admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:advanced-2.0.0
Branches Tags
admin:master admin:dependabot/go_modules/staging/src/kubesphere.io/utils/github.com/containerd/containerd-1.7.29 admin:dependabot/go_modules/staging/src/kubesphere.io/utils/helm.sh/helm/v3-3.18.5 admin:release-4.1 admin:release-3.2 admin:release-3.3 admin:release-3.4 admin:release-3.1 admin:release-3.0 admin:release-2.1 admin:advanced-2.0 admin:advanced-1.0 admin:express
admin:helm-chart-1.1.5 admin:v4.1.3 admin:v4.1.3-rc.0 admin:helm-chart-1.1.3 admin:v4.1.2 admin:helm-chart-1.1.2 admin:v4.1.1 admin:v3.4.1 admin:v3.4.1-alpha.0 admin:v3.4.1-alpha.1 admin:v3.4.0 admin:v3.4.0-rc.0 admin:v3.3.2 admin:v3.3.2-rc.2 admin:v3.3.2-rc.0 admin:v3.3.2-rc.1 admin:v3.3.1-rc.5 admin:v3.3.1 admin:v3.3.1-rc.4 admin:v3.3.1-rc.3 admin:v3.3.1-rc.2 admin:v3.3.1-rc.1 admin:v3.3.1-rc.0 admin:v3.3.0 admin:v3.3.0-rc.3 admin:v3.3.0-rc.2 admin:v3.3.0-rc.1 admin:v3.3.0-rc.0 admin:v3.3.0-alpha.1 admin:v3.3.0-alpha.0 admin:v3.2.1 admin:v3.2.1-rc.3 admin:v3.2.1-rc.2 admin:v3.2.1-rc.1 admin:v3.2.0 admin:v3.2.0-rc.1 admin:v3.2.0-alpha.1 admin:v3.2.0-alpha.0 admin:v3.1.1 admin:v3.1.1-rc.1 admin:v3.1.1-rc.0 admin:v3.1.0 admin:v3.1.0-alpha.0 admin:v3.0.0 admin:v2.1.1 admin:v2.1.0 admin:advanced-2.0.2 admin:advanced-2.0.0 admin:advanced-1.0.1 admin:advanced-1.0.0 admin:express-1.0.0-alpha
..
compare: admin:express
Branches Tags
admin:dependabot/go_modules/staging/src/kubesphere.io/utils/github.com/containerd/containerd-1.7.29 admin:master admin:dependabot/go_modules/staging/src/kubesphere.io/utils/helm.sh/helm/v3-3.18.5 admin:release-4.1 admin:release-3.2 admin:release-3.3 admin:release-3.4 admin:release-3.1 admin:release-3.0 admin:release-2.1 admin:advanced-2.0 admin:advanced-1.0 admin:express
admin:helm-chart-1.1.5 admin:v4.1.3 admin:v4.1.3-rc.0 admin:helm-chart-1.1.3 admin:v4.1.2 admin:helm-chart-1.1.2 admin:v4.1.1 admin:v3.4.1 admin:v3.4.1-alpha.0 admin:v3.4.1-alpha.1 admin:v3.4.0 admin:v3.4.0-rc.0 admin:v3.3.2 admin:v3.3.2-rc.2 admin:v3.3.2-rc.0 admin:v3.3.2-rc.1 admin:v3.3.1-rc.5 admin:v3.3.1 admin:v3.3.1-rc.4 admin:v3.3.1-rc.3 admin:v3.3.1-rc.2 admin:v3.3.1-rc.1 admin:v3.3.1-rc.0 admin:v3.3.0 admin:v3.3.0-rc.3 admin:v3.3.0-rc.2 admin:v3.3.0-rc.1 admin:v3.3.0-rc.0 admin:v3.3.0-alpha.1 admin:v3.3.0-alpha.0 admin:v3.2.1 admin:v3.2.1-rc.3 admin:v3.2.1-rc.2 admin:v3.2.1-rc.1 admin:v3.2.0 admin:v3.2.0-rc.1 admin:v3.2.0-alpha.1 admin:v3.2.0-alpha.0 admin:v3.1.1 admin:v3.1.1-rc.1 admin:v3.1.1-rc.0 admin:v3.1.0 admin:v3.1.0-alpha.0 admin:v3.0.0 admin:v2.1.1 admin:v2.1.0 admin:advanced-2.0.2 admin:advanced-2.0.0 admin:advanced-1.0.1 admin:advanced-1.0.0 admin:express-1.0.0-alpha

14 Commits
advanced-2 ... express

Author SHA1 Message Date
Wiley Wang
7a479e6493 Merge pull request #174 from wnxn/express 
get k8s version through k8sclient at express branch
 2018-09-26 13:46:20 +08:00
wileywang
e1aed9f652 get k8s version through k8sclient 2018-09-25 17:52:41 +08:00
Wiley Wang
337d71d677 Merge pull request #169 from wnxn/express 
Add controller to create Ceph secret in express branch
 2018-09-25 15:32:25 +08:00
wileywang
390491ee31 Add controller to create Ceph secret 2018-09-19 16:25:30 +08:00
zryfish
733bea4e74 Merge pull request #164 from wnxn/express 
update dependency at express branch
 2018-09-17 13:38:01 +08:00
Wiley Wang
484cc0ecbb update dependency 2018-09-17 03:15:19 +00:00
calvinyv
e4aa866ca5 Merge pull request #155 from calvinyv/refact_docs 
refactor docs
 2018-08-08 14:31:28 +08:00
Calvin Yu
b3bfb549e0 refactor docs 2018-08-08 14:16:14 +08:00
richardxz
bf6c3245e4 add desciption field in application response 2018-08-06 03:21:54 +00:00
richardxz
e803897d10 add resync function and support to view deployed applications 2018-07-31 14:04:36 +08:00
richardxz
a4a48eb4fc add swagger ui 2018-07-31 14:04:05 +08:00
jeff
5091a87c1e fix router config bug 2018-07-23 11:09:05 +08:00
jeff
2b031861d6 update vendor 2018-07-11 20:01:08 +08:00
yanmingfan
88b5fb3186 alter components function to filter uncomponents svc 2018-07-11 19:42:23 +08:00
4857 changed files with 143517 additions and 901963 deletions
Expand all files Collapse all files

16
.github/.stale.yaml vendored
View File

@@ -1,16 +0,0 @@
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 30
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 14
# Issues with these labels will never be considered stale
exemptLabels:
- frozen
staleLabel: stale
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Any further update will
cause the issue/pull request to no longer be considered stale. Thank you for your contributions.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: >
This issue is being automatically closed due to inactivity.

42
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@@ -1,42 +0,0 @@
---
name: Bug report
about: Create a report to help us improve
---
**General remarks**
> Please delete this section including header before submitting
> 也可以使用中文
>
> This form is to report bugs. For general usage questions refer to our Slack channel
> [KubeSphere-users](https://join.slack.com/t/kubesphere/shared_invite/enQtNTE3MDIxNzUxNzQ0LTdkNTc3OTdmNzdiODViZjViNTU5ZDY3M2I2MzY4MTI4OGZlOTJmMDg5ZTFiMDAwYzNlZDY5NjA0NzZlNDU5NmY)
**Describe the bug(描述下问题)**
A clear and concise description of what the bug is.
For UI issues please also add a screenshot that shows the issue.
**Versions used(KubeSphere/Kubernetes的版本)**
KubeSphere:
Kubernetes: (If KubeSphere installer used, you can skip this)
**Environment(环境的硬件配置)**
How many nodes and their hardware configuration:
For example:
3 masters: 8cpu/8g
3 nodes: 8cpu/16g
(and other info are welcomed to help us debugging)
**To Reproduce(复现步骤)**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior(预期行为)**
A clear and concise description of what you expected to happen.

1
.gitignore vendored
View File

@@ -23,4 +23,3 @@ tmp/
# OSX trash
.DS_Store
api.json

21
.travis.yml
View File

@@ -1,29 +1,32 @@
sudo: required
services:
- docker
language: go
git:
depth: false
go:
- 1.12
- 1.10
- tip
go_import_path: kubesphere.io/kubesphere
before_install:
- go get -u github.com/golang/dep/cmd/dep
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- sudo apt-get update
- sudo apt-get -y install docker-ce
- dep ensure -v
before_script:
- docker --version
- bash hack/install_kubebuilder.sh
script:
- make all
- make fmt-check && make build
deploy:
skip_cleanup: true
provider: script
script: bash hack/docker_build.sh
script: bash install/scripts/docker_push
on:
branch: master

17
Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM kubesphere/kubesphere-builder as builder
WORKDIR /go/src/kubesphere.io/kubesphere/
COPY . .
RUN go generate kubesphere.io/kubesphere/pkg/version && \
go install kubesphere.io/kubesphere/cmd/...
FROM alpine:3.6
RUN apk add --update ca-certificates && update-ca-certificates
COPY --from=builder /go/bin/* /usr/local/bin/
CMD ["sh"]

10
Dockerfile.dev Normal file
View File

@@ -0,0 +1,10 @@
FROM alpine:3.6
RUN apk add --update ca-certificates \
&& update-ca-certificates \
&& mkdir -p /etc/kubesphere/ingress-controller
COPY ./bin/* /usr/local/bin/
COPY ./install/ingress-controller /etc/kubesphere/ingress-controller
COPY ./install/swagger-ui /usr/lib/kubesphere/swagger-ui
CMD ["sh"]

1514
Gopkg.lock generated
View File

File diff suppressed because it is too large Load Diff

161
Gopkg.toml
View File

@@ -1,78 +1,76 @@
required = [
"github.com/emicklei/go-restful",
"github.com/onsi/ginkgo", # for test framework
"github.com/onsi/gomega", # for test matchers
"k8s.io/gengo/examples/defaulter-gen/generators",
"k8s.io/gengo/examples/deepcopy-gen/generators",
"k8s.io/client-go/plugin/pkg/client/auth/gcp", # for development against gcp
"k8s.io/code-generator/cmd/client-gen",
"sigs.k8s.io/controller-tools/cmd/controller-gen", # for crd/rbac generation
"sigs.k8s.io/controller-runtime/pkg/client/config",
"sigs.k8s.io/controller-runtime/pkg/controller",
"sigs.k8s.io/controller-runtime/pkg/handler",
"sigs.k8s.io/controller-runtime/pkg/manager",
"sigs.k8s.io/controller-runtime/pkg/runtime/signals",
"sigs.k8s.io/controller-runtime/pkg/source",
"sigs.k8s.io/testing_frameworks/integration", # for integration testing
"github.com/kubesphere/s2ioperator/pkg/client/clientset/versioned",
"github.com/kubesphere/s2ioperator/pkg/client/informers/externalversions",
"github.com/kubesphere/s2ioperator/pkg/apis/devops/v1alpha1"
]
# Gopkg.toml example
#
# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
# for detailed Gopkg.toml documentation.
#
# required = ["github.com/user/thing/cmd/thing"]
# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
#
# [[constraint]]
# name = "github.com/user/project"
# version = "1.0.0"
#
# [[constraint]]
# name = "github.com/user/project2"
# branch = "dev"
# source = "github.com/myfork/project2"
#
# [[override]]
# name = "github.com/x/y"
# version = "2.4.0"
#
# [prune]
# non-go = false
# go-tests = true
# unused-packages = true
[[constraint]]
name = "github.com/coreos/etcd"
version = "3.3.7"
[[constraint]]
name = "github.com/docker/docker"
version = "v17.05.0-ce"
[[override]]
name = "k8s.io/api"
version = "kubernetes-1.13.1"
[[override]]
name = "k8s.io/apimachinery"
version = "kubernetes-1.13.1"
[[override]]
name = "k8s.io/apiserver"
version = "kubernetes-1.13.1"
[[constraint]]
name = "github.com/emicklei/go-restful"
version = "2.7.1"
[[constraint]]
name = "k8s.io/code-generator"
version = "kubernetes-1.13.1"
branch = "master"
name = "github.com/golang/glog"
[[override]]
[[constraint]]
name = "github.com/spf13/pflag"
version = "1.0.1"
[[constraint]]
name = "gopkg.in/igm/sockjs-go.v2"
version = "2.0.0"
[[constraint]]
name = "gopkg.in/yaml.v2"
version = "2.2.1"
[[constraint]]
name = "k8s.io/api"
version = "kubernetes-1.10.0"
[[constraint]]
name = "k8s.io/apimachinery"
version = "kubernetes-1.10.0"
[[constraint]]
name = "k8s.io/client-go"
version = "kubernetes-1.13.1"
version = "7.0.0"
[[constraint]]
name = "k8s.io/kubernetes"
version = "1.13.1"
[[constraint]]
name="sigs.k8s.io/controller-runtime"
version="v0.1.7"
[[constraint]]
name="sigs.k8s.io/controller-tools"
version="v0.1.7"
[[constraint]]
name="github.com/kubesphere/s2ioperator"
version="v0.0.8"
[[override]]
name="github.com/bifurcation/mint"
revision="824af65410658916142a7600349144e1289f2110"
version = "1.10.4"
[prune]
go-tests = true
unused-packages = true
non-go = true
[[prune.project]]
name = "k8s.io/code-generator"
unused-packages = false
non-go = false
# To use reference package:
# vendor/github.com/docker/docker/client/container_commit.go:17: undefined: reference.ParseNormalizedNamed
@@ -89,47 +87,4 @@ required = [
# vendor/github.com/docker/docker/registry/service_v2.go:11: cannot call non-function tlsconfig.ServerDefault (type tls.Config)
[[override]]
name = "github.com/docker/go-connections"
version = "0.4.0"
# For dependency below: Refer to issue https://github.com/golang/dep/issues/1799
[[override]]
name = "gopkg.in/fsnotify.v1"
source = "https://github.com/fsnotify/fsnotify.git"
version = "v1.4.7"
[[override]]
name = "github.com/russross/blackfriday"
version = "v1.5.2"
# offical application controller doesn't limit observe scope to namespace
# use our own version instead
[[constraint]]
name = "sigs.k8s.io/application"
source = "https://github.com/kubesphere/application"
branch = "kubesphere"
[[constraint]]
name = "github.com/kiali/kiali"
source = "https://github.com/kubesphere/kiali"
branch = "kubesphere"
[[constraint]]
name = "github.com/kubernetes-sigs/application"
source = "https://github.com/kubesphere/application"
branch = "kubesphere"
[[constraint]]
name = "github.com/knative/pkg"
revision = "cd278f2d3394c865fda66bca12459e879e0279b8"
[[constraint]]
name = "gopkg.in/igm/sockjs-go.v2"
version = "2.0.0"
[[constraint]]
name = "github.com/gocraft/dbr"
revision = "a0fd650918f6287ffe111d1c7b66bb755ff3be4a"
[[constraint]]
name = "github.com/kubesphere/sonargo"
version = "0.0.2"
branch = "master"

149
Makefile
View File

@@ -2,84 +2,103 @@
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
# The binary to build
BIN ?= ks-apiserver
TRAG.Org:=kubesphere
TRAG.Name:=ks-apiserver
TRAG.Gopkg:=kubesphere.io/kubesphere
TRAG.Version:=$(TRAG.Gopkg)/pkg/version
IMG ?= kubespheredev/ks-apiserver
OUTPUT_DIR=bin
DOCKER_TAGS=latest
RUN_IN_DOCKER:=docker run -it --rm -v `pwd`:/go/src/$(TRAG.Gopkg) -v `pwd`/tmp/cache:/root/.cache/go-build -w /go/src/$(TRAG.Gopkg) -e GOBIN=/go/src/$(TRAG.Gopkg)/tmp/bin -e USER_ID=`id -u` -e GROUP_ID=`id -g` kubesphere/kubesphere-builder
GO_FMT:=goimports -l -w -e -local=kubesphere -srcdir=/go/src/$(TRAG.Gopkg)
GO_FILES:=./cmd ./pkg
define ALL_HELP_INFO
# Build code.
#
# Args:
# WHAT: Directory names to build. If any of these directories has a 'main'
# package, the build will produce executable files under $(OUT_DIR).
# If not specified, "everything" will be built.
# GOFLAGS: Extra flags to pass to 'go' when building.
# GOLDFLAGS: Extra linking flags passed to 'go' when building.
# GOGCFLAGS: Additional go compile flags passed to 'go' when building.
#
# Example:
# make
# make all
# make all WHAT=cmd/ks-apiserver
# Note: Use the -N -l options to disable compiler optimizations an inlining.
# Using these build options allows you to subsequently use source
# debugging tools like delve.
define get_diff_files
$(eval DIFF_FILES=$(shell git diff --name-only --diff-filter=ad | grep -E "^(test|cmd|pkg)/.+\.go"))
endef
define get_build_flags
$(eval SHORT_VERSION=$(shell git describe --tags --always --dirty="-dev"))
$(eval SHA1_VERSION=$(shell git show --quiet --pretty=format:%H))
$(eval DATE=$(shell date +'%Y-%m-%dT%H:%M:%S'))
$(eval BUILD_FLAG= -X $(TRAG.Version).ShortVersion="$(SHORT_VERSION)" \
-X $(TRAG.Version).GitSha1Version="$(SHA1_VERSION)" \
-X $(TRAG.Version).BuildDate="$(DATE)")
endef
.PHONY: all
all: test ks-apiserver ks-apigateway ks-iam controller-manager
all: generate build
# Build ks-apiserver binary
ks-apiserver: test
hack/gobuild.sh cmd/ks-apiserver
.PHONY: help
help:
# TODO: update help info to last version
@echo "TODO"
# Build ks-apigateway binary
ks-apigateway: test
hack/gobuild.sh cmd/ks-apigateway
.PHONY: init-vendor
init-vendor:
@if [[ ! -f "$$(which govendor)" ]]; then \
go get -u github.com/kardianos/govendor; \
fi
govendor init
govendor add +external
@echo "init-vendor done"
# Build ks-iam binary
ks-iam: test
hack/gobuild.sh cmd/ks-iam
.PHONY: update-vendor
update-vendor:
@if [[ ! -f "$$(which govendor)" ]]; then \
go get -u github.com/kardianos/govendor; \
fi
govendor update +external
govendor list
@echo "update-vendor done"
# Build controller-manager binary
controller-manager: test
hack/gobuild.sh cmd/controller-manager
.PHONY: update-builder
update-builder:
docker pull kubesphere/kubesphere-builder
@echo "update-builder done"
# Run go fmt against code
fmt:
go fmt ./pkg/... ./cmd/...
.PHONY: generate-in-local
generate-in-local:
go generate ./pkg/version/
# Run go vet against code
vet:
go vet ./pkg/... ./cmd/...
# Generate manifests e.g. CRD, RBAC etc.
manifests:
go run vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go all
deploy: manifests
kubectl apply -f config/crds
kustomize build config/default | kubectl apply -f -
# Generate DeepCopy to implement runtime.Object
deepcopy:
./vendor/k8s.io/code-generator/generate-groups.sh all kubesphere.io/kubesphere/pkg/client kubesphere.io/kubesphere/pkg/apis "servicemesh:v1alpha2 tenant:v1alpha1"
# Generate code
.PHONY: generate
generate:
ifndef GOPATH
$(error GOPATH not defined, please define GOPATH. Run "go help gopath" to learn more about GOPATH)
endif
go generate ./pkg/... ./cmd/...
$(RUN_IN_DOCKER) make generate-in-local
@echo "generate done"
# Build the docker image
docker-build: all
docker build . -t ${IMG}
.PHONY: fmt-all
fmt-all:
mkdir -p ./tmp/bin && cp -r ./install ./tmp/
$(RUN_IN_DOCKER) $(GO_FMT) $(GO_FILES)
@echo "fmt done"
# Run tests
test: generate fmt vet
go test ./pkg/... ./cmd/... -coverprofile cover.out
.PHONY: fmt
fmt:
$(call get_diff_files)
$(if $(DIFF_FILES), \
$(RUN_IN_DOCKER) $(GO_FMT) ${DIFF_FILES}, \
$(info cannot find modified files from git) \
)
@echo "fmt done"
.PHONY: fmt-check
fmt-check: fmt-all
$(call get_diff_files)
$(if $(DIFF_FILES), \
exit 2 \
)
.PHONY: build
build: fmt
mkdir -p ./tmp/bin && cp -r ./install/ ./tmp/
$(call get_build_flags)
$(RUN_IN_DOCKER) time go install -ldflags '$(BUILD_FLAG)' $(TRAG.Gopkg)/cmd/...
mv ./tmp/bin/cmd ./tmp/bin/$(TRAG.Name)
@docker build -t $(TRAG.Org)/$(TRAG.Name) -f ./Dockerfile.dev ./tmp
@docker image prune -f 1>/dev/null 2>&1
@echo "build done"
.PHONY: release
release:
@echo "TODO"
.PHONY: clean
clean:

3
PROJECT
View File

@@ -1,3 +0,0 @@
version: "1"
domain: kubesphere.io
repo: kubesphere.io/kubesphere

105
README.md
View File

@@ -3,102 +3,35 @@
[![Build Status](https://travis-ci.org/kubesphere/kubesphere.svg?branch=master)](https://travis-ci.org/kubesphere/kubesphere)
----
***KubeSphere*** is a distribution of [Kubernetes](https://kubernetes.io), aimed to provide quick setup, friendly and easily use, and powerful management features for Kubernetes clusters, which could help both personal and enterprise users, reduce their learning curve of Kubernetes, accelerate their transform process from other container platforms to Kubernetes.  
## What is KubeSphere
[KubeSphere](https://kubesphere.io/) is an enterprise-grade multi-tenant container management platform that built on [Kubernetes](https://kubernetes.io). It provides an easy-to-use UI enables creation of computing resources with a few clicks and one-click deployment, which reduces the learning curve and empower the DevOps teams. It greatly reduces the complexity of the daily work of development, testing, operation and maintenance, aiming to solve the pain spots of Kubernetes' storage, network, security and ease of use, etc.
> See this [document](https://docs.kubesphere.io/advanced-v2.0/zh-CN/introduction/intro/) that describes the KubeSphere landscape and details.
## Features
KubeSphere Advanced Edition 2.0.0 provides an easy-to-use console with the awesome user experience that allows you to quickly get started with a container management platform. KubeSphere provides and supports following core features:
- Workload management
- Service mesh (Istio-based)
- DevOps
- Source to Image
- Multi-tenant management
- Multi-dimensional and Multi-tenant Monitoring, Logging, Alerting, Notification
- Service and network management
- Application template and repository
- Infrastructure management, image registry management
- Integrate Harbor and GitLab
- LB controller for Kubernetes on bare metal ([Porter](https://github.com/kubesphere/porter)), [cloud LB plugin](https://github.com/yunify/qingcloud-cloud-controller-manager)
- Support GPU node
It also supports multiple open source storage and high-performance cloud storage as the persistent storage services, as well as supports multiple open source network plugins.
> See this [document](https://docs.kubesphere.io/advanced-v2.0/zh-CN/introduction/features/) that elaborates on the KubeSphere features and services from a professional point of view.
**Features:**
- Multiple IaaS platform support, including baremetal/KVM/QingCloud, and more will be supported in future release.
- Easy setup of Kubernetes standalone(only one master node) and cluster environment(including High Availability support).
- Powerful management console to help business users to manage and monitor the Kubernetes.
- Integrate with [OpenPitrix](https://github.com/openpitrix) to provide full life cycle of application management and be compatible of helm package.
- Support popular open source network solutions, including calico and flannel, also could use [qingcloud hostnic solution](https://github.com/yunify/hostnic-cni) if the Kubernetes is deployed on QingCloud platform.
- Support popular open source storage solutions, including Glusterfs and Cephfs, also could use [qingcloud storage solution](https://github.com/yunify/qingcloud-csi) or [qingstor storage solution](https://github.com/yunify/qingstor-csi) if the Kubernetes is deployed on QingCloud platform or QingStor NeonSAN.
- CI/CD support.
- Service Mesh support.
- Multiple image registries support.
- Integrate with QingCloud IAM.
----
## Latest Release
## Motivation
KubeSphere Advanced Edition 2.0.0 was released on **May 18th, 2019**. See the [Release Notes For 2.0.0](https://docs.kubesphere.io/advanced-v2.0/release/release-v200/) to preview the updates.
The project originates from the requirement and pains we heard from our customers on public and private QingCloud platform, who have strong will to deploy Kubernetes in their IT system but struggle on completed setup process and long learning curve. With help of KubeSphere, their IT operators could setup Kubernetes environment quickly and use an easy management UI interface to mange their applications, also KubeSphere provides more features to help customers to handle daily business more easily, including CI/CD, micro services management...etc.
## Installation
Getting Started
---------------
**TBD**
KubeSphere installation supports following 2 kinds of installation, please reference the following guides on how to get KubeSphere up and running.
### All-in-One
[All-in-One](https://docs.kubesphere.io/advanced-v2.0/zh-CN/installation/all-in-one/): For those who are new to KubeSphere and looking for the fastest way to install and experience the dashboard.
Just download the installer and execute the `install.sh` under `/scripts` folder, choose `"1) All-in-one"` to trigger the installation. Generally, you can install it directly without any modification, for details please reference [All-in-One](https://docs.kubesphere.io/advanced-v2.0/zh-CN/installation/all-in-one/).
```bash
$ curl -L https://kubesphere.io/download/stable/advanced-2.0.0 > advanced-2.0.0.tar.gz
$ tar -zxf advanced-2.0.0.tar.gz
```
### Multi-Node
[Multi-Node](https://docs.kubesphere.io/advanced-v2.0/zh-CN/installation/multi-node/) is used for installing KubeSphere on multiple instances, supports for installing a highly available cluster which is able to use in a formal environment.
### Minimum Requirements
- Operating Systems
- CentOS 7.5 (64 bit)
- Ubuntu 16.04/18.04 LTS (64 bit)
- Red Hat Enterprise Linux Server 7.4 (64 bit)
- Debian Stretch 9.5 (64 bit)
- Hardware
- CPU8 Core, Memory16 G, Disk Space100 G
## Quick Start
The [Quick Start Guide](https://docs.kubesphere.io/advanced-v2.0/quick-start/admin-quick-start/) provides 12 quick-start examples to walk you through the process and common manipulation in KubeSphere, with a quick overview of the core features of KubeSphere that helps you to get familiar with it.
## RoadMap
Currently, KubeSphere has released the following 4 major editions. Advanced Edition 2.0.0 was released on May 18, 2019. The future releases will include Big data, AI, Multicluster, QingCloud SDN, etc.
**Community Edition** => **Express Edition** => **Advanced Edition 1.0.0** => **Advanced Edition 2.0.0**
![Roadmap](docs/images/roadmap-en.png)
## Documentation
- [KubeSphere Documentation (En/中) ](https://docs.kubesphere.io/)
- [KubeSphere Docementation (PDF)](https://docs.kubesphere.io/KubeSphere-advanced-v2.0.pdf)
## Support, Discussion, and Community
If you need any help with KubeSphere, please join us at [Slack channel](http://kubesphere.slack.com/) where most of our team hangs out at.
Please submit any KubeSphere bugs, issues, and feature requests to [KubeSphere GitHub Issue](https://github.com/kubesphere/kubesphere/issues).
## Design
## Contributing to the project
All members of the KubeSphere community must abide by [Code of Conduct](docs/code-of-conduct.md). Only by respecting each other can we develop a productive, collaborative community.
How to submit a pull request to KubeSphere? See [Pull Request Instruction](docs/pull-requests.md).
You can then find out more detail [here](docs/welcome-to-KubeSphere-new-developer-guide.md).
You can then find out more detail [here](docs/welcome-toKubeSphere-new-developer-guide.md).

