Compare commits
25 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
b372c10ab0 | ||
|
fd6186c6df | ||
|
5069b3455a | ||
|
cb2e4f6028 | ||
|
35facf1b74 | ||
|
24e0137444 | ||
|
ba940bfc80 | ||
|
063d57d9e7 | ||
|
484c742c31 | ||
|
cc3b2a6cfc | ||
|
8e8d0d3e01 | ||
|
03f81c66f9 | ||
|
be721059e5 | ||
aa42f5f49c | |||
|
98c54eb080 | ||
afe442d17f | |||
|
46b7713404 | ||
d5ad32e2e4 | |||
|
e4ecb8c1db | ||
cca59faeab | |||
2cf8923d95 | |||
47ed1b4562 | |||
063f47c87b | |||
4bfb16cba6 | |||
b08e6a1e70 |
@ -30,7 +30,7 @@ RUN export CGO_ENABLED=0 && \
|
||||
COPY . .
|
||||
|
||||
RUN sed -i '/replace/d' go.mod
|
||||
RUN if [ ! -f swagger/index.html ]; then timeout 15 bee run --gendoc=true --downdoc=true; fi
|
||||
RUN if [ ! -f swagger/index.html ]; then timeout 15 bee run -gendoc=true -downdoc=true; fi
|
||||
RUN bee generate routers
|
||||
RUN bee generate docs
|
||||
RUN bee pack
|
||||
|
@ -10,10 +10,13 @@ import (
|
||||
"slices"
|
||||
"time"
|
||||
|
||||
oclib "cloud.o-forge.io/core/oc-lib"
|
||||
|
||||
beego "github.com/beego/beego/v2/server/web"
|
||||
jwt "github.com/golang-jwt/jwt/v5"
|
||||
"gopkg.in/yaml.v2"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
)
|
||||
|
||||
type KubeInfo struct {
|
||||
@ -117,12 +120,12 @@ func (c *AdmiraltyController) GetOneTarget() {
|
||||
c.ServeJSON()
|
||||
}
|
||||
|
||||
// @Title CreateSource
|
||||
// @Title CreateAdmiraltySource
|
||||
// @Description Create an Admiralty Source on remote cluster
|
||||
// @Param execution path string true "execution id of the workflow"
|
||||
// @Success 201
|
||||
// @router /source/:execution [post]
|
||||
func (c *AdmiraltyController) CreateSource() {
|
||||
func (c *AdmiraltyController) CreateAdmiraltySource() {
|
||||
|
||||
execution := c.Ctx.Input.Param(":execution")
|
||||
fmt.Println("execution :: ", execution)
|
||||
@ -139,6 +142,12 @@ func (c *AdmiraltyController) CreateSource() {
|
||||
|
||||
res, err := serv.CreateAdmiraltySource(c.Ctx.Request.Context(),execution)
|
||||
if err != nil {
|
||||
if apierrors.IsAlreadyExists(err) {
|
||||
c.Ctx.Output.SetStatus(409)
|
||||
c.Data["json"] = map[string]string{"info" : "A source already exists for this namespace : " + execution}
|
||||
c.ServeJSON()
|
||||
return
|
||||
}
|
||||
// change code to 500
|
||||
c.Ctx.Output.SetStatus(500)
|
||||
c.Data["json"] = map[string]string{"error": err.Error()}
|
||||
@ -159,13 +168,21 @@ func (c *AdmiraltyController) CreateSource() {
|
||||
// @Title CreateAdmiraltyTarget
|
||||
// @Description Create an Admiralty Target in the namespace associated to the executionID
|
||||
// @Param execution path string true "execution id of the workflow"
|
||||
// @Param peer path string true "peerId of the peer the target points to"
|
||||
// @Success 201
|
||||
// @router /target/:execution [post]
|
||||
// @router /target/:execution/:peer [post]
|
||||
func (c *AdmiraltyController) CreateAdmiraltyTarget(){
|
||||
var data map[string]interface{}
|
||||
|
||||
execution := c.Ctx.Input.Param(":execution")
|
||||
peerId := c.Ctx.Input.Param(":peer")
|
||||
|
||||
if execution == "" || peerId == "" {
|
||||
c.Ctx.Output.SetStatus(400)
|
||||
c.Data["json"] = map[string]string{"error" : "parameters can be empty " + "execution: " + execution + " peer: " + peerId}
|
||||
c.ServeJSON()
|
||||
return
|
||||
}
|
||||
|
||||
serv, err := infrastructure.NewService()
|
||||
if err != nil {
|
||||
@ -176,7 +193,7 @@ func (c *AdmiraltyController) CreateAdmiraltyTarget(){
|
||||
return
|
||||
}
|
||||
|
||||
resp, err := serv.CreateAdmiraltyTarget(c.Ctx.Request.Context(),execution)
