Merge pull request #4228 from wansir/fix-4167

Fix inconsistent user status in member cluster

cmd/controller-manager/app/controllers.go

@@ -43,7 +43,6 @@ import (
 	"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy/provider"
 	"kubesphere.io/kubesphere/pkg/controller/notification"
 	"kubesphere.io/kubesphere/pkg/controller/storage/capability"
-	"kubesphere.io/kubesphere/pkg/controller/user"
 	"kubesphere.io/kubesphere/pkg/controller/virtualservice"
 	"kubesphere.io/kubesphere/pkg/informers"
 	"kubesphere.io/kubesphere/pkg/simple/client/devops"
@@ -109,15 +108,10 @@ func addControllers(
 		informerFactory.SnapshotSharedInformerFactory().Snapshot().V1().VolumeSnapshotClasses(),
 	)
 
-	var fedUserCache, fedGlobalRoleBindingCache, fedGlobalRoleCache cache.Store
-	var fedUserCacheController, fedGlobalRoleBindingCacheController, fedGlobalRoleCacheController cache.Controller
+	var fedGlobalRoleBindingCache, fedGlobalRoleCache cache.Store
+	var fedGlobalRoleBindingCacheController, fedGlobalRoleCacheController cache.Controller
 
 	if multiClusterEnabled {
-		fedUserClient, err := util.NewResourceClient(client.Config(), &iamv1alpha2.FedUserResource)
-		if err != nil {
-			klog.Error(err)
-			return err
-		}
 		fedGlobalRoleClient, err := util.NewResourceClient(client.Config(), &iamv1alpha2.FedGlobalRoleResource)
 		if err != nil {
 			klog.Error(err)
@@ -129,23 +123,13 @@ func addControllers(
 			return err
 		}
 
-		fedUserCache, fedUserCacheController = util.NewResourceInformer(fedUserClient, "", &iamv1alpha2.FedUserResource, func(object runtimeclient.Object) {})
 		fedGlobalRoleCache, fedGlobalRoleCacheController = util.NewResourceInformer(fedGlobalRoleClient, "", &iamv1alpha2.FedGlobalRoleResource, func(object runtimeclient.Object) {})
 		fedGlobalRoleBindingCache, fedGlobalRoleBindingCacheController = util.NewResourceInformer(fedGlobalRoleBindingClient, "", &iamv1alpha2.FedGlobalRoleBindingResource, func(object runtimeclient.Object) {})
 
-		go fedUserCacheController.Run(stopCh)
 		go fedGlobalRoleCacheController.Run(stopCh)
 		go fedGlobalRoleBindingCacheController.Run(stopCh)
 	}
 
-	userController := user.NewUserController(client.Kubernetes(), client.KubeSphere(), client.Config(),
-		kubesphereInformer.Iam().V1alpha2().Users(),
-		kubesphereInformer.Iam().V1alpha2().LoginRecords(),
-		fedUserCache, fedUserCacheController,
-		kubernetesInformer.Core().V1().ConfigMaps(),
-		ldapClient, devopsClient,
-		authenticationOptions, multiClusterEnabled)
-
 	loginRecordController := loginrecord.NewLoginRecordController(
 		client.Kubernetes(),
 		client.KubeSphere(),
@@ -222,7 +206,6 @@ func addControllers(
 		"job-controller":                jobController,
 		"storagecapability-controller":  storageCapabilityController,
 		"volumesnapshot-controller":     volumeSnapshotController,
-		"user-controller":               userController,
 		"loginrecord-controller":        loginRecordController,
 		"cluster-controller":            clusterController,
 		"nsnp-controller":               nsnpController,

cmd/controller-manager/app/server.go

@@ -21,6 +21,8 @@ import (
 	"fmt"
 	"os"
 
+	"kubesphere.io/kubesphere/pkg/models/kubeconfig"
+
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -210,6 +212,22 @@ func run(s *options.KubeSphereControllerManagerOptions, ctx context.Context) err
 	// register common meta types into schemas.
 	metav1.AddToGroupVersion(mgr.GetScheme(), metav1.SchemeGroupVersion)
 
+	kubeconfigClient := kubeconfig.NewOperator(kubernetesClient.Kubernetes(),
+		informerFactory.KubernetesSharedInformerFactory().Core().V1().ConfigMaps().Lister(),
+		kubernetesClient.Config())
+	userController := user.Reconciler{
+		MultiClusterEnabled:     s.MultiClusterOptions.Enable,
+		MaxConcurrentReconciles: 4,
+		LdapClient:              ldapClient,
+		DevopsClient:            devopsClient,
+		KubeconfigClient:        kubeconfigClient,
+		AuthenticationOptions:   s.AuthenticationOptions,
+	}
+
+	if err = userController.SetupWithManager(mgr); err != nil {
+		klog.Fatalf("Unable to create user controller: %v", err)
+	}
+
 	workspaceTemplateReconciler := &workspacetemplate.Reconciler{MultiClusterEnabled: s.MultiClusterOptions.Enable}
 	if err = workspaceTemplateReconciler.SetupWithManager(mgr); err != nil {
 		klog.Fatalf("Unable to create workspace template controller: %v", err)