refactor iam api

Signed-off-by: hongming <talonwan@yunify.com>

cmd/controller-manager/controller-manager.go

@@ -20,11 +20,14 @@ package main
 
 import (
 	"flag"
+
+	"os"
+	"sigs.k8s.io/application/pkg/apis/app/v1beta1"
+
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 	"kubesphere.io/kubesphere/pkg/informers"
 	"kubesphere.io/kubesphere/pkg/simple/client/k8s"
 	"kubesphere.io/kubesphere/pkg/simple/controller/namespace"
-	"os"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
 	"sigs.k8s.io/controller-runtime/pkg/runtime/signals"
@@ -66,6 +69,13 @@ func main() {
 		os.Exit(1)
 	}
 
+	log.Info("Print all known types")
+	for k, v := range mgr.GetScheme().AllKnownTypes() {
+		if k.Group == v1beta1.SchemeGroupVersion.Group {
+			log.Info(k.String() + " / " + v.String())
+		}
+	}
+
 	// Setup all Controllers
 	log.Info("Setting up controller")
 	if err := controller.AddToManager(mgr); err != nil {

cmd/ks-apiserver/apiserver.go

@@ -25,6 +25,7 @@ import (
 	_ "kubesphere.io/kubesphere/pkg/apis/monitoring/install"
 	_ "kubesphere.io/kubesphere/pkg/apis/operations/install"
 	_ "kubesphere.io/kubesphere/pkg/apis/resources/install"
+	_ "kubesphere.io/kubesphere/pkg/apis/servicemesh/metrics/install"
 )
 
 func main() {

cmd/ks-apiserver/app/options/options.go

@@ -0,0 +1,34 @@
+package options
+
+import (
+	"github.com/spf13/pflag"
+	genericoptions "kubesphere.io/kubesphere/pkg/options"
+)
+
+type ServerRunOptions struct {
+	GenericServerRunOptions *genericoptions.ServerRunOptions
+
+	// istio pilot discovery service url
+	IstioPilotServiceURL string
+	OpenPitrixServer     string
+	OpenPitrixProxyToken string
+}
+
+func NewServerRunOptions() *ServerRunOptions {
+
+	s := ServerRunOptions{
+		GenericServerRunOptions: genericoptions.NewServerRunOptions(),
+		IstioPilotServiceURL:    "http://istio-pilot.istio-system.svc:8080/version",
+	}
+
+	return &s
+}
+
+func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
+
+	s.GenericServerRunOptions.AddFlags(fs)
+
+	fs.StringVar(&s.IstioPilotServiceURL, "istio-pilot-service-url", "http://istio-pilot.istio-system.svc:8080/version", "istio pilot discovery service url")
+	fs.StringVar(&s.OpenPitrixServer, "openpitrix-server", "http://openpitrix-api-gateway.openpitrix-system.svc", "openpitrix server")
+	fs.StringVar(&s.OpenPitrixProxyToken, "openpitrix-proxy-token", "", "openpitrix proxy token")
+}

cmd/ks-apiserver/app/server.go

@@ -21,18 +21,23 @@ import (
 	goflag "flag"
 	"fmt"
 	"github.com/golang/glog"
+	kconfig "github.com/kiali/kiali/config"
 	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"kubesphere.io/kubesphere/cmd/ks-apiserver/app/options"
 	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
 	"kubesphere.io/kubesphere/pkg/filter"
 	"kubesphere.io/kubesphere/pkg/informers"
-	"kubesphere.io/kubesphere/pkg/options"
+	"kubesphere.io/kubesphere/pkg/models/applications"
 	"kubesphere.io/kubesphere/pkg/signals"
+	"kubesphere.io/kubesphere/pkg/simple/client/prometheus"
 	"log"
 	"net/http"
+	"net/url"
 )
 
 func NewAPIServerCommand() *cobra.Command {
-	s := options.SharedOptions
+	s := options.NewServerRunOptions()
 
 	cmd := &cobra.Command{
 		Use: "ks-apiserver",
@@ -44,14 +49,22 @@ cluster's shared state through which all other components interact.`,
 		},
 	}
 