|
||||
resp, err := serv.CreateAdmiraltyTarget(c.Ctx.Request.Context(),execution, peerId)
|
||||
if err != nil {
|
||||
// change code to 500
|
||||
c.Ctx.Output.SetStatus(500)
|
||||
@ -210,14 +227,16 @@ func (c *AdmiraltyController) CreateAdmiraltyTarget(){
|
||||
|
||||
// @Title GetKubeSecret
|
||||
// @Description Retrieve the secret created from a Kubeconfig that will be associated to an Admiralty Target
|
||||
|
||||
// @Param execution path string true "execution id of the workflow"
|
||||
// @Param peer path string true "UUID of the peer to which the resource is linked"
|
||||
// @Success 200
|
||||
// @router /secret/:execution [get]
|
||||
// @router /secret/:execution/:peer [get]
|
||||
func(c *AdmiraltyController) GetKubeSecret() {
|
||||
var data map[string]interface{}
|
||||
|
||||
execution := c.Ctx.Input.Param(":execution")
|
||||
peerId := c.Ctx.Input.Param(":peer")
|
||||
|
||||
|
||||
serv, err := infrastructure.NewService()
|
||||
if err != nil {
|
||||
@ -228,7 +247,7 @@ func(c *AdmiraltyController) GetKubeSecret() {
|
||||
return
|
||||
}
|
||||
|
||||
resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution)
|
||||
resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution, peerId)
|
||||
if err != nil {
|
||||
// change code to 500
|
||||
c.Ctx.Output.SetStatus(500)
|
||||
@ -260,9 +279,10 @@ func(c *AdmiraltyController) GetKubeSecret() {
|
||||
// @Description Creat a secret from a Kubeconfig that will be associated to an Admiralty Target
|
||||
|
||||
// @Param execution path string true "execution id of the workflow"
|
||||
// @Param peer path string true "UUID of the peer to which the resource is linked"
|
||||
// @Param kubeconfig body controllers.RemoteKubeconfig true "Kubeconfig to use when creating secret"
|
||||
// @Success 201
|
||||
// @router /secret/:execution [post]
|
||||
// @router /secret/:execution/:peer [post]
|
||||
func (c *AdmiraltyController) CreateKubeSecret() {
|
||||
var kubeconfig RemoteKubeconfig
|
||||
var respData map[string]interface{}
|
||||
@ -279,9 +299,8 @@ func (c *AdmiraltyController) CreateKubeSecret() {
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
execution := c.Ctx.Input.Param(":execution")
|
||||
|
||||
peerId := c.Ctx.Input.Param(":peer")
|
||||
|
||||
serv, err := infrastructure.NewService()
|
||||
if err != nil {
|
||||
@ -292,7 +311,7 @@ func (c *AdmiraltyController) CreateKubeSecret() {
|
||||
return
|
||||
}
|
||||
|
||||
resp, err := serv.CreateKubeconfigSecret(c.Ctx.Request.Context(),*kubeconfig.Data,execution)
|
||||
resp, err := serv.CreateKubeconfigSecret(c.Ctx.Request.Context(),*kubeconfig.Data,execution, peerId)
|
||||
if err != nil {
|
||||
// change code to 500
|
||||
c.Ctx.Output.SetStatus(500)
|
||||
@ -311,13 +330,13 @@ func (c *AdmiraltyController) CreateKubeSecret() {
|
||||
// @name GetAdmiraltyNodes
|
||||
// @description Allows user to test if an admiralty connection has already been established : Target and valid Secret set up on the local host and Source set up on remote host
|
||||
// @Param execution path string true "execution id of the workflow"
|
||||
// @Param peer path string true "UUID of the peer to which the resource is linked"
|
||||
// @Success 200
|
||||
// @router /node/:execution [get]
|
||||
// @router /node/:execution/:peer [get]
|
||||
func (c *AdmiraltyController) GetNodeReady(){
|
||||
var secret v1.Secret
|
||||
|
||||
execution := c.Ctx.Input.Param(":execution")
|
||||
|
||||
peerId := c.Ctx.Input.Param(":peer")
|
||||
|
||||
serv, err := infrastructure.NewService()
|
||||
