automatically create kubeconfig

Signed-off-by: hongming <talonwan@yunify.com>

config/crds/tenant_v1alpha1_workspace.yaml

@@ -30,16 +30,8 @@ spec:
           properties:
             manager:
               type: string
-            quotas:
-              type: object
           type: object
         status:
-          properties:
-            quotas:
-              description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
-                of cluster Important: Run "make" to regenerate code after modifying
-                this file'
-              type: object
           type: object
   version: v1alpha1
 status:

pkg/apis/tenant/v1alpha1/workspace_types.go

@@ -19,7 +19,6 @@
 package v1alpha1
 
 import (
-	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -29,14 +28,12 @@ import (
 // WorkspaceSpec defines the desired state of Workspace
 type WorkspaceSpec struct {
 	Manager string `json:"manager,omitempty"`
-	Quotas  v1.ResourceQuotaSpec `json:"quotas,omitempty"`
 }
 
 // WorkspaceStatus defines the observed state of Workspace
 type WorkspaceStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
-	Quotas v1.ResourceQuotaStatus `json:"quotas,omitempty"`
 }
 
 // +genclient

pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go

@@ -21,7 +21,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"k8s.io/apimachinery/pkg/runtime"
+	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -29,8 +29,8 @@ func (in *Workspace) DeepCopyInto(out *Workspace) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
+	out.Spec = in.Spec
-	in.Status.DeepCopyInto(&out.Status)
+	out.Status = in.Status
 	return
 }
 
@@ -88,7 +88,6 @@ func (in *WorkspaceList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkspaceSpec) DeepCopyInto(out *WorkspaceSpec) {
 	*out = *in
-	in.Quotas.DeepCopyInto(&out.Quotas)
 	return
 }
 
@@ -105,7 +104,6 @@ func (in *WorkspaceSpec) DeepCopy() *WorkspaceSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkspaceStatus) DeepCopyInto(out *WorkspaceStatus) {
 	*out = *in
-	in.Quotas.DeepCopyInto(&out.Quotas)
 	return
 }
 

pkg/apiserver/resources/application.go

@@ -19,6 +19,7 @@ package resources
 
 import (
 	"github.com/emicklei/go-restful"
+	"github.com/golang/glog"
 	"k8s.io/api/core/v1"
 	"kubesphere.io/kubesphere/pkg/constants"
 	"kubesphere.io/kubesphere/pkg/errors"
@@ -42,6 +43,7 @@ func ApplicationHandler(req *restful.Request, resp *restful.Response) {
 	if len(clusterId) > 0 {
 		app, err := applications.GetApp(clusterId)
 		if err != nil {
+			glog.Errorln("get application error", err)
 			resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 			return
 		}
@@ -65,15 +67,14 @@ func NamespacedApplicationHandler(req *restful.Request, resp *restful.Response)
 	namespaceName := req.PathParameter("namespace")
 	clusterId := req.QueryParameter("cluster_id")
 	conditions, err := params.ParseConditions(req.QueryParameter(params.ConditionsParam))
-	if err != nil {
 	if err != nil {
 		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
 		return
 	}
-	}
 	if len(clusterId) > 0 {
 		app, err := applications.GetApp(clusterId)
 		if err != nil {
+			glog.Errorln("get app failed", err)
 			resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 			return
 		}
@@ -84,6 +85,7 @@ func NamespacedApplicationHandler(req *restful.Request, resp *restful.Response)
 	namespace, err := resources.GetResource("", resources.Namespaces, namespaceName)
 
 	if err != nil {
+		glog.Errorln("get namespace failed", err)
 		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
@@ -95,6 +97,7 @@ func NamespacedApplicationHandler(req *restful.Request, resp *restful.Response)
 	}
 
 	if runtimeId == "" {
+		glog.Errorln("runtime id not found")
 		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.New("openpitrix runtime not init"))
 		return
 	}
@@ -102,6 +105,7 @@ func NamespacedApplicationHandler(req *restful.Request, resp *restful.Response)
 	result, err := applications.ListApplication(runtimeId, conditions, limit, offset)
 
 	if err != nil {
+		glog.Errorln("list applications failed", err)
 		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}

pkg/apiserver/resources/user.go

@@ -19,6 +19,7 @@ package resources
 
 import (
 	"github.com/emicklei/go-restful"
+	k8serr "k8s.io/apimachinery/pkg/api/errors"
 	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
@@ -47,7 +48,14 @@ func GetKubeconfig(req *restful.Request, resp *restful.Response) {
 	kubectlConfig, err := kubeconfig.GetKubeConfig(user)
 
 	if err != nil {
+		if k8serr.IsNotFound(err) {
+			// recreate
+			kubeconfig.CreateKubeConfig(user)
+			resp.WriteHeaderAndEntity(http.StatusNotFound, errors.Wrap(err))
+		} else {
 			resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		}
+
 		return
 	}
 

