core/oc-datacenter
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added :peer to admiralty routes to create peer related resources

Browse Source
This commit is contained in:
pb 2025-05-13 16:33:48 +02:00
parent 24e0137444
commit 35facf1b74
3 changed files with 35 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
controllers/admiralty.go
View File

@ -227,14 +227,16 @@ func (c *AdmiraltyController) CreateAdmiraltyTarget(){
// @Title GetKubeSecret
// @Description Retrieve the secret created from a Kubeconfig that will be associated to an Admiralty Target
// @Param execution path string true "execution id of the workflow"
// @Param peer path string true "UUID of the peer to which the resource is linked"
// @Success 200
// @router /secret/:execution [get]
// @router /secret/:execution/:peer [get]
func(c *AdmiraltyController) GetKubeSecret() {
var data map[string]interface{}
execution := c.Ctx.Input.Param(":execution")
peerId := c.Ctx.Input.Param(":peer")
serv, err := infrastructure.NewService()
if err != nil {
@ -245,7 +247,7 @@ func(c *AdmiraltyController) GetKubeSecret() {
return
}
resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution)
resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution, peerId)
if err != nil {
// change code to 500
c.Ctx.Output.SetStatus(500)
@ -277,9 +279,10 @@ func(c *AdmiraltyController) GetKubeSecret() {
// @Description Creat a secret from a Kubeconfig that will be associated to an Admiralty Target
// @Param execution path string true "execution id of the workflow"
// @Param peer path string true "UUID of the peer to which the resource is linked"
// @Param kubeconfig body controllers.RemoteKubeconfig true "Kubeconfig to use when creating secret"
// @Success 201
// @router /secret/:execution [post]
// @router /secret/:execution/:peer [post]
func (c *AdmiraltyController) CreateKubeSecret() {
var kubeconfig RemoteKubeconfig
var respData map[string]interface{}
@ -296,9 +299,8 @@ func (c *AdmiraltyController) CreateKubeSecret() {
return
}
execution := c.Ctx.Input.Param(":execution")
peerId := c.Ctx.Input.Param(":peer")
serv, err := infrastructure.NewService()
if err != nil {
@ -309,7 +311,7 @@ func (c *AdmiraltyController) CreateKubeSecret() {
return
}
resp, err := serv.CreateKubeconfigSecret(c.Ctx.Request.Context(),*kubeconfig.Data,execution)
resp, err := serv.CreateKubeconfigSecret(c.Ctx.Request.Context(),*kubeconfig.Data,execution, peerId)
if err != nil {
// change code to 500
c.Ctx.Output.SetStatus(500)
@ -328,12 +330,13 @@ func (c *AdmiraltyController) CreateKubeSecret() {
// @name GetAdmiraltyNodes
// @description Allows user to test if an admiralty connection has already been established : Target and valid Secret set up on the local host and Source set up on remote host
// @Param execution path string true "execution id of the workflow"
// @Param peer path string true "UUID of the peer to which the resource is linked"
// @Success 200
// @router /node/:execution [get]
// @router /node/:execution/:peer [get]
func (c *AdmiraltyController) GetNodeReady(){
var secret v1.Secret
execution := c.Ctx.Input.Param(":execution")
peerId := c.Ctx.Input.Param(":peer")
serv, err := infrastructure.NewService()
if err != nil {
@ -363,7 +366,7 @@ func (c *AdmiraltyController) GetNodeReady(){
resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution)
resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution, peerId)
if err != nil {
// change code to 500
c.Ctx.Output.SetStatus(500)

10
infrastructure/interface.go
View File

@ -16,11 +16,11 @@ type Infrastructure interface {
CreateRoleBinding(ctx context.Context, ns string, roleBinding string, role string) error
CreateRole(ctx context.Context, ns string, role string, groups [][]string, resources [][]string, verbs [][]string) error
GetTargets(ctx context.Context) ([]string,error)
CreateAdmiraltySource(context context.Context,executionId string) ([]byte, error)
CreateKubeconfigSecret(context context.Context,kubeconfig string, executionId string) ([]byte, error)
GetKubeconfigSecret(context context.Context,executionId string) ([]byte, error)
CreateAdmiraltyTarget(context context.Context,executionId string, peerId string)([]byte,error)
GetOneNode(context context.Context,executionID string) (*v1.Node, error)
CreateAdmiraltySource(context context.Context, executionId string) ([]byte, error)
CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string, peerId string) ([]byte, error)
GetKubeconfigSecret(context context.Context, executionId string, peerId string) ([]byte, error)
CreateAdmiraltyTarget(context context.Context, executionId string, peerId string)([]byte,error)
GetOneNode(context context.Context, executionID string) (*v1.Node, error)
}
var _service = map[string]func() (Infrastructure, error){

27
infrastructure/kubernetes.go
View File

@ -281,7 +281,7 @@ func (k *KubernetesService) GetTargets(ctx context.Context) ([]string, error) {
//
// - have delcared a serviceAccount with sufficient permission to create pods
func (k *KubernetesService) CreateAdmiraltyTarget(context context.Context, executionId string, peerId string) ([]byte, error) {
exists, err := k.GetKubeconfigSecret(context, executionId)
exists, err := k.GetKubeconfigSecret(context, executionId, peerId)
if err != nil {
fmt.Println("Error verifying kube-secret before creating target")
return nil, err
@ -292,11 +292,7 @@ func (k *KubernetesService) CreateAdmiraltyTarget(context context.Context, execu
return nil, nil // Maybe we could create a wrapper for errors and add more info to have
}
s := strings.Split(peerId, "-")[:2]
p := s[0] + "-" + s[1]
targetName := "target-" + p + "-" + executionId
targetName := "target-" + getConcatenatedName(peerId,executionId)
target := map[string]interface{}{
"apiVersion": "multicluster.admiralty.io/v1alpha1",
"kind": "Target",
@ -356,7 +352,7 @@ func (k *KubernetesService) CreateAdmiraltySource(context context.Context,execut
// Create a secret from a kubeconfing. Use it to create the secret binded to an Admiralty
// target, which must contain the serviceAccount's token value
func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string) ([]byte, error) {
func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string, peerId string) ([]byte, error) {
config, err := base64.StdEncoding.DecodeString(kubeconfig)
// config, err := base64.RawStdEncoding.DecodeString(kubeconfig)
if err != nil {
@ -365,7 +361,7 @@ func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kube
return nil, err
}
secretApplyConfig := apply.Secret("kube-secret-" + executionId,
secretApplyConfig := apply.Secret("kube-secret-" + getConcatenatedName(peerId, executionId),
executionId).
WithData(map[string][]byte{
"config": config,
@ -412,10 +408,10 @@ func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kube
return data, nil
}
func (k *KubernetesService) GetKubeconfigSecret(context context.Context, executionId string) ([]byte, error) {
func (k *KubernetesService) GetKubeconfigSecret(context context.Context, executionId string, peerId string) ([]byte, error) {
resp, err := k.Set.CoreV1().
Secrets(executionId).
Get(context, "kube-secret-"+executionId, metav1.GetOptions{})
Get(context, "kube-secret-"+ getConcatenatedName(peerId, executionId), metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
@ -535,3 +531,14 @@ func (k *KubernetesService) GetOneNode(context context.Context, executionID stri
return nil, nil
}
// Returns a concatenation of the peerId and namespace in order for
// kubernetes ressources to have a unique name, under 63 characters
// and yet identify which peer they are created for
func getConcatenatedName(peerId string, namespace string) string {
s := strings.Split(peerId, "-")[:2]
p := s[0] + "-" + s[1]
return p + "-" + namespace
}