3
build/builder-docker/.ash_history Normal file
View File

@@ -0,0 +1,3 @@
ls /go/bin
go version
exit

19
build/builder-docker/Dockerfile Normal file
View File

@@ -0,0 +1,19 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM golang:1.10.2-alpine3.7 as builder
RUN apk add --no-cache git curl openssl
RUN go get github.com/tools/godep
#RUN go get github.com/emicklei/go-restful
#RUN go get github.com/golang/glog
#RUN go get github.com/spf13/pflag
RUN go get golang.org/x/tools/cmd/goimports
FROM golang:1.10.2-alpine3.7
RUN apk add --no-cache git make curl openssl jq rsync godep
COPY --from=builder /go/bin /go/bin

17
build/builder-docker/Makefile Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
default:
docker build -t kubesphere/kubesphere-builder .
@echo "ok"
pull:
docker pull kubesphere/kubesphere-builder
@echo "ok"
run:
docker run --rm -it -v `pwd`:/root kubesphere/kubesphere-builder
clean:
@echo "ok"

20
build/ks-apigateway/Dockerfile
View File

@@ -1,20 +0,0 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM golang:1.12 as ks-apigateway-builder
COPY / /go/src/kubesphere.io/kubesphere
WORKDIR /go/src/kubesphere.io/kubesphere
RUN CGO_ENABLED=0 GO111MODULE=off GOOS=linux GOARCH=amd64 go build -i -ldflags '-w -s' -o ks-apigateway cmd/ks-apigateway/apiserver.go && \
go run tools/cmd/doc-gen/main.go --output=install/swagger-ui/api.json
FROM alpine:3.9
RUN apk add --update ca-certificates && update-ca-certificates
COPY --from=ks-apigateway-builder /go/src/kubesphere.io/kubesphere/ks-apigateway /usr/local/bin/
COPY --from=ks-apigateway-builder /go/src/kubesphere.io/kubesphere/install/swagger-ui /var/static/swagger-ui
CMD ["sh"]

18
build/ks-apiserver/Dockerfile
View File

@@ -1,18 +0,0 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM golang:1.12 as ks-apiserver-builder
COPY / /go/src/kubesphere.io/kubesphere
WORKDIR /go/src/kubesphere.io/kubesphere
RUN CGO_ENABLED=0 GO111MODULE=off GOOS=linux GOARCH=amd64 go build -i -ldflags '-w -s' -o ks-apiserver cmd/ks-apiserver/apiserver.go
FROM alpine:3.9
RUN apk add --update ca-certificates && update-ca-certificates
COPY --from=ks-apiserver-builder /go/src/kubesphere.io/kubesphere/ks-apiserver /usr/local/bin/
CMD ["sh"]

18
build/ks-controller-manager/Dockerfile
View File

@@ -1,18 +0,0 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM golang:1.12 as controller-manager-builder
COPY / /go/src/kubesphere.io/kubesphere
WORKDIR /go/src/kubesphere.io/kubesphere
RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build --ldflags "-extldflags -static" -o controller-manager ./cmd/controller-manager/
FROM alpine:3.7
RUN apk add --update ca-certificates && update-ca-certificates
COPY --from=controller-manager-builder /go/src/kubesphere.io/kubesphere/controller-manager /usr/local/bin/
CMD controller-manager

18
build/ks-iam/Dockerfile
View File

@@ -1,18 +0,0 @@
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
# Copyright 2018 The KubeSphere Authors. All rights reserved.
# Use of this source code is governed by a Apache license
# that can be found in the LICENSE file.
FROM golang:1.12 as ks-iam-builder
COPY / /go/src/kubesphere.io/kubesphere
WORKDIR /go/src/kubesphere.io/kubesphere
RUN CGO_ENABLED=0 GO111MODULE=off GOOS=linux GOARCH=amd64 go build -i -ldflags '-w -s' -o ks-iam cmd/ks-iam/apiserver.go
FROM alpine:3.9
RUN apk add --update ca-certificates && update-ca-certificates
COPY --from=ks-iam-builder /go/src/kubesphere.io/kubesphere/ks-iam /usr/local/bin/
CMD ["sh"]

126
cmd/controller-manager/app/controllers.go
View File

@@ -1,126 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"kubesphere.io/kubesphere/pkg/controller/application"
"kubesphere.io/kubesphere/pkg/controller/destinationrule"
"kubesphere.io/kubesphere/pkg/controller/job"
//"kubesphere.io/kubesphere/pkg/controller/job"
"kubesphere.io/kubesphere/pkg/controller/virtualservice"
"sigs.k8s.io/controller-runtime/pkg/manager"
"time"
logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
istioclientset "github.com/knative/pkg/client/clientset/versioned"
istioinformers "github.com/knative/pkg/client/informers/externalversions"
applicationclientset "github.com/kubernetes-sigs/application/pkg/client/clientset/versioned"
applicationinformers "github.com/kubernetes-sigs/application/pkg/client/informers/externalversions"
servicemeshclientset "kubesphere.io/kubesphere/pkg/client/clientset/versioned"
servicemeshinformers "kubesphere.io/kubesphere/pkg/client/informers/externalversions"
)
const defaultResync = 600 * time.Second
var log = logf.Log.WithName("controller-manager")
func AddControllers(mgr manager.Manager, cfg *rest.Config, stopCh <-chan struct{}) error {
kubeClient, err := kubernetes.NewForConfig(cfg)
if err != nil {
log.Error(err, "building kubernetes client failed")
}
istioclient, err := istioclientset.NewForConfig(cfg)
if err != nil {
log.Error(err, "create istio client failed")
return err
}
applicationClient, err := applicationclientset.NewForConfig(cfg)
if err != nil {
log.Error(err, "create application client failed")
return err
}
informerFactory := informers.NewSharedInformerFactory(kubeClient, defaultResync)
istioInformer := istioinformers.NewSharedInformerFactory(istioclient, defaultResync)
applicationInformer := applicationinformers.NewSharedInformerFactory(applicationClient, defaultResync)
servicemeshclient, err := servicemeshclientset.NewForConfig(cfg)
if err != nil {
log.Error(err, "create servicemesh client failed")
return err
}
servicemeshInformer := servicemeshinformers.NewSharedInformerFactory(servicemeshclient, defaultResync)
vsController := virtualservice.NewVirtualServiceController(informerFactory.Core().V1().Services(),
istioInformer.Networking().V1alpha3().VirtualServices(),
istioInformer.Networking().V1alpha3().DestinationRules(),
servicemeshInformer.Servicemesh().V1alpha2().Strategies(),
kubeClient,
istioclient,
servicemeshclient)
drController := destinationrule.NewDestinationRuleController(informerFactory.Apps().V1().Deployments(),
istioInformer.Networking().V1alpha3().DestinationRules(),
informerFactory.Core().V1().Services(),
servicemeshInformer.Servicemesh().V1alpha2().ServicePolicies(),
kubeClient,
istioclient,
servicemeshclient)
apController := application.NewApplicationController(informerFactory.Core().V1().Services(),
informerFactory.Apps().V1().Deployments(),
informerFactory.Apps().V1().StatefulSets(),
servicemeshInformer.Servicemesh().V1alpha2().Strategies(),
servicemeshInformer.Servicemesh().V1alpha2().ServicePolicies(),
applicationInformer.App().V1beta1().Applications(),
kubeClient,
applicationClient)
jobController := job.NewJobController(informerFactory.Batch().V1().Jobs(), kubeClient)
servicemeshInformer.Start(stopCh)
istioInformer.Start(stopCh)
informerFactory.Start(stopCh)
applicationInformer.Start(stopCh)
controllers := map[string]manager.Runnable{
"virtualservice-controller": vsController,
"destinationrule-controller": drController,
"application-controller": apController,
"job-controller": jobController,
}
for name, ctrl := range controllers {
err = mgr.Add(ctrl)
if err != nil {
log.Error(err, "add controller to manager failed", "name", name)
return err
}
}
return nil
}

38
cmd/controller-manager/app/helper.go
View File

@@ -1,38 +0,0 @@
package app
import (
"fmt"
"k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/klog"
"net/http"
"time"
)
// WaitForAPIServer waits for the API Server's /healthz endpoint to report "ok" with timeout.
func WaitForAPIServer(client clientset.Interface, timeout time.Duration) error {
var lastErr error
err := wait.PollImmediate(time.Second, timeout, func() (bool, error) {
healthStatus := 0
result := client.Discovery().RESTClient().Get().AbsPath("/healthz").Do().StatusCode(&healthStatus)
if result.Error() != nil {
lastErr = fmt.Errorf("failed to get apiserver /healthz status: %v", result.Error())
return false, nil
}
if healthStatus != http.StatusOK {
content, _ := result.Raw()
lastErr = fmt.Errorf("APIServer isn't healthy: %v", string(content))
klog.Warningf("APIServer isn't healthy yet: %v. Waiting a little while.", string(content))
return false, nil
}
return true, nil
})
if err != nil {
return fmt.Errorf("%v: %v", err, lastErr)
}
return nil
}

89
cmd/controller-manager/controller-manager.go
View File

@@ -1,89 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"flag"
"k8s.io/client-go/tools/clientcmd"
"kubesphere.io/kubesphere/cmd/controller-manager/app"
"kubesphere.io/kubesphere/pkg/apis"
"kubesphere.io/kubesphere/pkg/controller"
"os"
"sigs.k8s.io/controller-runtime/pkg/manager"
logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
"sigs.k8s.io/controller-runtime/pkg/runtime/signals"
)
var (
masterURL string
kubeconfig string
metricsAddr string
)
func init() {
flag.StringVar(&masterURL, "master-url", "", "only need if out of cluster")
flag.StringVar(&kubeconfig, "kubeconfig", "", "only need if out of cluster")
flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
}
func main() {
flag.Parse()
logf.SetLogger(logf.ZapLogger(false))
log := logf.Log.WithName("controller-manager")
cfg, err := clientcmd.BuildConfigFromFlags(masterURL, kubeconfig)
if err != nil {
log.Error(err, "failed to build kubeconfig")
os.Exit(1)
}
stopCh := signals.SetupSignalHandler()
log.Info("setting up manager")
mgr, err := manager.New(cfg, manager.Options{})
if err != nil {
log.Error(err, "unable to set up overall controller manager")
os.Exit(1)
}
log.Info("setting up scheme")
if err := apis.AddToScheme(mgr.GetScheme()); err != nil {
log.Error(err, "unable add APIs to scheme")
os.Exit(1)
}
log.Info("Setting up controllers")
if err := controller.AddToManager(mgr); err != nil {
log.Error(err, "unable to register controllers to the manager")
os.Exit(1)
}
if err := app.AddControllers(mgr, cfg, stopCh); err != nil {
log.Error(err, "unable to register controllers to the manager")
os.Exit(1)
}
log.Info("Starting the Cmd.")
if err := mgr.Start(stopCh); err != nil {
log.Error(err, "unable to run the manager")
os.Exit(1)
}
}

35
cmd/ks-apigateway/apiserver.go
View File

@@ -1,35 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"github.com/mholt/caddy/caddy/caddymain"
"github.com/mholt/caddy/caddyhttp/httpserver"
// Install apis
_ "kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/authenticate"
_ "kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/authentication"
_ "kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/swagger"
)
func main() {
httpserver.RegisterDevDirective("authenticate", "jwt")
httpserver.RegisterDevDirective("authentication", "jwt")
httpserver.RegisterDevDirective("swagger", "jwt")
caddymain.Run()
}

41
cmd/ks-apiserver/apiserver.go
View File

@@ -1,41 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"kubesphere.io/kubesphere/cmd/ks-apiserver/app"
"log"
// Install apis
_ "kubesphere.io/kubesphere/pkg/apis/devops/install"
_ "kubesphere.io/kubesphere/pkg/apis/logging/install"
_ "kubesphere.io/kubesphere/pkg/apis/monitoring/install"
_ "kubesphere.io/kubesphere/pkg/apis/operations/install"
_ "kubesphere.io/kubesphere/pkg/apis/resources/install"
_ "kubesphere.io/kubesphere/pkg/apis/servicemesh/metrics/install"
_ "kubesphere.io/kubesphere/pkg/apis/tenant/install"
_ "kubesphere.io/kubesphere/pkg/apis/terminal/install"
)
func main() {
cmd := app.NewAPIServerCommand()
if err := cmd.Execute(); err != nil {
log.Fatalln(err)
}
}

45
cmd/ks-apiserver/app/options/options.go
View File

@@ -1,45 +0,0 @@
package options
import (
"github.com/spf13/pflag"
genericoptions "kubesphere.io/kubesphere/pkg/options"
)
type ServerRunOptions struct {
GenericServerRunOptions *genericoptions.ServerRunOptions
// istio pilot discovery service url
IstioPilotServiceURL string
// jaeger query service url
JaegerQueryServiceUrl string
// prometheus service url for servicemesh metrics
ServicemeshPrometheusServiceUrl string
// openpitrix api gateway service url
OpenPitrixServer string
// openpitrix service token
OpenPitrixProxyToken string
}
func NewServerRunOptions() *ServerRunOptions {
s := ServerRunOptions{
GenericServerRunOptions: genericoptions.NewServerRunOptions(),
IstioPilotServiceURL: "http://istio-pilot.istio-system.svc:8080/version",
JaegerQueryServiceUrl: "http://jaeger-query.istio-system.svc:16686/jaeger",
}
return &s
}
func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
s.GenericServerRunOptions.AddFlags(fs)
fs.StringVar(&s.IstioPilotServiceURL, "istio-pilot-service-url", "http://istio-pilot.istio-system.svc:8080/version", "istio pilot discovery service url")
fs.StringVar(&s.JaegerQueryServiceUrl, "jaeger-query-service-url", "http://jaeger-query.istio-system.svc:16686/jaeger", "jaeger query service url")
fs.StringVar(&s.ServicemeshPrometheusServiceUrl, "servicemesh-prometheus-service-url", "http://prometheus-k8s-system.kubesphere-monitoring-system.svc:9090", "prometheus service for servicemesh")
}

198
cmd/ks-apiserver/app/server.go
View File

@@ -1,198 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
goflag "flag"
"fmt"
"github.com/golang/glog"
"github.com/json-iterator/go"
kconfig "github.com/kiali/kiali/config"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"kubesphere.io/kubesphere/cmd/ks-apiserver/app/options"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/apiserver/servicemesh/tracing"
"kubesphere.io/kubesphere/pkg/filter"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/models/devops"
logging "kubesphere.io/kubesphere/pkg/models/log"
"kubesphere.io/kubesphere/pkg/server"
"kubesphere.io/kubesphere/pkg/signals"
"kubesphere.io/kubesphere/pkg/simple/client/admin_jenkins"
"kubesphere.io/kubesphere/pkg/simple/client/devops_mysql"
"log"
"net/http"
)
var jsonIter = jsoniter.ConfigCompatibleWithStandardLibrary
func NewAPIServerCommand() *cobra.Command {
s := options.NewServerRunOptions()
cmd := &cobra.Command{
Use: "ks-apiserver",
Long: `The KubeSphere API server validates and configures data
for the api objects. The API Server services REST operations and provides the frontend to the
cluster's shared state through which all other components interact.`,
RunE: func(cmd *cobra.Command, args []string) error {
return Run(s)
},
}
s.AddFlags(cmd.Flags())
cmd.Flags().AddGoFlagSet(goflag.CommandLine)
glog.CopyStandardLogTo("INFO")
return cmd
}
func Run(s *options.ServerRunOptions) error {
pflag.VisitAll(func(flag *pflag.Flag) {
log.Printf("FLAG: --%s=%q", flag.Name, flag.Value)
})
var err error
waitForResourceSync()
container := runtime.Container
container.DoNotRecover(false)
container.Filter(filter.Logging)
container.RecoverHandler(server.LogStackOnRecover)
for _, webservice := range container.RegisteredWebServices() {
for _, route := range webservice.Routes() {
log.Println(route.Method, route.Path)
}
}
initializeAdminJenkins()
initializeDevOpsDatabase()
initializeESClientConfig()
initializeServicemeshConfig(s)
if s.GenericServerRunOptions.InsecurePort != 0 {
log.Printf("Server listening on %d.", s.GenericServerRunOptions.InsecurePort)
err = http.ListenAndServe(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.InsecurePort), container)
}
if s.GenericServerRunOptions.SecurePort != 0 && len(s.GenericServerRunOptions.TlsCertFile) > 0 && len(s.GenericServerRunOptions.TlsPrivateKey) > 0 {
log.Printf("Server listening on %d.", s.GenericServerRunOptions.SecurePort)
err = http.ListenAndServeTLS(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.SecurePort), s.GenericServerRunOptions.TlsCertFile, s.GenericServerRunOptions.TlsPrivateKey, container)
}
return err
}
func initializeAdminJenkins() {
devops.JenkinsInit()
admin_jenkins.Client()
}
func initializeDevOpsDatabase() {
devops_mysql.OpenDatabase()
}
func initializeServicemeshConfig(s *options.ServerRunOptions) {
// Initialize kiali config
config := kconfig.NewConfig()
tracing.JaegerQueryUrl = s.JaegerQueryServiceUrl
// Exclude system namespaces
config.API.Namespaces.Exclude = []string{"istio-system", "kubesphere*", "kube*"}
config.InCluster = true
// Set default prometheus service url
config.ExternalServices.PrometheusServiceURL = s.ServicemeshPrometheusServiceUrl
config.ExternalServices.PrometheusCustomMetricsURL = config.ExternalServices.PrometheusServiceURL
// Set istio pilot discovery service url
config.ExternalServices.Istio.UrlServiceVersion = s.IstioPilotServiceURL
kconfig.Set(config)
}
func initializeESClientConfig() {
// List all outputs
outputs, err := logging.GetFluentbitOutputFromConfigMap()
if err != nil {
glog.Errorln(err)
return
}
// Iterate the outputs to get elasticsearch configs
for _, output := range outputs {
if configs := logging.ParseEsOutputParams(output.Parameters); configs != nil {
configs.WriteESConfigs()
return
}
}
}
func waitForResourceSync() {
stopChan := signals.SetupSignalHandler()
informerFactory := informers.SharedInformerFactory()
informerFactory.Rbac().V1().Roles().Lister()
informerFactory.Rbac().V1().RoleBindings().Lister()
informerFactory.Rbac().V1().ClusterRoles().Lister()
informerFactory.Rbac().V1().ClusterRoleBindings().Lister()
informerFactory.Storage().V1().StorageClasses().Lister()
informerFactory.Core().V1().Namespaces().Lister()
informerFactory.Core().V1().Nodes().Lister()
informerFactory.Core().V1().ResourceQuotas().Lister()
informerFactory.Core().V1().Pods().Lister()
informerFactory.Core().V1().Services().Lister()
informerFactory.Core().V1().PersistentVolumeClaims().Lister()
informerFactory.Core().V1().Secrets().Lister()
informerFactory.Core().V1().ConfigMaps().Lister()
informerFactory.Apps().V1().ControllerRevisions().Lister()
informerFactory.Apps().V1().StatefulSets().Lister()
informerFactory.Apps().V1().Deployments().Lister()
informerFactory.Apps().V1().DaemonSets().Lister()
informerFactory.Apps().V1().ReplicaSets().Lister()
informerFactory.Batch().V1().Jobs().Lister()
informerFactory.Batch().V1beta1().CronJobs().Lister()
informerFactory.Extensions().V1beta1().Ingresses().Lister()
informerFactory.Start(stopChan)
informerFactory.WaitForCacheSync(stopChan)
s2iInformerFactory := informers.S2iSharedInformerFactory()
s2iInformerFactory.Devops().V1alpha1().S2iBuilderTemplates().Lister()
s2iInformerFactory.Devops().V1alpha1().S2iRuns().Lister()
s2iInformerFactory.Devops().V1alpha1().S2iBuilders().Lister()
s2iInformerFactory.Start(stopChan)
s2iInformerFactory.WaitForCacheSync(stopChan)
ksInformerFactory := informers.KsSharedInformerFactory()
ksInformerFactory.Tenant().V1alpha1().Workspaces().Lister()
ksInformerFactory.Start(stopChan)
ksInformerFactory.WaitForCacheSync(stopChan)
log.Println("resources sync success")
}

34
cmd/ks-iam/apiserver.go
View File

@@ -1,34 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"kubesphere.io/kubesphere/cmd/ks-iam/app"
"log"
// Install apis
_ "kubesphere.io/kubesphere/pkg/apis/iam/install"
)
func main() {
cmd := app.NewAPIServerCommand()
if err := cmd.Execute(); err != nil {
log.Fatalln(err)
}
}

46
cmd/ks-iam/app/options/options.go
View File

@@ -1,46 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"github.com/spf13/pflag"
genericoptions "kubesphere.io/kubesphere/pkg/options"
)
type ServerRunOptions struct {
GenericServerRunOptions *genericoptions.ServerRunOptions
AdminEmail string
AdminPassword string
TokenExpireTime string
JWTSecret string
}
func NewServerRunOptions() *ServerRunOptions {
s := &ServerRunOptions{
GenericServerRunOptions: genericoptions.NewServerRunOptions(),
}
return s
}
func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&s.AdminEmail, "admin-email", "admin@kubesphere.io", "default administrator's email")
fs.StringVar(&s.AdminPassword, "admin-password", "passw0rd", "default administrator's password")
fs.StringVar(&s.TokenExpireTime, "token-expire-time", "2h", "token expire time,valid time units are \"ns\",\"us\",\"ms\",\"s\",\"m\",\"h\"")
fs.StringVar(&s.JWTSecret, "jwt-secret", "", "jwt secret")
s.GenericServerRunOptions.AddFlags(fs)
}

137
cmd/ks-iam/app/server.go
View File

@@ -1,137 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app
import (
goflag "flag"
"fmt"
"github.com/golang/glog"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"kubesphere.io/kubesphere/cmd/ks-iam/app/options"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/filter"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/models/iam"
"kubesphere.io/kubesphere/pkg/server"
"kubesphere.io/kubesphere/pkg/signals"
"kubesphere.io/kubesphere/pkg/simple/client/admin_jenkins"
"kubesphere.io/kubesphere/pkg/simple/client/devops_mysql"
"kubesphere.io/kubesphere/pkg/utils/jwtutil"
"log"
"net/http"
"time"
)
func NewAPIServerCommand() *cobra.Command {
s := options.NewServerRunOptions()
cmd := &cobra.Command{
Use: "ks-iam",
Long: `The KubeSphere API server validates and configures data
for the api objects. The API Server services REST operations and provides the frontend to the
cluster's shared state through which all other components interact.`,
RunE: func(cmd *cobra.Command, args []string) error {
return Run(s)
},
}
s.AddFlags(cmd.Flags())
cmd.Flags().AddGoFlagSet(goflag.CommandLine)
glog.CopyStandardLogTo("INFO")
return cmd
}
func Run(s *options.ServerRunOptions) error {
pflag.VisitAll(func(flag *pflag.Flag) {
log.Printf("FLAG: --%s=%q", flag.Name, flag.Value)
})
var err error
expireTime, err := time.ParseDuration(s.TokenExpireTime)
if err != nil {
return err
}
waitForResourceSync()
initializeAdminJenkins()
initializeDevOpsDatabase()
err = iam.Init(s.AdminEmail, s.AdminPassword, expireTime)
jwtutil.Setup(s.JWTSecret)
if err != nil {
return err
}
container := runtime.Container
container.Filter(filter.Logging)
container.DoNotRecover(false)
container.RecoverHandler(server.LogStackOnRecover)
for _, webservice := range container.RegisteredWebServices() {
for _, route := range webservice.Routes() {
log.Println(route.Method, route.Path)
}
}
if s.GenericServerRunOptions.InsecurePort != 0 {
log.Printf("Server listening on %d.", s.GenericServerRunOptions.InsecurePort)
err = http.ListenAndServe(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.InsecurePort), container)
}
if s.GenericServerRunOptions.SecurePort != 0 && len(s.GenericServerRunOptions.TlsCertFile) > 0 && len(s.GenericServerRunOptions.TlsPrivateKey) > 0 {
log.Printf("Server listening on %d.", s.GenericServerRunOptions.SecurePort)
err = http.ListenAndServeTLS(fmt.Sprintf("%s:%d", s.GenericServerRunOptions.BindAddress, s.GenericServerRunOptions.SecurePort), s.GenericServerRunOptions.TlsCertFile, s.GenericServerRunOptions.TlsPrivateKey, container)
}
return err
}
func waitForResourceSync() {
stopChan := signals.SetupSignalHandler()
informerFactory := informers.SharedInformerFactory()
informerFactory.Rbac().V1().Roles().Lister()
informerFactory.Rbac().V1().RoleBindings().Lister()
informerFactory.Rbac().V1().ClusterRoles().Lister()
informerFactory.Rbac().V1().ClusterRoleBindings().Lister()
informerFactory.Core().V1().Namespaces().Lister()
informerFactory.Start(stopChan)
informerFactory.WaitForCacheSync(stopChan)
ksInformerFactory := informers.KsSharedInformerFactory()
ksInformerFactory.Tenant().V1alpha1().Workspaces().Lister()
ksInformerFactory.Start(stopChan)
ksInformerFactory.WaitForCacheSync(stopChan)
log.Println("resources sync success")
}
func initializeAdminJenkins() {
admin_jenkins.Client()
}
func initializeDevOpsDatabase() {
devops_mysql.OpenDatabase()
}

40
cmd/kubesphere.go Normal file
View File

@@ -0,0 +1,40 @@
/*
Copyright 2018 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"github.com/spf13/pflag"
"kubesphere.io/kubesphere/pkg/app"
"kubesphere.io/kubesphere/pkg/logs"
"kubesphere.io/kubesphere/pkg/options"
"kubesphere.io/kubesphere/pkg/version"
)
func main() {
options.AddFlags(pflag.CommandLine)
pflag.Parse()
logs.InitLogs()
defer logs.FlushLogs()
version.PrintAndExitIfRequested()
app.Run()
}

239
config/crds/app_v1beta1_application.yaml
View File

@@ -1,239 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: applications.app.k8s.io
spec:
group: app.k8s.io
names:
kind: Application
plural: applications
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
assemblyPhase:
type: string
componentKinds:
items:
type: object
type: array
descriptor:
properties:
description:
type: string
icons:
items:
properties:
size:
type: string
src:
type: string
type:
type: string
required:
- src
type: object
type: array
keywords:
items:
type: string
type: array
links:
items:
properties:
description:
type: string
url:
type: string
type: object
type: array
maintainers:
items:
properties:
email:
type: string
name:
type: string
url:
type: string
type: object
type: array
notes:
type: string
owners:
items:
properties:
email:
type: string
name:
type: string
url:
type: string
type: object
type: array
type:
type: string
version:
type: string
type: object
info:
items:
properties:
name:
type: string
type:
type: string
value:
type: string
valueFrom:
properties:
configMapKeyRef:
properties:
apiVersion:
type: string
fieldPath:
type: string
key:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
resourceVersion:
type: string
uid:
type: string
type: object
ingressRef:
properties:
apiVersion:
type: string
fieldPath:
type: string
host:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
path:
type: string
resourceVersion:
type: string
uid:
type: string
type: object
secretKeyRef:
properties:
apiVersion:
type: string
fieldPath:
type: string
key:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
resourceVersion:
type: string
uid:
type: string
type: object
serviceRef:
properties:
apiVersion:
type: string
fieldPath:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
path:
type: string
port:
format: int32
type: integer
resourceVersion:
type: string
uid:
type: string
type: object
type:
type: string
type: object
type: object
type: array
selector:
type: object
type: object
status:
properties:
components:
items:
properties:
group:
type: string
kind:
type: string
link:
type: string
name:
type: string
status:
type: string
type: object
type: array
conditions:
items:
properties:
lastTransitionTime:
format: date-time
type: string
lastUpdateTime:
format: date-time
type: string
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
required:
- type
- status
type: object
type: array
observedGeneration:
format: int64
type: integer
type: object
version: v1beta1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