if err != nil {
|
||||
@ -328,7 +347,7 @@ func (c *AdmiraltyController) GetNodeReady(){
|
||||
return
|
||||
}
|
||||
|
||||
node, err := serv.GetOneNode(c.Ctx.Request.Context(),execution)
|
||||
node, err := serv.GetOneNode(c.Ctx.Request.Context(),execution, peerId)
|
||||
if err != nil {
|
||||
// change code to 500
|
||||
c.Ctx.Output.SetStatus(500)
|
||||
@ -339,13 +358,15 @@ func (c *AdmiraltyController) GetNodeReady(){
|
||||
if node == nil {
|
||||
c.Ctx.Output.SetStatus(404)
|
||||
c.Data["json"] = map[string]string{
|
||||
"error" : "the node for " + execution + " can't be found, make sure both target and source resources are set up on local and remote hosts",
|
||||
"node" : "the node for " + execution + " can't be found, make sure both target and source resources are set up on local and remote hosts",
|
||||
}
|
||||
c.ServeJSON()
|
||||
return
|
||||
}
|
||||
|
||||
resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution)
|
||||
|
||||
|
||||
resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution, peerId)
|
||||
if err != nil {
|
||||
// change code to 500
|
||||
c.Ctx.Output.SetStatus(500)
|
||||
@ -359,7 +380,6 @@ func (c *AdmiraltyController) GetNodeReady(){
|
||||
c.ServeJSON()
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
// Extract JWT token RS265 encoded
|
||||
var editedKubeconfig map[string]interface{}
|
||||
@ -393,14 +413,15 @@ func (c *AdmiraltyController) GetNodeReady(){
|
||||
}
|
||||
|
||||
if *isExpired {
|
||||
c.Data["json"] = map[string]string{
|
||||
c.Data["json"] = map[string]interface{}{
|
||||
"token" : "token in the secret is expired and must be regenerated",
|
||||
"node": node,
|
||||
}
|
||||
c.Ctx.Output.SetStatus(410)
|
||||
c.ServeJSON()
|
||||
}
|
||||
|
||||
c.Data["json"] = map[string]bool{"ok": true}
|
||||
c.Data["json"] = map[string]interface{}{"node": node,"token": true}
|
||||
c.ServeJSON()
|
||||
|
||||
}
|
||||
@ -426,6 +447,8 @@ func retrieveTokenFromKonfig(editedKubeconfig map[string]interface{}) (string,er
|
||||
}
|
||||
|
||||
func isTokenExpired(token string) (*bool, error){
|
||||
logger := oclib.GetLogger()
|
||||
|
||||
t, _, err := new(jwt.Parser).ParseUnverified(token, jwt.MapClaims{})
|
||||
if err != nil {
|
||||
fmt.Println("couldn't decode token")
|
||||
@ -437,7 +460,11 @@ func isTokenExpired(token string) (*bool, error){
|
||||
fmt.Println("Error while checking token's expiration time")
|
||||
return nil, err
|
||||
}
|
||||
fmt.Println("Expiration date : " + expiration.UTC().Format("2006-01-02T15:04:05"))
|
||||
|
||||
logger.Debug().Msg("Expiration date : " + expiration.UTC().Format("2006-01-02T15:04:05"))
|
||||
logger.Debug().Msg(fmt.Sprint("Now : ", time.Now().Unix()))
|
||||
logger.Debug().Msg(fmt.Sprint("Token : ", expiration.Unix()))
|
||||
|
||||
|
||||
expired := expiration.Unix() < time.Now().Unix()
|
||||
|
||||
|
@ -247,9 +247,9 @@ func (o *BookingController) Post() {
|
||||
return
|
||||
}
|
||||
|
||||
/*if err := o.createNamespace(resp.ExecutionsID); err != nil {
|
||||
if err := o.createNamespace(resp.ExecutionsID); err != nil {
|
||||
fmt.Println(err.Error())
|
||||
}*/
|
||||
}
|
||||
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": []interface{}{b},
|
||||
|
@ -16,11 +16,11 @@ type Infrastructure interface {
|
||||
CreateRoleBinding(ctx context.Context, ns string, roleBinding string, role string) error
|
||||
CreateRole(ctx context.Context, ns string, role string, groups [][]string, resources [][]string, verbs [][]string) error
|
||||
GetTargets(ctx context.Context) ([]string,error)
|
||||
