finish ut of sa token replacement #787

MrGirl · 2022-03-29T09:15:00Z

add tenant sa token subsitute

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespace from that line:

/kind enhancement

/sig iot

What this PR does / why we need it:

Subsitute bearer token with tenant's default serviceaccount token when requests are from namespace kube-system. This PR make the master understand which tenant the request is from, when the request is from kube-system and flannel

Special notes for your reviewer:

Does this PR introduce a user-facing change?

If we want to active tenant sa toke subsitution, we should add param "hub-cert-organizations"

--hub-cert-organizations=system:bootstrappers:kubeadm:default-node-token,openyurt:tenant:iot-test

other Note

Maybe we should update clusterrolebinding first.

kubectl create clusterrolebinding system-node-role-bound --clusterrole=system:node --group=system:nodes

openyurt-bot · 2022-03-29T09:15:04Z

@MrGirl: GitHub didn't allow me to assign the following users: your_reviewer.

Note that only openyurtio members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

add tenant sa token subsitute

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespace from that line:
/kind bug
/kind documentation
/kind enhancement
/kind good-first-issue
/kind feature
/kind question
/kind design
/sig ai
/sig iot
/sig network
/sig storage
/sig storage

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?
other Note

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openyurt-bot · 2022-03-29T09:15:19Z

Welcome @MrGirl! It looks like this is your first PR to openyurtio/openyurt 🎉

rambohe-ch · 2022-03-29T09:32:49Z

@MrGirl Very appreciate for your pull request. please fix the errors of github actions and merge two commits into one commit.

pkg/yurthub/tenant/tenant.go

pkg/yurthub/proxy/util/util.go

pkg/yurthub/proxy/proxy.go

pkg/yurthub/proxy/util/util.go

pkg/yurthub/tenant/tenant.go

pkg/yurthub/util/util.go

pkg/yurthub/tenant/tenant.go

pkg/yurthub/storage/factory/factory.go

pkg/yurthub/proxy/util/util.go

pkg/yurthub/util/util.go

pkg/yurthub/proxy/util/util.go

openyurt-bot · 2022-05-10T11:38:48Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: MrGirl, rambohe-ch

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [rambohe-ch]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

rambohe-ch · 2022-05-10T11:38:51Z

/lgtm
/approve

* finish ut of sa token replacement add tenant sa token subsitute * add tenant sa token subsitute

* add yurt-app-manager yurtappdaemon/yurtingress deploy and revert * Revert "add yurt-app-manager yurtappdaemon/yurtingress deploy and revert" This reverts commit ba28364. * fix git safe dir error (#807) Signed-off-by: Congrool <chpzhangyifei@zju.edu.cn> * 【Optimize】unified image pull policy (#805) * add yurt-app-manager yurtappdaemon/yurtingress deploy and revert * Revert "add yurt-app-manager yurtappdaemon/yurtingress deploy and revert" This reverts commit ba28364. * unified image pull policy * 【Optimize】optimize kubernetes util function (#808) * add yurt-app-manager yurtappdaemon/yurtingress deploy and revert * Revert "add yurt-app-manager yurtappdaemon/yurtingress deploy and revert" This reverts commit ba28364. * optimize kubernetes util func * 【FIX】fix cloud node was heterogeneous (#806) * add yurt-app-manager yurtappdaemon/yurtingress deploy and revert * Revert "add yurt-app-manager yurtappdaemon/yurtingress deploy and revert" This reverts commit ba28364. * fix bug: when cloud node was heterogeneous, this parameter will be error * cleanup: io/ioutil (#813) Signed-off-by: cndoit18 <cndoit18@outlook.com> * use constants instead the string (#814) * ingress: update edge ingress proposal to add enhancement (#816) * finish ut of sa token replacement (#787) * finish ut of sa token replacement add tenant sa token subsitute * add tenant sa token subsitute * add enable-node-pool parameter for yurthub in order to disable nodepools list/watch in filters when testing. (#822) * Remove convert and revert command (#826) Signed-off-by: lonelyCZ <531187475@qq.com> * uniform processCreateErr func to deal the resource create Co-authored-by: Yifei Zhang <chpzhangyifei@zju.edu.cn> Co-authored-by: cndoit18 <cndoit18@outlook.com> Co-authored-by: pengbinbin1 <pengbiny@163.com> Co-authored-by: zzguang <zhengguang.zhang@intel.com> Co-authored-by: MrGirl <wuyingxingzyd@163.com> Co-authored-by: rambohe <linbo.hlb@alibaba-inc.com> Co-authored-by: Zhe Cheng <47743202+lonelyCZ@users.noreply.github.com>

* finish ut of sa token replacement add tenant sa token subsitute * add tenant sa token subsitute

rambohe-ch · 2022-05-25T01:22:25Z

Fixes #788

openyurt-bot requested review from kadisi and qclc March 29, 2022 09:15

openyurt-bot added the size/L size/L: 100-499 label Mar 29, 2022

MrGirl force-pushed the sa-token-replace branch 2 times, most recently from 4a6e1c4 to c995d22 Compare March 30, 2022 07:51

openyurt-bot added size/XL size/XL: 500-999 and removed size/L size/L: 100-499 labels Mar 30, 2022

MrGirl force-pushed the sa-token-replace branch 2 times, most recently from 5c74edb to 6b501f0 Compare March 30, 2022 13:15

openyurt-bot added size/L size/L: 100-499 and removed size/XL size/XL: 500-999 labels Mar 30, 2022

rambohe-ch reviewed Mar 31, 2022

View reviewed changes

pkg/yurthub/tenant/tenant.go Outdated Show resolved Hide resolved

rambohe-ch reviewed Mar 31, 2022

View reviewed changes

pkg/yurthub/tenant/tenant.go Outdated Show resolved Hide resolved

rambohe-ch reviewed Mar 31, 2022

View reviewed changes

pkg/yurthub/proxy/util/util.go Outdated Show resolved Hide resolved

rambohe-ch reviewed Mar 31, 2022

View reviewed changes

pkg/yurthub/proxy/proxy.go Outdated Show resolved Hide resolved

rambohe-ch reviewed Mar 31, 2022

View reviewed changes

pkg/yurthub/proxy/util/util.go Outdated Show resolved Hide resolved

MrGirl force-pushed the sa-token-replace branch from 6b501f0 to b8fd820 Compare April 1, 2022 08:37

rambohe-ch changed the title ~~finish ut of sa token replacement~~ 【WIP】finish ut of sa token replacement Apr 1, 2022

openyurt-bot added the do-not-merge/work-in-progress do-not-merge/work-in-progress label Apr 1, 2022

rambohe-ch changed the title ~~【WIP】finish ut of sa token replacement~~ [WIP] finish ut of sa token replacement Apr 1, 2022

MrGirl force-pushed the sa-token-replace branch 5 times, most recently from 42674ed to b7e7be7 Compare April 5, 2022 13:07

openyurt-bot added size/XL size/XL: 500-999 and removed size/L size/L: 100-499 labels Apr 5, 2022

MrGirl force-pushed the sa-token-replace branch from 6c5bee5 to dc1715a Compare April 12, 2022 13:07