1116
config/crds/istio-crds.yaml
View File

File diff suppressed because it is too large Load Diff

763
config/crds/istio_v1alpha3_destinationrule.yaml
View File

@@ -1,763 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: destinationrules.istio.kubesphere.io
spec:
group: istio.kubesphere.io
names:
kind: DestinationRule
plural: destinationrules
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
host:
description: 'REQUIRED. The name of a service from the service registry.
Service names are looked up from the platform''s service registry
(e.g., Kubernetes services, Consul services, etc.) and from the hosts
declared by [ServiceEntries](#ServiceEntry). Rules defined for services
that do not exist in the service registry will be ignored. *Note
for Kubernetes users*: When short names are used (e.g. "reviews" instead
of "reviews.default.svc.cluster.local"), Istio will interpret the
short name based on the namespace of the rule, not the service. A
rule in the "default" namespace containing a host "reviews will be
interpreted as "reviews.default.svc.cluster.local", irrespective of
the actual namespace associated with the reviews service. _To avoid
potential misconfigurations, it is recommended to always use fully
qualified domain names over short names._ Note that the host field
applies to both HTTP and TCP services.'
type: string
subsets:
description: One or more named sets that represent individual versions
of a service. Traffic policies can be overridden at subset level.
items:
properties:
labels:
description: REQUIRED. Labels apply a filter over the endpoints
of a service in the service registry. See route rules for examples
of usage.
type: object
name:
description: REQUIRED. Name of the subset. The service name and
the subset name can be used for traffic splitting in a route
rule.
type: string
trafficPolicy:
description: Traffic policies that apply to this subset. Subsets
inherit the traffic policies specified at the DestinationRule
level. Settings specified at the subset level will override
the corresponding settings specified at the DestinationRule
level.
properties:
connectionPool:
description: Settings controlling the volume of connections
to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per connection
to a backend. Setting this parameter to 1 disables
keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that can be
outstanding to all hosts in a cluster at a given
time. Defaults to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream
connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly one
of the fields as hash key: HttpHeaderName, HttpCookie,
or UseSourceIP. Hash based on a specific HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual nodes to
use for the hash ring. Defaults to 1024. Larger
ring sizes result in more granular load distributions.
If the number of hosts in the load balancing pool
is larger than the ring size, each host will be
assigned a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly one of
the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy hosts
from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host will remain
ejected for a period equal to the product of minimum
ejection duration and the number of times the host has
been ejected. This technique allows the system to automatically
increase the ejection period for unhealthy upstream
servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default
is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is ejected
from the connection pool. Defaults to 5. When the upstream
host is accessed over HTTP, a 5xx return code qualifies
as an error. When the upstream host is accessed over
an opaque TCP connection, connect timeouts and connection
error/failure events qualify as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep analysis.
format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing
pool for the upstream service that can be ejected. Defaults
to 10%.
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual ports.
Note that port level settings will override the destination-level
settings. Traffic settings specified at the destination-level
will not be inherited when overridden by port-level settings,
i.e. default values will be applied to fields omitted in
port-level traffic policies.
items:
properties:
connectionPool:
description: Settings controlling the volume of connections
to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per
connection to a backend. Setting this parameter
to 1 disables keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that
can be outstanding to all hosts in a cluster
at a given time. Defaults to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP
upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer
algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly
one of the fields as hash key: HttpHeaderName,
HttpCookie, or UseSourceIP. Hash based on
a specific HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual nodes
to use for the hash ring. Defaults to 1024.
Larger ring sizes result in more granular
load distributions. If the number of hosts
in the load balancing pool is larger than
the ring size, each host will be assigned
a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly
one of the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy
hosts from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host
will remain ejected for a period equal to the
product of minimum ejection duration and the number
of times the host has been ejected. This technique
allows the system to automatically increase the
ejection period for unhealthy upstream servers.
format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is
30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is ejected
from the connection pool. Defaults to 5. When
the upstream host is accessed over HTTP, a 5xx
return code qualifies as an error. When the upstream
host is accessed over an opaque TCP connection,
connect timeouts and connection error/failure
events qualify as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep
analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms.
Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing
pool for the upstream service that can be ejected.
Defaults to 10%.
format: int32
type: integer
type: object
port:
description: Specifies the port name or number of a
port on the destination service on which this policy
is being applied. Names must comply with DNS label
syntax (rfc1035) and therefore cannot collide with
numbers. If there are multiple ports on a service
with the same protocol the names should be of the
form <protocol-name>-<DNS label>.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
tls:
description: TLS related settings for connections to
the upstream service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing
certificate authority certificates to use in verifying
a presented server certificate. If omitted, the
proxy will not verify the server''s certificate.
Should be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The path
to the file holding the client-side TLS certificate
to use. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections
to this port should be secured using TLS. The
value of this field determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The path
to the file holding the client's private key.
Should be empty if mode is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server
during TLS handshake. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify
the subject identity in the certificate. If specified,
the proxy will verify that the server certificate's
subject alt name matches one of the specified
values. Should be empty if mode is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
required:
- port
type: object
type: array
tls:
description: TLS related settings for connections to the upstream
service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing
certificate authority certificates to use in verifying
a presented server certificate. If omitted, the proxy
will not verify the server''s certificate. Should be
empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The path to
the file holding the client-side TLS certificate to
use. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections
to this port should be secured using TLS. The value
of this field determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The path to
the file holding the client's private key. Should be
empty if mode is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server during
TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify the subject
identity in the certificate. If specified, the proxy
will verify that the server certificate's subject alt
name matches one of the specified values. Should be
empty if mode is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
type: object
required:
- name
- labels
type: object
type: array
trafficPolicy:
description: Traffic policies to apply (load balancing policy, connection
pool sizes, outlier detection).
properties:
connectionPool:
description: Settings controlling the volume of connections to an
upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per connection to
a backend. Setting this parameter to 1 disables keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that can be outstanding
to all hosts in a cluster at a given time. Defaults to
3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections to
a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly one of the
fields as hash key: HttpHeaderName, HttpCookie, or UseSourceIP.
Hash based on a specific HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual nodes to use
for the hash ring. Defaults to 1024. Larger ring sizes
result in more granular load distributions. If the number
of hosts in the load balancing pool is larger than the
ring size, each host will be assigned a single virtual
node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly one of the fields:
Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy hosts from
the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host will remain
ejected for a period equal to the product of minimum ejection
duration and the number of times the host has been ejected.
This technique allows the system to automatically increase
the ejection period for unhealthy upstream servers. format:
1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is ejected from
the connection pool. Defaults to 5. When the upstream host
is accessed over HTTP, a 5xx return code qualifies as an error.
When the upstream host is accessed over an opaque TCP connection,
connect timeouts and connection error/failure events qualify
as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep analysis.
format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing pool for
the upstream service that can be ejected. Defaults to 10%.
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual ports. Note
that port level settings will override the destination-level settings.
Traffic settings specified at the destination-level will not be
inherited when overridden by port-level settings, i.e. default
values will be applied to fields omitted in port-level traffic
policies.
items:
properties:
connectionPool:
description: Settings controlling the volume of connections
to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per connection
to a backend. Setting this parameter to 1 disables
keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that can be
outstanding to all hosts in a cluster at a given
time. Defaults to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream
connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly one
of the fields as hash key: HttpHeaderName, HttpCookie,
or UseSourceIP. Hash based on a specific HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual nodes to
use for the hash ring. Defaults to 1024. Larger
ring sizes result in more granular load distributions.
If the number of hosts in the load balancing pool
is larger than the ring size, each host will be
assigned a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly one of
the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy hosts
from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host will remain
ejected for a period equal to the product of minimum
ejection duration and the number of times the host has
been ejected. This technique allows the system to automatically
increase the ejection period for unhealthy upstream
servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default
is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is ejected
from the connection pool. Defaults to 5. When the upstream
host is accessed over HTTP, a 5xx return code qualifies
as an error. When the upstream host is accessed over
an opaque TCP connection, connect timeouts and connection
error/failure events qualify as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep analysis.
format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing
pool for the upstream service that can be ejected. Defaults
to 10%.
format: int32
type: integer
type: object
port:
description: Specifies the port name or number of a port on
the destination service on which this policy is being applied. Names
must comply with DNS label syntax (rfc1035) and therefore
cannot collide with numbers. If there are multiple ports
on a service with the same protocol the names should be
of the form <protocol-name>-<DNS label>.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
tls:
description: TLS related settings for connections to the upstream
service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing
certificate authority certificates to use in verifying
a presented server certificate. If omitted, the proxy
will not verify the server''s certificate. Should be
empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The path to
the file holding the client-side TLS certificate to
use. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections
to this port should be secured using TLS. The value
of this field determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The path to
the file holding the client's private key. Should be
empty if mode is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server during
TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify the subject
identity in the certificate. If specified, the proxy
will verify that the server certificate's subject alt
name matches one of the specified values. Should be
empty if mode is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
required:
- port
type: object
type: array
tls:
description: TLS related settings for connections to the upstream
service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing certificate
authority certificates to use in verifying a presented server
certificate. If omitted, the proxy will not verify the server''s
certificate. Should be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The path to the file
holding the client-side TLS certificate to use. Should be
empty if mode is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections to this
port should be secured using TLS. The value of this field
determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The path to the file
holding the client's private key. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server during TLS
handshake. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify the subject
identity in the certificate. If specified, the proxy will
verify that the server certificate's subject alt name matches
one of the specified values. Should be empty if mode is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
type: object
required:
- host
type: object
required:
- spec
version: v1alpha3
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

129
config/crds/istio_v1alpha3_gateway.yaml
View File

@@ -1,129 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: gateways.istio.kubesphere.io
spec:
group: istio.kubesphere.io
names:
kind: Gateway
plural: gateways
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
selector:
description: One or more labels that indicate a specific set of pods/VMs
on which this gateway configuration should be applied. If no selectors
are provided, the gateway will be implemented by the default istio-ingress
controller.
type: object
servers:
description: 'REQUIRED: A list of server specifications.'
items:
properties:
hosts:
description: A list of hosts exposed by this gateway. While typically
applicable to HTTP services, it can also be used for TCP services
using TLS with SNI. Standard DNS wildcard prefix syntax is permitted. A
VirtualService that is bound to a gateway must having a matching
host in its default destination. Specifically one of the VirtualService
destination hosts is a strict suffix of a gateway host or a
gateway host is a suffix of one of the VirtualService hosts.
items:
type: string
type: array
port:
description: 'REQUIRED: The Port on which the proxy should listen
for incoming connections'
properties:
name:
description: Label assigned to the port.
type: string
number:
description: 'REQUIRED: A valid non-negative integer port
number.'
format: int64
type: integer
protocol:
description: 'REQUIRED: The protocol exposed on the port.
MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP.'
type: string
required:
- number
- protocol
type: object
tls:
description: Set of TLS related options that govern the server's
behavior. Use these options to control if all http requests
should be redirected to https, and the TLS modes to use.
properties:
caCertificates:
description: REQUIRED if mode is "MUTUAL". The path to a file
containing certificate authority certificates to use in
verifying a presented client side certificate.
type: string
httpsRedirect:
description: If set to true, the load balancer will send a
302 redirect for all http connections, asking the clients
to use HTTPS.
type: boolean
mode:
description: 'Optional: Indicates whether connections to this
port should be secured using TLS. The value of this field
determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is "SIMPLE" or "MUTUAL". The
path to the file holding the server's private key.
type: string
serverCertificate:
description: REQUIRED if mode is "SIMPLE" or "MUTUAL". The
path to the file holding the server-side TLS certificate
to use.
type: string
subjectAltNames:
description: A list of alternate names to verify the subject
identity in the certificate presented by the client.
items:
type: string
type: array
required:
- httpsRedirect
- serverCertificate
- privateKey
- caCertificates
- subjectAltNames
type: object
required:
- port
type: object
type: array
required:
- servers
type: object
required:
- spec
version: v1alpha3
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

695
config/crds/istio_v1alpha3_virtualservice.yaml
View File

@@ -1,695 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: virtualservices.istio.kubesphere.io
spec:
group: istio.kubesphere.io
names:
kind: VirtualService
plural: virtualservices
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
gateways:
description: The names of gateways and sidecars that should apply these
routes. A single VirtualService is used for sidecars inside the mesh
as well as for one or more gateways. The selection condition imposed
by this field can be overridden using the source field in the match
conditions of HTTP/TCP routes. The reserved word "mesh" is used to
imply all the sidecars in the mesh. When this field is omitted, the
default gateway ("mesh") will be used, which would apply the rule
to all sidecars in the mesh. If a list of gateway names is provided,
the rules will apply only to the gateways. To apply the rules to both
gateways and sidecars, specify "mesh" as one of the gateway names.
items:
type: string
type: array
hosts:
description: REQUIRED. The destination address for traffic captured
by this virtual service. Could be a DNS name with wildcard prefix
or a CIDR prefix. Depending on the platform, short-names can also
be used instead of a FQDN (i.e. has no dots in the name). In such
a scenario, the FQDN of the host would be derived based on the underlying
platform. For example on Kubernetes, when hosts contains a short
name, Istio will interpret the short name based on the namespace of
the rule. Thus, when a client namespace applies a rule in the "default"
namespace containing a name "reviews, Istio will setup routes to the
"reviews.default.svc.cluster.local" service. However, if a different
name such as "reviews.sales.svc.cluster.local" is used, it would be
treated as a FQDN during virtual host matching. In Consul, a plain
service name would be resolved to the FQDN "reviews.service.consul". Note
that the hosts field applies to both HTTP and TCP services. Service
inside the mesh, i.e., those found in the service registry, must always
be referred to using their alphanumeric names. IP addresses or CIDR
prefixes are allowed only for services defined via the Gateway.
items:
type: string
type: array
http:
description: An ordered list of route rules for HTTP traffic. The first
rule matching an incoming request is used.
items:
properties:
appendHeaders:
description: Additional HTTP headers to add before forwarding
a request to the destination service.
type: object
corsPolicy:
description: Cross-Origin Resource Sharing policy
properties:
allowCredentials:
description: Indicates whether the caller is allowed to send
the actual request (not the preflight) using credentials.
Translates to Access-Control-Allow-Credentials header.
type: boolean
allowHeaders:
description: List of HTTP headers that can be used when requesting
the resource. Serialized to Access-Control-Allow-Methods
header.
items:
type: string
type: array
allowMethods:
description: List of HTTP methods allowed to access the resource.
The content will be serialized into the Access-Control-Allow-Methods
header.
items:
type: string
type: array
allowOrigin:
description: The list of origins that are allowed to perform
CORS requests. The content will be serialized into the Access-Control-Allow-Origin
header. Wildcard * will allow all origins.
items:
type: string
type: array
exposeHeaders:
description: A white list of HTTP headers that the browsers
are allowed to access. Serialized into Access-Control-Expose-Headers
header.
items:
type: string
type: array
maxAge:
description: Specifies how long the the results of a preflight
request can be cached. Translates to the Access-Control-Max-Age
header.
type: string
type: object
fault:
description: Fault injection policy to apply on HTTP traffic.
properties:
abort:
description: Abort Http request attempts and return error
codes back to downstream service, giving the impression
that the upstream service is faulty.
properties:
httpStatus:
description: REQUIRED. HTTP status code to use to abort
the Http request.
format: int64
type: integer
percent:
description: Percentage of requests to be aborted with
the error code provided (0-100).
format: int64
type: integer
required:
- httpStatus
type: object
delay:
description: Delay requests before forwarding, emulating various
failures such as network issues, overloaded upstream service,
etc.
properties:
exponentialDelay:
description: (-- Add a delay (based on an exponential
function) before forwarding the request. mean delay
needed to derive the exponential delay values --)
type: string
fixedDelay:
description: 'REQUIRED. Add a fixed delay before forwarding
the request. Format: 1h/1m/1s/1ms. MUST be >=1ms.'
type: string
percent:
description: Percentage of requests on which the delay
will be injected (0-100).
format: int64
type: integer
required:
- fixedDelay
type: object
type: object
match:
description: Match conditions to be satisfied for the rule to
be activated. All conditions inside a single match block have
AND semantics, while the list of match blocks have OR semantics.
The rule is matched if any one of the match blocks succeed.
items:
properties:
authority:
description: 'HTTP Authority values are case-sensitive and
formatted as follows: - `exact: "value"` for exact string
match - `prefix: "value"` for prefix-based match - `regex:
"value"` for ECMAscript style regex-based match'
properties:
exact:
description: exact string match
type: string
prefix:
description: prefix-based match
type: string
regex:
description: ECMAscript style regex-based match
type: string
suffix:
description: suffix-based match.
type: string
type: object
gateways:
description: Names of gateways where the rule should be
applied to. Gateway names at the top of the VirtualService
(if any) are overridden. The gateway match is independent
of sourceLabels.
items:
type: string
type: array
headers:
description: 'The header keys must be lowercase and use
hyphen as the separator, e.g. _x-request-id_. Header
values are case-sensitive and formatted as follows: -
`exact: "value"` for exact string match - `prefix: "value"`
for prefix-based match - `regex: "value"` for ECMAscript
style regex-based match **Note:** The keys `uri`, `scheme`,
`method`, and `authority` will be ignored.'
type: object
method:
description: 'HTTP Method values are case-sensitive and
formatted as follows: - `exact: "value"` for exact string
match - `prefix: "value"` for prefix-based match - `regex:
"value"` for ECMAscript style regex-based match'
properties:
exact:
description: exact string match
type: string
prefix:
description: prefix-based match
type: string
regex:
description: ECMAscript style regex-based match
type: string
suffix:
description: suffix-based match.
type: string
type: object
port:
description: Specifies the ports on the host that is being
addressed. Many services only expose a single port or
label ports with the protocols they support, in these
cases it is not required to explicitly select the port.
format: int32
type: integer
scheme:
description: 'URI Scheme values are case-sensitive and formatted
as follows: - `exact: "value"` for exact string match -
`prefix: "value"` for prefix-based match - `regex: "value"`
for ECMAscript style regex-based match'
properties:
exact:
description: exact string match
type: string
prefix:
description: prefix-based match
type: string
regex:
description: ECMAscript style regex-based match
type: string
suffix:
description: suffix-based match.
type: string
type: object
sourceLabels:
description: One or more labels that constrain the applicability
of a rule to workloads with the given labels. If the VirtualService
has a list of gateways specified at the top, it should
include the reserved gateway `mesh` in order for this
field to be applicable.
type: object
uri:
description: 'URI to match values are case-sensitive and
formatted as follows: - `exact: "value"` for exact string
match - `prefix: "value"` for prefix-based match - `regex:
"value"` for ECMAscript style regex-based match'
properties:
exact:
description: exact string match
type: string
prefix:
description: prefix-based match
type: string
regex:
description: ECMAscript style regex-based match
type: string
suffix:
description: suffix-based match.
type: string
type: object
type: object
type: array
mirror:
description: Mirror HTTP traffic to a another destination in addition
to forwarding the requests to the intended destination. Mirrored
traffic is on a best effort basis where the sidecar/gateway
will not wait for the mirrored cluster to respond before returning
the response from the original destination. Statistics will
be generated for the mirrored destination.
properties:
host:
description: 'REQUIRED. The name of a service from the service
registry. Service names are looked up from the platform''s
service registry (e.g., Kubernetes services, Consul services,
etc.) and from the hosts declared by [ServiceEntry](#ServiceEntry).
Traffic forwarded to destinations that are not found in
either of the two, will be dropped. *Note for Kubernetes
users*: When short names are used (e.g. "reviews" instead
of "reviews.default.svc.cluster.local"), Istio will interpret
the short name based on the namespace of the rule, not the
service. A rule in the "default" namespace containing a
host "reviews will be interpreted as "reviews.default.svc.cluster.local",
irrespective of the actual namespace associated with the
reviews service. _To avoid potential misconfigurations,
it is recommended to always use fully qualified domain names
over short names._'
type: string
port:
description: Specifies the port on the host that is being
addressed. If a service exposes only a single port it is
not required to explicitly select the port.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service. Applicable
only to services within the mesh. The subset must be defined
in a corresponding DestinationRule.
type: string
required:
- host
type: object
redirect:
description: A http rule can either redirect or forward (default)
traffic. If traffic passthrough option is specified in the rule,
route/redirect will be ignored. The redirect primitive can be
used to send a HTTP 302 redirect to a different URI or Authority.
properties:
authority:
description: On a redirect, overwrite the Authority/Host portion
of the URL with this value.
type: string
uri:
description: On a redirect, overwrite the Path portion of
the URL with this value. Note that the entire path will
be replaced, irrespective of the request URI being matched
as an exact path or prefix.
type: string
type: object
removeResponseHeaders:
description: Http headers to remove before returning the response
to the caller
type: object
retries:
description: Retry policy for HTTP requests.
properties:
attempts:
description: REQUIRED. Number of retries for a given request.
The interval between retries will be determined automatically
(25ms+). Actual number of retries attempted depends on the
httpReqTimeout.
format: int64
type: integer
perTryTimeout:
description: 'Timeout per retry attempt for a given request.
format: 1h/1m/1s/1ms. MUST BE >=1ms.'
type: string
required:
- attempts
- perTryTimeout
type: object
rewrite:
description: Rewrite HTTP URIs and Authority headers. Rewrite
cannot be used with Redirect primitive. Rewrite will be performed
before forwarding.
properties:
authority:
description: rewrite the Authority/Host header with this value.
type: string
uri:
description: rewrite the path (or the prefix) portion of the
URI with this value. If the original URI was matched based
on prefix, the value provided in this field will replace
the corresponding matched prefix.
type: string
type: object
route:
description: A http rule can either redirect or forward (default)
traffic. The forwarding target can be one of several versions
of a service (see glossary in beginning of document). Weights
associated with the service version determine the proportion
of traffic it receives.
items:
properties:
destination:
description: REQUIRED. Destination uniquely identifies the
instances of a service to which the request/connection
should be forwarded to.
properties:
host:
description: 'REQUIRED. The name of a service from the
service registry. Service names are looked up from
the platform''s service registry (e.g., Kubernetes
services, Consul services, etc.) and from the hosts
declared by [ServiceEntry](#ServiceEntry). Traffic
forwarded to destinations that are not found in either
of the two, will be dropped. *Note for Kubernetes
users*: When short names are used (e.g. "reviews"
instead of "reviews.default.svc.cluster.local"), Istio
will interpret the short name based on the namespace
of the rule, not the service. A rule in the "default"
namespace containing a host "reviews will be interpreted
as "reviews.default.svc.cluster.local", irrespective
of the actual namespace associated with the reviews
service. _To avoid potential misconfigurations, it
is recommended to always use fully qualified domain
names over short names._'
type: string
port:
description: Specifies the port on the host that is
being addressed. If a service exposes only a single
port it is not required to explicitly select the port.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service.
Applicable only to services within the mesh. The subset
must be defined in a corresponding DestinationRule.
type: string
required:
- host
type: object
weight:
description: REQUIRED. The proportion of traffic to be forwarded
to the service version. (0-100). Sum of weights across
destinations SHOULD BE == 100. If there is only destination
in a rule, the weight value is assumed to be 100.
format: int64
type: integer
required:
- destination
- weight
type: object
type: array
timeout:
description: Timeout for HTTP requests.
type: string
websocketUpgrade:
description: Indicates that a HTTP/1.1 client connection to this
particular route should be allowed (and expected) to upgrade
to a WebSocket connection. The default is false. Istio's reference
sidecar implementation (Envoy) expects the first request to
this route to contain the WebSocket upgrade headers. Otherwise,
the request will be rejected. Note that Websocket allows secondary
protocol negotiation which may then be subject to further routing
rules based on the protocol selected.
type: boolean
type: object
type: array
tcp:
description: An ordered list of route rules for TCP traffic. The first
rule matching an incoming request is used.
items:
properties:
match:
description: Match conditions to be satisfied for the rule to
be activated. All conditions inside a single match block have
AND semantics, while the list of match blocks have OR semantics.
The rule is matched if any one of the match blocks succeed.
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip address of destination with
optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d.
items:
type: string
type: array
gateways:
description: Names of gateways where the rule should be
applied to. Gateway names at the top of the VirtualService
(if any) are overridden. The gateway match is independent
of sourceLabels.
items:
type: string
type: array
port:
description: Specifies the port on the host that is being
addressed. Many services only expose a single port or
label ports with the protocols they support, in these
cases it is not required to explicitly select the port.
format: int64
type: integer
sourceLabels:
description: One or more labels that constrain the applicability
of a rule to workloads with the given labels. If the VirtualService
has a list of gateways specified at the top, it should
include the reserved gateway `mesh` in order for this
field to be applicable.
type: object
type: object
type: array
route:
description: The destinations to which the connection should be
forwarded to. Weights must add to 100%.
items:
properties:
destination:
description: REQUIRED. Destination uniquely identifies the
instances of a service to which the request/connection
should be forwarded to.
properties:
host:
description: 'REQUIRED. The name of a service from the
service registry. Service names are looked up from
the platform''s service registry (e.g., Kubernetes
services, Consul services, etc.) and from the hosts
declared by [ServiceEntry](#ServiceEntry). Traffic
forwarded to destinations that are not found in either
of the two, will be dropped. *Note for Kubernetes
users*: When short names are used (e.g. "reviews"
instead of "reviews.default.svc.cluster.local"), Istio
will interpret the short name based on the namespace
of the rule, not the service. A rule in the "default"
namespace containing a host "reviews will be interpreted
as "reviews.default.svc.cluster.local", irrespective
of the actual namespace associated with the reviews
service. _To avoid potential misconfigurations, it
is recommended to always use fully qualified domain
names over short names._'
type: string
port:
description: Specifies the port on the host that is
being addressed. If a service exposes only a single
port it is not required to explicitly select the port.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service.
Applicable only to services within the mesh. The subset
must be defined in a corresponding DestinationRule.
type: string
required:
- host
type: object
weight:
description: REQUIRED. The proportion of traffic to be forwarded
to the service version. (0-100). Sum of weights across
destinations SHOULD BE == 100. If there is only destination
in a rule, the weight value is assumed to be 100.
format: int64
type: integer
required:
- destination
- weight
type: object
type: array
required:
- match
- route
type: object
type: array
tls:
items:
properties:
match:
description: REQUIRED. Match conditions to be satisfied for the
rule to be activated. All conditions inside a single match block
have AND semantics, while the list of match blocks have OR semantics.
The rule is matched if any one of the match blocks succeed.
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip addresses of destination with
optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d.
items:
type: string
type: array
gateways:
description: Names of gateways where the rule should be
applied to. Gateway names at the top of the VirtualService
(if any) are overridden. The gateway match is independent
of sourceLabels.
items:
type: string
type: array
port:
description: Specifies the port on the host that is being
addressed. Many services only expose a single port or
label ports with the protocols they support, in these
cases it is not required to explicitly select the port.
format: int64
type: integer
sniHosts:
description: REQUIRED. SNI (server name indicator) to match
on. Wildcard prefixes can be used in the SNI value, e.g.,
*.com will match foo.example.com as well as example.com.
An SNI value must be a subset (i.e., fall within the domain)
of the corresponding virtual service's hosts
items:
type: string
type: array
sourceLabels:
description: One or more labels that constrain the applicability
of a rule to workloads with the given labels. If the VirtualService
has a list of gateways specified at the top, it should
include the reserved gateway `mesh` in order for this
field to be applicable.
type: object
required:
- sniHosts
type: object
type: array
route:
description: The destination to which the connection should be
forwarded to.
items:
properties:
destination:
description: REQUIRED. Destination uniquely identifies the
instances of a service to which the request/connection
should be forwarded to.
properties:
host:
description: 'REQUIRED. The name of a service from the
service registry. Service names are looked up from
the platform''s service registry (e.g., Kubernetes
services, Consul services, etc.) and from the hosts
declared by [ServiceEntry](#ServiceEntry). Traffic
forwarded to destinations that are not found in either
of the two, will be dropped. *Note for Kubernetes
users*: When short names are used (e.g. "reviews"
instead of "reviews.default.svc.cluster.local"), Istio
will interpret the short name based on the namespace
of the rule, not the service. A rule in the "default"
namespace containing a host "reviews will be interpreted
as "reviews.default.svc.cluster.local", irrespective
of the actual namespace associated with the reviews
service. _To avoid potential misconfigurations, it
is recommended to always use fully qualified domain
names over short names._'
type: string
port:
description: Specifies the port on the host that is
being addressed. If a service exposes only a single
port it is not required to explicitly select the port.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service.
Applicable only to services within the mesh. The subset
must be defined in a corresponding DestinationRule.
type: string
required:
- host
type: object
weight:
description: REQUIRED. The proportion of traffic to be forwarded
to the service version. (0-100). Sum of weights across
destinations SHOULD BE == 100. If there is only destination
in a rule, the weight value is assumed to be 100.
format: int64
type: integer
required:
- destination
- weight
type: object
type: array
required:
- match
- route
type: object
type: array
required:
- hosts
type: object
required:
- spec
version: v1alpha3
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