pkg/client/clientset/versioned/clientset.go

@@ -19,9 +19,9 @@ limitations under the License.
 package versioned
 
 import (
-	"k8s.io/client-go/discovery"
+	discovery "k8s.io/client-go/discovery"
-	"k8s.io/client-go/rest"
+	rest "k8s.io/client-go/rest"
-	"k8s.io/client-go/util/flowcontrol"
+	flowcontrol "k8s.io/client-go/util/flowcontrol"
 	servicemeshv1alpha2 "kubesphere.io/kubesphere/pkg/client/clientset/versioned/typed/servicemesh/v1alpha2"
 	tenantv1alpha1 "kubesphere.io/kubesphere/pkg/client/clientset/versioned/typed/tenant/v1alpha1"
 )

pkg/client/clientset/versioned/fake/register.go

@@ -19,10 +19,10 @@ limitations under the License.
 package fake
 
 import (
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
+	runtime "k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
+	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	servicemeshv1alpha2 "kubesphere.io/kubesphere/pkg/apis/servicemesh/v1alpha2"
 	tenantv1alpha1 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"

pkg/client/clientset/versioned/scheme/register.go

@@ -19,10 +19,10 @@ limitations under the License.
 package scheme
 
 import (
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
+	runtime "k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
+	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	servicemeshv1alpha2 "kubesphere.io/kubesphere/pkg/apis/servicemesh/v1alpha2"
 	tenantv1alpha1 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"

pkg/client/clientset/versioned/typed/tenant/v1alpha1/fake/fake_tenant_client.go

@@ -19,9 +19,9 @@ limitations under the License.
 package fake
 
 import (
-	"k8s.io/client-go/rest"
+	rest "k8s.io/client-go/rest"
-	"k8s.io/client-go/testing"
+	testing "k8s.io/client-go/testing"
-	"kubesphere.io/kubesphere/pkg/client/clientset/versioned/typed/tenant/v1alpha1"
+	v1alpha1 "kubesphere.io/kubesphere/pkg/client/clientset/versioned/typed/tenant/v1alpha1"
 )
 
 type FakeTenantV1alpha1 struct {

pkg/client/clientset/versioned/typed/tenant/v1alpha1/fake/fake_workspace.go

@@ -19,13 +19,13 @@ limitations under the License.
 package fake
 
 import (
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/labels"
+	labels "k8s.io/apimachinery/pkg/labels"
-	"k8s.io/apimachinery/pkg/runtime/schema"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/types"
+	types "k8s.io/apimachinery/pkg/types"
-	"k8s.io/apimachinery/pkg/watch"
+	watch "k8s.io/apimachinery/pkg/watch"
-	"k8s.io/client-go/testing"
+	testing "k8s.io/client-go/testing"
-	"kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
+	v1alpha1 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
 )
 
 // FakeWorkspaces implements WorkspaceInterface

pkg/client/clientset/versioned/typed/tenant/v1alpha1/tenant_client.go

@@ -19,9 +19,9 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"k8s.io/apimachinery/pkg/runtime/serializer"
+	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
-	"k8s.io/client-go/rest"
+	rest "k8s.io/client-go/rest"
-	"kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
+	v1alpha1 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
 	"kubesphere.io/kubesphere/pkg/client/clientset/versioned/scheme"
 )
 

pkg/client/clientset/versioned/typed/tenant/v1alpha1/workspace.go

@@ -21,12 +21,12 @@ package v1alpha1
 import (
 	"time"
 
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
+	types "k8s.io/apimachinery/pkg/types"
-	"k8s.io/apimachinery/pkg/watch"
+	watch "k8s.io/apimachinery/pkg/watch"
-	"k8s.io/client-go/rest"
+	rest "k8s.io/client-go/rest"
-	"kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
+	v1alpha1 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
-	"kubesphere.io/kubesphere/pkg/client/clientset/versioned/scheme"
+	scheme "kubesphere.io/kubesphere/pkg/client/clientset/versioned/scheme"
 )
 
 // WorkspacesGetter has a method to return a WorkspaceInterface.

pkg/client/informers/externalversions/factory.go

@@ -19,18 +19,18 @@ limitations under the License.
 package externalversions
 
 import (
-	"reflect"
+	reflect "reflect"
-	"sync"
+	sync "sync"
-	"time"
+	time "time"
 