CreateAdmiraltySource(context context.Context,executionId string) ([]byte, error)
|
||||
CreateKubeconfigSecret(context context.Context,kubeconfig string, executionId string) ([]byte, error)
|
||||
GetKubeconfigSecret(context context.Context,executionId string) ([]byte, error)
|
||||
CreateAdmiraltyTarget(context context.Context,executionId string)([]byte,error)
|
||||
GetOneNode(context context.Context,executionID string) (*v1.Node, error)
|
||||
CreateAdmiraltySource(context context.Context, executionId string) ([]byte, error)
|
||||
CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string, peerId string) ([]byte, error)
|
||||
GetKubeconfigSecret(context context.Context, executionId string, peerId string) ([]byte, error)
|
||||
CreateAdmiraltyTarget(context context.Context, executionId string, peerId string)([]byte,error)
|
||||
GetOneNode(context context.Context, executionID string, peerId string) (*v1.Node, error)
|
||||
}
|
||||
|
||||
var _service = map[string]func() (Infrastructure, error){
|
||||
|
@ -1,13 +1,11 @@
|
||||
package infrastructure
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"oc-datacenter/conf"
|
||||
"strings"
|
||||
|
||||
@ -16,12 +14,40 @@ import (
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
apply "k8s.io/client-go/applyconfigurations/core/v1"
|
||||
"k8s.io/client-go/dynamic"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/rest"
|
||||
)
|
||||
|
||||
var gvrSources = schema.GroupVersionResource{Group: "multicluster.admiralty.io", Version: "v1alpha1", Resource: "sources"}
|
||||
var gvrTargets = schema.GroupVersionResource{Group: "multicluster.admiralty.io", Version: "v1alpha1", Resource: "targets"}
|
||||
|
||||
type KubernetesService struct {
|
||||
Set *kubernetes.Clientset
|
||||
Set *kubernetes.Clientset
|
||||
}
|
||||
|
||||
func NewDynamicClient() (*dynamic.DynamicClient, error) {
|
||||
config := &rest.Config{
|
||||
Host: conf.GetConfig().KubeHost + ":" + conf.GetConfig().KubePort,
|
||||
TLSClientConfig: rest.TLSClientConfig{
|
||||
CAData: []byte(conf.GetConfig().KubeCA),
|
||||
CertData: []byte(conf.GetConfig().KubeCert),
|
||||
KeyData: []byte(conf.GetConfig().KubeData),
|
||||
},
|
||||
}
|
||||
|
||||
dynamicClient, err := dynamic.NewForConfig(config)
|
||||
if err != nil {
|
||||
return nil, errors.New("Error creating Dynamic client: " + err.Error())
|
||||
}
|
||||
if dynamicClient == nil {
|
||||
return nil, errors.New("Error creating Dynamic client: dynamicClient is nil")
|
||||
}
|
||||
|
||||
return dynamicClient, nil
|
||||
}
|
||||
|
||||
func NewKubernetesService() (Infrastructure, error) {
|
||||
@ -33,6 +59,7 @@ func NewKubernetesService() (Infrastructure, error) {
|
||||
KeyData: []byte(conf.GetConfig().KubeData),
|
||||
},
|
||||
}
|
||||
|
||||
// Create clientset
|
||||
clientset, err := kubernetes.NewForConfig(config)
|
||||
fmt.Println("NewForConfig", clientset, err)
|
||||
@ -43,6 +70,7 @@ func NewKubernetesService() (Infrastructure, error) {
|
||||
return nil, errors.New("Error creating Kubernetes client: clientset is nil")
|
||||
}
|
||||
|
||||
|
||||
return &KubernetesService{
|
||||
Set: clientset,
|
||||
}, nil
|
||||
@ -82,6 +110,9 @@ func (k *KubernetesService) CreateNamespace(ctx context.Context, ns string) erro
|
||||
namespace := &v1.Namespace{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: ns,
|
||||
Labels: map[string]string{
|
||||
"multicluster-scheduler":"enabled",
|
||||
},
|
||||
},
|
||||
}
|
||||
// Create the namespace
|
||||
@ -249,8 +280,8 @@ func (k *KubernetesService) GetTargets(ctx context.Context) ([]string, error) {
|
||||
