Agent now watches nodeconfigs.flock.fritzlab.net via a client-go dynamic informer, filters events to its own node name, and caches the typed NodeConfig in memory (NodeConfigCache, atomic pointer). M2's IPAM will read from that cache. - pkg/agent/nodeconfig.go: informer + JSON-round-trip decode (avoids hand-written DeepCopy + scheme registration for this small a use). - pkg/agent/server.go: starts the informer goroutine; Run terminates if the informer returns. - pkg/api/v1alpha1: switch placeholder TypeMeta/ObjectMeta to metav1. - deploy/rbac: get/list/watch on nodeconfigs. - cmd/flock-agent: --kubeconfig flag for out-of-cluster runs (tests). Satisfies M1 verified-by: "kubectl apply NodeConfig; agent logs read it". Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Donavan Fritz
+5
-3
@@ -77,13 +77,15 @@ metadata:
|
||||
name: flock-agent
|
||||
namespace: kube-system
|
||||
---
|
||||
# M1 RBAC: empty. The agent does not yet read any Kubernetes objects.
|
||||
# M2+ will add Pod, NetworkPolicy, and NodeConfig permissions here.
|
||||
# M1.5 RBAC: just enough to read NodeConfig. M2 adds pods + networkpolicies.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: flock-agent
|
||||
rules: []
|
||||
rules:
|
||||
- apiGroups: ["flock.fritzlab.net"]
|
||||
resources: ["nodeconfigs"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
|
||||
Reference in New Issue
Block a user