822
config/crds/servicemesh_v1alpha2_servicepolicy.yaml
View File

@@ -1,822 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: servicepolicies.servicemesh.kubesphere.io
spec:
group: servicemesh.kubesphere.io
names:
kind: ServicePolicy
plural: servicepolicies
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
selector:
description: Label selector for destination rules.
type: object
template:
description: Template used to create a destination rule
properties:
spec:
description: Spec indicates the behavior of a destination rule.
properties:
host:
description: 'REQUIRED. The name of a service from the service
registry. Service names are looked up from the platform''s
service registry (e.g., Kubernetes services, Consul services,
etc.) and from the hosts declared by [ServiceEntries](#ServiceEntry).
Rules defined for services that do not exist in the service
registry will be ignored. *Note for Kubernetes users*: When
short names are used (e.g. "reviews" instead of "reviews.default.svc.cluster.local"),
Istio will interpret the short name based on the namespace
of the rule, not the service. A rule in the "default" namespace
containing a host "reviews will be interpreted as "reviews.default.svc.cluster.local",
irrespective of the actual namespace associated with the reviews
service. _To avoid potential misconfigurations, it is recommended
to always use fully qualified domain names over short names._ Note
that the host field applies to both HTTP and TCP services.'
type: string
subsets:
description: One or more named sets that represent individual
versions of a service. Traffic policies can be overridden
at subset level.
items:
properties:
labels:
description: REQUIRED. Labels apply a filter over the
endpoints of a service in the service registry. See
route rules for examples of usage.
type: object
name:
description: REQUIRED. Name of the subset. The service
name and the subset name can be used for traffic splitting
in a route rule.
type: string
trafficPolicy:
description: Traffic policies that apply to this subset.
Subsets inherit the traffic policies specified at the
DestinationRule level. Settings specified at the subset
level will override the corresponding settings specified
at the DestinationRule level.
properties:
connectionPool:
description: Settings controlling the volume of connections
to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per
connection to a backend. Setting this parameter
to 1 disables keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that
can be outstanding to all hosts in a cluster
at a given time. Defaults to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and
TCP upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP
connections to a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer
algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the
cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly
one of the fields as hash key: HttpHeaderName,
HttpCookie, or UseSourceIP. Hash based on
a specific HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual
nodes to use for the hash ring. Defaults
to 1024. Larger ring sizes result in more
granular load distributions. If the number
of hosts in the load balancing pool is larger
than the ring size, each host will be assigned
a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly
one of the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy
hosts from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host
will remain ejected for a period equal to the
product of minimum ejection duration and the
number of times the host has been ejected. This
technique allows the system to automatically
increase the ejection period for unhealthy upstream
servers. format: 1h/1m/1s/1ms. MUST BE >=1ms.
Default is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is
ejected from the connection pool. Defaults to
5. When the upstream host is accessed over HTTP,
a 5xx return code qualifies as an error. When
the upstream host is accessed over an opaque
TCP connection, connect timeouts and connection
error/failure events qualify as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep
analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms.
Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing
pool for the upstream service that can be ejected.
Defaults to 10%.
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual
ports. Note that port level settings will override
the destination-level settings. Traffic settings
specified at the destination-level will not be inherited
when overridden by port-level settings, i.e. default
values will be applied to fields omitted in port-level
traffic policies.
items:
properties:
connectionPool:
description: Settings controlling the volume
of connections to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests
per connection to a backend. Setting
this parameter to 1 disables keep
alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries
that can be outstanding to all hosts
in a cluster at a given time. Defaults
to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP
and TCP upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1
/TCP connections to a destination
host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer
algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the
cookie.
type: string
path:
description: Path to set for the
cookie.
type: string
ttl:
description: REQUIRED. Lifetime
of the cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify
exactly one of the fields as hash
key: HttpHeaderName, HttpCookie, or
UseSourceIP. Hash based on a specific
HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual
nodes to use for the hash ring. Defaults
to 1024. Larger ring sizes result
in more granular load distributions.
If the number of hosts in the load
balancing pool is larger than the
ring size, each host will be assigned
a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source
IP address.
type: boolean
type: object
simple:
description: 'It is required to specify
exactly one of the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of
unhealthy hosts from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration.
A host will remain ejected for a period
equal to the product of minimum ejection
duration and the number of times the host
has been ejected. This technique allows
the system to automatically increase the
ejection period for unhealthy upstream
servers. format: 1h/1m/1s/1ms. MUST BE
>=1ms. Default is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host
is ejected from the connection pool. Defaults
to 5. When the upstream host is accessed
over HTTP, a 5xx return code qualifies
as an error. When the upstream host is
accessed over an opaque TCP connection,
connect timeouts and connection error/failure
events qualify as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection
sweep analysis. format: 1h/1m/1s/1ms.
MUST BE >=1ms. Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load
balancing pool for the upstream service
that can be ejected. Defaults to 10%.
format: int32
type: integer
type: object
port:
description: Specifies the port name or number
of a port on the destination service on which
this policy is being applied. Names must
comply with DNS label syntax (rfc1035) and
therefore cannot collide with numbers. If
there are multiple ports on a service with
the same protocol the names should be of the
form <protocol-name>-<DNS label>.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
tls:
description: TLS related settings for connections
to the upstream service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the
file containing certificate authority
certificates to use in verifying a presented
server certificate. If omitted, the proxy
will not verify the server''s certificate.
Should be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
The path to the file holding the client-side
TLS certificate to use. Should be empty
if mode is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether
connections to this port should be secured
using TLS. The value of this field determines
how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
The path to the file holding the client's
private key. Should be empty if mode is
`ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the
server during TLS handshake. Should be
empty if mode is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to
verify the subject identity in the certificate.
If specified, the proxy will verify that
the server certificate's subject alt name
matches one of the specified values. Should
be empty if mode is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
required:
- port
type: object
type: array
tls:
description: TLS related settings for connections
to the upstream service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing
certificate authority certificates to use in
verifying a presented server certificate. If
omitted, the proxy will not verify the server''s
certificate. Should be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The
path to the file holding the client-side TLS
certificate to use. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections
to this port should be secured using TLS. The
value of this field determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The
path to the file holding the client's private
key. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server
during TLS handshake. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify
the subject identity in the certificate. If
specified, the proxy will verify that the server
certificate's subject alt name matches one of
the specified values. Should be empty if mode
is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
type: object
required:
- name
- labels
type: object
type: array
trafficPolicy:
description: Traffic policies to apply (load balancing policy,
connection pool sizes, outlier detection).
properties:
connectionPool:
description: Settings controlling the volume of connections
to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per connection
to a backend. Setting this parameter to 1 disables
keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that can
be outstanding to all hosts in a cluster at a
given time. Defaults to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream
connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly
one of the fields as hash key: HttpHeaderName,
HttpCookie, or UseSourceIP. Hash based on a specific
HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual nodes
to use for the hash ring. Defaults to 1024. Larger
ring sizes result in more granular load distributions.
If the number of hosts in the load balancing pool
is larger than the ring size, each host will be
assigned a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly one
of the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy
hosts from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host will
remain ejected for a period equal to the product of
minimum ejection duration and the number of times
the host has been ejected. This technique allows the
system to automatically increase the ejection period
for unhealthy upstream servers. format: 1h/1m/1s/1ms.
MUST BE >=1ms. Default is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is ejected
from the connection pool. Defaults to 5. When the
upstream host is accessed over HTTP, a 5xx return
code qualifies as an error. When the upstream host
is accessed over an opaque TCP connection, connect
timeouts and connection error/failure events qualify
as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep analysis.
format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing
pool for the upstream service that can be ejected.
Defaults to 10%.
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual ports.
Note that port level settings will override the destination-level
settings. Traffic settings specified at the destination-level
will not be inherited when overridden by port-level settings,
i.e. default values will be applied to fields omitted
in port-level traffic policies.
items:
properties:
connectionPool:
description: Settings controlling the volume of connections
to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per
connection to a backend. Setting this parameter
to 1 disables keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that
can be outstanding to all hosts in a cluster
at a given time. Defaults to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and
TCP upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP
connections to a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer
algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the
cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly
one of the fields as hash key: HttpHeaderName,
HttpCookie, or UseSourceIP. Hash based on
a specific HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual
nodes to use for the hash ring. Defaults
to 1024. Larger ring sizes result in more
granular load distributions. If the number
of hosts in the load balancing pool is larger
than the ring size, each host will be assigned
a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly
one of the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy
hosts from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host
will remain ejected for a period equal to the
product of minimum ejection duration and the
number of times the host has been ejected. This
technique allows the system to automatically
increase the ejection period for unhealthy upstream
servers. format: 1h/1m/1s/1ms. MUST BE >=1ms.
Default is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is
ejected from the connection pool. Defaults to
5. When the upstream host is accessed over HTTP,
a 5xx return code qualifies as an error. When
the upstream host is accessed over an opaque
TCP connection, connect timeouts and connection
error/failure events qualify as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep
analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms.
Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing
pool for the upstream service that can be ejected.
Defaults to 10%.
format: int32
type: integer
type: object
port:
description: Specifies the port name or number of
a port on the destination service on which this
policy is being applied. Names must comply with
DNS label syntax (rfc1035) and therefore cannot
collide with numbers. If there are multiple ports
on a service with the same protocol the names should
be of the form <protocol-name>-<DNS label>.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
tls:
description: TLS related settings for connections
to the upstream service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing
certificate authority certificates to use in
verifying a presented server certificate. If
omitted, the proxy will not verify the server''s
certificate. Should be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The
path to the file holding the client-side TLS
certificate to use. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections
to this port should be secured using TLS. The
value of this field determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The
path to the file holding the client's private
key. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server
during TLS handshake. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify
the subject identity in the certificate. If
specified, the proxy will verify that the server
certificate's subject alt name matches one of
the specified values. Should be empty if mode
is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
required:
- port
type: object
type: array
tls:
description: TLS related settings for connections to the
upstream service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing
certificate authority certificates to use in verifying
a presented server certificate. If omitted, the proxy
will not verify the server''s certificate. Should
be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The path
to the file holding the client-side TLS certificate
to use. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections
to this port should be secured using TLS. The value
of this field determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The path
to the file holding the client's private key. Should
be empty if mode is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server during
TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify the
subject identity in the certificate. If specified,
the proxy will verify that the server certificate's
subject alt name matches one of the specified values.
Should be empty if mode is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
type: object
required:
- host
type: object
type: object
type: object
status:
type: object
version: v1alpha2
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

787
config/crds/servicemesh_v1alpha2_strategy.yaml
View File

@@ -1,787 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: strategies.servicemesh.kubesphere.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.type
description: type of strategy
name: Type
type: string
- JSONPath: .spec.template.spec.hosts
description: destination hosts
name: Hosts
type: string
- JSONPath: .metadata.creationTimestamp
description: 'CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
name: Age
type: date
group: servicemesh.kubesphere.io
names:
kind: Strategy
plural: strategies
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
governor:
description: Governor version, the version takes control of all incoming
traffic label version value
type: string
principal:
description: Principal version, the one as reference version label version
value
type: string
selector:
description: Label selector for virtual services.
type: object
strategyPolicy:
description: strategy policy, how the strategy will be applied by the
strategy controller
type: string
template:
description: Template describes the virtual service that will be created.
properties:
metadata:
description: Metadata of the virtual services created from this
template
type: object
spec:
description: Spec indicates the behavior of a virtual service.
properties:
gateways:
description: The names of gateways and sidecars that should
apply these routes. A single VirtualService is used for sidecars
inside the mesh as well as for one or more gateways. The selection
condition imposed by this field can be overridden using the
source field in the match conditions of HTTP/TCP routes. The
reserved word "mesh" is used to imply all the sidecars in
the mesh. When this field is omitted, the default gateway
("mesh") will be used, which would apply the rule to all sidecars
in the mesh. If a list of gateway names is provided, the rules
will apply only to the gateways. To apply the rules to both
gateways and sidecars, specify "mesh" as one of the gateway
names.
items:
type: string
type: array
hosts:
description: REQUIRED. The destination address for traffic captured
by this virtual service. Could be a DNS name with wildcard
prefix or a CIDR prefix. Depending on the platform, short-names
can also be used instead of a FQDN (i.e. has no dots in the
name). In such a scenario, the FQDN of the host would be derived
based on the underlying platform. For example on Kubernetes,
when hosts contains a short name, Istio will interpret the
short name based on the namespace of the rule. Thus, when
a client namespace applies a rule in the "default" namespace
containing a name "reviews, Istio will setup routes to the
"reviews.default.svc.cluster.local" service. However, if a
different name such as "reviews.sales.svc.cluster.local" is
used, it would be treated as a FQDN during virtual host matching.
In Consul, a plain service name would be resolved to the FQDN
"reviews.service.consul". Note that the hosts field applies
to both HTTP and TCP services. Service inside the mesh, i.e.,
those found in the service registry, must always be referred
to using their alphanumeric names. IP addresses or CIDR prefixes
are allowed only for services defined via the Gateway.
items:
type: string
type: array
http:
description: An ordered list of route rules for HTTP traffic.
The first rule matching an incoming request is used.
items:
properties:
appendHeaders:
description: Additional HTTP headers to add before forwarding
a request to the destination service.
type: object
corsPolicy:
description: Cross-Origin Resource Sharing policy
properties:
allowCredentials:
description: Indicates whether the caller is allowed
to send the actual request (not the preflight) using
credentials. Translates to Access-Control-Allow-Credentials
header.
type: boolean
allowHeaders:
description: List of HTTP headers that can be used
when requesting the resource. Serialized to Access-Control-Allow-Methods
header.
items:
type: string
type: array
allowMethods:
description: List of HTTP methods allowed to access
the resource. The content will be serialized into
the Access-Control-Allow-Methods header.
items:
type: string
type: array
allowOrigin:
description: The list of origins that are allowed
to perform CORS requests. The content will be serialized
into the Access-Control-Allow-Origin header. Wildcard
* will allow all origins.
items:
type: string
type: array
exposeHeaders:
description: A white list of HTTP headers that the
browsers are allowed to access. Serialized into
Access-Control-Expose-Headers header.
items:
type: string
type: array
maxAge:
description: Specifies how long the the results of
a preflight request can be cached. Translates to
the Access-Control-Max-Age header.
type: string
type: object
fault:
description: Fault injection policy to apply on HTTP traffic.
properties:
abort:
description: Abort Http request attempts and return
error codes back to downstream service, giving the
impression that the upstream service is faulty.
properties:
httpStatus:
description: REQUIRED. HTTP status code to use
to abort the Http request.
format: int64
type: integer
percent:
description: Percentage of requests to be aborted
with the error code provided (0-100).
format: int64
type: integer
required:
- httpStatus
type: object
delay:
description: Delay requests before forwarding, emulating
various failures such as network issues, overloaded
upstream service, etc.
properties:
exponentialDelay:
description: (-- Add a delay (based on an exponential
function) before forwarding the request. mean
delay needed to derive the exponential delay
values --)
type: string
fixedDelay:
description: 'REQUIRED. Add a fixed delay before
forwarding the request. Format: 1h/1m/1s/1ms.
MUST be >=1ms.'
type: string
percent:
description: Percentage of requests on which the
delay will be injected (0-100).
format: int64
type: integer
required:
- fixedDelay
type: object
type: object
match:
description: Match conditions to be satisfied for the
rule to be activated. All conditions inside a single
match block have AND semantics, while the list of match
blocks have OR semantics. The rule is matched if any
one of the match blocks succeed.
items:
properties:
authority:
description: 'HTTP Authority values are case-sensitive
and formatted as follows: - `exact: "value"`
for exact string match - `prefix: "value"` for
prefix-based match - `regex: "value"` for ECMAscript
style regex-based match'
properties:
exact:
description: exact string match
type: string
prefix:
description: prefix-based match
type: string
regex:
description: ECMAscript style regex-based match
type: string
suffix:
description: suffix-based match.
type: string
type: object
gateways:
description: Names of gateways where the rule should
be applied to. Gateway names at the top of the
VirtualService (if any) are overridden. The gateway
match is independent of sourceLabels.
items:
type: string
type: array
headers:
description: 'The header keys must be lowercase
and use hyphen as the separator, e.g. _x-request-id_. Header
values are case-sensitive and formatted as follows: -
`exact: "value"` for exact string match - `prefix:
"value"` for prefix-based match - `regex: "value"`
for ECMAscript style regex-based match **Note:**
The keys `uri`, `scheme`, `method`, and `authority`
will be ignored.'
type: object
method:
description: 'HTTP Method values are case-sensitive
and formatted as follows: - `exact: "value"`
for exact string match - `prefix: "value"` for
prefix-based match - `regex: "value"` for ECMAscript
style regex-based match'
properties:
exact:
description: exact string match
type: string
prefix:
description: prefix-based match
type: string
regex:
description: ECMAscript style regex-based match
type: string
suffix:
description: suffix-based match.
type: string
type: object
port:
description: Specifies the ports on the host that
is being addressed. Many services only expose
a single port or label ports with the protocols
they support, in these cases it is not required
to explicitly select the port.
format: int32
type: integer
scheme:
description: 'URI Scheme values are case-sensitive
and formatted as follows: - `exact: "value"`
for exact string match - `prefix: "value"` for
prefix-based match - `regex: "value"` for ECMAscript
style regex-based match'
properties:
exact:
description: exact string match
type: string
prefix:
description: prefix-based match
type: string
regex:
description: ECMAscript style regex-based match
type: string
suffix:
description: suffix-based match.
type: string
type: object
sourceLabels:
description: One or more labels that constrain the
applicability of a rule to workloads with the
given labels. If the VirtualService has a list
of gateways specified at the top, it should include
the reserved gateway `mesh` in order for this
field to be applicable.
type: object
uri:
description: 'URI to match values are case-sensitive
and formatted as follows: - `exact: "value"`
for exact string match - `prefix: "value"` for
prefix-based match - `regex: "value"` for ECMAscript
style regex-based match'
properties:
exact:
description: exact string match
type: string
prefix:
description: prefix-based match
type: string
regex:
description: ECMAscript style regex-based match
type: string
suffix:
description: suffix-based match.
type: string
type: object
type: object
type: array
mirror:
description: Mirror HTTP traffic to a another destination
in addition to forwarding the requests to the intended
destination. Mirrored traffic is on a best effort basis
where the sidecar/gateway will not wait for the mirrored
cluster to respond before returning the response from
the original destination. Statistics will be generated
for the mirrored destination.
properties:
host:
description: 'REQUIRED. The name of a service from
the service registry. Service names are looked up
from the platform''s service registry (e.g., Kubernetes
services, Consul services, etc.) and from the hosts
declared by [ServiceEntry](#ServiceEntry). Traffic
forwarded to destinations that are not found in
either of the two, will be dropped. *Note for Kubernetes
users*: When short names are used (e.g. "reviews"
instead of "reviews.default.svc.cluster.local"),
Istio will interpret the short name based on the
namespace of the rule, not the service. A rule in
the "default" namespace containing a host "reviews
will be interpreted as "reviews.default.svc.cluster.local",
irrespective of the actual namespace associated
with the reviews service. _To avoid potential misconfigurations,
it is recommended to always use fully qualified
domain names over short names._'
type: string
port:
description: Specifies the port on the host that is
being addressed. If a service exposes only a single
port it is not required to explicitly select the
port.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service.
Applicable only to services within the mesh. The
subset must be defined in a corresponding DestinationRule.
type: string
required:
- host
type: object
redirect:
description: A http rule can either redirect or forward
(default) traffic. If traffic passthrough option is
specified in the rule, route/redirect will be ignored.
The redirect primitive can be used to send a HTTP 302
redirect to a different URI or Authority.
properties:
authority:
description: On a redirect, overwrite the Authority/Host
portion of the URL with this value.
type: string
uri:
description: On a redirect, overwrite the Path portion
of the URL with this value. Note that the entire
path will be replaced, irrespective of the request
URI being matched as an exact path or prefix.
type: string
type: object
removeResponseHeaders:
description: Http headers to remove before returning the
response to the caller
type: object
retries:
description: Retry policy for HTTP requests.
properties:
attempts:
description: REQUIRED. Number of retries for a given
request. The interval between retries will be determined
automatically (25ms+). Actual number of retries
attempted depends on the httpReqTimeout.
format: int64
type: integer
perTryTimeout:
description: 'Timeout per retry attempt for a given
request. format: 1h/1m/1s/1ms. MUST BE >=1ms.'
type: string
required:
- attempts
- perTryTimeout
type: object
rewrite:
description: Rewrite HTTP URIs and Authority headers.
Rewrite cannot be used with Redirect primitive. Rewrite
will be performed before forwarding.
properties:
authority:
description: rewrite the Authority/Host header with
this value.
type: string
uri:
description: rewrite the path (or the prefix) portion
of the URI with this value. If the original URI
was matched based on prefix, the value provided
in this field will replace the corresponding matched
prefix.
type: string
type: object
route:
description: A http rule can either redirect or forward
(default) traffic. The forwarding target can be one
of several versions of a service (see glossary in beginning
of document). Weights associated with the service version
determine the proportion of traffic it receives.
items:
properties:
destination:
description: REQUIRED. Destination uniquely identifies
the instances of a service to which the request/connection
should be forwarded to.
properties:
host:
description: 'REQUIRED. The name of a service
from the service registry. Service names are
looked up from the platform''s service registry
(e.g., Kubernetes services, Consul services,
etc.) and from the hosts declared by [ServiceEntry](#ServiceEntry).
Traffic forwarded to destinations that are
not found in either of the two, will be dropped. *Note
for Kubernetes users*: When short names are
used (e.g. "reviews" instead of "reviews.default.svc.cluster.local"),
Istio will interpret the short name based
on the namespace of the rule, not the service.
A rule in the "default" namespace containing
a host "reviews will be interpreted as "reviews.default.svc.cluster.local",
irrespective of the actual namespace associated
with the reviews service. _To avoid potential
misconfigurations, it is recommended to always
use fully qualified domain names over short
names._'
type: string
port:
description: Specifies the port on the host
that is being addressed. If a service exposes
only a single port it is not required to explicitly
select the port.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the
service. Applicable only to services within
the mesh. The subset must be defined in a
corresponding DestinationRule.
type: string
required:
- host
type: object
weight:
description: REQUIRED. The proportion of traffic
to be forwarded to the service version. (0-100).
Sum of weights across destinations SHOULD BE ==
100. If there is only destination in a rule, the
weight value is assumed to be 100.
format: int64
type: integer
required:
- destination
- weight
type: object
type: array
timeout:
description: Timeout for HTTP requests.
type: string
websocketUpgrade:
description: Indicates that a HTTP/1.1 client connection
to this particular route should be allowed (and expected)
to upgrade to a WebSocket connection. The default is
false. Istio's reference sidecar implementation (Envoy)
expects the first request to this route to contain the
WebSocket upgrade headers. Otherwise, the request will
be rejected. Note that Websocket allows secondary protocol
negotiation which may then be subject to further routing
rules based on the protocol selected.
type: boolean
type: object
type: array
tcp:
description: An ordered list of route rules for TCP traffic.
The first rule matching an incoming request is used.
items:
properties:
match:
description: Match conditions to be satisfied for the
rule to be activated. All conditions inside a single
match block have AND semantics, while the list of match
blocks have OR semantics. The rule is matched if any
one of the match blocks succeed.
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip address of destination
with optional subnet. E.g., a.b.c.d/xx form or
just a.b.c.d.
items:
type: string
type: array
gateways:
description: Names of gateways where the rule should
be applied to. Gateway names at the top of the
VirtualService (if any) are overridden. The gateway
match is independent of sourceLabels.
items:
type: string
type: array
port:
description: Specifies the port on the host that
is being addressed. Many services only expose
a single port or label ports with the protocols
they support, in these cases it is not required
to explicitly select the port.
format: int64
type: integer
sourceLabels:
description: One or more labels that constrain the
applicability of a rule to workloads with the
given labels. If the VirtualService has a list
of gateways specified at the top, it should include
the reserved gateway `mesh` in order for this
field to be applicable.
type: object
type: object
type: array
route:
description: The destinations to which the connection
should be forwarded to. Weights must add to 100%.
items:
properties:
destination:
description: REQUIRED. Destination uniquely identifies
the instances of a service to which the request/connection
should be forwarded to.
properties:
host:
description: 'REQUIRED. The name of a service
from the service registry. Service names are
looked up from the platform''s service registry
(e.g., Kubernetes services, Consul services,
etc.) and from the hosts declared by [ServiceEntry](#ServiceEntry).
Traffic forwarded to destinations that are
not found in either of the two, will be dropped. *Note
for Kubernetes users*: When short names are
used (e.g. "reviews" instead of "reviews.default.svc.cluster.local"),
Istio will interpret the short name based
on the namespace of the rule, not the service.
A rule in the "default" namespace containing
a host "reviews will be interpreted as "reviews.default.svc.cluster.local",
irrespective of the actual namespace associated
with the reviews service. _To avoid potential
misconfigurations, it is recommended to always
use fully qualified domain names over short
names._'
type: string
port:
description: Specifies the port on the host
that is being addressed. If a service exposes
only a single port it is not required to explicitly
select the port.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the
service. Applicable only to services within
the mesh. The subset must be defined in a
corresponding DestinationRule.
type: string
required:
- host
type: object
weight:
description: REQUIRED. The proportion of traffic
to be forwarded to the service version. (0-100).
Sum of weights across destinations SHOULD BE ==
100. If there is only destination in a rule, the
weight value is assumed to be 100.
format: int64
type: integer
required:
- destination
- weight
type: object
type: array
required:
- match
- route
type: object
type: array
tls:
items:
properties:
match:
description: REQUIRED. Match conditions to be satisfied
for the rule to be activated. All conditions inside
a single match block have AND semantics, while the list
of match blocks have OR semantics. The rule is matched
if any one of the match blocks succeed.
items:
properties:
destinationSubnets:
description: IPv4 or IPv6 ip addresses of destination
with optional subnet. E.g., a.b.c.d/xx form or
just a.b.c.d.
items:
type: string
type: array
gateways:
description: Names of gateways where the rule should
be applied to. Gateway names at the top of the
VirtualService (if any) are overridden. The gateway
match is independent of sourceLabels.
items:
type: string
type: array
port:
description: Specifies the port on the host that
is being addressed. Many services only expose
a single port or label ports with the protocols
they support, in these cases it is not required
to explicitly select the port.
format: int64
type: integer
sniHosts:
description: REQUIRED. SNI (server name indicator)
to match on. Wildcard prefixes can be used in
the SNI value, e.g., *.com will match foo.example.com
as well as example.com. An SNI value must be a
subset (i.e., fall within the domain) of the corresponding
virtual service's hosts
items:
type: string
type: array
sourceLabels:
description: One or more labels that constrain the
applicability of a rule to workloads with the
given labels. If the VirtualService has a list
of gateways specified at the top, it should include
the reserved gateway `mesh` in order for this
field to be applicable.
type: object
required:
- sniHosts
type: object
type: array
route:
description: The destination to which the connection should
be forwarded to.
items:
properties:
destination:
description: REQUIRED. Destination uniquely identifies
the instances of a service to which the request/connection
should be forwarded to.
properties:
host:
description: 'REQUIRED. The name of a service
from the service registry. Service names are
looked up from the platform''s service registry
(e.g., Kubernetes services, Consul services,
etc.) and from the hosts declared by [ServiceEntry](#ServiceEntry).
Traffic forwarded to destinations that are
not found in either of the two, will be dropped. *Note
for Kubernetes users*: When short names are
used (e.g. "reviews" instead of "reviews.default.svc.cluster.local"),
Istio will interpret the short name based
on the namespace of the rule, not the service.
A rule in the "default" namespace containing
a host "reviews will be interpreted as "reviews.default.svc.cluster.local",
irrespective of the actual namespace associated
with the reviews service. _To avoid potential
misconfigurations, it is recommended to always
use fully qualified domain names over short
names._'
type: string
port:
description: Specifies the port on the host
that is being addressed. If a service exposes
only a single port it is not required to explicitly
select the port.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the
service. Applicable only to services within
the mesh. The subset must be defined in a
corresponding DestinationRule.
type: string
required:
- host
type: object
weight:
description: REQUIRED. The proportion of traffic
to be forwarded to the service version. (0-100).
Sum of weights across destinations SHOULD BE ==
100. If there is only destination in a rule, the
weight value is assumed to be 100.
format: int64
type: integer
required:
- destination
- weight
type: object
type: array
required:
- match
- route
type: object
type: array
required:
- hosts
type: object
type: object
type:
description: Strategy type
type: string
type: object
status:
type: object
version: v1alpha2
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

42
config/crds/tenant_v1alpha1_workspace.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: workspaces.tenant.kubesphere.io
spec:
group: tenant.kubesphere.io
names:
kind: Workspace
plural: workspaces
scope: Cluster
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
manager:
type: string
type: object
status:
type: object
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

49
config/default/kustomization.yaml
View File

@@ -1,49 +0,0 @@
# Adds namespace to all resources.
namespace: t-system
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: t-
# Labels to add to all resources and selectors.
#commonLabels:
# someName: someValue
# Each entry in this list must resolve to an existing
# resource definition in YAML. These are the resource
# files that kustomize reads, modifies and emits as a
# YAML string, with resources separated by document
# markers ("---").
resources:
- ../rbac/rbac_role.yaml
- ../rbac/rbac_role_binding.yaml
- ../manager/manager.yaml
# Comment the following 3 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
#- ../rbac/auth_proxy_service.yaml
#- ../rbac/auth_proxy_role.yaml
#- ../rbac/auth_proxy_role_binding.yaml
patches:
- manager_image_patch.yaml
# Protect the /metrics endpoint by putting it behind auth.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
- manager_auth_proxy_patch.yaml
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, uncomment the following line and
# comment manager_auth_proxy_patch.yaml.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
#- manager_prometheus_metrics_patch.yaml
vars:
- name: WEBHOOK_SECRET_NAME
objref:
kind: Secret
name: webhook-server-secret
apiVersion: v1

24
config/default/manager_auth_proxy_patch.yaml
View File

@@ -1,24 +0,0 @@
# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: quay.io/coreos/kube-rbac-proxy:v0.4.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"

12
config/default/manager_image_patch.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: kubespheredev/controller-manager:latest
name: manager

19
config/default/manager_prometheus_metrics_patch.yaml
View File

@@ -1,19 +0,0 @@
# This patch enables Prometheus scraping for the manager pod.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: controller-manager
namespace: system
spec:
template:
metadata:
annotations:
prometheus.io/scrape: 'true'
spec:
containers:
# Expose the prometheus metrics on default port
- name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP

83
config/manager/manager.yaml
View File

@@ -1,83 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
name: system
---
apiVersion: v1
kind: Service
metadata:
name: controller-manager-service
namespace: system
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
selector:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
ports:
- port: 443
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
selector:
matchLabels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
serviceName: controller-manager-service
template:
metadata:
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
containers:
- command:
- ./controller-manager
image: kubespheredev/controller-manager:latest
imagePullPolicy: Always
name: manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SECRET_NAME
value: $(WEBHOOK_SECRET_NAME)
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/cert
name: cert
readOnly: true
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-secret
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-server-secret
namespace: system

13
config/rbac/auth_proxy_role.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]

12
config/rbac/auth_proxy_role_binding.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

20
config/rbac/auth_proxy_service.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8443"
prometheus.io/scheme: https
prometheus.io/scrape: "true"
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"

103
config/rbac/rbac_role.yaml
View File

@@ -1,103 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- namespaces/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- namespaces/status
verbs:
- get
- update
- patch
- apiGroups:
- tenant.kubesphere.io
resources:
- workspaces
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- tenant.kubesphere.io
resources:
- workspaces/status
verbs:
- get
- update
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- create
- update
- patch
- delete

13
config/rbac/rbac_role_binding.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

9
config/samples/servicemesh_v1alpha2_servicepolicy.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: servicemesh.kubesphere.io/v1alpha2
kind: ServicePolicy
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: servicepolicy-sample
spec:
# Add fields here
foo: bar

28
config/samples/servicemesh_v1alpha2_strategy.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: servicemesh.kubesphere.io/v1alpha2
kind: Strategy
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: strategy-sample
spec:
# Add fields here
type: Canary
selector:
matchLabels:
"servicemesh.kubesphere.io/type": "canary"
template:
spec:
service: "details"
principal: "v1"
hosts:
- details
http:
- route:
- destination:
host: "details"
subset: v1
weight: 60
- destination:
host: "details"
subset: v2
weight: 40

8
config/samples/tenant_v1alpha1_workspace.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: tenant.kubesphere.io/v1alpha1
kind: Workspace
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: workspace-sample
spec:
manager: admin

BIN
docs/images/roadmap-en.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 215 KiB

15
hack/boilerplate.go.txt
View File

@@ -1,15 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

16
hack/custom-boilerplate.go.txt
View File

@@ -1,16 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

32
hack/docker_build.sh
View File

@@ -1,32 +0,0 @@
#!/usr/bin/env bash
set -ex
set -o pipefail
REPO=kubespheredev
TAG=latest
# check if build was triggered by a travis cronjob
if [[ ! -v TRAVIS_EVENT_TYPE ]]; then
echo "TRAVIS_EVENT_TYPE is not set, treat as regular build"
elif [[ -z "$TRAVIS_EVENT_TYPE" ]]; then
echo "TRAVIS_EVENT_TYPE is empty, also normaly build"
elif [ $TRAVIS_EVENT_TYPE == "cron" ]; then
TAG=dev-$(date +%Y%m%d)
fi
docker build -f build/ks-apigateway/Dockerfile -t $REPO/ks-apigateway:$TAG .
docker build -f build/ks-apiserver/Dockerfile -t $REPO/ks-apiserver:$TAG .
docker build -f build/ks-iam/Dockerfile -t $REPO/ks-account:$TAG .
docker build -f build/ks-controller-manager/Dockerfile -t $REPO/ks-controller-manager:$TAG .
docker build -f ./pkg/db/Dockerfile -t $REPO/ks-devops:flyway-$TAG ./pkg/db/
# Push image to dockerhub, need to support multiple push
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
docker push $REPO/ks-apigateway:$TAG
docker push $REPO/ks-apiserver:$TAG
docker push $REPO/ks-account:$TAG
docker push $REPO/ks-controller-manager:$TAG
docker push $REPO/ks-devops:flyway-$TAG

45
hack/gobuild.sh
View File

@@ -1,45 +0,0 @@
#!/usr/bin/env bash
# Copyright 2017 KubeSphere Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This script builds and link stamps the output
set -o errexit
set -o nounset
set -o pipefail
VERBOSE=${VERBOSE:-"0"}
V=""
if [[ "${VERBOSE}" == "1" ]];then
V="-x"
set -x
fi
ROOTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
OUTPUT_DIR=bin
BUILDPATH=./${1:?"path to build"}
OUT=${OUTPUT_DIR}/${1:?"output path"}
set -e
BUILD_GOOS=${GOOS:-linux}
BUILD_GOARCH=${GOARCH:-amd64}
GOBINARY=${GOBINARY:-go}
# forgoing -i (incremental build) because it will be deprecated by tool chain.
time GOOS=${BUILD_GOOS} GOARCH=${BUILD_GOARCH} ${GOBINARY} build \
-o ${OUT} \
${BUILDPATH}

80
hack/install_kubebuilder.sh
View File

@@ -1,80 +0,0 @@
#!/bin/sh
#
# This file will be fetched as: curl -L https://git.io/getLatestKubebuilder | sh -
# so it should be pure bourne shell, not bash (and not reference other scripts)
#
# The script fetches the latest kubebuilder release candidate and untars it.
# It lets users to do curl -L https://git.io//getLatestKubebuilder | KUBEBUILDER_VERSION=1.0.5 sh -
# for instance to change the version fetched.
# Check if the program is installed, otherwise exit
function command_exists () {
if ! [ -x "$(command -v $1)" ]; then
echo "Error: $1 program is not installed." >&2
exit 1
fi
}
# Determine OS
OS="$(uname)"
case $OS in
Darwin)
OSEXT="darwin"
;;
Linux)
OSEXT="linux"
;;
*)
echo "Only OSX and Linux OS are supported !"
exit 1
;;
esac
HW=$(uname -m)
case $HW in
x86_64)
ARCH=amd64 ;;
*)
echo "Only x86_64 machines are supported !"
exit 1
;;
esac
# Check if curl, tar commands/programs exist
command_exists curl
command_exists tar
KUBEBUILDER_VERSION=v1.0.8
KUBEBUILDER_VERSION=${KUBEBUILDER_VERSION#"v"}
KUBEBUILDER_VERSION_NAME="kubebuilder_${KUBEBUILDER_VERSION}"
KUBEBUILDER_DIR=/usr/local/kubebuilder
# Check if folder containing kubebuilder executable exists and is not empty
if [ -d "$KUBEBUILDER_DIR" ]; then
if [ "$(ls -A $KUBEBUILDER_DIR)" ]; then
echo "\n/usr/local/kubebuilder folder is not empty. Please delete or backup it before to install ${KUBEBUILDER_VERSION_NAME}"
exit 1
fi
fi
TMP_DIR=$(mktemp -d)
pushd $TMP_DIR
# Downloading Kubebuilder compressed file using curl program
URL="https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${KUBEBUILDER_VERSION}/${KUBEBUILDER_VERSION_NAME}_${OSEXT}_${ARCH}.tar.gz"
echo "Downloading ${KUBEBUILDER_VERSION_NAME}\nfrom $URL\n"
curl -L "$URL"| tar xz -C $TMP_DIR
echo "Downloaded executable files"
ls "${KUBEBUILDER_VERSION_NAME}_${OSEXT}_${ARCH}/bin"
echo "Moving files to $KUBEBUILDER_DIR folder\n"
mv ${KUBEBUILDER_VERSION_NAME}_${OSEXT}_${ARCH} kubebuilder && sudo mv -f kubebuilder /usr/local/
echo "Add kubebuilder to your path; e.g copy paste in your shell and/or edit your ~/.profile file"
echo "export PATH=\$PATH:/usr/local/kubebuilder/bin"
popd
rm -rf $TMP_DIR
export PATH=$PATH:/usr/local/kubebuilder/bin

2
install/scripts/docker_push
View File

@@ -1,4 +1,4 @@
#!/bin/bash
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
docker push kubespheredev/ks-apiserver:latest
docker push kubesphere/ks-apiserver:latest

205
pkg/apigateway/caddy-plugin/authenticate/authenticate.go
View File

@@ -1,205 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authenticate
import (
"errors"
"fmt"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/endpoints/request"
"log"
"net/http"
"strconv"
"strings"
"github.com/dgrijalva/jwt-go"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
type Auth struct {
Rule Rule
Next httpserver.Handler
}
type Rule struct {
Secret []byte
Path string
ExceptedPath []string
}
type User struct {
Username string `json:"username"`
UID string `json:"uid"`
Groups *[]string `json:"groups,omitempty"`
Extra *map[string]interface{} `json:"extra,omitempty"`
}
var requestInfoFactory = request.RequestInfoFactory{
APIPrefixes: sets.NewString("api", "apis", "kapis", "kapi"),
GrouplessAPIPrefixes: sets.NewString("api")}
func (h Auth) ServeHTTP(resp http.ResponseWriter, req *http.Request) (int, error) {
for _, path := range h.Rule.ExceptedPath {
if httpserver.Path(req.URL.Path).Matches(path) {
return h.Next.ServeHTTP(resp, req)
}
}
if httpserver.Path(req.URL.Path).Matches(h.Rule.Path) {
uToken, err := h.ExtractToken(req)
if err != nil {
return h.HandleUnauthorized(resp, err), nil
}
token, err := h.Validate(uToken)
if err != nil {
return h.HandleUnauthorized(resp, err), nil
}
req, err = h.InjectContext(req, token)
if err != nil {
return h.HandleUnauthorized(resp, err), nil
}
}
return h.Next.ServeHTTP(resp, req)
}
func (h Auth) InjectContext(req *http.Request, token *jwt.Token) (*http.Request, error) {
payLoad, ok := token.Claims.(jwt.MapClaims)
if !ok {
return nil, errors.New("invalid payload")
}
for header := range req.Header {
if strings.HasPrefix(header, "X-Token-") {
req.Header.Del(header)
}
}
usr := &user.DefaultInfo{}
username, ok := payLoad["username"].(string)
if ok && username != "" {
req.Header.Set("X-Token-Username", username)
usr.Name = username
}
uid := payLoad["uid"]
if uid != nil {
switch uid.(type) {
case int:
req.Header.Set("X-Token-UID", strconv.Itoa(uid.(int)))
usr.UID = strconv.Itoa(uid.(int))
break
case string:
req.Header.Set("X-Token-UID", uid.(string))
usr.UID = uid.(string)
break
}
}
groups, ok := payLoad["groups"].([]string)
if ok && len(groups) > 0 {
req.Header.Set("X-Token-Groups", strings.Join(groups, ","))
usr.Groups = groups
}
// hard code, support jenkins auth plugin
if httpserver.Path(req.URL.Path).Matches("/kapis/jenkins.kubesphere.io") ||
httpserver.Path(req.URL.Path).Matches("job") ||
httpserver.Path(req.URL.Path).Matches("/kapis/devops.kubesphere.io/v1alpha2") {
req.SetBasicAuth(username, token.Raw)
}
context := request.WithUser(req.Context(), usr)
requestInfo, err := requestInfoFactory.NewRequestInfo(req)
if err == nil {
context = request.WithRequestInfo(context, requestInfo)
} else {
return nil, err
}
req = req.WithContext(context)
return req, nil
}
func (h Auth) Validate(uToken string) (*jwt.Token, error) {
if len(uToken) == 0 {
return nil, fmt.Errorf("token length is zero")
}
token, err := jwt.Parse(uToken, h.ProvideKey)
if err != nil {
return nil, err
}
return token, nil
}
func (h Auth) HandleUnauthorized(w http.ResponseWriter, err error) int {
message := fmt.Sprintf("Unauthorized,%v", err)
w.Header().Add("WWW-Authenticate", message)
log.Println(message)
return http.StatusUnauthorized
}
func (h Auth) ExtractToken(r *http.Request) (string, error) {
jwtHeader := strings.Split(r.Header.Get("Authorization"), " ")
if jwtHeader[0] == "Bearer" && len(jwtHeader) == 2 {
return jwtHeader[1], nil
}
jwtCookie, err := r.Cookie("token")
if err == nil {
return jwtCookie.Value, nil
}
jwtQuery := r.URL.Query().Get("token")
if jwtQuery != "" {
return jwtQuery, nil
}
return "", fmt.Errorf("no token found")
}
func (h Auth) ProvideKey(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); ok {
return h.Rule.Secret, nil
} else {
return nil, fmt.Errorf("expect token signed with HMAC but got %v", token.Header["alg"])
}
}

110
pkg/apigateway/caddy-plugin/authenticate/auto_load.go
View File

@@ -1,110 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authenticate
import (
"fmt"
"strings"
"github.com/mholt/caddy"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
func init() {
caddy.RegisterPlugin("authenticate", caddy.Plugin{
ServerType: "http",
Action: Setup,
})
}
func Setup(c *caddy.Controller) error {
rule, err := parse(c)
if err != nil {
return err
}
c.OnStartup(func() error {
fmt.Println("Authenticate middleware is initiated")
return nil
})
httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler {
return &Auth{Next: next, Rule: rule}
})
return nil
}
func parse(c *caddy.Controller) (Rule, error) {
rule := Rule{ExceptedPath: make([]string, 0)}
if c.Next() {
args := c.RemainingArgs()
switch len(args) {
case 0:
for c.NextBlock() {
switch c.Val() {
case "path":
if !c.NextArg() {
return rule, c.ArgErr()
}
rule.Path = c.Val()
if c.NextArg() {
return rule, c.ArgErr()
}
case "secret":
if !c.NextArg() {
return rule, c.ArgErr()
}
rule.Secret = []byte(c.Val())
if c.NextArg() {
return rule, c.ArgErr()
}
case "except":
if !c.NextArg() {
return rule, c.ArgErr()
}
rule.ExceptedPath = strings.Split(c.Val(), ",")
for i := 0; i < len(rule.ExceptedPath); i++ {
rule.ExceptedPath[i] = strings.TrimSpace(rule.ExceptedPath[i])
}
if c.NextArg() {
return rule, c.ArgErr()
}
}
}
default:
return rule, c.ArgErr()
}
}
if c.Next() {
return rule, c.ArgErr()
}
return rule, nil
}

305
pkg/apigateway/caddy-plugin/authentication/authentication.go
View File

@@ -1,305 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authentication
import (
"context"
"errors"
"fmt"
"k8s.io/apiserver/pkg/authorization/authorizer"
"k8s.io/apiserver/pkg/endpoints/request"
"kubesphere.io/kubesphere/pkg/utils/k8sutil"
"log"
"net/http"
"strings"
"github.com/mholt/caddy/caddyhttp/httpserver"
"k8s.io/api/rbac/v1"
k8serr "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
)
type Authentication struct {
Rule Rule
Next httpserver.Handler
}
type Rule struct {
Path string
ExceptedPath []string
}
func (c Authentication) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
if httpserver.Path(r.URL.Path).Matches(c.Rule.Path) {
for _, path := range c.Rule.ExceptedPath {
if httpserver.Path(r.URL.Path).Matches(path) {
return c.Next.ServeHTTP(w, r)
}
}
attrs, err := getAuthorizerAttributes(r.Context())
// without authenticate, no requestInfo found in the context
if err != nil {
return c.Next.ServeHTTP(w, r)
}
permitted, err := permissionValidate(attrs)
if err != nil {
return http.StatusInternalServerError, err
}
if !permitted {
err = k8serr.NewForbidden(schema.GroupResource{Group: attrs.GetAPIGroup(), Resource: attrs.GetResource()}, attrs.GetName(), fmt.Errorf("permission undefined"))
return handleForbidden(w, err), nil
}
}
return c.Next.ServeHTTP(w, r)
}
func handleForbidden(w http.ResponseWriter, err error) int {
message := fmt.Sprintf("Forbidden,%s", err.Error())
w.Header().Add("WWW-Authenticate", message)
log.Println(message)
return http.StatusForbidden
}
func permissionValidate(attrs authorizer.Attributes) (bool, error) {
if attrs.GetResource() == "users" && attrs.GetUser().GetName() == attrs.GetName() {
return true, nil
}
permitted, err := clusterRoleValidate(attrs)
if err != nil {
log.Println("lister error", err)
return false, err
}
if permitted {
return true, nil
}
if attrs.GetNamespace() != "" {
permitted, err = roleValidate(attrs)
if err != nil {
log.Println("lister error", err)
return false, err
}
if permitted {
return true, nil
}
}
return false, nil
}
func roleValidate(attrs authorizer.Attributes) (bool, error) {
roleBindingLister := informers.SharedInformerFactory().Rbac().V1().RoleBindings().Lister()
roleLister := informers.SharedInformerFactory().Rbac().V1().Roles().Lister()
roleBindings, err := roleBindingLister.RoleBindings(attrs.GetNamespace()).List(labels.Everything())
if err != nil {
return false, err
}
fullSource := attrs.GetResource()
if attrs.GetSubresource() != "" {
fullSource = fullSource + "/" + attrs.GetSubresource()
}
for _, roleBinding := range roleBindings {
if k8sutil.ContainsUser(roleBinding.Subjects, attrs.GetUser().GetName()) {
role, err := roleLister.Roles(attrs.GetNamespace()).Get(roleBinding.RoleRef.Name)
if err != nil {
if k8serr.IsNotFound(err) {
continue
}
return false, err
}
for _, rule := range role.Rules {
if ruleMatchesRequest(rule, attrs.GetAPIGroup(), "", attrs.GetResource(), attrs.GetSubresource(), attrs.GetName(), attrs.GetVerb()) {
return true, nil
}
}
}
}
return false, nil
}
func clusterRoleValidate(attrs authorizer.Attributes) (bool, error) {
clusterRoleBindingLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
clusterRoleBindings, err := clusterRoleBindingLister.List(labels.Everything())
clusterRoleLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
if err != nil {
return false, err
}
for _, clusterRoleBinding := range clusterRoleBindings {
if k8sutil.ContainsUser(clusterRoleBinding.Subjects, attrs.GetUser().GetName()) {
clusterRole, err := clusterRoleLister.Get(clusterRoleBinding.RoleRef.Name)
if err != nil {
if k8serr.IsNotFound(err) {
continue
}
return false, err
}
for _, rule := range clusterRole.Rules {
if attrs.IsResourceRequest() {
if ruleMatchesRequest(rule, attrs.GetAPIGroup(), "", attrs.GetResource(), attrs.GetSubresource(), attrs.GetName(), attrs.GetVerb()) {
return true, nil
}
} else {
if ruleMatchesRequest(rule, "", attrs.GetPath(), "", "", "", attrs.GetVerb()) {
return true, nil
}
}
}
}
}
return false, nil
}
func ruleMatchesResources(rule v1.PolicyRule, apiGroup string, resource string, subresource string, resourceName string) bool {
if resource == "" {
return false
}
if !sliceutil.HasString(rule.APIGroups, apiGroup) && !sliceutil.HasString(rule.APIGroups, v1.ResourceAll) {
return false
}
if len(rule.ResourceNames) > 0 && !sliceutil.HasString(rule.ResourceNames, resourceName) {
return false
}
combinedResource := resource
if subresource != "" {
combinedResource = combinedResource + "/" + subresource
}
for _, res := range rule.Resources {
// match "*"
if res == v1.ResourceAll || res == combinedResource {
return true
}
// match "*/subresource"
if len(subresource) > 0 && strings.HasPrefix(res, "*/") && subresource == strings.TrimLeft(res, "*/") {
return true
}
// match "resource/*"
if strings.HasSuffix(res, "/*") && resource == strings.TrimRight(res, "/*") {
return true
}
}
return false
}
func ruleMatchesRequest(rule v1.PolicyRule, apiGroup string, nonResourceURL string, resource string, subresource string, resourceName string, verb string) bool {
if !sliceutil.HasString(rule.Verbs, verb) && !sliceutil.HasString(rule.Verbs, v1.VerbAll) {
return false
}
if nonResourceURL == "" {
return ruleMatchesResources(rule, apiGroup, resource, subresource, resourceName)
} else {
return ruleMatchesNonResource(rule, nonResourceURL)
}
}
func ruleMatchesNonResource(rule v1.PolicyRule, nonResourceURL string) bool {
if nonResourceURL == "" {
return false
}
for _, spec := range rule.NonResourceURLs {
if pathMatches(nonResourceURL, spec) {
return true
}
}
return false
}
func pathMatches(path, spec string) bool {
if spec == "*" {
return true
}
if spec == path {
return true
}
if strings.HasSuffix(spec, "*") && strings.HasPrefix(path, strings.TrimRight(spec, "*")) {
return true
}
return false
}
func getAuthorizerAttributes(ctx context.Context) (authorizer.Attributes, error) {
attribs := authorizer.AttributesRecord{}
user, ok := request.UserFrom(ctx)
if ok {
attribs.User = user
}
requestInfo, found := request.RequestInfoFrom(ctx)
if !found {
return nil, errors.New("no RequestInfo found in the context")
}
// Start with common attributes that apply to resource and non-resource requests
attribs.ResourceRequest = requestInfo.IsResourceRequest
attribs.Path = requestInfo.Path
attribs.Verb = requestInfo.Verb
attribs.APIGroup = requestInfo.APIGroup
attribs.APIVersion = requestInfo.APIVersion
attribs.Resource = requestInfo.Resource
attribs.Subresource = requestInfo.Subresource
attribs.Namespace = requestInfo.Namespace
attribs.Name = requestInfo.Name
return &attribs, nil
}

123
pkg/apigateway/caddy-plugin/authentication/auto_load.go
View File

@@ -1,123 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authentication
import (
"fmt"
"strings"
"github.com/mholt/caddy"
"github.com/mholt/caddy/caddyhttp/httpserver"
"kubesphere.io/kubesphere/pkg/informers"
)
func init() {
caddy.RegisterPlugin("authentication", caddy.Plugin{
ServerType: "http",
Action: Setup,
})
}
// Setup is called by Caddy to parse the config block
func Setup(c *caddy.Controller) error {
rule, err := parse(c)
if err != nil {
return err
}
stopChan := make(chan struct{}, 0)
c.OnStartup(func() error {
informerFactory := informers.SharedInformerFactory()
informerFactory.Rbac().V1().Roles().Lister()
informerFactory.Rbac().V1().RoleBindings().Lister()
informerFactory.Rbac().V1().ClusterRoles().Lister()
informerFactory.Rbac().V1().ClusterRoleBindings().Lister()
informerFactory.Start(stopChan)
informerFactory.WaitForCacheSync(stopChan)
fmt.Println("Authentication middleware is initiated")
return nil
})
c.OnShutdown(func() error {
close(stopChan)
return nil
})
httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler {
return &Authentication{Next: next, Rule: rule}
})
return nil
}
func parse(c *caddy.Controller) (Rule, error) {
rule := Rule{ExceptedPath: make([]string, 0)}
if c.Next() {
args := c.RemainingArgs()
switch len(args) {
case 0:
for c.NextBlock() {
switch c.Val() {
case "path":
if !c.NextArg() {
return rule, c.ArgErr()
}
rule.Path = c.Val()
if c.NextArg() {
return rule, c.ArgErr()
}
break
case "except":
if !c.NextArg() {
return rule, c.ArgErr()
}
rule.ExceptedPath = strings.Split(c.Val(), ",")
for i := 0; i < len(rule.ExceptedPath); i++ {
rule.ExceptedPath[i] = strings.TrimSpace(rule.ExceptedPath[i])
}
if c.NextArg() {
return rule, c.ArgErr()
}
break
}
}
case 1:
rule.Path = args[0]
if c.NextBlock() {
return rule, c.ArgErr()
}
default:
return rule, c.ArgErr()
}
}
if c.Next() {
return rule, c.ArgErr()
}
return rule, nil
}

100
pkg/apigateway/caddy-plugin/swagger/auto_load.go
View File

@@ -1,100 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authenticate
import (
"fmt"
"net/http"
"github.com/mholt/caddy"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
func init() {
caddy.RegisterPlugin("swagger", caddy.Plugin{
ServerType: "http",
Action: Setup,
})
}
func Setup(c *caddy.Controller) error {
handler, err := parse(c)
if err != nil {
return err
}
c.OnStartup(func() error {
fmt.Println("Swagger middleware is initiated")
return nil
})
httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler {
return &Swagger{Next: next, Handler: handler}
})
return nil
}
func parse(c *caddy.Controller) (Handler, error) {
handler := Handler{URL: "/swagger-ui", FilePath: "/var/static/swagger-ui"}
if c.Next() {
args := c.RemainingArgs()
switch len(args) {
case 0:
for c.NextBlock() {
switch c.Val() {
case "url":
if !c.NextArg() {
return handler, c.ArgErr()
}
handler.URL = c.Val()
if c.NextArg() {
return handler, c.ArgErr()
}
case "filePath":
if !c.NextArg() {
return handler, c.ArgErr()
}
handler.FilePath = c.Val()
if c.NextArg() {
return handler, c.ArgErr()
}
default:
return handler, c.ArgErr()
}
}
default:
return handler, c.ArgErr()
}
}
if c.Next() {
return handler, c.ArgErr()
}
handler.Handler = http.StripPrefix(handler.URL, http.FileServer(http.Dir(handler.FilePath)))
return handler, nil
}

45
pkg/apigateway/caddy-plugin/swagger/swagger.go
View File

@@ -1,45 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package authenticate
import (
"net/http"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
type Swagger struct {
Handler Handler
Next httpserver.Handler
}
type Handler struct {
URL string
FilePath string
Handler http.Handler
}
func (h Swagger) ServeHTTP(resp http.ResponseWriter, req *http.Request) (int, error) {
if httpserver.Path(req.URL.Path).Matches(h.Handler.URL) {
h.Handler.Handler.ServeHTTP(resp, req)
return http.StatusOK, nil
}
return h.Next.ServeHTTP(resp, req)
}

35
pkg/apis/addtoscheme_servicemesh_v1alpha2.go
View File

@@ -1,35 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package apis
import (
"github.com/knative/pkg/apis/istio/v1alpha3"
"kubesphere.io/kubesphere/pkg/apis/servicemesh/v1alpha2"
"github.com/kubernetes-sigs/application/pkg/apis/app/v1beta1"
)
func init() {
// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
AddToSchemes = append(AddToSchemes, v1alpha2.SchemeBuilder.AddToScheme)
// Register networking.istio.io/v1alpha3
AddToSchemes = append(AddToSchemes, v1alpha3.SchemeBuilder.AddToScheme)
// Register application scheme
AddToSchemes = append(AddToSchemes, v1beta1.SchemeBuilder.AddToScheme)
}

10
pkg/apis/addtoscheme_tenant_v1alpha1.go
View File

@@ -1,10 +0,0 @@
package apis
import (
"kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
)
func init() {
// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
AddToSchemes = append(AddToSchemes, v1alpha1.SchemeBuilder.AddToScheme)
}

30
pkg/apis/apis.go
View File

@@ -1,30 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package apis contains KubeSphere API groups.
package apis
import (
"k8s.io/apimachinery/pkg/runtime"
)
// AddToSchemes may be used to add all resources defined in the project to a Scheme
var AddToSchemes runtime.SchemeBuilder
// AddToScheme adds all Resources to the Scheme
func AddToScheme(s *runtime.Scheme) error {
return AddToSchemes.AddToScheme(s)
}

34
pkg/apis/devops/install/install.go
View File

@@ -1,34 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package install
import (
"github.com/emicklei/go-restful"
urlruntime "k8s.io/apimachinery/pkg/util/runtime"
devopsv1alpha2 "kubesphere.io/kubesphere/pkg/apis/devops/v1alpha2"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
func init() {
Install(runtime.Container)
}
func Install(container *restful.Container) {
urlruntime.Must(devopsv1alpha2.AddToContainer(container))
}