// - have declared the same namespace as the one where the pods are created in the local cluster
|
||||
//
|
||||
// - have delcared a serviceAccount with sufficient permission to create pods
|
||||
func (k *KubernetesService) CreateAdmiraltyTarget(context context.Context, executionId string) ([]byte, error) {
|
||||
exists, err := k.GetKubeconfigSecret(context, executionId)
|
||||
func (k *KubernetesService) CreateAdmiraltyTarget(context context.Context, executionId string, peerId string) ([]byte, error) {
|
||||
exists, err := k.GetKubeconfigSecret(context, executionId, peerId)
|
||||
if err != nil {
|
||||
fmt.Println("Error verifying kube-secret before creating target")
|
||||
return nil, err
|
||||
@ -260,33 +291,32 @@ func (k *KubernetesService) CreateAdmiraltyTarget(context context.Context, execu
|
||||
fmt.Println("Target needs to be binded to a secret in namespace ", executionId)
|
||||
return nil, nil // Maybe we could create a wrapper for errors and add more info to have
|
||||
}
|
||||
|
||||
targetName := "target-" + getConcatenatedName(peerId,executionId)
|
||||
target := map[string]interface{}{
|
||||
"apiVersion": "multicluster.admiralty.io/v1alpha1",
|
||||
"kind": "Target",
|
||||
"metadata": map[string]interface{}{
|
||||
"name": targetName,
|
||||
"namespace": executionId,
|
||||
"labels": map[string]interface{}{
|
||||
"peer": peerId,
|
||||
},
|
||||
},
|
||||
"spec": map[string]interface{}{
|
||||
"kubeconfigSecret": map[string]string{
|
||||
"name" : "kube-secret-"+ getConcatenatedName(peerId, executionId),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
var targetManifest string
|
||||
var tpl bytes.Buffer
|
||||
tmpl, err := template.New("target").
|
||||
Parse("{\"apiVersion\": \"multicluster.admiralty.io/v1alpha1\", \"kind\": \"Target\", \"metadata\": {\"name\": \"target-{{.ExecutionId}}\"}, \"spec\": { \"kubeconfigSecret\" :{\"name\": \"kube-secret-{{.ExecutionId}}\"}} }")
|
||||
res, err := dynamicClientApply(executionId, targetName, gvrTargets, context, target)
|
||||
if err != nil {
|
||||
fmt.Println("Error creating the template for the target Manifest")
|
||||
return nil, err
|
||||
return nil, errors.New("Error when trying to apply Target definition :" + err.Error())
|
||||
}
|
||||
|
||||
err = tmpl.Execute(&tpl, map[string]string{"ExecutionId": executionId})
|
||||
targetManifest = tpl.String()
|
||||
resp, err := postCDRapiKube(
|
||||
*k.Set,
|
||||
context,
|
||||
"/apis/multicluster.admiralty.io/v1alpha1/namespaces/"+executionId+"/targets",
|
||||
[]byte(targetManifest),
|
||||
map[string]string{"fieldManager": "kubectl-client-side-apply"},
|
||||
map[string]string{"fieldValidation": "Strict"},
|
||||
)
|
||||
return res, nil
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("Error trying to create a Source on remote cluster : ", err, " : ", resp)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return resp, nil
|
||||
}
|
||||
|
||||
// Admiralty Source allows a cluster to receive pods from a remote cluster
|
||||
@ -297,40 +327,32 @@ func (k *KubernetesService) CreateAdmiraltyTarget(context context.Context, execu
|
||||
// This method is temporary to implement the use of Admiralty, but must be edited
|
||||
// to rather contact the oc-datacenter from the remote cluster to create the source
|
||||
// locally and retrieve the token for the serviceAccount
|
||||
func (k *KubernetesService) CreateAdmiraltySource(context context.Context, executionId string) ([]byte, error) {
|
||||
var sourceManifest string
|
||||
var tpl bytes.Buffer
|
||||
tmpl, err := template.New("source").
