feat: kubesphere 4.0 (#6115)

* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

---------

Signed-off-by: ci-bot <ci-bot@kubesphere.io>
Co-authored-by: ks-ci-bot <ks-ci-bot@example.com>
Co-authored-by: joyceliu <joyceliu@yunify.com>

pkg/controller/cluster/helper.go

@@ -1,65 +1,132 @@
 /*
-Copyright 2020 KubeSphere Authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
+ * Please refer to the LICENSE file in the root directory of the project.
+ * https://github.com/kubesphere/kubesphere/blob/master/LICENSE
+ */
 
 package cluster
 
 import (
-	"os"
+	"context"
+	"errors"
+	"time"
 
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-	"k8s.io/client-go/tools/clientcmd/api"
+	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/chart/loader"
+	"helm.sh/helm/v3/pkg/storage/driver"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/types"
+	clusterv1alpha1 "kubesphere.io/api/cluster/v1alpha1"
+	"kubesphere.io/utils/helm"
+	runtimeclient "sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+
+	"kubesphere.io/kubesphere/pkg/config"
+	"kubesphere.io/kubesphere/pkg/constants"
+	"kubesphere.io/kubesphere/pkg/utils/hashutil"
 )
 
-func buildKubeconfigFromRestConfig(config *rest.Config) ([]byte, error) {
-	apiConfig := api.NewConfig()
+const releaseName = "ks-core"
 
-	apiCluster := &api.Cluster{
-		Server:                   config.Host,
-		CertificateAuthorityData: config.CAData,
+func configChanged(cluster *clusterv1alpha1.Cluster) bool {
+	return hashutil.FNVString(cluster.Spec.Config) != cluster.Annotations[constants.ConfigHashAnnotation]
+}
+
+func setConfigHash(cluster *clusterv1alpha1.Cluster) {
+	configHash := hashutil.FNVString(cluster.Spec.Config)
+	if cluster.Annotations == nil {
+		cluster.Annotations = map[string]string{
+			constants.ConfigHashAnnotation: configHash,
+		}
+	} else {
+		cluster.Annotations[constants.ConfigHashAnnotation] = configHash
+	}
+}
+
+func installKSCoreInMemberCluster(kubeConfig []byte, jwtSecret, chartPath string, chartConfig []byte) error {
+	helmConf, err := helm.InitHelmConf(kubeConfig, constants.KubeSphereNamespace)
+	if err != nil {
+		return err
 	}
 
-	// generated kubeconfig will be used by cluster federation, CAFile is not
-	// accepted by kubefed, so we need read CAFile
-	if len(apiCluster.CertificateAuthorityData) == 0 && len(config.CAFile) != 0 {
-		caData, err := os.ReadFile(config.CAFile)
-		if err != nil {
-			return nil, err
+	if chartPath == "" {
+		chartPath = "/var/helm-charts/ks-core"
+	}
+	chart, err := loader.Load(chartPath) // in-container chart path
+	if err != nil {
+		return err
+	}
+
+	// values example:
+	// 	map[string]interface{}{
+	//		"nestedKey": map[string]interface{}{
+	//			"simpleKey": "simpleValue",
+	//		},
+	//  }
+	values := make(map[string]interface{})
+	if chartConfig != nil {
+		if err = yaml.Unmarshal(chartConfig, &values); err != nil {
+			return err
+		}
+	}
+
+	// Override some necessary values
+	values["role"] = "member"
+	// disable upgrade to prevent execution of ks-upgrade
+	values["upgrade"] = map[string]interface{}{
+		"enabled": false,
+	}
+	if err = unstructured.SetNestedField(values, jwtSecret, "authentication", "issuer", "jwtSecret"); err != nil {
+		return err
+	}
+
+	helmStatus := action.NewStatus(helmConf)
+	if _, err = helmStatus.Run(releaseName); err != nil {
+		if !errors.Is(err, driver.ErrReleaseNotFound) {
+			return err
 		}
 
-		apiCluster.CertificateAuthorityData = caData
+		// the release not exists
+		install := action.NewInstall(helmConf)
+		install.Namespace = constants.KubeSphereNamespace
+		install.CreateNamespace = true
+		install.Wait = true
+		install.ReleaseName = releaseName
+		install.Timeout = time.Minute * 5
+		if _, err = install.Run(chart, values); err != nil {
+			return err
+		}
+		return nil
 	}
 
-	apiConfig.Clusters["kubernetes"] = apiCluster
-
-	apiConfig.AuthInfos["kubernetes-admin"] = &api.AuthInfo{
-		ClientCertificateData: config.CertData,
-		ClientKeyData:         config.KeyData,
-		Token:                 config.BearerToken,
-		TokenFile:             config.BearerTokenFile,
-		Username:              config.Username,
-		Password:              config.Password,
+	upgrade := action.NewUpgrade(helmConf)
+	upgrade.Namespace = constants.KubeSphereNamespace
+	upgrade.Install = true
+	upgrade.Wait = true
+	upgrade.Timeout = time.Minute * 5
+	if _, err = upgrade.Run(releaseName, chart, values); err != nil {
+		return err
 	}
-
-	apiConfig.Contexts["kubernetes-admin@kubernetes"] = &api.Context{
-		Cluster:  "kubernetes",
-		AuthInfo: "kubernetes-admin",
-	}
-
-	apiConfig.CurrentContext = "kubernetes-admin@kubernetes"
-
-	return clientcmd.Write(*apiConfig)
+	return nil
+}
+
+func getKubeSphereConfig(ctx context.Context, client runtimeclient.Client) (*config.Config, error) {
+	cm := &corev1.ConfigMap{}
+	if err := client.Get(ctx, types.NamespacedName{Name: constants.KubeSphereConfigName, Namespace: constants.KubeSphereNamespace}, cm); err != nil {
+		return nil, err
+	}
+	configData, err := config.FromConfigMap(cm)
+	if err != nil {
+		return nil, err
+	}
+	return configData, nil
+}
+
+func hasCondition(conditions []clusterv1alpha1.ClusterCondition, conditionsType clusterv1alpha1.ClusterConditionType) bool {
+	for _, condition := range conditions {
+		if condition.Type == conditionsType && condition.Status == corev1.ConditionTrue {
+			return true
+		}
+	}
+	return false
 }