feat: kubesphere 4.0 (#6115)

* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

---------

Signed-off-by: ci-bot <ci-bot@kubesphere.io>
Co-authored-by: ks-ci-bot <ks-ci-bot@example.com>
Co-authored-by: joyceliu <joyceliu@yunify.com>

pkg/controller/extension/apiservice_webhook.go

@@ -0,0 +1,66 @@
+/*
+ * Please refer to the LICENSE file in the root directory of the project.
+ * https://github.com/kubesphere/kubesphere/blob/master/LICENSE
+ */
+
+package extension
+
+import (
+	"context"
+	"fmt"
+
+	kscontroller "kubesphere.io/kubesphere/pkg/controller"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	extensionsv1alpha1 "kubesphere.io/api/extensions/v1alpha1"
+)
+
+var _ admission.CustomValidator = &APIServiceWebhook{}
+var _ kscontroller.Controller = &APIServiceWebhook{}
+
+func (r *APIServiceWebhook) Name() string {
+	return "apiservice-webhook"
+}
+
+type APIServiceWebhook struct {
+	client.Client
+}
+
+func (r *APIServiceWebhook) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	return r.validateAPIService(ctx, obj.(*extensionsv1alpha1.APIService))
+}
+
+func (r *APIServiceWebhook) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
+	return r.validateAPIService(ctx, newObj.(*extensionsv1alpha1.APIService))
+}
+
+func (r *APIServiceWebhook) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	return nil, nil
+}
+
+func (r *APIServiceWebhook) validateAPIService(ctx context.Context, service *extensionsv1alpha1.APIService) (admission.Warnings, error) {
+	apiServices := &extensionsv1alpha1.APIServiceList{}
+	if err := r.Client.List(ctx, apiServices, &client.ListOptions{}); err != nil {
+		return nil, err
+	}
+	for _, apiService := range apiServices.Items {
+		if apiService.Name != service.Name &&
+			apiService.Spec.Group == service.Spec.Group &&
+			apiService.Spec.Version == service.Spec.Version {
+			return nil, fmt.Errorf("APIService %s/%s is already exists", service.Spec.Group, service.Spec.Version)
+		}
+	}
+	return nil, nil
+}
+
+func (r *APIServiceWebhook) SetupWithManager(mgr *kscontroller.Manager) error {
+	r.Client = mgr.GetClient()
+	return ctrl.NewWebhookManagedBy(mgr).
+		WithValidator(r).
+		For(&extensionsv1alpha1.APIService{}).
+		Complete()
+}

