway
 spec:
   image: {{ .Values.clusterGateway.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }}
   installNamespace: {{ .Values.clusterGateway.installNamespace }}
-  secretNamespace: {{ .Values.clusterGateway.secretNamespace }}
   secretManagement:
   {{ if .Values.manualSecretManagement }}
     type: Manual
@@ -15,15 +14,12 @@ spec:
       name: cluster-gateway
   {{ end }}
   egress:
-  {{ if .Values.konnectivityEgress }}
-    type: ClusterProxy
+  {{ if .Values.clusterProxy.enabled }}
     clusterProxy:
       proxyServerHost: "proxy-entrypoint.open-cluster-management-addon"
       proxyServerPort: 8090
       credentials:
         namespace: open-cluster-management-addon
         proxyClientCASecretName: proxy-server-ca
         proxyClientSecretName: proxy-client
-  {{ else }}
-    type: Direct
   {{ end }}

charts/cluster-gateway-manager/templates/clustermanagementaddon.yaml

@@ -6,6 +6,8 @@ spec:
   addOnMeta:
     displayName: cluster-gateway
     description: cluster-gateway
-  addOnConfiguration:
-    crdName: clustergatewayconfigurations.proxy.open-cluster-management.io
-    crName: cluster-gateway
+  supportedConfigs:
+    - group: config.gateway.open-cluster-management.io
+      resource: clustergatewayconfigurations
+      defaultConfig:
+        name: cluster-gateway

charts/cluster-gateway-manager/templates/clusterrolebindings.yaml

@@ -1,11 +1,11 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name:  open-cluster-management:cluster-gateway:managedcluster-reader
+  name:  open-cluster-management:cluster-gateway:addon-manager
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name:  open-cluster-management:cluster-gateway:managedcluster-reader
+  name:  open-cluster-management:cluster-gateway:addon-manager
 subjects:
   - kind: ServiceAccount
     name: cluster-gateway-manager

charts/cluster-gateway-manager/templates/clusterroles.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: open-cluster-management:cluster-gateway:managedcluster-reader
+  name: open-cluster-management:cluster-gateway:addon-manager
 rules:
   - apiGroups:
       - cluster.open-cluster-management.io
@@ -18,13 +18,13 @@ rules:
     verbs:
       - "*"
   - apiGroups:
-      - proxy.open-cluster-management.io
+      - config.gateway.open-cluster-management.io
     resources:
       - clustergatewayconfigurations
     verbs:
       - "*"
   - apiGroups:
-      - cluster.core.oam.dev
+      - gateway.open-cluster-management.io
     resources:
       - clustergateways/health
       - clustergateways/proxy

charts/cluster-gateway-manager/values.yaml

@@ -1,14 +1,14 @@
 # Image of the cluster-gateway instances
-image: oamdev/cluster-gateway-manager
+image: ghcr.io/kluster-manager/cluster-gateway-manager
 
 tag:
 
 clusterGateway:
-  image: oamdev/cluster-gateway
-  installNamespace: vela-system
-  secretNamespace: open-cluster-management-credentials
+  image: ghcr.io/kluster-manager/cluster-gateway
+  installNamespace: cluster-gateway
 # Number of replicas
 replicas: 1
 
-manualSecretManagement: true
-konnectivityEgress: false
+manualSecretManagement: false
+clusterProxy:
+  enabled: false

charts/cluster-gateway/README.md

@@ -45,24 +45,21 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following table lists the configurable parameters of the `cluster-gateway` chart and their default values.
 
-|                 Parameter                 |                   Description                   |                               Default                               |
-|-------------------------------------------|-------------------------------------------------|---------------------------------------------------------------------|
-| image                                     | Image of the cluster-gateway instances          | <code>oamdev/cluster-gateway</code>                                 |
-| tag                                       |                                                 | <code></code>                                                       |
-| replicas                                  | Number of replicas                              | <code>1</code>                                                      |
-| secretNamespace                           | A secured namespace for reading cluster secrets | <code>open-cluster-management-credentials</code>                    |
-| ocmIntegration.enabled                    |                                                 | <code>false</code>                                                  |
-| ocmIntegration.clusterProxy.enabled       |                                                 | <code>false</code>                                                  |
-| ocmIntegration.clusterProxy.endpoint.host |                                                 | <code>proxy-entrypoint.open-cluster-management-cluster-proxy</code> |
-| ocmIntegration.clusterProxy.endpoint.port |                                                 | <code>8090</code>                                                   |
-| featureGate.healthiness                   |                                                 | <code>false</code>                                                  |
-| featureGate.secretCache                   |                                                 | <code>false</code>                                                  |
+|         Parameter          |              Description               |                               Default                               |
+|----------------------------|----------------------------------------|---------------------------------------------------------------------|
+| image                      | Image of the cluster-gateway instances | <code>ghcr.io/kluster-manager/cluster-gateway</code>                |
+| tag                        |                                        | <code></code>                                                       |
+| replicas                   | Number of replicas                     | <code>1</code>                                                      |
+| clusterProxy.enabled       |                                        | <code>false</code>                                                  |
+| clusterProxy.endpoint.host |                                        | <code>proxy-entrypoint.open-cluster-management-cluster-proxy</code> |
+| clusterProxy.endpoint.port |                                        | <code>8090</code>                                                   |
+| featureGate.healthiness    |                                        | <code>false</code>                                                  |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
 
 ```bash
-$ helm upgrade -i cluster-gateway appscode/cluster-gateway -n open-cluster-management --create-namespace --version=v2024.2.25 --set image=oamdev/cluster-gateway
+$ helm upgrade -i cluster-gateway appscode/cluster-gateway -n open-cluster-management --create-namespace --version=v2024.2.25 --set image=ghcr.io/kluster-manager/cluster-gateway
 ```
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while