-	cmd.Flags().AddFlagSet(s.CommandLine)
+	s.AddFlags(cmd.Flags())
 	cmd.Flags().AddGoFlagSet(goflag.CommandLine)
 	glog.CopyStandardLogTo("INFO")
+
 	return cmd
 }
 
 func Run(s *options.ServerRunOptions) error {
 
+	pflag.VisitAll(func(flag *pflag.Flag) {
+		log.Printf("FLAG: --%s=%q", flag.Name, flag.Value)
+	})
+
+	applications.OpenPitrixServer = s.OpenPitrixServer
+	applications.OpenPitrixProxyToken = s.OpenPitrixProxyToken
+
 	var err error
 
 	waitForResourceSync()
@@ -59,19 +72,55 @@ func Run(s *options.ServerRunOptions) error {
 	container := runtime.Container
 	container.Filter(filter.Logging)
 
-	log.Printf("Server listening on %d.", s.InsecurePort)
+	log.Printf("Server listening on %d.", s.GenericServerRunOptions.InsecurePort)
 
-	if s.InsecurePort != 0 {
-		err = http.ListenAndServe(fmt.Sprintf("%s:%d", s.BindAddress, s.InsecurePort), container)
+	for _, webservice := range container.RegisteredWebServices() {
+		for _, route := range webservice.Routes() {
+			log.Printf(route.Path)
+		}
 	}
 
-	if s.SecurePort != 0 && len(s.TlsCertFile) > 0 && len(s.TlsPrivateKey) > 0 {
-		err = http.ListenAndServeTLS(fmt.Sprintf("%s:%d", s.BindAddress, s.SecurePort), s.TlsCertFile, s.TlsPrivateKey, container)
+	initializeKialiConfig(s)
+
+	if s.GenericServerRunOptions.InsecurePort != 0 {
+		err = http.ListenAndServe(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.InsecurePort), container)
+	}
+
+	if s.GenericServerRunOptions.SecurePort != 0 && len(s.GenericServerRunOptions.TlsCertFile) > 0 && len(s.GenericServerRunOptions.TlsPrivateKey) > 0 {
+		err = http.ListenAndServeTLS(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.SecurePort), s.GenericServerRunOptions.TlsCertFile, s.GenericServerRunOptions.TlsPrivateKey, container)
 	}
 
 	return err
 }
 
+func initializeKialiConfig(s *options.ServerRunOptions) {
+	// Initialize kiali config
+	config := kconfig.NewConfig()
+
+	// Exclude system namespaces
+	config.API.Namespaces.Exclude = []string{"istio-system", "kubesphere*", "kube*"}
+	config.InCluster = false
+
+	// Set default prometheus service url
+	config.ExternalServices.PrometheusServiceURL = "http://prometheus.kubesphere-monitoring-system.svc:9090"
+
+	// ugly hack to get prometheus service url
+	if pflag.Parsed() && pflag.Lookup("prometheus-endpoint") != nil {
+		// Set prometheus
+		endpoint, err := url.Parse(prometheus.PrometheusAPIEndpoint)
+		if err != nil {
+			config.ExternalServices.PrometheusServiceURL = endpoint.Path
+		}
+	}
+
+	config.ExternalServices.PrometheusCustomMetricsURL = config.ExternalServices.PrometheusServiceURL
+
+	// Set istio pilot discovery service url
+	config.ExternalServices.Istio.UrlServiceVersion = s.IstioPilotServiceURL
+
+	kconfig.Set(config)
+}
+
 func waitForResourceSync() {
 	stopChan := signals.SetupSignalHandler()
 