pkg/controller/extension/extensionentry_webhook.go

@@ -0,0 +1,131 @@
+/*
+ * Please refer to the LICENSE file in the root directory of the project.
+ * https://github.com/kubesphere/kubesphere/blob/master/LICENSE
+ */
+
+package extension
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+
+	kscontroller "kubesphere.io/kubesphere/pkg/controller"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	extensionsv1alpha1 "kubesphere.io/api/extensions/v1alpha1"
+)
+
+var _ admission.CustomValidator = &ExtensionEntryWebhook{}
+var _ kscontroller.Controller = &ExtensionEntryWebhook{}
+
+func (r *ExtensionEntryWebhook) Name() string {
+	return "extensionentry-webhook"
+}
+
+type ExtensionEntryWebhook struct {
+	client.Client
+}
+
+func (r *ExtensionEntryWebhook) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	return r.validateExtensionEntry(ctx, obj.(*extensionsv1alpha1.ExtensionEntry))
+}
+
+func (r *ExtensionEntryWebhook) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
+	return r.validateExtensionEntry(ctx, newObj.(*extensionsv1alpha1.ExtensionEntry))
+}
+
+func (r *ExtensionEntryWebhook) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	return nil, nil
+}
+
+func (r *ExtensionEntryWebhook) validateExtensionEntry(ctx context.Context, extensionEntry *extensionsv1alpha1.ExtensionEntry) (admission.Warnings, error) {
+	entryNameSet := sets.NewString()
+	entryLinkSet := sets.NewString()
+	for index, entry := range extensionEntry.Spec.Entries {
+		entryProps := make(map[string]interface{})
+		if err := json.Unmarshal(entry.Raw, &entryProps); err != nil {
+			return nil, err
+		}
+		entryNameVal, ok := entryProps["name"]
+		if !ok {
+			return nil, fmt.Errorf("ExtensionEntry %s spec.entries[%d].name cannot be empty", extensionEntry.Name, index)
+		}
+		entryName, ok := entryNameVal.(string)
+		if !ok {
+			return nil, fmt.Errorf("ExtensionEntry %s spec.entries[%d].name %s must be string", extensionEntry.Name, index, entryName)
+		}
+		if entryNameSet.Has(entryName) {
+			return nil, fmt.Errorf("ExtensionEntry %s spec.entries[%d].name %s is duplicated", extensionEntry.Name, index, entryName)
+		}
+		entryNameSet.Insert(entryName)
+
+		entryLinkVal, ok := entryProps["link"]
+		if !ok {
+			continue
+		}
+		entryLink, ok := entryLinkVal.(string)
+		if !ok {
+			return nil, fmt.Errorf("ExtensionEntry %s spec.entries[%d].link %s must be string", extensionEntry.Name, index, entryName)
+		}
+		if entryLinkSet.Has(entryLink) {
+			return nil, fmt.Errorf("ExtensionEntry %s spec.entries[%d].link %s is duplicated", extensionEntry.Name, index, entryLink)
+		}
+		entryLinkSet.Insert(entryLink)
+	}
+
+	extensionEntries := &extensionsv1alpha1.ExtensionEntryList{}
+	if err := r.Client.List(ctx, extensionEntries, &client.ListOptions{}); err != nil {
+		return nil, err
+	}
+	for _, target := range extensionEntries.Items {
+		if target.Name == extensionEntry.Name {
+			continue
+		}
+		for index, targetEntry := range target.Spec.Entries {
+			entryProps := make(map[string]interface{})
+			if err := json.Unmarshal(targetEntry.Raw, &entryProps); err != nil {
+				return nil, err
+			}
+			entryNameVal, ok := entryProps["name"]
+			if !ok {
+				return nil, fmt.Errorf("ExtensionEntry %s spec.entries[%d].name cannot be empty", target.Name, index)
+			}
+			entryName, ok := entryNameVal.(string)
+			if !ok {
+				return nil, fmt.Errorf("ExtensionEntry %s spec.entries[%d].name %s must be string", extensionEntry.Name, index, entryName)
+			}
+
+			if entryNameSet.Has(entryName) {
+				return nil, fmt.Errorf("ExtensionEntry %s spec.entries[].name %s is already exists", extensionEntry.Name, entryName)
+			}
+
+			entryLinkVal, ok := entryProps["link"]
+			if !ok {
+				continue
+			}
+			entryLink, ok := entryLinkVal.(string)
+			if !ok {
+				return nil, fmt.Errorf("ExtensionEntry %s spec.entries[%d].link %s must be string", extensionEntry.Name, index, entryName)
+			}
+			if entryLinkSet.Has(entryLink) {
+				return nil, fmt.Errorf("ExtensionEntry %s spec.entries[].link %s is already exists", extensionEntry.Name, entryLink)
+			}
+		}
+	}
+	return nil, nil
+}
+
+func (r *ExtensionEntryWebhook) SetupWithManager(mgr *kscontroller.Manager) error {
+	r.Client = mgr.GetClient()
+	return ctrl.NewWebhookManagedBy(mgr).
+		WithValidator(r).
+		For(&extensionsv1alpha1.ExtensionEntry{}).
+		Complete()
+}