|
||||
Parse("{\"apiVersion\": \"multicluster.admiralty.io/v1alpha1\", \"kind\": \"Source\", \"metadata\": {\"name\": \"source-{{.ExecutionId}}\"}, \"spec\": {\"serviceAccountName\": \"sa-{{.ExecutionId}}\"} }")
|
||||
func (k *KubernetesService) CreateAdmiraltySource(context context.Context,executionId string) ([]byte, error) {
|
||||
|
||||
source := map[string]interface{}{
|
||||
"apiVersion": "multicluster.admiralty.io/v1alpha1",
|
||||
"kind": "Source",
|
||||
"metadata": map[string]interface{}{
|
||||
"name": "source-"+executionId,
|
||||
"namespace": executionId,
|
||||
},
|
||||
"spec": map[string]interface{}{
|
||||
"serviceAccountName": "sa-"+executionId,
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
res, err := dynamicClientApply(executionId, "source-" + executionId,gvrSources, context, source)
|
||||
if err != nil {
|
||||
fmt.Println("Error creating the template for the source Manifest")
|
||||
return nil, err
|
||||
return nil, errors.New("Error when trying to apply Source definition :" + err.Error())
|
||||
}
|
||||
|
||||
err = tmpl.Execute(&tpl, map[string]string{"ExecutionId": executionId})
|
||||
sourceManifest = tpl.String()
|
||||
|
||||
resp, err := postCDRapiKube(
|
||||
*k.Set,
|
||||
context,
|
||||
"/apis/multicluster.admiralty.io/v1alpha1/namespaces/"+executionId+"/sources",
|
||||
[]byte(sourceManifest),
|
||||
map[string]string{"fieldManager": "kubectl-client-side-apply"},
|
||||
map[string]string{"fieldValidation": "Strict"},
|
||||
)
|
||||
|
||||
// We can add more info to the log with the content of resp if not nil
|
||||
if err != nil {
|
||||
fmt.Println("Error trying to create a Source on remote cluster : ", err, " : ", resp)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return resp, nil
|
||||
return res, nil
|
||||
}
|
||||
|
||||
// Create a secret from a kubeconfing. Use it to create the secret binded to an Admiralty
|
||||
// target, which must contain the serviceAccount's token value
|
||||
func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string) ([]byte, error) {
|
||||
func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string, peerId string) ([]byte, error) {
|
||||
config, err := base64.StdEncoding.DecodeString(kubeconfig)
|
||||
// config, err := base64.RawStdEncoding.DecodeString(kubeconfig)
|
||||
if err != nil {
|
||||
@ -339,33 +361,38 @@ func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kube
|
||||
return nil, err
|
||||
}
|
||||
|
||||
secretManifest := &v1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "kube-secret-" + executionId,
|
||||
Namespace: executionId,
|
||||
},
|
||||
Data: map[string][]byte{
|
||||
"config": config,
|
||||
},
|
||||
}
|
||||
secretApplyConfig := apply.Secret("kube-secret-" + getConcatenatedName(peerId, executionId),
|
||||
executionId).