@@ -96,6 +145,7 @@ func waitForResourceSync() {
 	informerFactory.Apps().V1().StatefulSets().Lister()
 	informerFactory.Apps().V1().Deployments().Lister()
 	informerFactory.Apps().V1().DaemonSets().Lister()
+	informerFactory.Apps().V1().ReplicaSets().Lister()
 
 	informerFactory.Batch().V1().Jobs().Lister()
 	informerFactory.Batch().V1beta1().CronJobs().Lister()

cmd/ks-iam/app/options/options.go

@@ -0,0 +1,27 @@
+package options
+
+import (
+	"github.com/spf13/pflag"
+	genericoptions "kubesphere.io/kubesphere/pkg/options"
+)
+
+type ServerRunOptions struct {
+	GenericServerRunOptions *genericoptions.ServerRunOptions
+	AdminEmail              string
+	AdminPassword           string
+	TokenExpireTime         string
+}
+
+func NewServerRunOptions() *ServerRunOptions {
+	s := &ServerRunOptions{
+		GenericServerRunOptions: genericoptions.NewServerRunOptions(),
+	}
+	return s
+}
+
+func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
+	fs.StringVar(&s.AdminEmail, "admin-email", "admin@kubesphere.io", "default administrator's email")
+	fs.StringVar(&s.AdminPassword, "admin-password", "passw0rd", "default administrator's password")
+	fs.StringVar(&s.TokenExpireTime, "token-expire-time", "24h", "token expire time")
+	s.GenericServerRunOptions.AddFlags(fs)
+}

cmd/ks-iam/app/server.go

@@ -22,18 +22,20 @@ import (
 	"fmt"
 	"github.com/golang/glog"
 	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"kubesphere.io/kubesphere/cmd/ks-iam/app/options"
 	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
 	"kubesphere.io/kubesphere/pkg/filter"
 	"kubesphere.io/kubesphere/pkg/informers"
 	"kubesphere.io/kubesphere/pkg/models/iam"
-	"kubesphere.io/kubesphere/pkg/options"
 	"kubesphere.io/kubesphere/pkg/signals"
 	"log"
 	"net/http"
+	"time"
 )
 
 func NewAPIServerCommand() *cobra.Command {
-	s := options.SharedOptions
+	s := options.NewServerRunOptions()
 
 	cmd := &cobra.Command{
 		Use: "ks-iam",
@@ -44,17 +46,29 @@ cluster's shared state through which all other components interact.`,
 			return Run(s)
 		},
 	}
-	cmd.Flags().AddFlagSet(s.CommandLine)
+	s.AddFlags(cmd.Flags())
 	cmd.Flags().AddGoFlagSet(goflag.CommandLine)
 	glog.CopyStandardLogTo("INFO")
+
 	return cmd
 }
 
 func Run(s *options.ServerRunOptions) error {
 
+	pflag.VisitAll(func(flag *pflag.Flag) {
+		log.Printf("FLAG: --%s=%q", flag.Name, flag.Value)
+	})
+
 	var err error
 
-	err = iam.DatabaseInit()
+
+	expireTime, err := time.ParseDuration(s.TokenExpireTime)
+
+	if err != nil {
+		return err
+	}
+
+	err = iam.Init(s.AdminEmail, s.AdminPassword, expireTime)
 
 	if err != nil {
 		return err
@@ -65,14 +79,12 @@ func Run(s *options.ServerRunOptions) error {
 	container := runtime.Container
 	container.Filter(filter.Logging)
 
-	log.Printf("Server listening on %d.", s.InsecurePort)
-
-	if s.InsecurePort != 0 {
-		err = http.ListenAndServe(fmt.Sprintf("%s:%d", s.BindAddress, s.InsecurePort), container)
+	if s.GenericServerRunOptions.InsecurePort != 0 {
+		err = http.ListenAndServe(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.InsecurePort), container)
 	}
 
-	if s.SecurePort != 0 && len(s.TlsCertFile) > 0 && len(s.TlsPrivateKey) > 0 {
-		err = http.ListenAndServeTLS(fmt.Sprintf("%s:%d", s.BindAddress, s.SecurePort), s.TlsCertFile, s.TlsPrivateKey, container)
+	if s.GenericServerRunOptions.SecurePort != 0 && len(s.GenericServerRunOptions.TlsCertFile) > 0 && len(s.GenericServerRunOptions.TlsPrivateKey) > 0 {
+		err = http.ListenAndServeTLS(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.SecurePort), s.GenericServerRunOptions.TlsCertFile, s.GenericServerRunOptions.TlsPrivateKey, container)
 	}
 
 	return err