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
+	runtime "k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/tools/cache"
+	cache "k8s.io/client-go/tools/cache"
-	"kubesphere.io/kubesphere/pkg/client/clientset/versioned"
+	versioned "kubesphere.io/kubesphere/pkg/client/clientset/versioned"
-	"kubesphere.io/kubesphere/pkg/client/informers/externalversions/internalinterfaces"
+	internalinterfaces "kubesphere.io/kubesphere/pkg/client/informers/externalversions/internalinterfaces"
-	"kubesphere.io/kubesphere/pkg/client/informers/externalversions/servicemesh"
+	servicemesh "kubesphere.io/kubesphere/pkg/client/informers/externalversions/servicemesh"
-	"kubesphere.io/kubesphere/pkg/client/informers/externalversions/tenant"
+	tenant "kubesphere.io/kubesphere/pkg/client/informers/externalversions/tenant"
 )
 
 // SharedInformerOption defines the functional option type for SharedInformerFactory.

pkg/client/informers/externalversions/generic.go

@@ -21,10 +21,10 @@ package externalversions
 import (
 	"fmt"
 
-	"k8s.io/apimachinery/pkg/runtime/schema"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/tools/cache"
+	cache "k8s.io/client-go/tools/cache"
-	"kubesphere.io/kubesphere/pkg/apis/servicemesh/v1alpha2"
+	v1alpha2 "kubesphere.io/kubesphere/pkg/apis/servicemesh/v1alpha2"
-	"kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
+	v1alpha1 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
 )
 
 // GenericInformer is type of SharedIndexInformer which will locate and delegate to other

pkg/client/informers/externalversions/tenant/interface.go

@@ -19,8 +19,8 @@ limitations under the License.
 package tenant
 
 import (
-	"kubesphere.io/kubesphere/pkg/client/informers/externalversions/internalinterfaces"
+	internalinterfaces "kubesphere.io/kubesphere/pkg/client/informers/externalversions/internalinterfaces"
-	"kubesphere.io/kubesphere/pkg/client/informers/externalversions/tenant/v1alpha1"
+	v1alpha1 "kubesphere.io/kubesphere/pkg/client/informers/externalversions/tenant/v1alpha1"
 )
 
 // Interface provides access to each of this group's versions.

pkg/client/informers/externalversions/tenant/v1alpha1/interface.go

@@ -19,7 +19,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"kubesphere.io/kubesphere/pkg/client/informers/externalversions/internalinterfaces"
+	internalinterfaces "kubesphere.io/kubesphere/pkg/client/informers/externalversions/internalinterfaces"
 )
 
 // Interface provides access to all the informers in this group version.

pkg/client/informers/externalversions/tenant/v1alpha1/workspace.go

@@ -19,16 +19,16 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"time"
+	time "time"
 
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
+	runtime "k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/watch"
+	watch "k8s.io/apimachinery/pkg/watch"
-	"k8s.io/client-go/tools/cache"
+	cache "k8s.io/client-go/tools/cache"
 	tenantv1alpha1 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
-	"kubesphere.io/kubesphere/pkg/client/clientset/versioned"
+	versioned "kubesphere.io/kubesphere/pkg/client/clientset/versioned"
-	"kubesphere.io/kubesphere/pkg/client/informers/externalversions/internalinterfaces"
+	internalinterfaces "kubesphere.io/kubesphere/pkg/client/informers/externalversions/internalinterfaces"
-	"kubesphere.io/kubesphere/pkg/client/listers/tenant/v1alpha1"
+	v1alpha1 "kubesphere.io/kubesphere/pkg/client/listers/tenant/v1alpha1"
 )
 
 // WorkspaceInformer provides access to a shared informer and lister for

pkg/client/listers/tenant/v1alpha1/workspace.go

@@ -22,7 +22,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/tools/cache"
-	"kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
+	v1alpha1 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
 )
 
 // WorkspaceLister helps list Workspaces.

pkg/models/applications/applications.go

@@ -96,6 +96,7 @@ func GetApp(clusterId string) (*Application, error) {
 	item, err := openpitrix.GetCluster(clusterId)
 
 	if err != nil {
+		glog.Error(err)
 		return nil, err
 	}
 

pkg/models/iam/am.go

@@ -30,7 +30,6 @@ import (
 	"kubesphere.io/kubesphere/pkg/informers"
 	"kubesphere.io/kubesphere/pkg/models"
 	"kubesphere.io/kubesphere/pkg/models/iam/policy"
-	"kubesphere.io/kubesphere/pkg/models/kubeconfig"
 	"kubesphere.io/kubesphere/pkg/models/kubectl"
 	"kubesphere.io/kubesphere/pkg/models/resources"
 	"kubesphere.io/kubesphere/pkg/params"
@@ -39,6 +38,7 @@ import (
 	"kubesphere.io/kubesphere/pkg/utils/sliceutil"
 	"sort"
 	"strings"
+	"time"
 )
 
