Add flightctl rbac resources

Signed-off-by: xuezhaojun <[email protected]>
stolostron · Nov 14, 2024 · 842192a · 842192a
1 parent fcc928c
commit 842192a
Showing 9 changed files with 213 additions and 15 deletions.
diff --git a/pkg/bootstrap/render.go b/pkg/bootstrap/render.go
@@ -418,15 +418,15 @@ func (b *KlusterletManifestsConfig) GenerateKlusterletCRDsV1Beta1() ([]byte, err
 }
 
 func GenerateHubBootstrapRBACObjects(managedClusterName string) ([]runtime.Object, error) {
-	return filesToObjects(hubFiles, struct {
+	return helpers.FilesToObjects(hubFiles, struct {
 		ManagedClusterName          string
 		ManagedClusterNamespace     string
 		BootstrapServiceAccountName string
 	}{
 		ManagedClusterName:          managedClusterName,
 		ManagedClusterNamespace:     managedClusterName,
 		BootstrapServiceAccountName: GetBootstrapSAName(managedClusterName),
-	})
+	}, &ManifestFiles)
 }
 
 func filesToTemplateBytes(files []string, config interface{}) ([]byte, error) {
@@ -445,19 +445,6 @@ func filesToTemplateBytes(files []string, config interface{}) ([]byte, error) {
 	return manifests.Bytes(), nil
 }
 
-func filesToObjects(files []string, config interface{}) ([]runtime.Object, error) {
-	objects := []runtime.Object{}
-	for _, file := range files {
-		template, err := ManifestFiles.ReadFile(file)
-		if err != nil {
-			return nil, err
-		}
-
-		objects = append(objects, helpers.MustCreateObjectFromTemplate(file, template, config))
-	}
-	return objects, nil
-}
-
 // installNoOperator return true if operator is not to be installed.
 func installNoOperator(mode operatorv1.InstallMode, config *klusterletconfigv1alpha1.KlusterletConfig) bool {
 	if mode == operatorv1.InstallModeHosted || mode == operatorv1.InstallModeSingletonHosted {

diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
@@ -16,6 +16,7 @@ import (
 	"github.com/stolostron/managedcluster-import-controller/pkg/controller/clusterdeployment"
 	"github.com/stolostron/managedcluster-import-controller/pkg/controller/clusternamespacedeletion"
 	"github.com/stolostron/managedcluster-import-controller/pkg/controller/csr"
+	"github.com/stolostron/managedcluster-import-controller/pkg/controller/flightctl"
 	"github.com/stolostron/managedcluster-import-controller/pkg/controller/hosted"
 	"github.com/stolostron/managedcluster-import-controller/pkg/controller/importconfig"
 	"github.com/stolostron/managedcluster-import-controller/pkg/controller/importstatus"
@@ -86,6 +87,10 @@ func AddToManager(ctx context.Context,
 				return nil
 			},
 		},
+		{
+			flightctl.ControllerName,
+			func() error { return flightctl.Add(ctx, manager, clientHolder) },
+		},
 	}
 