|
||||
WithData(map[string][]byte{
|
||||
"config": config,
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
|
||||
// exists, err := k.GetKubeconfigSecret(context,executionId)
|
||||
// if err != nil {
|
||||
// fmt.Println("Error verifying if kube secret exists in namespace ", executionId)
|
||||
// return nil, err
|
||||
// }
|
||||
// if exists != nil {
|
||||
// fmt.Println("kube-secret already exists in namespace", executionId)
|
||||
// fmt.Println("Overriding existing kube-secret with a newer resource")
|
||||
// // TODO : implement DeleteKubeConfigSecret(executionID)
|
||||
// deleted, err := k.DeleteKubeConfigSecret(executionId)
|
||||
// _ = deleted
|
||||
// _ = err
|
||||
// }
|
||||
|
||||
|
||||
exists, err := k.GetKubeconfigSecret(context, executionId)
|
||||
if err != nil {
|
||||
fmt.Println("Error verifying if kube secret exists in namespace ", executionId)
|
||||
return nil, err
|
||||
}
|
||||
if exists != nil {
|
||||
fmt.Println("kube-secret already exists in namespace", executionId)
|
||||
fmt.Println("Overriding existing kube-secret with a newer resource")
|
||||
// TODO : implement DeleteKubeConfigSecret(executionID)
|
||||
deleted, err := k.DeleteKubeConfigSecret(executionId)
|
||||
_ = deleted
|
||||
_ = err
|
||||
}
|
||||
resp, err := k.Set.CoreV1().
|
||||
Secrets(executionId).
|
||||
Create(context, secretManifest, metav1.CreateOptions{})
|
||||
|
||||
Secrets(executionId).
|
||||
Apply(context,
|
||||
secretApplyConfig,
|
||||
metav1.ApplyOptions{
|
||||
FieldManager: "admiralty-manager",
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("Error while trying to contact API to get secret kube-secret-" + executionId)
|
||||
fmt.Println(err)
|
||||
@ -381,10 +408,10 @@ func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kube
|
||||
return data, nil
|
||||
}
|
||||
|
||||
func (k *KubernetesService) GetKubeconfigSecret(context context.Context, executionId string) ([]byte, error) {
|
||||
func (k *KubernetesService) GetKubeconfigSecret(context context.Context, executionId string, peerId string) ([]byte, error) {
|
||||
resp, err := k.Set.CoreV1().
|
||||
Secrets(executionId).
|
||||
Get(context, "kube-secret-"+executionId, metav1.GetOptions{})
|
||||
Get(context, "kube-secret-"+ getConcatenatedName(peerId, executionId), metav1.GetOptions{})
|
||||
|
||||
if err != nil {
|
||||
if apierrors.IsNotFound(err) {
|
||||
@ -425,7 +452,40 @@ func getCDRapiKube(client kubernetes.Clientset, ctx context.Context, path string
|
||||
return resp, nil
|
||||
}
|
||||
|
||||
func postCDRapiKube(client kubernetes.Clientset, ctx context.Context, path string, body []byte, params ...map[string]string) ([]byte, error) {
|
||||
func dynamicClientApply(executionId string, resourceName string, resourceDefinition schema.GroupVersionResource, ctx context.Context, object map[string]interface{}) ([]byte, error) {
|
||||
cli, err := NewDynamicClient()
|
||||
if err != nil {
|
||||
return nil, errors.New("Could not retrieve dynamic client when creating Admiralty Source : " + err.Error())
|
||||
}
|
||||
|
||||
res, err := cli.Resource(resourceDefinition).
|
||||
Namespace(executionId).
|
||||
Apply(ctx,
|
||||
resourceName,
|
||||
&unstructured.Unstructured{Object: object},
|
||||
metav1.ApplyOptions{
|
||||
FieldManager: "kubectl-client-side-apply",
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
o, err := json.Marshal(object)
|
||||
fmt.Println("Error from k8s API when applying " + fmt.Sprint(string(o)) + " to " + gvrSources.String() + " : " , err)
|
||||
return nil,err
|
||||
}
|
||||
|
||||
|
||||
// We can add more info to the log with the content of resp if not nil
|
||||
resByte, err := json.Marshal(res)
|
||||
if err != nil {
|
||||
// fmt.Println("Error trying to create a Source on remote cluster : ", err , " : ", res)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return resByte, nil
|
||||
|
||||
}
|
||||
|
||||
func putCDRapiKube(client kubernetes.Clientset, ctx context.Context, path string, body []byte, params ...map[string]string) ([]byte, error){
|
||||
req := client.RESTClient().