 const (
@@ -643,9 +643,6 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
 			glog.Errorln("create cluster role binding", err)
 			return err
 		}
-		if err := kubeconfig.CreateKubeConfig(username); err != nil {
-			glog.Errorln("create user kubeconfig failed", username, err)
-		}
 		if clusterRoleName == constants.ClusterAdmin {
 			if err := kubectl.CreateKubectlDeploy(username); err != nil {
 				glog.Errorln("create user terminal pod failed", username, err)
@@ -667,18 +664,22 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
 			return err
 		}
 		if found.RoleRef.Name == constants.ClusterAdmin {
-			if err := kubeconfig.DelKubeConfig(username); err != nil {
-				glog.Error("delete user kubeconfig failed", username, err)
-			}
 			if err := kubectl.DelKubectlDeploy(username); err != nil {
 				glog.Error("delete user terminal pod failed", username, err)
 			}
 		}
+		maxRetries := 3
+		for i := 0; i < maxRetries; i++ {
 			_, err = k8s.Client().RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
+			if apierrors.IsAlreadyExists(err) {
+				time.Sleep(300 * time.Millisecond)
+				continue
+			}
 			if err != nil {
 				glog.Errorln("create cluster role binding", err)
 				return err
 			}
+		}
 		return nil
 	}
 

pkg/models/iam/im.go

@@ -24,6 +24,8 @@ import (
 	"io/ioutil"
 	"kubesphere.io/kubesphere/pkg/constants"
 	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/models/kubeconfig"
+	"kubesphere.io/kubesphere/pkg/models/kubectl"
 	"kubesphere.io/kubesphere/pkg/params"
 	"kubesphere.io/kubesphere/pkg/simple/client/k8s"
 	"kubesphere.io/kubesphere/pkg/simple/client/redis"
@@ -499,16 +501,24 @@ func DeleteUser(username string) error {
 
 	deleteRequest := ldap.NewDelRequest(fmt.Sprintf("uid=%s,%s", username, ldapclient.UserSearchBase), nil)
 
-	err = conn.Del(deleteRequest)
+	if err = conn.Del(deleteRequest); err != nil {
-
-	if err != nil {
 		glog.Errorln("delete user", err)
 		return err
 	}
 
-	err = deleteRoleBindings(username)
+	if err = deleteRoleBindings(username); err != nil {
+		glog.Errorln("delete user role bindings failed", username, err)
+	}
 
-	return err
+	if err := kubeconfig.DelKubeConfig(username); err != nil {
+		glog.Errorln("delete user kubeconfig failed", username, err)
+	}
+
+	if err := kubectl.DelKubectlDeploy(username); err != nil {
+		glog.Errorln("delete user terminal pod failed", username, err)
+	}
+
+	return nil
 }
 
 func deleteRoleBindings(username string) error {
@@ -686,6 +696,10 @@ func CreateUser(user *models.User) (*models.User, error) {
 		setAvatar(user.Username, user.AvatarUrl)
 	}
 
+	if err := kubeconfig.CreateKubeConfig(user.Username); err != nil {
+		glog.Errorln("create user kubeconfig failed", user.Username, err)
+	}
+
 	if user.ClusterRole != "" {
 		err := CreateClusterRoleBinding(user.Username, user.ClusterRole)
 

pkg/models/resources/jobs.go

@@ -21,6 +21,7 @@ import (
 	"kubesphere.io/kubesphere/pkg/constants"
 	"kubesphere.io/kubesphere/pkg/informers"
 	"kubesphere.io/kubesphere/pkg/params"
+	"kubesphere.io/kubesphere/pkg/utils/k8sutil"
 	"kubesphere.io/kubesphere/pkg/utils/sliceutil"
 	"sort"
 	"strings"
@@ -60,6 +61,14 @@ func (*jobSearcher) match(match map[string]string, item *batchv1.Job) bool {
 			if jobStatus(item) != v {
 				return false
 			}
+		case includeCronJob:
+			if v == "false" && k8sutil.IsControlledBy(item.OwnerReferences, cronJobKind, "") {
+				return false
+			}
+		case includeS2iRun:
+			if v == "false" && k8sutil.IsControlledBy(item.OwnerReferences, s2iRunKind, "") {
+				return false
+			}
 		case Name:
 			names := strings.Split(v, "|")
 			if !sliceutil.HasString(names, item.Name) {

pkg/models/resources/resources.go

@@ -68,6 +68,10 @@ const (
 	annotation             = "annotation"
 	Keyword                = "keyword"
 	status                 = "status"
+	includeCronJob         = "includeCronJob"
+	cronJobKind            = "CronJob"
+	s2iRunKind             = "S2iRun"
+	includeS2iRun          = "includeS2iRun"
 	running                = "running"
 	paused                 = "paused"
 	updating               = "updating"