Add harvester-public namespace

Move built-in templates to the public namespace Restructure built-in resource creation code
hugo345816 · Jul 1, 2021 · d2ba5fa · d2ba5fa
1 parent 46ee218
commit d2ba5fa
Show file tree

Hide file tree

Showing 7 changed files with 81 additions and 30 deletions.
diff --git a/pkg/controller/global/setup.go b/pkg/controller/global/setup.go
@@ -9,15 +9,13 @@ import (
 	"github.com/harvester/harvester/pkg/config"
 	"github.com/harvester/harvester/pkg/controller/global/auth"
 	"github.com/harvester/harvester/pkg/controller/global/settings"
-	"github.com/harvester/harvester/pkg/controller/global/template"
 	"github.com/harvester/harvester/pkg/indexeres"
 )
 
 type registerFunc func(context.Context, *config.Scaled, *server.Server, config.Options) error
 
 var registerFuncs = []registerFunc{
 	settings.Register,
-	template.Register,
 	auth.Register,
 }
 

diff --git a/pkg/controller/global/template/register.go b/pkg/controller/global/template/register.go
diff --git a/pkg/data/add.go b/pkg/data/add.go
@@ -0,0 +1,22 @@
+package data
+
+import (
+	"context"
+
+	"github.com/harvester/harvester/pkg/config"
+)
+
+// Init adds built-in resources
+func Init(ctx context.Context, mgmtCtx *config.Management) error {
+	if err := createCRDs(ctx, mgmtCtx.RestConfig); err != nil {
+		return err
+	}
+	if err := createPublicNamespace(mgmtCtx); err != nil {
+		return err
+	}
+	if err := createTemplates(mgmtCtx, publicNamespace); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/controller/crds/setup.go → pkg/data/crd.go b/pkg/controller/crds/setup.go → pkg/data/crd.go
@@ -1,4 +1,4 @@
-package crds
+package data
 
 import (
 	"context"
@@ -13,10 +13,6 @@ import (
 	"github.com/harvester/harvester/pkg/util/crd"
 )
 
-func Setup(ctx context.Context, restConfig *rest.Config) error {
-	return createCRDs(ctx, restConfig)
-}
-
 func createCRDs(ctx context.Context, restConfig *rest.Config) error {
 	factory, err := crd.NewFactoryFromClient(ctx, restConfig)
 	if err != nil {

diff --git a/pkg/data/public.go b/pkg/data/public.go
@@ -0,0 +1,49 @@
+package data
+
+import (
+	v1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/harvester/harvester/pkg/config"
+)
+
+const (
+	publicNamespace = "harvester-public"
+)
+
+func createPublicNamespace(mgmtCtx *config.Management) error {
+	namespaces := mgmtCtx.CoreFactory.Core().V1().Namespace()
+	roleBindings := mgmtCtx.RbacFactory.Rbac().V1().RoleBinding()
+
+	// Create harvester-public namespace
+	if _, err := namespaces.Create(&v1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{Name: publicNamespace},
+	}); err != nil && !errors.IsAlreadyExists(err) {
+		return err
+	}
+	// All authenticated users are readable in the public namespace
+	if _, err := roleBindings.Create(&rbacv1.RoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "harvester-public",
+			Namespace: publicNamespace,
+		},
+		RoleRef: rbacv1.RoleRef{
+			APIGroup: rbacv1.GroupName,
+			Kind:     "ClusterRole",
+			Name:     "view",
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				APIGroup: rbacv1.GroupName,
+				Kind:     rbacv1.GroupKind,
+				Name:     "system:authenticated",
+			},
+		},
+	}); err != nil && !errors.IsAlreadyExists(err) {
+		return err
+	}
+
+	return nil
+}
diff --git a/...ler/global/template/template_init_data.go → pkg/data/template.go b/...ler/global/template/template_init_data.go → pkg/data/template.go
@@ -1,4 +1,4 @@
-package template
+package data
 
 import (
 	"bytes"
@@ -9,6 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/yaml"
 
 	harvesterv1 "github.com/harvester/harvester/pkg/apis/harvesterhci.io/v1beta1"
+	"github.com/harvester/harvester/pkg/config"
 	ctlharvesterv1 "github.com/harvester/harvester/pkg/generated/controllers/harvesterhci.io/v1beta1"
 )
 
@@ -17,13 +18,14 @@ var (
 	templateVersionTmpl = template.Must(template.New("templateVersion").Parse(initBaseTemplateVersions))
 )
 
-func initData(vmTemplates ctlharvesterv1.VirtualMachineTemplateClient,
-	vmTemplateVersions ctlharvesterv1.VirtualMachineTemplateVersionClient, namespace string) error {
-	if err := initBaseTemplate(vmTemplates, namespace); err != nil {
+func createTemplates(mgmt *config.Management, namespace string) error {
+	templates := mgmt.HarvesterFactory.Harvesterhci().V1beta1().VirtualMachineTemplate()
+	templateVersions := mgmt.HarvesterFactory.Harvesterhci().V1beta1().VirtualMachineTemplateVersion()
+	if err := initBaseTemplate(templates, namespace); err != nil {
 		return err
 	}
 
-	return initBaseTemplateVersion(vmTemplateVersions, namespace)
+	return initBaseTemplateVersion(templateVersions, namespace)
 }
 
 func generateYmls(tmpl *template.Template, namespace string) ([][]byte, error) {

diff --git a/pkg/server/types.go b/pkg/server/types.go
@@ -27,9 +27,9 @@ import (
 	"github.com/harvester/harvester/pkg/api/auth"
 	"github.com/harvester/harvester/pkg/config"
 	"github.com/harvester/harvester/pkg/controller/admission"
-	"github.com/harvester/harvester/pkg/controller/crds"
 	"github.com/harvester/harvester/pkg/controller/global"
 	"github.com/harvester/harvester/pkg/controller/master"
+	"github.com/harvester/harvester/pkg/data"
 	"github.com/harvester/harvester/pkg/server/ui"
 )
 
@@ -189,7 +189,7 @@ func (s *HarvesterServer) generateSteveServer(options config.Options) error {
 
 	s.ASL = accesscontrol.NewAccessStore(s.Context, true, s.controllers.RBAC)
 
-	if err := crds.Setup(s.Context, s.RESTConfig); err != nil {
+	if err := data.Init(s.Context, scaled.Management); err != nil {
 		return err
 	}