charts/cluster-gateway/templates/apiservice.yaml

@@ -1,13 +1,13 @@
 apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:
-  name: v1alpha1.cluster.core.oam.dev
+  name: v1alpha1.gateway.open-cluster-management.io
   labels:
     api: cluster-extension-apiserver
     apiserver: "true"
 spec:
   version: v1alpha1
-  group: cluster.core.oam.dev
+  group: gateway.open-cluster-management.io
   groupPriorityMinimum: 2000
   service:
     name: gateway-service

charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml

@@ -29,20 +29,16 @@ spec:
           imagePullPolicy: IfNotPresent
           args:
             - --secure-port=9443
-            - --secret-namespace={{ .Values.secretNamespace }}
-            {{ if .Values.ocmIntegration.enabled }}
-            - --ocm-integration=true
-            {{ if .Values.ocmIntegration.clusterProxy.enabled }}
-            - --proxy-host={{ .Values.ocmIntegration.clusterProxy.endpoint.host }}
-            - --proxy-port={{ .Values.ocmIntegration.clusterProxy.endpoint.port }}
+            {{ if .Values.clusterProxy.enabled }}
+            - --proxy-host={{ .Values.clusterProxy.endpoint.host }}
+            - --proxy-port={{ .Values.clusterProxy.endpoint.port }}
             - --proxy-ca-cert=/etc/ca/ca.crt
             - --proxy-cert=/etc/tls/tls.crt
             - --proxy-key=/etc/tls/tls.key
             {{ end }}
-            {{ end }}
-            - --feature-gates={{ if .Values.featureGate.healthiness }}HealthinessCheck=true,{{ end }}{{ if .Values.featureGate.secretCache }}SecretCache=true,{{ end }}
+            - --feature-gates={{ if .Values.featureGate.healthiness }}HealthinessCheck=true,{{ end }}
             # TODO: certificate rotation, otherwise the self-signed will expire in 1 year
-          {{ if .Values.ocmIntegration.clusterProxy.enabled }}
+          {{ if .Values.clusterProxy.enabled }}
           volumeMounts:
             - name: proxy-client
               mountPath: "/etc/tls/"

charts/cluster-gateway/templates/clusterrolebindings.yaml

@@ -1,11 +1,11 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name:  open-cluster-management:cluster-gateway:managedcluster-reader
+  name:  open-cluster-management:cluster-gateway:apiserver
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name:  open-cluster-management:cluster-gateway:managedcluster-reader
+  name:  open-cluster-management:cluster-gateway:apiserver
 subjects:
   - kind: ServiceAccount
     name: cluster-gateway

charts/cluster-gateway/templates/clusterroles.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: open-cluster-management:cluster-gateway:managedcluster-reader
+  name: open-cluster-management:cluster-gateway:apiserver
 rules:
   - apiGroups:
       - cluster.open-cluster-management.io
@@ -42,4 +42,27 @@ rules:
     resources:
       - subjectaccessreviews
     verbs:
-      - "*"
+      - "*"
+  # read/update managed cluster addons
+  - apiGroups:
+      - addon.open-cluster-management.io
+    resources:
+      - managedclusteraddons
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+  # read managed service account credentials
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+    resourceNames:
+      - cluster-gateway

charts/cluster-gateway/values.yaml

@@ -1,21 +1,16 @@
 # Image of the cluster-gateway instances
-image: oamdev/cluster-gateway
+image: ghcr.io/kluster-manager/cluster-gateway
 
 tag:
 
 # Number of replicas
 replicas: 1
-# A secured namespace for reading cluster secrets
-secretNamespace: open-cluster-management-credentials
 
-ocmIntegration:
+clusterProxy:
   enabled: false
-  clusterProxy:
-    enabled: false
-    endpoint:
-      host: proxy-entrypoint.open-cluster-management-cluster-proxy
-      port: 8090
+  endpoint:
+    host: proxy-entrypoint.open-cluster-management-cluster-proxy
+    port: 8090
 
 featureGate:
   healthiness: false
-  secretCache: false

hack/scripts/import-crds.sh

@@ -34,7 +34,7 @@ crd-importer \
     --out=./charts/cluster-auth-manager/crds
 
 crd-importer \
-    --input=https://github.com/kluster-manager/cluster-gateway/raw/master/hack/crd/bases/proxy.open-cluster-management.io_clustergatewayconfigurations.yaml \
+    --input=https://github.com/oam-dev/cluster-gateway/raw/master/hack/crd/bases/proxy.open-cluster-management.io_clustergatewayconfigurations.yaml \
     --input=https://github.com/open-cluster-management-io/api/raw/${OPEN_CLUSTER_MANAGEMENT_IO_API_TAG}/addon/v1alpha1/0000_00_addon.open-cluster-management.io_clustermanagementaddons.crd.yaml \
     --out=./charts/cluster-gateway-manager/crds