801
pkg/apis/devops/v1alpha2/register.go
View File

@@ -1,801 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/emicklei/go-restful"
"github.com/emicklei/go-restful-openapi"
"k8s.io/apimachinery/pkg/runtime/schema"
devopsapi "kubesphere.io/kubesphere/pkg/apiserver/devops"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/models/devops"
"kubesphere.io/kubesphere/pkg/params"
"net/http"
)
const (
GroupName = "devops.kubesphere.io"
RespOK = "ok"
)
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
var (
WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
AddToContainer = WebServiceBuilder.AddToContainer
)
func addWebService(c *restful.Container) error {
webservice := runtime.NewWebService(GroupVersion)
tags := []string{"DevOps"}
webservice.Route(webservice.GET("/devops/{devops}").
To(devopsapi.GetDevOpsProjectHandler).
Doc("get devops project").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Returns(http.StatusOK, RespOK, devops.DevOpsProject{}).
Writes(devops.DevOpsProject{}))
webservice.Route(webservice.PATCH("/devops/{devops}").
To(devopsapi.UpdateProjectHandler).
Doc("get devops project").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Returns(http.StatusOK, RespOK, devops.DevOpsProject{}).
Writes(devops.DevOpsProject{}))
webservice.Route(webservice.GET("/devops/{devops}/defaultroles").
To(devopsapi.GetDevOpsProjectDefaultRoles).
Doc("get devops project defaultroles").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Returns(http.StatusOK, RespOK, []devops.Role{}).
Writes([]devops.Role{}))
webservice.Route(webservice.GET("/devops/{devops}/members").
To(devopsapi.GetDevOpsProjectMembersHandler).
Doc("get devops project members").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.QueryParameter(params.PagingParam, "page").
Required(false).
DataFormat("limit=%d,page=%d").
DefaultValue("limit=10,page=1")).
Param(webservice.QueryParameter(params.ConditionsParam, "query conditions").
Required(false).
DataFormat("key=%s,key~%s")).
Returns(http.StatusOK, RespOK, []devops.DevOpsProjectMembership{}).
Writes([]devops.DevOpsProjectMembership{}))
webservice.Route(webservice.GET("/devops/{devops}/members/{members}").
To(devopsapi.GetDevOpsProjectMemberHandler).
Doc("get devops project member").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("members", "member's username")).
Returns(http.StatusOK, RespOK, devops.DevOpsProjectMembership{}).
Writes(devops.DevOpsProjectMembership{}))
webservice.Route(webservice.POST("/devops/{devops}/members").
To(devopsapi.AddDevOpsProjectMemberHandler).
Doc("add devops project members").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Returns(http.StatusOK, RespOK, devops.DevOpsProjectMembership{}).
Writes(devops.DevOpsProjectMembership{}))
webservice.Route(webservice.PATCH("/devops/{devops}/members/{members}").
To(devopsapi.UpdateDevOpsProjectMemberHandler).
Doc("update devops project members").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("members", "member's username")).
Reads(devops.DevOpsProjectMembership{}).
Writes(devops.DevOpsProjectMembership{}))
webservice.Route(webservice.DELETE("/devops/{devops}/members/{members}").
To(devopsapi.DeleteDevOpsProjectMemberHandler).
Doc("delete devops project members").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("members", "member's username")).
Writes(devops.DevOpsProjectMembership{}))
webservice.Route(webservice.POST("/devops/{devops}/pipelines").
To(devopsapi.CreateDevOpsProjectPipelineHandler).
Doc("add devops project pipeline").
Param(webservice.PathParameter("devops", "devops project's Id")).
Metadata(restfulspec.KeyOpenAPITags, tags).
Returns(http.StatusOK, RespOK, devops.ProjectPipeline{}).
Writes(devops.ProjectPipeline{}).
Reads(devops.ProjectPipeline{}))
webservice.Route(webservice.PUT("/devops/{devops}/pipelines/{pipelines}").
To(devopsapi.UpdateDevOpsProjectPipelineHandler).
Doc("update devops project pipeline").
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("pipelines", "pipeline name")).
Metadata(restfulspec.KeyOpenAPITags, tags).
Returns(http.StatusOK, RespOK, devops.ProjectPipeline{}).
Writes(devops.ProjectPipeline{}).
Reads(devops.ProjectPipeline{}))
webservice.Route(webservice.GET("/devops/{devops}/pipelines/{pipelines}/config").
To(devopsapi.GetDevOpsProjectPipelineHandler).
Doc("get devops project pipeline config").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("pipelines", "pipeline name")).
Returns(http.StatusOK, RespOK, devops.ProjectPipeline{}).
Writes(devops.ProjectPipeline{}))
webservice.Route(webservice.GET("/devops/{devops}/pipelines/{pipelines}/sonarStatus").
To(devopsapi.GetPipelineSonarStatusHandler).
Doc("get devops project pipeline sonarStatus").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("pipelines", "pipeline name")).
Returns(http.StatusOK, RespOK, []devops.SonarStatus{}).
Writes([]devops.SonarStatus{}))
webservice.Route(webservice.GET("/devops/{devops}/pipelines/{pipelines}/branches/{branches}/sonarStatus").
To(devopsapi.GetMultiBranchesPipelineSonarStatusHandler).
Doc("get devops project pipeline sonarStatus").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("pipelines", "pipeline name")).
Param(webservice.PathParameter("branches", "branch name")).
Returns(http.StatusOK, RespOK, []devops.SonarStatus{}).
Writes([]devops.SonarStatus{}))
webservice.Route(webservice.DELETE("/devops/{devops}/pipelines/{pipelines}").
To(devopsapi.DeleteDevOpsProjectPipelineHandler).
Doc("delete devops project pipeline").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("pipelines", "pipeline name")))
webservice.Route(webservice.POST("/devops/{devops}/credentials").
To(devopsapi.CreateDevOpsProjectCredentialHandler).
Doc("add project credential pipeline").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Reads(devops.JenkinsCredential{}))
webservice.Route(webservice.PUT("/devops/{devops}/credentials/{credentials}").
To(devopsapi.UpdateDevOpsProjectCredentialHandler).
Doc("update project credential pipeline").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("credentials", "credential's Id")).
Reads(devops.JenkinsCredential{}))
webservice.Route(webservice.DELETE("/devops/{devops}/credentials/{credentials}").
To(devopsapi.DeleteDevOpsProjectCredentialHandler).
Doc("delete project credential pipeline").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("credentials", "credential's Id")))
webservice.Route(webservice.GET("/devops/{devops}/credentials/{credentials}").
To(devopsapi.GetDevOpsProjectCredentialHandler).
Doc("get project credential pipeline").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("credentials", "credential's Id")).
Param(webservice.QueryParameter("domain", "credential's domain")).
Param(webservice.QueryParameter("content", "get additional content")).
Returns(http.StatusOK, RespOK, devops.JenkinsCredential{}).
Reads(devops.JenkinsCredential{}))
webservice.Route(webservice.GET("/devops/{devops}/credentials").
To(devopsapi.GetDevOpsProjectCredentialsHandler).
Doc("get project credential pipeline").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("devops", "devops project's Id")).
Param(webservice.PathParameter("credentials", "credential's Id")).
Param(webservice.QueryParameter("domain", "credential's domain")).
Returns(http.StatusOK, RespOK, []devops.JenkinsCredential{}).
Reads([]devops.JenkinsCredential{}))
// match Jenkisn api "/blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}"
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}").
To(devopsapi.GetPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get DevOps Pipelines.").
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("projectName", "devops project name")).
Returns(http.StatusOK, RespOK, devops.Pipeline{}).
Writes(devops.Pipeline{}))
// match Jenkisn api: "jenkins_api/blue/rest/search"
webservice.Route(webservice.GET("/devops/search").
To(devopsapi.SearchPipelines).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Search DevOps resource.").
Param(webservice.QueryParameter("q", "query pipelines").
Required(false).
DataFormat("q=%s")).
Param(webservice.QueryParameter("filter", "filter resource").
Required(false).
DataFormat("filter=%s")).
Param(webservice.QueryParameter("start", "start page").
Required(false).
DataFormat("start=%d")).
Param(webservice.QueryParameter("limit", "limit count").
Required(false).
DataFormat("limit=%d")).
Returns(http.StatusOK, RespOK, []devops.Pipeline{}).
Writes([]devops.Pipeline{}))
// match Jenkisn api "/blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/runs/"
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/runs").
To(devopsapi.SearchPipelineRuns).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Search DevOps Pipelines runs in branch.").
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.QueryParameter("start", "start page").
Required(false).
DataFormat("start=%d")).
Param(webservice.QueryParameter("limit", "limit count").
Required(false).
DataFormat("limit=%d")).
Param(webservice.QueryParameter("branch", "branch ").
Required(false).
DataFormat("branch=%s")).
Returns(http.StatusOK, RespOK, []devops.BranchPipelineRun{}).
Writes([]devops.BranchPipelineRun{}))
// match Jenkins api "/blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/branches/{branchName}/runs/{runId}/"
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}").
To(devopsapi.GetBranchPipelineRun).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get DevOps Pipelines run in branch.").
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("start", "start").
Required(false).
DataFormat("start=%d")).
Returns(http.StatusOK, RespOK, devops.BranchPipelineRun{}).
Writes(devops.BranchPipelineRun{}))
// match Jenkins api "/blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/branches/{branchName}/runs/{runId}/nodes"
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/nodes").
To(devopsapi.GetPipelineRunNodesbyBranch).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get node on DevOps Pipelines run.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("limit", "limit").
Required(false).
DataFormat("limit=%d").
DefaultValue("limit=10000")).
Returns(http.StatusOK, RespOK, []devops.BranchPipelineRunNodes{}).
Writes([]devops.BranchPipelineRunNodes{}))
// match "/blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/branches/{branchName}/runs/{runId}/nodes/{nodeId}/steps/{stepId}/log/?start=0"
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/nodes/{nodeId}/steps/{stepId}/log").
To(devopsapi.GetBranchStepLog).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get pipelines step log.").
Produces("text/plain; charset=utf-8").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.PathParameter("nodeId", "pipeline runs node id")).
Param(webservice.PathParameter("stepId", "pipeline runs step id")).
Param(webservice.QueryParameter("start", "start").
Required(true).
DataFormat("start=%d").
DefaultValue("start=0")))
// match "/blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/runs/{runId}/nodes/{nodeId}/steps/{stepId}/log/?start=0"
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/nodes/{nodeId}/steps/{stepId}/log").
To(devopsapi.GetStepLog).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get pipelines step log.").
Produces("text/plain; charset=utf-8").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.PathParameter("nodeId", "pipeline runs node id")).
Param(webservice.PathParameter("stepId", "pipeline runs step id")).
Param(webservice.QueryParameter("start", "start").
Required(true).
DataFormat("start=%d").
DefaultValue("start=0")))
// match "/blue/rest/organizations/jenkins/scm/github/validate/"
webservice.Route(webservice.PUT("/devops/scm/{scmId}/validate").
To(devopsapi.Validate).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Validate Github personal access token.").
Param(webservice.PathParameter("scmId", "SCM id")).
Returns(http.StatusOK, RespOK, devops.Validates{}).
Writes(devops.Validates{}))
// match "/blue/rest/organizations/jenkins/scm/{scmId}/organizations/?credentialId=github"
webservice.Route(webservice.GET("/devops/scm/{scmId}/organizations").
To(devopsapi.GetSCMOrg).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("List organizations of SCM").
Param(webservice.PathParameter("scmId", "SCM id")).
Param(webservice.QueryParameter("credentialId", "credential id for SCM").
Required(true).
DataFormat("credentialId=%s")).
Returns(http.StatusOK, RespOK, []devops.SCMOrg{}).
Writes([]devops.SCMOrg{}))
// match "/blue/rest/organizations/jenkins/scm/{scmId}/organizations/{organizationId}/repositories/?credentialId=&pageNumber&pageSize="
webservice.Route(webservice.GET("/devops/scm/{scmId}/organizations/{organizationId}/repositories").
To(devopsapi.GetOrgRepo).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get SCM repositories in an organization").
Param(webservice.PathParameter("scmId", "SCM id")).
Param(webservice.PathParameter("organizationId", "organization Id, such as github username")).
Param(webservice.QueryParameter("credentialId", "credential id for SCM").
Required(true).
DataFormat("credentialId=%s")).
Param(webservice.QueryParameter("pageNumber", "page number").
Required(true).
DataFormat("pageNumber=%d")).
Param(webservice.QueryParameter("pageSize", "page size").
Required(true).
DataFormat("pageSize=%d")).
Returns(http.StatusOK, RespOK, []devops.OrgRepo{}).
Writes([]devops.OrgRepo{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/stop/
webservice.Route(webservice.PUT("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/stop").
To(devopsapi.StopBranchPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Stop pipeline in running").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("blocking", "stop and between each retries will sleep").
Required(false).
DataFormat("blocking=%t").
DefaultValue("blocking=false")).
Param(webservice.QueryParameter("timeOutInSecs", "the time of stop and between each retries sleep").
Required(false).
DataFormat("timeOutInSecs=%d").
DefaultValue("timeOutInSecs=10")).
Returns(http.StatusOK, RespOK, devops.StopPipe{}).
Writes(devops.StopPipe{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/pipelines/{pipelineName}/runs/{runId}/stop/
webservice.Route(webservice.PUT("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/stop").
To(devopsapi.StopPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Stop pipeline in running").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("blocking", "stop and between each retries will sleep").
Required(false).
DataFormat("blocking=%t").
DefaultValue("blocking=false")).
Param(webservice.QueryParameter("timeOutInSecs", "the time of stop and between each retries sleep").
Required(false).
DataFormat("timeOutInSecs=%d").
DefaultValue("timeOutInSecs=10")).
Returns(http.StatusOK, RespOK, devops.StopPipe{}).
Writes(devops.StopPipe{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/Replay/
webservice.Route(webservice.POST("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/replay").
To(devopsapi.ReplayBranchPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Replay pipeline").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Returns(http.StatusOK, RespOK, devops.ReplayPipe{}).
Writes(devops.ReplayPipe{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/pipelines/{pipelineName}/runs/{runId}/Replay/
webservice.Route(webservice.POST("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/replay").
To(devopsapi.ReplayPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Replay pipeline").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Returns(http.StatusOK, RespOK, devops.ReplayPipe{}).
Writes(devops.ReplayPipe{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/branches/{branchName}/runs/{runId}/log/?start=0
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/log").
To(devopsapi.GetBranchRunLog).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get Pipelines run log.").
Produces("text/plain; charset=utf-8").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("start", "start").
Required(true).
DataFormat("start=%d").
DefaultValue("start=0")))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/runs/{runId}/log/?start=0
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/log").
To(devopsapi.GetRunLog).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get Pipelines run log.").
Produces("text/plain; charset=utf-8").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("start", "start").
Required(true).
DataFormat("start=%d").
DefaultValue("start=0")))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/branches/{branchName}/runs/{runId}/artifacts
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/artifacts").
To(devopsapi.GetBranchArtifacts).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get pipeline artifacts.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("start", "start page").
Required(false).
DataFormat("start=%d")).
Param(webservice.QueryParameter("limit", "limit count").
Required(false).
DataFormat("limit=%d")).
Returns(http.StatusOK, "The filed of \"Url\" in response can download artifacts", []devops.Artifacts{}).
Writes([]devops.Artifacts{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/runs/{runId}/artifacts
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/artifacts").
To(devopsapi.GetArtifacts).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get pipeline artifacts.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("start", "start page").
Required(false).
DataFormat("start=%d")).
Param(webservice.QueryParameter("limit", "limit count").
Required(false).
DataFormat("limit=%d")).
Returns(http.StatusOK, "The filed of \"Url\" in response can download artifacts", []devops.Artifacts{}).
Writes([]devops.Artifacts{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/branches/?filter=&start&limit=
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches").
To(devopsapi.GetPipeBranch).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get pipeline of branch.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.QueryParameter("filter", "filter remote").
Required(true).
DataFormat("filter=%s")).
Param(webservice.QueryParameter("start", "start").
Required(true).
DataFormat("start=%d")).
Param(webservice.QueryParameter("limit", "limit count").
Required(true).
DataFormat("limit=%d")).
Returns(http.StatusOK, RespOK, []devops.PipeBranch{}).
Writes([]devops.PipeBranch{}))
// /blue/rest/organizations/jenkins/pipelines/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/nodes/{nodeId}/steps/{stepId}
webservice.Route(webservice.POST("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/nodes/{nodeId}/steps/{stepId}").
To(devopsapi.CheckBranchPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Pauses pipeline execution and allows the user to interact and control the flow of the build.").
Reads(devops.CheckPlayload{}).
Produces("text/plain; charset=utf-8").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.PathParameter("nodeId", "pipeline node id")).
Param(webservice.PathParameter("stepId", "pipeline step id")))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/pipelines/{pipelineName}/runs/{runId}/nodes/{nodeId}/steps/{stepId}
webservice.Route(webservice.POST("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/nodes/{nodeId}/steps/{stepId}").
To(devopsapi.CheckPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Pauses pipeline execution and allows the user to interact and control the flow of the build.").
Reads(devops.CheckPlayload{}).
Produces("text/plain; charset=utf-8").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.PathParameter("nodeId", "pipeline node id")).
Param(webservice.PathParameter("stepId", "pipeline step id")))
// match /job/project-8QnvykoJw4wZ/job/test-1/indexing/consoleText
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/console/log").
To(devopsapi.GetConsoleLog).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get index console log.").
Produces("text/plain; charset=utf-8").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")))
// match /job/{projectName}/job/{pipelineName}/build?delay=0
webservice.Route(webservice.POST("/devops/{projectName}/pipelines/{pipelineName}/scan").
To(devopsapi.ScanBranch).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Start a build.").
Produces("text/html; charset=utf-8").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.QueryParameter("delay", "delay time").
Required(true).
DataFormat("delay=%d")))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/branches/{}/runs/
webservice.Route(webservice.POST("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/run").
To(devopsapi.RunBranchPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Run pipeline.").
Reads(devops.RunPayload{}).
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Returns(http.StatusOK, RespOK, devops.QueuedBlueRun{}).
Writes(devops.QueuedBlueRun{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/runs/
webservice.Route(webservice.POST("/devops/{projectName}/pipelines/{pipelineName}/run").
To(devopsapi.RunPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Run pipeline.").
Reads(devops.RunPayload{}).
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Returns(http.StatusOK, RespOK, devops.QueuedBlueRun{}).
Writes(devops.QueuedBlueRun{}))
// match /pipeline_status/blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/branches/{branchName}/runs/{runId}/nodes/?limit=
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/nodes/{nodeId}/steps/status").
To(devopsapi.GetBranchStepsStatus).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get pipeline steps status.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline run name")).
Param(webservice.PathParameter("nodeId", "pipeline node id")).
Param(webservice.QueryParameter("limit", "limit count").
Required(true).
DataFormat("limit=%d")).
Returns(http.StatusOK, RespOK, []devops.QueuedBlueRun{}).
Writes([]devops.QueuedBlueRun{}))
// match /pipeline_status/blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/runs/{runId}/nodes/?limit=
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/nodes/{nodeId}/steps/status").
To(devopsapi.GetStepsStatus).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get pipeline steps status.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline run name")).
Param(webservice.PathParameter("nodeId", "pipeline node id")).
Param(webservice.QueryParameter("limit", "limit count").
Required(true).
DataFormat("limit=%d")).
Returns(http.StatusOK, RespOK, []devops.QueuedBlueRun{}).
Writes([]devops.QueuedBlueRun{}))
// match /crumbIssuer/api/json/
webservice.Route(webservice.GET("/devops/crumbissuer").
To(devopsapi.GetCrumb).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get crumb").
Returns(http.StatusOK, RespOK, devops.Crumb{}).
Writes(devops.Crumb{}))
// match /job/init-job/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile
webservice.Route(webservice.POST("/devops/check/scriptcompile").
To(devopsapi.CheckScriptCompile).
Metadata(restfulspec.KeyOpenAPITags, tags).
Consumes("application/x-www-form-urlencoded", "charset=utf-8").
Produces("application/json", "charset=utf-8").
Doc("Check pipeline script compile.").
Reads(devops.ReqScript{}).
Returns(http.StatusOK, RespOK, devops.CheckScript{}).
Writes(devops.CheckScript{}))
// match /job/init-job/descriptorByName/hudson.triggers.TimerTrigger/checkSpec
webservice.Route(webservice.GET("/devops/check/cron").
To(devopsapi.CheckCron).
Metadata(restfulspec.KeyOpenAPITags, tags).
Produces("application/json", "charset=utf-8").
Doc("Check cron script compile.").
Param(webservice.QueryParameter("value", "cpec value").
Required(true).
DataFormat("value=%s")).
Returns(http.StatusOK, RespOK, []devops.QueuedBlueRun{}).
Returns(http.StatusOK, RespOK, devops.CheckCronRes{}).
Writes(devops.CheckCronRes{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}/runs/{runId}/
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}").
To(devopsapi.GetPipelineRun).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get run pipeline in project.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline run id")).
Returns(http.StatusOK, RespOK, devops.PipelineRun{}).
Writes(devops.PipelineRun{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/pipelines/{pipelineName}/branches/{branchName}
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}").
To(devopsapi.GetBranchPipeline).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get Pipeline run in branch.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Returns(http.StatusOK, RespOK, devops.BranchPipeline{}).
Writes(devops.BranchPipeline{}))
// match /blue/rest/organizations/jenkins/pipelines/{projectName}/pipelines/{pipelineName}/runs/{runId}/nodes/?limit=10000
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/nodes").
To(devopsapi.GetPipelineRunNodes).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get Pipeline run nodes.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline run id")).
Param(webservice.QueryParameter("limit", "limit count").
Required(false).
DataFormat("limit=%d")).
Returns(http.StatusOK, RespOK, []devops.PipelineRunNodes{}).
Writes([]devops.PipelineRunNodes{}))
// match /blue/rest/organizations/jenkins/pipelines/%s/%s/branches/%s/runs/%s/nodes/%s/steps/?limit=
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/nodes/{nodeId}/steps").
To(devopsapi.GetBranchNodeSteps).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get steps in node.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline run id")).
Param(webservice.PathParameter("nodeId", "pipeline node id")).
Param(webservice.QueryParameter("limit", "limit count").
Required(false).
DataFormat("limit=%d")).
Returns(http.StatusOK, RespOK, []devops.NodeSteps{}).
Writes([]devops.NodeSteps{}))
// match /blue/rest/organizations/jenkins/pipelines/%s/%s/runs/%s/nodes/%s/steps/?limit=
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/nodes/{nodeId}/steps").
To(devopsapi.GetNodeSteps).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get steps in node.").
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("runId", "pipeline run id")).
Param(webservice.PathParameter("nodeId", "pipeline node id")).
Param(webservice.QueryParameter("limit", "limit count").
Required(false).
DataFormat("limit=%d")).
Returns(http.StatusOK, RespOK, []devops.NodeSteps{}).
Writes([]devops.NodeSteps{}))
// match /pipeline-model-converter/toJenkinsfile
webservice.Route(webservice.POST("/devops/tojenkinsfile").
To(devopsapi.ToJenkinsfile).
Metadata(restfulspec.KeyOpenAPITags, tags).
Consumes("application/x-www-form-urlencoded").
Produces("application/json", "charset=utf-8").
Doc("Json to Jenkinsfile.").
Reads(devops.ReqJson{}).
Returns(http.StatusOK, RespOK, devops.NodeSteps{}).
Writes(devops.ResJenkinsfile{}))
// match /pipeline-model-converter/toJson
webservice.Route(webservice.POST("/devops/tojson").
To(devopsapi.ToJson).
Metadata(restfulspec.KeyOpenAPITags, tags).
Consumes("application/x-www-form-urlencoded").
Produces("application/json", "charset=utf-8").
Doc("Jenkinsfile to Json.").
Reads(devops.ReqJenkinsfile{}).
Returns(http.StatusOK, RespOK, devops.ResJson{}).
Writes(devops.ResJson{}))
// match /git/notifyCommit/?url=
webservice.Route(webservice.GET("/devops/notifycommit").
To(devopsapi.GetNotifyCommit).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get Notify Commit by GET HTTP method.").
Produces("text/plain; charset=utf-8").
Param(webservice.QueryParameter("url", "the url for webhook to push.").
Required(true).
DataFormat("url=%s")))
// Gitlab or some other scm managers can only use HTTP method. match /git/notifyCommit/?url=
webservice.Route(webservice.POST("/devops/notifycommit").
To(devopsapi.GetNotifyCommit).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get Notify Commit by POST HTTP method.").
Consumes("application/json").
Produces("text/plain; charset=utf-8").
Param(webservice.QueryParameter("url", "the url for webhook to push.").
Required(true).
DataFormat("url=%s")))
webservice.Route(webservice.POST("/devops/github/webhook").
To(devopsapi.GithubWebhook).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("receive webhook request."))
// in scm get all steps in nodes.
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/branches/{branchName}/runs/{runId}/nodesdetail").
To(devopsapi.GetBranchNodesDetail).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get pipeline nodes stages detail").
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("limit", "limit count").
Required(true).
DataFormat("limit=%d")).
Returns(http.StatusOK, RespOK, []devops.NodesDetail{}).
Writes(devops.NodesDetail{}))
// out of scm get all steps in nodes.
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}/runs/{runId}/nodesdetail").
To(devopsapi.GetNodesDetail).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get pipeline nodes stages detail").
Param(webservice.PathParameter("pipelineName", "pipeline name")).
Param(webservice.PathParameter("projectName", "devops project name")).
Param(webservice.PathParameter("branchName", "pipeline branch name")).
Param(webservice.PathParameter("runId", "pipeline runs id")).
Param(webservice.QueryParameter("limit", "limit count").
Required(true).
DataFormat("limit=%d")).
Returns(http.StatusOK, RespOK, []devops.NodesDetail{}).
Writes(devops.NodesDetail{}))
c.Add(webservice)
return nil
}

33
pkg/apis/iam/install/install.go
View File

@@ -1,33 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package install
import (
"github.com/emicklei/go-restful"
urlruntime "k8s.io/apimachinery/pkg/util/runtime"
iamv1alpha2 "kubesphere.io/kubesphere/pkg/apis/iam/v1alpha2"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
func init() {
Install(runtime.Container)
}
func Install(container *restful.Container) {
urlruntime.Must(iamv1alpha2.AddToContainer(container))
}