|
||||
Post().
|
||||
AbsPath(path).
|
||||
@ -450,7 +510,9 @@ func postCDRapiKube(client kubernetes.Clientset, ctx context.Context, path strin
|
||||
// Returns the Kubernetes' Node object corresponding to the executionID if it exists on this host
|
||||
//
|
||||
// The node is created when an admiralty Target (on host) can connect to an admiralty Source (on remote)
|
||||
func (k *KubernetesService) GetOneNode(context context.Context, executionID string) (*v1.Node, error) {
|
||||
func (k *KubernetesService) GetOneNode(context context.Context, executionID string, peerId string) (*v1.Node, error) {
|
||||
concatenatedName := getConcatenatedName(peerId, executionID)
|
||||
|
||||
res, err := k.Set.CoreV1().
|
||||
Nodes().
|
||||
List(
|
||||
@ -464,10 +526,21 @@ func (k *KubernetesService) GetOneNode(context context.Context, executionID stri
|
||||
}
|
||||
|
||||
for _, node := range res.Items {
|
||||
if isNode := strings.Contains(node.Name, "admiralty-"+executionID+"-target-"+executionID+"-"); isNode {
|
||||
if isNode := strings.Contains(node.Name, "admiralty-"+ executionID +"-target-"+ concatenatedName + "-"); isNode {
|
||||
return &node, nil
|
||||
}
|
||||
}
|
||||
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
||||
// Returns a concatenation of the peerId and namespace in order for
|
||||
// kubernetes ressources to have a unique name, under 63 characters
|
||||
// and yet identify which peer they are created for
|
||||
func getConcatenatedName(peerId string, namespace string) string {
|
||||
s := strings.Split(namespace, "-")[:2]
|
||||
n := s[0] + "-" + s[1]
|
||||
|
||||
return peerId + "-" + n
|
||||
}
|
||||
|
@ -19,7 +19,7 @@ func init() {
|
||||
beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
|
||||
beego.ControllerComments{
|
||||
Method: "GetNodeReady",
|
||||
Router: `/node/:execution`,
|
||||
Router: `/node/:execution/:peer`,
|
||||
AllowHTTPMethods: []string{"get"},
|
||||
MethodParams: param.Make(),
|
||||
Filters: nil,
|
||||
@ -28,7 +28,7 @@ func init() {
|
||||
beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
|
||||
beego.ControllerComments{
|
||||
Method: "GetKubeSecret",
|
||||
Router: `/secret/:execution`,
|
||||
Router: `/secret/:execution/:peer`,
|
||||
AllowHTTPMethods: []string{"get"},
|
||||
MethodParams: param.Make(),
|
||||
Filters: nil,
|
||||
@ -37,7 +37,7 @@ func init() {
|
||||
beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
|
||||
beego.ControllerComments{
|
||||
Method: "CreateKubeSecret",
|
||||
Router: `/secret/:execution`,
|
||||
Router: `/secret/:execution/:peer`,
|
||||
AllowHTTPMethods: []string{"post"},
|
||||
MethodParams: param.Make(),
|
||||
Filters: nil,
|
||||
@ -45,7 +45,7 @@ func init() {
|
||||
|
||||
beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
|
||||
beego.ControllerComments{
|
||||
Method: "CreateSource",
|
||||
Method: "CreateAdmiraltySource",
|
||||
Router: `/source/:execution`,
|
||||
AllowHTTPMethods: []string{"post"},
|
||||
MethodParams: param.Make(),
|
||||
@ -55,7 +55,7 @@ func init() {
|
||||
beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
|
||||
beego.ControllerComments{
|
||||
Method: "CreateAdmiraltyTarget",
|
||||
Router: `/target/:execution`,
|
||||
Router: `/target/:execution/:peer`,
|
||||
AllowHTTPMethods: []string{"post"},
|
||||
MethodParams: param.Make(),
|
||||
Filters: nil,
|
||||
|
Loading…
Reference in New Issue
Block a user