pkg/controller/extension/jsbundle_webhook.go

@@ -0,0 +1,93 @@
+/*
+ * Please refer to the LICENSE file in the root directory of the project.
+ * https://github.com/kubesphere/kubesphere/blob/master/LICENSE
+ */
+
+package extension
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	kscontroller "kubesphere.io/kubesphere/pkg/controller"
+
+	clusterv1alpha1 "kubesphere.io/api/cluster/v1alpha1"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"kubesphere.io/api/core/v1alpha1"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	extensionsv1alpha1 "kubesphere.io/api/extensions/v1alpha1"
+)
+
+var _ admission.CustomValidator = &JSBundleWebhook{}
+var _ admission.CustomDefaulter = &JSBundleWebhook{}
+var _ kscontroller.Controller = &JSBundleWebhook{}
+
+type JSBundleWebhook struct {
+	client.Client
+}
+
+func (r *JSBundleWebhook) Name() string {
+	return "jsbundle-webhook"
+}
+
+func (r *JSBundleWebhook) Enabled(clusterRole string) bool {
+	return strings.EqualFold(clusterRole, string(clusterv1alpha1.ClusterRoleHost))
+}
+
+func (r *JSBundleWebhook) SetupWithManager(mgr *kscontroller.Manager) error {
+	r.Client = mgr.GetClient()
+	return ctrl.NewWebhookManagedBy(mgr).
+		WithValidator(r).
+		WithDefaulter(r).
+		For(&extensionsv1alpha1.JSBundle{}).
+		Complete()
+}
+
+var _ admission.CustomDefaulter = &JSBundleWebhook{}
+
+func (r *JSBundleWebhook) Default(_ context.Context, obj runtime.Object) error {
+	jsBundle := obj.(*extensionsv1alpha1.JSBundle)
+	extensionName := jsBundle.Labels[v1alpha1.ExtensionReferenceLabel]
+	if jsBundle.Status.Link == "" && extensionName != "" {
+		jsBundle.Status.Link = fmt.Sprintf("/dist/%s/index.js", extensionName)
+	}
+	return nil
+}
+
+func (r *JSBundleWebhook) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	return r.validateJSBundle(ctx, obj.(*extensionsv1alpha1.JSBundle))
+}
+
+func (r *JSBundleWebhook) ValidateUpdate(ctx context.Context, _, newObj runtime.Object) (admission.Warnings, error) {
+	return r.validateJSBundle(ctx, newObj.(*extensionsv1alpha1.JSBundle))
+}
+
+func (r *JSBundleWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
+	return nil, nil
+}
+
+func (r *JSBundleWebhook) validateJSBundle(ctx context.Context, jsBundle *extensionsv1alpha1.JSBundle) (admission.Warnings, error) {
+	if jsBundle.Status.Link == "" {
+		return nil, nil
+	}
+	extensionName := jsBundle.Labels[v1alpha1.ExtensionReferenceLabel]
+	if extensionName != "" && !strings.HasPrefix(jsBundle.Status.Link, fmt.Sprintf("/dist/%s", extensionName)) {
+		return nil, fmt.Errorf("the prefix of status.link must be in the format /dist/%s/", extensionName)
+	}
+	jsBundles := &extensionsv1alpha1.JSBundleList{}
+	if err := r.Client.List(ctx, jsBundles, &client.ListOptions{}); err != nil {
+		return nil, err
+	}
+	for _, item := range jsBundles.Items {
+		if item.Name != jsBundle.Name &&
+			item.Status.Link == jsBundle.Status.Link {
+			return nil, fmt.Errorf("JSBundle %s is already exists", jsBundle.Status.Link)
+		}
+	}
+	return nil, nil
+}

pkg/controller/extension/reverseproxy_webhook.go

@@ -0,0 +1,76 @@
+/*
+ * Please refer to the LICENSE file in the root directory of the project.
+ * https://github.com/kubesphere/kubesphere/blob/master/LICENSE
+ */
+
+package extension
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	kscontroller "kubesphere.io/kubesphere/pkg/controller"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	extensionsv1alpha1 "kubesphere.io/api/extensions/v1alpha1"
+)
+
+var _ admission.CustomValidator = &ReverseProxyWebhook{}
+var _ kscontroller.Controller = &ReverseProxyWebhook{}
+
+func (r *ReverseProxyWebhook) Name() string {
+	return "reverseproxy-webhook"
+}
+
+type ReverseProxyWebhook struct {
+	client.Client
+}
+
+func (r *ReverseProxyWebhook) SetupWithManager(mgr *kscontroller.Manager) error {
+	r.Client = mgr.GetClient()
+	return ctrl.NewWebhookManagedBy(mgr).
+		WithValidator(r).
+		For(&extensionsv1alpha1.ReverseProxy{}).
+		Complete()
+}
+
+func (r *ReverseProxyWebhook) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	return r.validateReverseProxy(ctx, obj.(*extensionsv1alpha1.ReverseProxy))
+}
+
+func (r *ReverseProxyWebhook) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
+	return r.validateReverseProxy(ctx, newObj.(*extensionsv1alpha1.ReverseProxy))
+}
+
+func (r *ReverseProxyWebhook) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	return nil, nil
+}
+
+func (r *ReverseProxyWebhook) validateReverseProxy(ctx context.Context, proxy *extensionsv1alpha1.ReverseProxy) (admission.Warnings, error) {
+	reverseProxies := &extensionsv1alpha1.ReverseProxyList{}
+	if err := r.Client.List(ctx, reverseProxies, &client.ListOptions{}); err != nil {
+		return nil, err
+	}
+	for _, reverseProxy := range reverseProxies.Items {
+		if reverseProxy.Name == proxy.Name {
+			continue
+		}
+		if reverseProxy.Spec.Matcher.Method != proxy.Spec.Matcher.Method &&
+			reverseProxy.Spec.Matcher.Method != "*" {
+			continue
+		}
+		if reverseProxy.Spec.Matcher.Path == proxy.Spec.Matcher.Path {
+			return nil, fmt.Errorf("ReverseProxy %v is already exists", proxy.Spec.Matcher)
+		}
+		if strings.HasSuffix(reverseProxy.Spec.Matcher.Path, "*") &&
+			strings.HasPrefix(proxy.Spec.Matcher.Path, strings.TrimRight(reverseProxy.Spec.Matcher.Path, "*")) {
+			return nil, fmt.Errorf("ReverseProxy %v is already exists", proxy.Spec.Matcher)
+		}
+	}
+	return nil, nil
+}