263
pkg/apis/iam/v1alpha2/register.go
View File

@@ -1,263 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/emicklei/go-restful"
"github.com/emicklei/go-restful-openapi"
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/apiserver/iam"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/errors"
"kubesphere.io/kubesphere/pkg/models"
"kubesphere.io/kubesphere/pkg/models/iam/policy"
"net/http"
)
const GroupName = "iam.kubesphere.io"
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
var (
WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
AddToContainer = WebServiceBuilder.AddToContainer
)
func addWebService(c *restful.Container) error {
tags := []string{"IAM"}
ws := runtime.NewWebService(GroupVersion)
ok := "ok"
pageableUserList := struct {
Items []models.User `json:"items"`
TotalCount int `json:"total_count"`
}{}
ws.Route(ws.POST("/authenticate").
To(iam.TokenReviewHandler).
Doc("TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.").
Reads(iam.TokenReview{}).
Returns(http.StatusOK, ok, iam.TokenReview{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.POST("/login").
To(iam.LoginHandler).
Doc("KubeSphere APIs support token-based authentication via the Authtoken request header. The POST Login API is used to retrieve the authentication token. After the authentication token is obtained, it must be inserted into the Authtoken header for all requests.").
Reads(iam.LoginRequest{}).
Returns(http.StatusOK, ok, models.Token{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/users/{username}").
To(iam.DescribeUser).
Doc("Describes the specified user.").
Param(ws.PathParameter("username", "username")).
Returns(http.StatusOK, ok, models.User{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.POST("/users").
To(iam.CreateUser).
Doc("Create a user account.").
Reads(models.User{}).
Returns(http.StatusOK, ok, errors.Error{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.DELETE("/users/{name}").
To(iam.DeleteUser).
Doc("Remove a specified user.").
Param(ws.PathParameter("name", "username")).
Returns(http.StatusOK, ok, errors.Error{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.PUT("/users/{name}").
To(iam.UpdateUser).
Doc("Updates information about the specified user.").
Param(ws.PathParameter("name", "username")).
Reads(models.User{}).
Returns(http.StatusOK, ok, errors.Error{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/users/{name}/log").
To(iam.UserLoginLog).
Doc("This method is used to retrieve the \"login logs\" for the specified user.").
Param(ws.PathParameter("name", "username")).
Returns(http.StatusOK, ok, struct {
LoginTime string `json:"login_time"`
LoginIP string `json:"login_ip"`
}{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/users").
To(iam.ListUsers).
Doc("List all users.").
Returns(http.StatusOK, ok, pageableUserList).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/groups").
To(iam.ListGroups).
Doc("List all user groups.").
Returns(http.StatusOK, ok, []models.Group{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/groups/{path}").
To(iam.DescribeGroup).
Doc("Describes the specified user group.").
Param(ws.PathParameter("path", "user group path separated by colon.")).
Returns(http.StatusOK, ok, models.Group{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/groups/{path}/users").
To(iam.ListGroupUsers).
Doc("List all users in the specified user group.").
Param(ws.PathParameter("path", "user group path separated by colon.")).
Returns(http.StatusOK, ok, []models.User{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.POST("/groups").
To(iam.CreateGroup).
Doc("Create a user group.").
Reads(models.Group{}).
Returns(http.StatusOK, ok, models.Group{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.DELETE("/groups/{path}").
To(iam.DeleteGroup).
Doc("Delete a user group.").
Param(ws.PathParameter("path", "user group path separated by colon.")).
Returns(http.StatusOK, ok, errors.Error{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.PUT("/groups/{path}").
To(iam.UpdateGroup).
Doc("Updates information about the user group.").
Param(ws.PathParameter("path", "user group path separated by colon.")).
Reads(models.Group{}).
Returns(http.StatusOK, ok, models.Group{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/users/{username}/roles").
To(iam.ListUserRoles).
Doc("This method is used to retrieve all the roles that are assigned to the user.").
Param(ws.PathParameter("username", "username")).
Returns(http.StatusOK, ok, iam.RoleList{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/namespaces/{namespace}/roles").
To(iam.ListRoles).
Doc("This method is used to retrieve the roles that are assigned to the user in the specified namespace.").
Param(ws.PathParameter("namespace", "kubernetes namespace")).
Returns(http.StatusOK, ok, struct {
Items []rbacv1.Role `json:"items"`
TotalCount int `json:"total_count"`
}{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/clusterroles").
To(iam.ListClusterRoles).
Doc("List all cluster roles.").
Returns(http.StatusOK, ok, struct {
Items []rbacv1.ClusterRole `json:"items"`
TotalCount int `json:"total_count"`
}{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/namespaces/{namespace}/roles/{role}/users").
To(iam.ListRoleUsers).
Doc("This method is used to retrieve the users that are bind the role in the specified namespace.").
Param(ws.PathParameter("namespace", "kubernetes namespace")).
Param(ws.PathParameter("role", "role name")).
Returns(http.StatusOK, ok, []models.User{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/namespaces/{namespace}/users").
To(iam.ListNamespaceUsers).
Doc("List all users in the specified namespace").
Param(ws.PathParameter("namespace", "kubernetes namespace")).
Returns(http.StatusOK, ok, []models.User{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/clusterroles/{clusterrole}/users").
To(iam.ListClusterRoleUsers).
Doc("List all users that are bind the cluster role.").
Param(ws.PathParameter("clusterrole", "cluster role name")).
Returns(http.StatusOK, ok, pageableUserList).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/clusterroles/{clusterrole}/rules").
To(iam.ListClusterRoleRules).
Doc("List all policy rules of the specified cluster role.").
Param(ws.PathParameter("clusterrole", "cluster role name")).
Returns(http.StatusOK, ok, []models.SimpleRule{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/namespaces/{namespace}/roles/{role}/rules").
To(iam.ListRoleRules).
Doc("List all policy rules of the specified role.").
Param(ws.PathParameter("namespace", "kubernetes namespace")).
Param(ws.PathParameter("role", "role name")).
Returns(http.StatusOK, ok, []models.SimpleRule{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/devops/{devops}/roles/{role}/rules").
To(iam.ListDevopsRoleRules).
Doc("List all policy rules of the specified role.").
Param(ws.PathParameter("devops", "devops project id")).
Param(ws.PathParameter("role", "devops role name")).
Returns(http.StatusOK, ok, []models.SimpleRule{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/rulesmapping/clusterroles").
To(iam.ClusterRulesMapping).
Doc("Get the mapping relationships between cluster roles and policy rules.").
Returns(http.StatusOK, ok, policy.ClusterRoleRuleMapping).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/rulesmapping/roles").
To(iam.RulesMapping).
Doc("Get the mapping relationships between namespaced roles and policy rules.").
Returns(http.StatusOK, ok, policy.RoleRuleMapping).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/roles").
To(iam.ListWorkspaceRoles).
Doc("List all workspace roles.").
Param(ws.PathParameter("workspace", "workspace name")).
Returns(http.StatusOK, ok, struct {
Items []rbacv1.ClusterRole `json:"items"`
TotalCount int `json:"total_count"`
}{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/roles/{role}").
To(iam.DescribeWorkspaceRole).
Doc("Describes the workspace role.").
Param(ws.PathParameter("workspace", "workspace name")).
Param(ws.PathParameter("role", "workspace role name")).
Returns(http.StatusOK, ok, rbacv1.ClusterRole{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/roles/{role}/rules").
To(iam.ListWorkspaceRoleRules).
Doc("List all policy rules of the specified workspace role.").
Param(ws.PathParameter("workspace", "workspace name")).
Param(ws.PathParameter("role", "workspace role name")).
Returns(http.StatusOK, ok, []models.SimpleRule{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/members").
To(iam.ListWorkspaceUsers).
Doc("List all members in the specified workspace.").
Param(ws.PathParameter("workspace", "workspace name")).
Returns(http.StatusOK, ok, pageableUserList).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.POST("/workspaces/{workspace}/members").
To(iam.InviteUser).
Doc("Invite members to a workspace.").
Param(ws.PathParameter("workspace", "workspace name")).
Reads(models.User{}).
Returns(http.StatusOK, ok, errors.Error{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.DELETE("/workspaces/{workspace}/members/{username}").
To(iam.RemoveUser).
Doc("Remove members from workspace.").
Param(ws.PathParameter("workspace", "workspace name")).
Param(ws.PathParameter("name", "username")).
Returns(http.StatusOK, ok, errors.Error{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/members/{username}").
To(iam.DescribeWorkspaceUser).
Doc("Describes the specified user.").
Param(ws.PathParameter("workspace", "workspace name")).
Param(ws.PathParameter("username", "username")).
Returns(http.StatusOK, ok, models.User{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
c.Add(ws)
return nil
}

33
pkg/apis/logging/install/install.go
View File

@@ -1,33 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package install
import (
"github.com/emicklei/go-restful"
urlruntime "k8s.io/apimachinery/pkg/util/runtime"
loggingv1alpha2 "kubesphere.io/kubesphere/pkg/apis/logging/v1alpha2"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
func init() {
Install(runtime.Container)
}
func Install(container *restful.Container) {
urlruntime.Must(loggingv1alpha2.AddToContainer(container))
}

217
pkg/apis/logging/v1alpha2/register.go
View File

@@ -1,217 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/emicklei/go-restful"
"github.com/emicklei/go-restful-openapi"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/apiserver/logging"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/filter"
)
const GroupName = "logging.kubesphere.io"
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
var (
WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
AddToContainer = WebServiceBuilder.AddToContainer
)
func addWebService(c *restful.Container) error {
ws := runtime.NewWebService(GroupVersion)
tags := []string{"Logging"}
ws.Route(ws.GET("/cluster").To(logging.LoggingQueryCluster).
Filter(filter.Logging).
Doc("cluster level log query").
Param(ws.QueryParameter("operation", "operation: query statistics").DataType("string").Required(true)).
Param(ws.QueryParameter("workspaces", "workspaces specify").DataType("string").Required(false)).
Param(ws.QueryParameter("workspace_query", "workspace query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("namespaces", "namespaces specify").DataType("string").Required(false)).
Param(ws.QueryParameter("namespace_query", "namespace query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("workloads", "workloads specify").DataType("string").Required(false)).
Param(ws.QueryParameter("workload_query", "workload query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("pods", "pods specify").DataType("string").Required(false)).
Param(ws.QueryParameter("pod_query", "pod query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("containers", "containers specify").DataType("string").Required(false)).
Param(ws.QueryParameter("container_query", "container query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("log_query", "log query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("interval", "interval of time histogram").DataType("string").Required(false)).
Param(ws.QueryParameter("start_time", "range start time").DataType("string").Required(false)).
Param(ws.QueryParameter("end_time", "range end time").DataType("string").Required(false)).
Param(ws.QueryParameter("sort", "sort method").DataType("string").Required(false)).
Param(ws.QueryParameter("from", "begin index of result returned").DataType("int").Required(true)).
Param(ws.QueryParameter("size", "size of result returned").DataType("int").Required(true)).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/workspaces/{workspace}").To(logging.LoggingQueryWorkspace).
Filter(filter.Logging).
Doc("workspace level log query").
Param(ws.PathParameter("workspace", "workspace specify").DataType("string").Required(true)).
Param(ws.QueryParameter("operation", "operation: query statistics").DataType("string").Required(true)).
Param(ws.QueryParameter("namespaces", "namespaces specify").DataType("string").Required(false)).
Param(ws.QueryParameter("namespace_query", "namespace query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("workloads", "workloads specify").DataType("string").Required(false)).
Param(ws.QueryParameter("workload_query", "workload query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("pods", "pods specify").DataType("string").Required(false)).
Param(ws.QueryParameter("pod_query", "pod query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("containers", "containers specify").DataType("string").Required(false)).
Param(ws.QueryParameter("container_query", "container query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("log_query", "log query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("interval", "interval of time histogram").DataType("string").Required(false)).
Param(ws.QueryParameter("start_time", "range start time").DataType("string").Required(false)).
Param(ws.QueryParameter("end_time", "range end time").DataType("string").Required(false)).
Param(ws.QueryParameter("sort", "sort method").DataType("string").Required(false)).
Param(ws.QueryParameter("from", "begin index of result returned").DataType("int").Required(true)).
Param(ws.QueryParameter("size", "size of result returned").DataType("int").Required(true)).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}").To(logging.LoggingQueryNamespace).
Filter(filter.Logging).
Doc("namespace level log query").
Param(ws.PathParameter("namespace", "namespace specify").DataType("string").Required(true)).
Param(ws.QueryParameter("operation", "operation: query statistics").DataType("string").Required(true)).
Param(ws.QueryParameter("workloads", "workloads specify").DataType("string").Required(false)).
Param(ws.QueryParameter("workload_query", "workload query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("pods", "pods specify").DataType("string").Required(false)).
Param(ws.QueryParameter("pod_query", "pod query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("containers", "containers specify").DataType("string").Required(false)).
Param(ws.QueryParameter("container_query", "container query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("log_query", "log query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("interval", "interval of time histogram").DataType("string").Required(false)).
Param(ws.QueryParameter("start_time", "range start time").DataType("string").Required(false)).
Param(ws.QueryParameter("end_time", "range end time").DataType("string").Required(false)).
Param(ws.QueryParameter("sort", "sort method").DataType("string").Required(false)).
Param(ws.QueryParameter("from", "begin index of result returned").DataType("int").Required(true)).
Param(ws.QueryParameter("size", "size of result returned").DataType("int").Required(true)).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}/workloads/{workload}").To(logging.LoggingQueryWorkload).
Filter(filter.Logging).
Doc("workload level log query").
Param(ws.PathParameter("namespace", "namespace specify").DataType("string").Required(true)).
Param(ws.PathParameter("workload", "workload specify").DataType("string").Required(true)).
Param(ws.QueryParameter("operation", "operation: query statistics").DataType("string").Required(true)).
Param(ws.QueryParameter("pods", "pods specify").DataType("string").Required(false)).
Param(ws.QueryParameter("pod_query", "pod query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("containers", "containers specify").DataType("string").Required(false)).
Param(ws.QueryParameter("container_query", "container query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("log_query", "log query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("interval", "interval of time histogram").DataType("string").Required(false)).
Param(ws.QueryParameter("start_time", "range start time").DataType("string").Required(false)).
Param(ws.QueryParameter("end_time", "range end time").DataType("string").Required(false)).
Param(ws.QueryParameter("sort", "sort method").DataType("string").Required(false)).
Param(ws.QueryParameter("from", "begin index of result returned").DataType("int").Required(true)).
Param(ws.QueryParameter("size", "size of result returned").DataType("int").Required(true)).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}/pods/{pod}").To(logging.LoggingQueryPod).
Filter(filter.Logging).
Doc("pod level log query").
Param(ws.PathParameter("namespace", "namespace specify").DataType("string").Required(true)).
Param(ws.PathParameter("pod", "pod specify").DataType("string").Required(true)).
Param(ws.QueryParameter("operation", "operation: query statistics").DataType("string").Required(true)).
Param(ws.QueryParameter("containers", "containers specify").DataType("string").Required(false)).
Param(ws.QueryParameter("container_query", "container query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("log_query", "log query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("interval", "interval of time histogram").DataType("string").Required(false)).
Param(ws.QueryParameter("start_time", "range start time").DataType("string").Required(false)).
Param(ws.QueryParameter("end_time", "range end time").DataType("string").Required(false)).
Param(ws.QueryParameter("sort", "sort method").DataType("string").Required(false)).
Param(ws.QueryParameter("from", "begin index of result returned").DataType("int").Required(true)).
Param(ws.QueryParameter("size", "size of result returned").DataType("int").Required(true)).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}/pods/{pod}/containers/{container}").To(logging.LoggingQueryContainer).
Filter(filter.Logging).
Doc("container level log query").
Param(ws.PathParameter("namespace", "namespace specify").DataType("string").Required(true)).
Param(ws.PathParameter("pod", "pod specify").DataType("string").Required(true)).
Param(ws.PathParameter("container", "container specify").DataType("string").Required(true)).
Param(ws.QueryParameter("operation", "operation: query statistics").DataType("string").Required(true)).
Param(ws.QueryParameter("log_query", "log query keywords").DataType("string").Required(false)).
Param(ws.QueryParameter("interval", "interval of time histogram").DataType("string").Required(false)).
Param(ws.QueryParameter("start_time", "range start time").DataType("string").Required(false)).
Param(ws.QueryParameter("end_time", "range end time").DataType("string").Required(false)).
Param(ws.QueryParameter("sort", "sort method").DataType("string").Required(false)).
Param(ws.QueryParameter("from", "begin index of result returned").DataType("int").Required(true)).
Param(ws.QueryParameter("size", "size of result returned").DataType("int").Required(true)).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/fluentbit/filters").To(logging.LoggingQueryFluentbitFilters).
Filter(filter.Logging).
Doc("log fluent-bit filters query").
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.POST("/fluentbit/filters").To(logging.LoggingUpdateFluentbitFilters).
Filter(filter.Logging).
Doc("log fluent-bit filters update").
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/fluentbit/outputs").To(logging.LoggingQueryFluentbitOutputs).
Filter(filter.Logging).
Doc("log fluent-bit outputs query").
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.POST("/fluentbit/outputs").To(logging.LoggingInsertFluentbitOutput).
Filter(filter.Logging).
Doc("log fluent-bit outputs insert").
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.POST("/fluentbit/outputs/{output}").To(logging.LoggingUpdateFluentbitOutput).
Filter(filter.Logging).
Doc("log fluent-bit outputs update").
Param(ws.PathParameter("output", "output id").DataType("int").Required(true)).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.DELETE("/fluentbit/outputs/{output}").To(logging.LoggingDeleteFluentbitOutput).
Filter(filter.Logging).
Doc("log fluent-bit outputs delete").
Param(ws.PathParameter("output", "output id").DataType("int").Required(true)).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
c.Add(ws)
return nil
}

33
pkg/apis/monitoring/install/install.go
View File

@@ -1,33 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package install
import (
"github.com/emicklei/go-restful"
urlruntime "k8s.io/apimachinery/pkg/util/runtime"
monitoringv1alpha2 "kubesphere.io/kubesphere/pkg/apis/monitoring/v1alpha2"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
func init() {
Install(runtime.Container)
}
func Install(container *restful.Container) {
urlruntime.Must(monitoringv1alpha2.AddToContainer(container))
}

259
pkg/apis/monitoring/v1alpha2/register.go
View File

@@ -1,259 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/emicklei/go-restful"
"github.com/emicklei/go-restful-openapi"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/apiserver/monitoring"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
const GroupName = "monitoring.kubesphere.io"
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
var (
WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
AddToContainer = WebServiceBuilder.AddToContainer
)
func addWebService(c *restful.Container) error {
ws := runtime.NewWebService(GroupVersion)
tags := []string{"Monitoring"}
ws.Route(ws.GET("/cluster").To(monitoring.MonitorCluster).
Doc("monitor cluster level metrics").
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("cluster_cpu_utilisation")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/nodes").To(monitoring.MonitorNode).
Doc("monitor nodes level metrics").
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("node_cpu_utilisation")).
Param(ws.QueryParameter("resources_filter", "node re2 expression filter").DataType("string").Required(false).DefaultValue("")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("4")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/nodes/{node}").To(monitoring.MonitorNode).
Doc("monitor specific node level metrics").
Param(ws.PathParameter("node", "specific node").DataType("string").Required(true).DefaultValue("")).
Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").DataType("string").Required(true).DefaultValue("node_cpu_utilisation")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces").To(monitoring.MonitorNamespace).
Doc("monitor namespaces level metrics").
Param(ws.QueryParameter("resources_filter", "namespaces re2 expression filter").DataType("string").Required(false).DefaultValue("")).
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("namespace_memory_utilisation")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("4")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}").To(monitoring.MonitorNamespace).
Doc("monitor specific namespace level metrics").
Param(ws.PathParameter("namespace", "specific namespace").DataType("string").Required(true).DefaultValue("monitoring")).
Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").DataType("string").Required(true).DefaultValue("namespace_memory_utilisation")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}/pods").To(monitoring.MonitorPod).
Doc("monitor pods level metrics").
Param(ws.PathParameter("namespace", "specific namespace").DataType("string").Required(true).DefaultValue("monitoring")).
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("pod_memory_utilisation_wo_cache")).
Param(ws.QueryParameter("resources_filter", "pod re2 expression filter").DataType("string").Required(false).DefaultValue("")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("4")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}/pods/{pod}").To(monitoring.MonitorPod).
Doc("monitor specific pod level metrics").
Param(ws.PathParameter("namespace", "specific namespace").DataType("string").Required(true).DefaultValue("monitoring")).
Param(ws.PathParameter("pod", "specific pod").DataType("string").Required(true).DefaultValue("")).
Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").DataType("string").Required(true).DefaultValue("pod_memory_utilisation_wo_cache")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/nodes/{node}/pods").To(monitoring.MonitorPod).
Doc("monitor pods level metrics by nodeid").
Param(ws.PathParameter("node", "specific node").DataType("string").Required(true).DefaultValue("i-k89a62il")).
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("pod_memory_utilisation_wo_cache")).
Param(ws.QueryParameter("resources_filter", "pod re2 expression filter").DataType("string").Required(false).DefaultValue("openpitrix.*")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("4")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/nodes/{node}/pods/{pod}").To(monitoring.MonitorPod).
Doc("monitor specific pod level metrics by nodeid").
Param(ws.PathParameter("node", "specific node").DataType("string").Required(true).DefaultValue("i-k89a62il")).
Param(ws.PathParameter("pod", "specific pod").DataType("string").Required(true).DefaultValue("")).
Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").DataType("string").Required(true).DefaultValue("pod_memory_utilisation_wo_cache")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/nodes/{node}/pods/{pod}/containers").To(monitoring.MonitorContainer).
Doc("monitor specific pod level metrics by nodeid").
Param(ws.PathParameter("node", "specific node").DataType("string").Required(true)).
Param(ws.PathParameter("pod", "specific pod").DataType("string").Required(true)).
Param(ws.QueryParameter("resources_filter", "container re2 expression filter").DataType("string").Required(false).DefaultValue("")).
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...").DataType("string").Required(false)).
Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").DataType("string").Required(true).DefaultValue("pod_memory_utilisation_wo_cache")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("4")).
Param(ws.QueryParameter("type", "rank, statistic").DataType("string").Required(false).DefaultValue("rank")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}/pods/{pod}/containers").To(monitoring.MonitorContainer).
Doc("monitor containers level metrics").
Param(ws.PathParameter("namespace", "specific namespace").DataType("string").Required(true).DefaultValue("monitoring")).
Param(ws.PathParameter("pod", "specific pod").DataType("string").Required(true).DefaultValue("")).
Param(ws.QueryParameter("resources_filter", "container re2 expression filter").DataType("string").Required(false).DefaultValue("")).
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...").DataType("string").Required(false)).
Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").DataType("string").Required(true).DefaultValue("container_memory_utilisation_wo_cache")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("4")).
Param(ws.QueryParameter("type", "rank, statistic").DataType("string").Required(false).DefaultValue("rank")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}/pods/{pod}/containers/{container}").To(monitoring.MonitorContainer).
Doc("monitor specific container level metrics").
Param(ws.PathParameter("namespace", "specific namespace").DataType("string").Required(true).DefaultValue("monitoring")).
Param(ws.PathParameter("pod", "specific pod").DataType("string").Required(true).DefaultValue("")).
Param(ws.PathParameter("container", "specific container").DataType("string").Required(true).DefaultValue("")).
Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").DataType("string").Required(true).DefaultValue("container_memory_utilisation_wo_cache")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
// Only use this api to monitor status of pods under the {workload}
// To monitor a specific workload, try the next two apis with "resources_filter"
ws.Route(ws.GET("/namespaces/{namespace}/workloads/{workload_kind}/{workload}").To(monitoring.MonitorWorkload).
Doc("monitor specific workload level metrics").
Param(ws.PathParameter("namespace", "namespace").DataType("string").Required(true).DefaultValue("kube-system")).
Param(ws.PathParameter("workload_kind", "workload kind").DataType("string").Required(true).DefaultValue("daemonset")).
Param(ws.PathParameter("workload", "workload name").DataType("string").Required(true).DefaultValue("")).
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...").DataType("string").Required(false)).
Param(ws.QueryParameter("resources_filter", "pod re2 expression filter").DataType("string").Required(false).DefaultValue("openpitrix.*")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "max metric items in a page").DataType("string").Required(false).DefaultValue("4")).
Param(ws.QueryParameter("type", "rank, statistic").DataType("string").Required(false).DefaultValue("rank")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}/workloads/{workload_kind}").To(monitoring.MonitorWorkload).
Doc("monitor specific workload kind level metrics").
Param(ws.PathParameter("namespace", "namespace").DataType("string").Required(true).DefaultValue("kube-system")).
Param(ws.PathParameter("workload_kind", "workload kind").DataType("string").Required(true).DefaultValue("daemonset")).
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...").DataType("string").Required(false)).
Param(ws.QueryParameter("resources_filter", "pod re2 expression filter").DataType("string").Required(false).DefaultValue("openpitrix.*")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "max metric items in a page").DataType("string").Required(false).DefaultValue("4")).
Param(ws.QueryParameter("type", "rank, statistic").DataType("string").Required(false).DefaultValue("rank")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/namespaces/{namespace}/workloads").To(monitoring.MonitorWorkload).
Doc("monitor all workload level metrics").
Param(ws.PathParameter("namespace", "namespace").DataType("string").Required(true).DefaultValue("kube-system")).
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...").DataType("string").Required(false)).
Param(ws.QueryParameter("resources_filter", "pod re2 expression filter").DataType("string").Required(false).DefaultValue("")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("4")).
Param(ws.QueryParameter("type", "rank, statistic").DataType("string").Required(false).DefaultValue("rank")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
// list all namespace in this workspace by selected metrics
ws.Route(ws.GET("/workspaces/{workspace}").To(monitoring.MonitorOneWorkspace).
Doc("monitor workspaces level metrics").
Param(ws.PathParameter("workspace", "workspace name").DataType("string").Required(true)).
Param(ws.QueryParameter("resources_filter", "namespaces filter").DataType("string").Required(false).DefaultValue("k.*")).
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("namespace_memory_utilisation_wo_cache")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("4")).
Param(ws.QueryParameter("type", "rank, statistic").DataType("string").Required(false).DefaultValue("rank")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/workspaces").To(monitoring.MonitorAllWorkspaces).
Doc("monitor workspaces level metrics").
Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("workspace_memory_utilisation")).
Param(ws.QueryParameter("resources_filter", "workspaces re2 expression filter").DataType("string").Required(false).DefaultValue(".*")).
Param(ws.QueryParameter("sort_metric", "sort metric").DataType("string").Required(false)).
Param(ws.QueryParameter("sort_type", "ascending descending order").DataType("string").Required(false)).
Param(ws.QueryParameter("page", "page number").DataType("string").Required(false).DefaultValue("1")).
Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").DataType("string").Required(false).DefaultValue("4")).
Param(ws.QueryParameter("type", "rank, statistic").DataType("string").Required(false).DefaultValue("rank")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
ws.Route(ws.GET("/components/{component}").To(monitoring.MonitorComponent).
Doc("monitor component level metrics").
Param(ws.QueryParameter("metrics_filter", "metrics names in re2 regex").DataType("string").Required(false).DefaultValue("")).
Metadata(restfulspec.KeyOpenAPITags, tags)).
Consumes(restful.MIME_JSON, restful.MIME_XML).
Produces(restful.MIME_JSON)
c.Add(ws)
return nil
}

33
pkg/apis/operations/install/install.go
View File

@@ -1,33 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package install
import (
"github.com/emicklei/go-restful"
urlruntime "k8s.io/apimachinery/pkg/util/runtime"
operationsv1alpha2 "kubesphere.io/kubesphere/pkg/apis/operations/v1alpha2"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
func init() {
Install(runtime.Container)
}
func Install(container *restful.Container) {
urlruntime.Must(operationsv1alpha2.AddToContainer(container))
}

63
pkg/apis/operations/v1alpha2/register.go
View File

@@ -1,63 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/emicklei/go-restful"
"github.com/emicklei/go-restful-openapi"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/apiserver/operations"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/errors"
)
const GroupName = "operations.kubesphere.io"
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
var (
WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
AddToContainer = WebServiceBuilder.AddToContainer
)
func addWebService(c *restful.Container) error {
tags := []string{"Operations"}
webservice := runtime.NewWebService(GroupVersion)
webservice.Route(webservice.POST("/nodes/{node}/drainage").
To(operations.DrainNode).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("").
Param(webservice.PathParameter("node", "node name")).
Writes(errors.Error{}))
webservice.Route(webservice.POST("/namespaces/{namespace}/jobs/{job}").
To(operations.RerunJob).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Handle job operation").
Param(webservice.PathParameter("job", "job name")).
Param(webservice.PathParameter("namespace", "job's namespace")).
Param(webservice.QueryParameter("a", "action")).
Writes(""))
c.Add(webservice)
return nil
}

33
pkg/apis/resources/install/install.go
View File

@@ -1,33 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package install
import (
"github.com/emicklei/go-restful"
urlruntime "k8s.io/apimachinery/pkg/util/runtime"
resourcev1alpha2 "kubesphere.io/kubesphere/pkg/apis/resources/v1alpha2"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
func init() {
Install(runtime.Container)
}
func Install(c *restful.Container) {
urlruntime.Must(resourcev1alpha2.AddToContainer(c))
}