 	for _, f := range AddToManagerFuncs {

diff --git a/pkg/controller/flightctl/flightctl.go b/pkg/controller/flightctl/flightctl.go
@@ -0,0 +1,53 @@
+package flightctl
+
+import (
+	"context"
+
+	"github.com/openshift/library-go/pkg/operator/events"
+)
+
+type FlightCtlManager struct {
+	events.Recorder
+	enabled bool
+}
+
+func NewFlightCtlManager(recorder events.Recorder) *FlightCtlManager {
+	return &FlightCtlManager{
+		enabled:  false,
+		Recorder: recorder,
+	}
+}
+
+func (m *FlightCtlManager) SetEnabled(enabled bool) {
+	m.Eventf("FlightCtlManagerEnabled", "flightctl is %s", func() string {
+		if enabled {
+			return "enabled"
+		}
+		return "disabled"
+	})
+	m.enabled = enabled
+}
+
+func (m *FlightCtlManager) IsEnabled() bool {
+	return m.enabled
+}
+
+func (m *FlightCtlManager) IsManagedClusterADevice(ctx context.Context, managedClusterName string) (bool, error) {
+	return false, nil
+}
+
+func (m *FlightCtlManager) IsDeviceApproved(ctx context.Context, deviceID string) (bool, error) {
+	return false, nil
+}
+
+func (m *FlightCtlManager) GetRepository(ctx context.Context) (string, error) {
+	return "", nil
+}
+
+func (m *FlightCtlManager) ApplyRepository(ctx context.Context) error {
+	return nil
+}
+
+func (m *FlightCtlManager) RemoveRepository(ctx context.Context) error {
+	return nil
+}
diff --git a/pkg/controller/flightctl/manager.go b/pkg/controller/flightctl/manager.go
@@ -0,0 +1,46 @@
+package flightctl
+
+import (
+	"context"
+
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/stolostron/managedcluster-import-controller/pkg/helpers"
+	"k8s.io/apimachinery/pkg/types"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+const ControllerName = "flightctl-controller"
+const FlightCtlNamespace = "flightctl"
+
+func Add(ctx context.Context, mgr manager.Manager, clientHolder *helpers.ClientHolder) error {
+	return ctrl.NewControllerManagedBy(mgr).Named(ControllerName).
+		Watches(
+			&corev1.Namespace{},
+			handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, o client.Object) []reconcile.Request {
+				return []reconcile.Request{
+					{
+						NamespacedName: types.NamespacedName{Name: o.GetName()},
+					},
+				}
+			}),
+			builder.WithPredicates(predicate.Funcs{
+				GenericFunc: func(e event.GenericEvent) bool { return e.Object.GetName() == FlightCtlNamespace },
+				CreateFunc:  func(e event.CreateEvent) bool { return e.Object.GetName() == FlightCtlNamespace },
+				DeleteFunc:  func(e event.DeleteEvent) bool { return e.Object.GetName() == FlightCtlNamespace },
+				UpdateFunc:  func(e event.UpdateEvent) bool { return e.ObjectNew.GetName() == FlightCtlNamespace },
+			}),
+		).
+		Complete(&NSController{
+			clientHolder: clientHolder,
+			scheme:       mgr.GetScheme(),
+			recorder:     helpers.NewEventRecorder(clientHolder.KubeClient, ControllerName),
+		})
+}
diff --git a/pkg/controller/flightctl/manifests/clusterrolebinding.yml b/pkg/controller/flightctl/manifests/clusterrolebinding.yml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: flightctl-client-agent-registration
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: managedcluster-import-controller-agent-regitration-client
+subjects:
+- kind: ServiceAccount
+  name: flightctl-client
+  namespace: "{{ .Namespace }}"
diff --git a/pkg/controller/flightctl/manifests/serviceaccount.yml b/pkg/controller/flightctl/manifests/serviceaccount.yml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flightctl-client
diff --git a/pkg/controller/flightctl/manifests/serviceaccounttokensecret.yml b/pkg/controller/flightctl/manifests/serviceaccounttokensecret.yml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: flightctl-client-token
+  annotations:
+    kubernetes.io/service-account.name: flightctl-client
+type: kubernetes.io/service-account-token
diff --git a/pkg/controller/flightctl/nscontroller.go b/pkg/controller/flightctl/nscontroller.go
@@ -0,0 +1,70 @@
+package flightctl
+
+import (
+	"context"
+	"embed"
+
+	"github.com/openshift/library-go/pkg/operator/events"
+	"github.com/stolostron/managedcluster-import-controller/pkg/helpers"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+var log = logf.Log.WithName(ControllerName)
+
+//go:embed manifests
+var FlightCtlManifestFiles embed.FS
+
+var files = []string{
+	"manifests/clusterrolebinding.yml",
+	"manifests/serviceaccount.yml",
+	"manifests/serviceaccounttokensecret.yml",
+}
+
+var _ reconcile.Reconciler = &NSController{}
+
+// NS controller is responsible for creating FlightCtl resources when namespace `flightctl` is created.
+type NSController struct {
+	clientHolder *helpers.ClientHolder
+	recorder     events.Recorder
+	scheme       *runtime.Scheme
+}
+
+func (c *NSController) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) {
+	log.Info("Reconciling FlightCtl namespace", "namespace", request.Name)
+	var err error
+
+	// get the FlightCtl namespace
+	// if ns found, create resources and set owner reference to the ns.
+	ns := &corev1.Namespace{}
+	err = c.clientHolder.RuntimeClient.Get(ctx, request.NamespacedName, ns)
+	if errors.IsNotFound(err) {
+		// if ns not found, delete the Repository we created
+		return reconcile.Result{}, nil
+	}
+	if err != nil {
+		return reconcile.Result{}, err
+	}
+
+	// create rbac resources and set owner reference to the ns.
+	objects, err := helpers.FilesToObjects(files, struct {
+		Namespace string
+	}{
+		Namespace: ns.Name,
+	}, &FlightCtlManifestFiles)
+	if err != nil {
+		return reconcile.Result{}, err
+	}
+	if _, err := helpers.ApplyResources(
+		c.clientHolder, c.recorder, c.scheme, ns, objects...); err != nil {
+		return reconcile.Result{}, err
+	}
+
+	// TODO: create Repository resources
+	// TODO: create auto-approver of flightctl
+
+	return reconcile.Result{}, nil
+}
diff --git a/pkg/helpers/helpers.go b/pkg/helpers/helpers.go
@@ -6,6 +6,7 @@ package helpers
 import (
 	"bytes"
 	"context"
+	"embed"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -1107,3 +1108,16 @@ func HasCertificates(supersetCertData, subsetCertData []byte) (bool, error) {
 	}
 	return true, nil
 }
+
+func FilesToObjects(files []string, config interface{}, manifestFiles *embed.FS) ([]runtime.Object, error) {
+	objects := []runtime.Object{}
+	for _, file := range files {
+		template, err := manifestFiles.ReadFile(file)
+		if err != nil {
+			return nil, err
+		}
+
+		objects = append(objects, MustCreateObjectFromTemplate(file, template, config))
+	}
+	return objects, nil
+}