286
pkg/apis/resources/v1alpha2/register.go
View File

@@ -1,286 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/emicklei/go-restful"
"github.com/emicklei/go-restful-openapi"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/apiserver/components"
"kubesphere.io/kubesphere/pkg/apiserver/git"
"kubesphere.io/kubesphere/pkg/apiserver/quotas"
"kubesphere.io/kubesphere/pkg/apiserver/registries"
"kubesphere.io/kubesphere/pkg/apiserver/resources"
"kubesphere.io/kubesphere/pkg/apiserver/revisions"
"kubesphere.io/kubesphere/pkg/apiserver/routers"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/apiserver/workloadstatuses"
"kubesphere.io/kubesphere/pkg/errors"
"kubesphere.io/kubesphere/pkg/models"
"kubesphere.io/kubesphere/pkg/models/applications"
gitmodel "kubesphere.io/kubesphere/pkg/models/git"
"kubesphere.io/kubesphere/pkg/params"
"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
)
const GroupName = "resources.kubesphere.io"
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
var (
WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
AddToContainer = WebServiceBuilder.AddToContainer
)
func addWebService(c *restful.Container) error {
webservice := runtime.NewWebService(GroupVersion)
tags := []string{"Namespace resources"}
webservice.Route(webservice.GET("/namespaces/{namespace}/{resources}").
To(resources.ListResources).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Namespace level resource query").
Param(webservice.PathParameter("namespace", "which namespace")).
Param(webservice.PathParameter("resources", "namespace level resource type")).
Param(webservice.QueryParameter(params.ConditionsParam, "query conditions").
Required(false).
DataFormat("key=%s,key~%s")).
Param(webservice.QueryParameter(params.PagingParam, "page").
Required(false).
DataFormat("limit=%d,page=%d").
DefaultValue("limit=10,page=1")).
Writes(models.PageableResponse{}))
tags = []string{"Cluster resources"}
webservice.Route(webservice.GET("/{resources}").
To(resources.ListResources).
Writes(models.PageableResponse{}).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Cluster level resource query").
Param(webservice.PathParameter("resources", "cluster level resource type"))).
Param(webservice.QueryParameter(params.ConditionsParam, "query conditions").
Required(false).
DataFormat("key=value,key~value").
DefaultValue("")).
Param(webservice.QueryParameter(params.PagingParam, "page").
Required(false).
DataFormat("limit=%d,page=%d").
DefaultValue("limit=10,page=1"))
tags = []string{"Applications"}
webservice.Route(webservice.GET("/applications").
To(resources.ListApplication).
Writes(models.PageableResponse{}).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("List applications in cluster").
Param(webservice.QueryParameter(params.ConditionsParam, "query conditions").
Required(false).
DataFormat("key=value,key~value").
DefaultValue("")).
Param(webservice.QueryParameter("cluster_id", "cluster id")).
Param(webservice.QueryParameter("runtime_id", "runtime id")).
Param(webservice.QueryParameter(params.PagingParam, "page").
Required(false).
DataFormat("limit=%d,page=%d").
DefaultValue("limit=10,page=1")))
webservice.Route(webservice.GET("/namespaces/{namespace}/applications").
To(resources.ListNamespacedApplication).
Writes(models.PageableResponse{}).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("List applications").
Param(webservice.QueryParameter(params.ConditionsParam, "query conditions").
Required(false).
DataFormat("key=value,key~value").
DefaultValue("")).
Param(webservice.PathParameter("namespace", "namespace")).
Param(webservice.QueryParameter(params.PagingParam, "page").
Required(false).
DataFormat("limit=%d,page=%d").
DefaultValue("limit=10,page=1")))
webservice.Route(webservice.GET("/namespaces/{namespace}/applications/{cluster_id}").
To(resources.DescribeApplication).
Writes(applications.Application{}).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Describe application").
Param(webservice.PathParameter("namespace", "namespace name")).
Param(webservice.PathParameter("cluster_id", "openpitrix cluster id")))
webservice.Route(webservice.POST("/namespaces/{namespace}/applications").
To(resources.DeployApplication).
Doc("Deploy application").
Metadata(restfulspec.KeyOpenAPITags, tags).
Reads(openpitrix.CreateClusterRequest{}).
Param(webservice.PathParameter("namespace", "namespace name")))
webservice.Route(webservice.DELETE("/namespaces/{namespace}/applications/{cluster_id}").
To(resources.DeleteApplication).
Doc("Delete application").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("namespace", "namespace name")))
tags = []string{"User resources"}
webservice.Route(webservice.GET("/users/{username}/kubectl").
To(resources.GetKubectl).
Doc("get user's kubectl pod").
Param(webservice.PathParameter("username", "username")).
Metadata(restfulspec.KeyOpenAPITags, tags).
Writes(models.PodInfo{}))
webservice.Route(webservice.GET("/users/{username}/kubeconfig").
Produces("text/plain").
To(resources.GetKubeconfig).
Doc("get users' kubeconfig").
Param(webservice.PathParameter("username", "username")).
Metadata(restfulspec.KeyOpenAPITags, tags))
tags = []string{"Components"}
webservice.Route(webservice.GET("/components").
To(components.GetComponents).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("").
Writes(map[string]models.Component{}))
webservice.Route(webservice.GET("/components/{component}").
To(components.GetComponentStatus).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("").
Param(webservice.PathParameter("component", "component name")).
Writes(models.Component{}))
webservice.Route(webservice.GET("/health").
To(components.GetSystemHealthStatus).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("").
Writes(map[string]int{}))
tags = []string{"Quotas"}
webservice.Route(webservice.GET("/quotas").
To(quotas.GetClusterQuotas).
Deprecate().
Doc("get whole cluster's resource usage").
Writes(models.ResourceQuota{}).
Metadata(restfulspec.KeyOpenAPITags, tags))
webservice.Route(webservice.GET("/namespaces/{namespace}/quotas").
Doc("get specified namespace's resource quota and usage").
Param(webservice.PathParameter("namespace", "namespace's name")).
Writes(models.ResourceQuota{}).
Metadata(restfulspec.KeyOpenAPITags, tags).
To(quotas.GetNamespaceQuotas))
tags = []string{"Registries"}
webservice.Route(webservice.POST("registries/verify").
To(registries.RegistryVerify).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("docker registry verify").
Writes(errors.Error{}))
tags = []string{"Git"}
webservice.Route(webservice.POST("/git/readverify").
To(
git.GitReadVerify).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("secret git read verify").
Reads(gitmodel.AuthInfo{}).
Writes(errors.Error{}),
)
tags = []string{"Revision"}
webservice.Route(webservice.GET("/namespaces/{namespace}/daemonsets/{daemonset}/revisions/{revision}").
To(revisions.GetDaemonSetRevision).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Handle daemonset operation").
Param(webservice.PathParameter("daemonset", "daemonset's name")).
Param(webservice.PathParameter("namespace", "daemonset's namespace")).
Param(webservice.PathParameter("revision", "daemonset's revision")).
Writes(appsv1.DaemonSet{}))
webservice.Route(webservice.GET("/namespaces/{namespace}/deployments/{deployment}/revisions/{revision}").
To(revisions.GetDeployRevision).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Handle deployment operation").
Param(webservice.PathParameter("deployment", "deployment's name")).
Param(webservice.PathParameter("namespace", "deployment's namespace")).
Param(webservice.PathParameter("revision", "deployment's revision")).
Writes(appsv1.ReplicaSet{}))
webservice.Route(webservice.GET("/namespaces/{namespace}/statefulsets/{statefulset}/revisions/{revision}").
To(revisions.GetStatefulSetRevision).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Handle statefulset operation").
Param(webservice.PathParameter("statefulset", "statefulset's name")).
Param(webservice.PathParameter("namespace", "statefulset's namespace")).
Param(webservice.PathParameter("revision", "statefulset's revision")).
Writes(appsv1.StatefulSet{}))
tags = []string{"Router"}
webservice.Route(webservice.GET("/routers").
To(routers.GetAllRouters).
Doc("List all routers").
Metadata(restfulspec.KeyOpenAPITags, tags).
Writes(corev1.Service{}))
webservice.Route(webservice.GET("/namespaces/{namespace}/router").
To(routers.GetRouter).
Doc("List router of a specified project").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("namespace", "name of the project")))
webservice.Route(webservice.DELETE("/namespaces/{namespace}/router").
To(routers.DeleteRouter).
Doc("List router of a specified project").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("namespace", "name of the project")))
webservice.Route(webservice.POST("/namespaces/{namespace}/router").
To(routers.CreateRouter).
Doc("Create a router for a specified project").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("namespace", "name of the project")))
webservice.Route(webservice.PUT("/namespaces/{namespace}/router").
To(routers.UpdateRouter).
Doc("Update a router for a specified project").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("namespace", "name of the project")))
tags = []string{"WorkloadStatus"}
webservice.Route(webservice.GET("/workloadstatuses").
Doc("get abnormal workloads' count of whole cluster").
Metadata(restfulspec.KeyOpenAPITags, tags).
To(workloadstatuses.GetClusterResourceStatus))
webservice.Route(webservice.GET("/namespaces/{namespace}/workloadstatuses").
Doc("get abnormal workloads' count of specified namespace").
Param(webservice.PathParameter("namespace", "the name of namespace")).
Metadata(restfulspec.KeyOpenAPITags, tags).
To(workloadstatuses.GetNamespacesResourceStatus))
c.Add(webservice)
return nil
}

18
pkg/apis/servicemesh/group.go
View File

@@ -1,18 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package servicemesh contains servicemesh API versions
package servicemesh

16
pkg/apis/servicemesh/metrics/install/install.go
View File

@@ -1,16 +0,0 @@
package install
import (
"github.com/emicklei/go-restful"
urlruntime "k8s.io/apimachinery/pkg/util/runtime"
"kubesphere.io/kubesphere/pkg/apis/servicemesh/metrics/v1alpha2"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
func init() {
Install(runtime.Container)
}
func Install(c *restful.Container) {
urlruntime.Must(v1alpha2.AddToContainer(c))
}

194
pkg/apis/servicemesh/metrics/v1alpha2/register.go
View File

@@ -1,194 +0,0 @@
package v1alpha2
import (
"github.com/emicklei/go-restful"
"github.com/emicklei/go-restful-openapi"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/apiserver/servicemesh/metrics"
"kubesphere.io/kubesphere/pkg/apiserver/servicemesh/tracing"
"kubesphere.io/kubesphere/pkg/errors"
)
const GroupName = "servicemesh.kubesphere.io"
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
var (
WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
AddToContainer = WebServiceBuilder.AddToContainer
)
func addWebService(c *restful.Container) error {
tags := []string{"ServiceMesh"}
webservice := runtime.NewWebService(GroupVersion)
// Get service metrics
// GET /namespaces/{namespace}/services/{service}/metrics
webservice.Route(webservice.GET("/namespaces/{namespace}/services/{service}/metrics").
To(metrics.GetServiceMetrics).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get app metrics from a specific namespace").
Param(webservice.PathParameter("namespace", "name of the namespace")).
Param(webservice.PathParameter("service", "name of the service")).
Param(webservice.QueryParameter("filters[]", "type of metrics type, e.g. request_count, request_duration, request_error_count")).
Param(webservice.QueryParameter("queryTime", "from which UNIX time to extract metrics")).
Param(webservice.QueryParameter("duration", "metrics duration, in seconds")).
Param(webservice.QueryParameter("step", "metrics step")).
Param(webservice.QueryParameter("rateInterval", "metrics rate intervals, e.g. 20s")).
Param(webservice.QueryParameter("quantiles[]", "metrics quantiles, 0.5, 0.9, 0.99")).
Param(webservice.QueryParameter("byLabels[]", "by which labels to group node, e.g. source_workload, destination_service_name")).
Param(webservice.QueryParameter("requestProtocol", "request protocol, http/tcp")).
Param(webservice.QueryParameter("reporter", "destination")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get app metrics
// Get /namespaces/{namespace}/apps/{app}/metrics
webservice.Route(webservice.GET("/namespaces/{namespace}/apps/{app}/metrics").
To(metrics.GetAppMetrics).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get app metrics from a specific namespace").
Param(webservice.PathParameter("namespace", "name of the namespace")).
Param(webservice.PathParameter("app", "name of the workload label app value")).
Param(webservice.QueryParameter("filters[]", "type of metrics type, e.g. request_count, request_duration, request_error_count")).
Param(webservice.QueryParameter("queryTime", "from which UNIX time to extract metrics")).
Param(webservice.QueryParameter("duration", "metrics duration, in seconds")).
Param(webservice.QueryParameter("step", "metrics step")).
Param(webservice.QueryParameter("rateInterval", "metrics rate intervals, e.g. 20s")).
Param(webservice.QueryParameter("quantiles[]", "metrics quantiles, 0.5, 0.9, 0.99")).
Param(webservice.QueryParameter("byLabels[]", "by which labels to group node, e.g. source_workload, destination_service_name")).
Param(webservice.QueryParameter("requestProtocol", "request protocol, http/tcp")).
Param(webservice.QueryParameter("reporter", "destination")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get workload metrics
// Get /namespaces/{namespace}/workloads/{workload}/metrics
webservice.Route(webservice.GET("/namespaces/{namespace}/workloads/{workload}/metrics").
To(metrics.GetWorkloadMetrics).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get workload metrics from a specific namespace").
Param(webservice.PathParameter("namespace", "name of the namespace").Required(true)).
Param(webservice.PathParameter("workload", "name of the workload").Required(true)).
Param(webservice.QueryParameter("filters[]", "type of metrics type, e.g. request_count, request_duration, request_error_count")).
Param(webservice.QueryParameter("queryTime", "from which UNIX time to extract metrics")).
Param(webservice.QueryParameter("duration", "metrics duration, in seconds")).
Param(webservice.QueryParameter("step", "metrics step")).
Param(webservice.QueryParameter("rateInterval", "metrics rate intervals, e.g. 20s")).
Param(webservice.QueryParameter("quantiles[]", "metrics quantiles, 0.5, 0.9, 0.99")).
Param(webservice.QueryParameter("byLabels[]", "by which labels to group node, e.g. source_workload, destination_service_name")).
Param(webservice.QueryParameter("requestProtocol", "request protocol, http/tcp")).
Param(webservice.QueryParameter("reporter", "destination")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get namespace metrics
// Get /namespaces/{namespace}/metrics
webservice.Route(webservice.GET("/namespaces/{namespace}/metrics").
To(metrics.GetNamespaceMetrics).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get workload metrics from a specific namespace").
Param(webservice.PathParameter("namespace", "name of the namespace").Required(true)).
Param(webservice.QueryParameter("filters[]", "type of metrics type, e.g. request_count, request_duration, request_error_count")).
Param(webservice.QueryParameter("queryTime", "from which UNIX time to extract metrics")).
Param(webservice.QueryParameter("duration", "metrics duration, in seconds")).
Param(webservice.QueryParameter("step", "metrics step")).
Param(webservice.QueryParameter("rateInterval", "metrics rate intervals, e.g. 20s")).
Param(webservice.QueryParameter("quantiles[]", "metrics quantiles, 0.5, 0.9, 0.99")).
Param(webservice.QueryParameter("byLabels[]", "by which labels to group node, e.g. source_workload, destination_service_name")).
Param(webservice.QueryParameter("requestProtocol", "request protocol, http/tcp")).
Param(webservice.QueryParameter("reporter", "destination")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get namespace graph
// Get /namespaces/{namespace}/graph
webservice.Route(webservice.GET("/namespaces/{namespace}/graph").
To(metrics.GetNamespaceGraph).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get service graph for a specific namespace").
Param(webservice.PathParameter("namespace", "name of a namespace").Required(true)).
Param(webservice.QueryParameter("graphType", "type of the generated service graph, eg. ")).
Param(webservice.QueryParameter("groupBy", "group nodes by kind")).
Param(webservice.QueryParameter("queryTime", "from which time point, default now")).
Param(webservice.QueryParameter("injectServiceNodes", "whether to inject service ndoes")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get namespaces graph, for multiple namespaces
// Get /namespaces/graph
webservice.Route(webservice.GET("/namespaces/{namespace}/graph").
To(metrics.GetNamespacesGraph).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get service graph for a specific namespace").
Param(webservice.PathParameter("namespace", "name of a namespace").Required(true)).
Param(webservice.QueryParameter("graphType", "type of the generated service graph, eg. ")).
Param(webservice.QueryParameter("groupBy", "group nodes by kind")).
Param(webservice.QueryParameter("queryTime", "from which time point, default now")).
Param(webservice.QueryParameter("injectServiceNodes", "whether to inject service ndoes")).
Param(webservice.QueryParameter("namespaces", "names of namespaces")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get namespace health
webservice.Route(webservice.GET("/namespaces/{namespace}/health").
To(metrics.GetNamespaceHealth).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get workload health").
Param(webservice.PathParameter("namespace", "name of a namespace").Required(true)).
Param(webservice.PathParameter("type", "the type of health, app/service/workload, default app").DefaultValue("app")).
Param(webservice.QueryParameter("rateInterval", "the rate interval used for fetching error rate").DefaultValue("10m").Required(true)).
Param(webservice.QueryParameter("queryTime", "the time to use for query")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get workloads health
webservice.Route(webservice.GET("/namespaces/{namespace}/workloads/{workload}/health").
To(metrics.GetWorkloadHealth).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get workload health").
Param(webservice.PathParameter("namespace", "name of a namespace").Required(true)).
Param(webservice.PathParameter("workload", "workload name").Required(true)).
Param(webservice.QueryParameter("rateInterval", "the rate interval used for fetching error rate").DefaultValue("10m").Required(true)).
Param(webservice.QueryParameter("queryTime", "the time to use for query")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get app health
webservice.Route(webservice.GET("/namespaces/{namespace}/apps/{app}/health").
To(metrics.GetAppHealth).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get workload health").
Param(webservice.PathParameter("namespace", "name of a namespace").Required(true)).
Param(webservice.PathParameter("app", "app name").Required(true)).
Param(webservice.QueryParameter("rateInterval", "the rate interval used for fetching error rate").DefaultValue("10m").Required(true)).
Param(webservice.QueryParameter("queryTime", "the time to use for query")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get service health
webservice.Route(webservice.GET("/namespaces/{namespace}/services/{service}/health").
To(metrics.GetServiceHealth).
Metadata(restfulspec.KeyOpenAPITags, tags).
Doc("Get workload health").
Param(webservice.PathParameter("namespace", "name of a namespace").Required(true)).
Param(webservice.PathParameter("service", "service name").Required(true)).
Param(webservice.QueryParameter("rateInterval", "the rate interval used for fetching error rate").DefaultValue("10m").Required(true)).
Param(webservice.QueryParameter("queryTime", "the time to use for query")).
Writes(errors.Error{})).Produces(restful.MIME_JSON)
// Get service tracing
webservice.Route(webservice.GET("/namespaces/{namespace}/services/{service}/traces").
To(tracing.GetServiceTracing).
Doc("Get tracing of a service, should have servicemesh enabled first").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(webservice.PathParameter("namespace", "namespace of service").Required(true)).
Param(webservice.PathParameter("service", "name of service queried").Required(true)).
Param(webservice.QueryParameter("start", "start of time range want to query, in unix timestamp")).
Param(webservice.QueryParameter("end", "end of time range want to query, in unix timestamp")).
Param(webservice.QueryParameter("limit", "maximum tracing entries returned at one query, default 10").DefaultValue("10")).
Param(webservice.QueryParameter("loopback", "loopback of duration want to query, e.g. 30m/1h/2d")).
Param(webservice.QueryParameter("maxDuration", "maximum duration of tracing")).
Param(webservice.QueryParameter("minDuration", "minimum duration of tracing")).
Writes(errors.Error{}).
Consumes(restful.MIME_JSON).
Produces(restful.MIME_JSON))
c.Add(webservice)
return nil
}

23
pkg/apis/servicemesh/v1alpha2/doc.go
View File

@@ -1,23 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1alpha2 contains API Schema definitions for the servicemesh v1alpha2 API group
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=kubesphere.io/kubesphere/pkg/apis/servicemesh
// +k8s:defaulter-gen=TypeMeta
// +groupName=servicemesh.kubesphere.io
package v1alpha2

46
pkg/apis/servicemesh/v1alpha2/register.go
View File

@@ -1,46 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// NOTE: Boilerplate only. Ignore this file.
// Package v1alpha2 contains API Schema definitions for the servicemesh v1alpha2 API group
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=kubesphere.io/kubesphere/pkg/apis/servicemesh
// +k8s:defaulter-gen=TypeMeta
// +groupName=servicemesh.kubesphere.io
package v1alpha2
import (
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/runtime/scheme"
)
var (
// SchemeGroupVersion is group version used to register these objects
SchemeGroupVersion = schema.GroupVersion{Group: "servicemesh.kubesphere.io", Version: "v1alpha2"}
// SchemeBuilder is used to add go types to the GroupVersionKind scheme
SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
// AddToScheme is required by pkg/client/...
AddToScheme = SchemeBuilder.AddToScheme
)
// Resource is required by pkg/client/listers/...
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}

127
pkg/apis/servicemesh/v1alpha2/servicepolicy_types.go
View File

@@ -1,127 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/knative/pkg/apis/istio/v1alpha3"
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
// ServicePolicySpec defines the desired state of ServicePolicy
type ServicePolicySpec struct {
// Label selector for destination rules.
// +optional
Selector *metav1.LabelSelector `json:"selector,omitempty"`
// Template used to create a destination rule
// +optional
Template DestinationRuleSpecTemplate `json:"template,omitempty"`
}
type DestinationRuleSpecTemplate struct {
// Metadata of the virtual services created from this template
// +optional
metav1.ObjectMeta
// Spec indicates the behavior of a destination rule.
// +optional
Spec v1alpha3.DestinationRuleSpec `json:"spec,omitempty"`
}
type ServicePolicyConditionType string
// These are valid conditions of a strategy.
const (
// StrategyComplete means the strategy has been delivered to istio.
ServicePolicyComplete ServicePolicyConditionType = "Complete"
// StrategyFailed means the strategy has failed its delivery to istio.
ServicePolicyFailed ServicePolicyConditionType = "Failed"
)
// StrategyCondition describes current state of a strategy.
type ServicePolicyCondition struct {
// Type of strategy condition, Complete or Failed.
Type ServicePolicyConditionType
// Status of the condition, one of True, False, Unknown
Status apiextensions.ConditionStatus
// Last time the condition was checked.
// +optional
LastProbeTime metav1.Time
// Last time the condition transit from one status to another
// +optional
LastTransitionTime metav1.Time
// reason for the condition's last transition
Reason string
// Human readable message indicating details about last transition.
// +optinal
Message string
}
// ServicePolicyStatus defines the observed state of ServicePolicy
type ServicePolicyStatus struct {
// The latest available observations of an object's current state.
// +optional
Conditions []ServicePolicyCondition
// Represents time when the strategy was acknowledged by the controller.
// It is represented in RFC3339 form and is in UTC.
// +optional
StartTime *metav1.Time
// Represents time when the strategy was completed.
// It is represented in RFC3339 form and is in UTC.
// +optional
CompletionTime *metav1.Time
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ServicePolicy is the Schema for the servicepolicies API
// +k8s:openapi-gen=true
type ServicePolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ServicePolicySpec `json:"spec,omitempty"`
Status ServicePolicyStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ServicePolicyList contains a list of ServicePolicy
type ServicePolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ServicePolicy `json:"items"`
}
func init() {
SchemeBuilder.Register(&ServicePolicy{}, &ServicePolicyList{})
}

58
pkg/apis/servicemesh/v1alpha2/servicepolicy_types_test.go
View File

@@ -1,58 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"testing"
"github.com/onsi/gomega"
"golang.org/x/net/context"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
)
func TestStorageServicePolicy(t *testing.T) {
key := types.NamespacedName{
Name: "foo",
Namespace: "default",
}
created := &ServicePolicy{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
Namespace: "default",
}}
g := gomega.NewGomegaWithT(t)
// Test Create
fetched := &ServicePolicy{}
g.Expect(c.Create(context.TODO(), created)).NotTo(gomega.HaveOccurred())
g.Expect(c.Get(context.TODO(), key, fetched)).NotTo(gomega.HaveOccurred())
g.Expect(fetched).To(gomega.Equal(created))
// Test Updating the Labels
updated := fetched.DeepCopy()
updated.Labels = map[string]string{"hello": "world"}
g.Expect(c.Update(context.TODO(), updated)).NotTo(gomega.HaveOccurred())
g.Expect(c.Get(context.TODO(), key, fetched)).NotTo(gomega.HaveOccurred())
g.Expect(fetched).To(gomega.Equal(updated))
// Test Delete
g.Expect(c.Delete(context.TODO(), fetched)).NotTo(gomega.HaveOccurred())
g.Expect(c.Get(context.TODO(), key, fetched)).To(gomega.HaveOccurred())
}

175
pkg/apis/servicemesh/v1alpha2/strategy_types.go
View File

@@ -1,175 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/knative/pkg/apis/istio/v1alpha3"
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
type StrategyType string
const (
// Canary strategy type
CanaryType StrategyType = "Canary"
// BlueGreen strategy type
BlueGreenType StrategyType = "BlueGreen"
// Mirror strategy type
Mirror StrategyType = "Mirror"
)
type StrategyPolicy string
const (
// apply strategy only until workload is ready
PolicyWaitForWorkloadReady StrategyPolicy = "WaitForWorkloadReady"
// apply strategy immediately no matter workload status is
PolicyImmediately StrategyPolicy = "Immediately"
// pause strategy
PolicyPause StrategyPolicy = "Paused"
)
// StrategySpec defines the desired state of Strategy
type StrategySpec struct {
// Strategy type
Type StrategyType `json:"type,omitempty"`
// Principal version, the one as reference version
// label version value
// +optional
PrincipalVersion string `json:"principal,omitempty"`
// Governor version, the version takes control of all incoming traffic
// label version value
// +optional
GovernorVersion string `json:"governor,omitempty"`
// Label selector for virtual services.
// +optional
Selector *metav1.LabelSelector `json:"selector,omitempty"`
// Template describes the virtual service that will be created.
Template VirtualServiceTemplateSpec `json:"template,omitempty"`
// strategy policy, how the strategy will be applied
// by the strategy controller
StrategyPolicy StrategyPolicy `json:"strategyPolicy,omitempty"`
}
// VirtualServiceTemplateSpec
type VirtualServiceTemplateSpec struct {
// Metadata of the virtual services created from this template
// +optional
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec indicates the behavior of a virtual service.
// +optional
Spec v1alpha3.VirtualServiceSpec `json:"spec,omitempty"`
}
// StrategyStatus defines the observed state of Strategy
type StrategyStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file
// The latest available observations of an object's current state.
// +optional
Conditions []StrategyCondition
// Represents time when the strategy was acknowledged by the controller.
// It is represented in RFC3339 form and is in UTC.
// +optional
StartTime *metav1.Time
// Represents time when the strategy was completed.
// It is represented in RFC3339 form and is in UTC.
// +optional
CompletionTime *metav1.Time
}
type StrategyConditionType string
// These are valid conditions of a strategy.
const (
// StrategyComplete means the strategy has been delivered to istio.
StrategyComplete StrategyConditionType = "Complete"
// StrategyFailed means the strategy has failed its delivery to istio.
StrategyFailed StrategyConditionType = "Failed"
)
// StrategyCondition describes current state of a strategy.
type StrategyCondition struct {
// Type of strategy condition, Complete or Failed.
Type StrategyConditionType
// Status of the condition, one of True, False, Unknown
Status apiextensions.ConditionStatus
// Last time the condition was checked.
// +optional
LastProbeTime metav1.Time
// Last time the condition transit from one status to another
// +optional
LastTransitionTime metav1.Time
// reason for the condition's last transition
Reason string
// Human readable message indicating details about last transition.
// +optinal
Message string
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Strategy is the Schema for the strategies API
// +kubebuilder:printcolumn:name="Type",type="string",JSONPath=".spec.type",description="type of strategy"
// +kubebuilder:printcolumn:name="Hosts",type="string",JSONPath=".spec.template.spec.hosts",description="destination hosts"
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
// +k8s:openapi-gen=true
type Strategy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec StrategySpec `json:"spec,omitempty"`
Status StrategyStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// StrategyList contains a list of Strategy
type StrategyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Strategy `json:"items"`
}
func init() {
SchemeBuilder.Register(&Strategy{}, &StrategyList{})
}

88
pkg/apis/servicemesh/v1alpha2/strategy_types_test.go
View File

@@ -1,88 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/knative/pkg/apis/istio/v1alpha3"
"io/ioutil"
"k8s.io/apimachinery/pkg/util/json"
"k8s.io/client-go/kubernetes/scheme"
"testing"
"github.com/onsi/gomega"
"golang.org/x/net/context"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
)
func TestStorageStrategy(t *testing.T) {
key := types.NamespacedName{
Name: "foo",
Namespace: "default",
}
created := &Strategy{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
Namespace: "default",
},
Spec: StrategySpec{
Template: VirtualServiceTemplateSpec{
Spec: v1alpha3.VirtualServiceSpec{
Hosts: []string{
"details",
},
},
},
},
}
g := gomega.NewGomegaWithT(t)
// Test Create
fetched := &Strategy{}
g.Expect(c.Create(context.TODO(), created)).NotTo(gomega.HaveOccurred())
g.Expect(c.Get(context.TODO(), key, fetched)).NotTo(gomega.HaveOccurred())
g.Expect(fetched).To(gomega.Equal(created))
// Test Updating the Labels
updated := fetched.DeepCopy()
updated.Labels = map[string]string{"hello": "world"}
g.Expect(c.Update(context.TODO(), updated)).NotTo(gomega.HaveOccurred())
g.Expect(c.Get(context.TODO(), key, fetched)).NotTo(gomega.HaveOccurred())
g.Expect(fetched).To(gomega.Equal(updated))
// Test Delete
g.Expect(c.Delete(context.TODO(), fetched)).NotTo(gomega.HaveOccurred())
g.Expect(c.Get(context.TODO(), key, fetched)).To(gomega.HaveOccurred())
}
func TestStrategyRead(t *testing.T) {
//g := gomega.NewGomegaWithT(t)
var str []byte
file, err := ioutil.ReadFile("/Users/zry/go/src/kubesphere.io/kubesphere/config/samples/servicemesh_v1alpha2_strategy.yaml")
if err == nil {
obj, _, _ := scheme.Codecs.UniversalDeserializer().Decode(file, nil, &Strategy{})
switch obj.(type) {
case *Strategy:
str, err = json.Marshal(obj)
t.Logf("Read strategy %s", str)
}
}
}

55
pkg/apis/servicemesh/v1alpha2/v1alpha2_suite_test.go
View File

@@ -1,55 +0,0 @@
/*
Copyright 2019 The KubeSphere authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"log"
"os"
"path/filepath"
"testing"
"k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/envtest"
)
var cfg *rest.Config
var c client.Client
func TestMain(m *testing.M) {
t := &envtest.Environment{
CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "..", "config", "crds")},
}
err := SchemeBuilder.AddToScheme(scheme.Scheme)
if err != nil {
log.Fatal(err)
}
if cfg, err = t.Start(); err != nil {
log.Fatal(err)
}
if c, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}); err != nil {
log.Fatal(err)
}
code := m.Run()
t.Stop()
os.Exit(code)
}

326
pkg/apis/servicemesh/v1alpha2/zz_generated.deepcopy.go
View File

@@ -1,326 +0,0 @@
// +build !ignore_autogenerated
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha2
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DestinationRuleSpecTemplate) DeepCopyInto(out *DestinationRuleSpecTemplate) {
*out = *in
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleSpecTemplate.
func (in *DestinationRuleSpecTemplate) DeepCopy() *DestinationRuleSpecTemplate {
if in == nil {
return nil
}
out := new(DestinationRuleSpecTemplate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServicePolicy) DeepCopyInto(out *ServicePolicy) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicy.
func (in *ServicePolicy) DeepCopy() *ServicePolicy {
if in == nil {
return nil
}
out := new(ServicePolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ServicePolicy) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServicePolicyCondition) DeepCopyInto(out *ServicePolicyCondition) {
*out = *in
in.LastProbeTime.DeepCopyInto(&out.LastProbeTime)
in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicyCondition.
func (in *ServicePolicyCondition) DeepCopy() *ServicePolicyCondition {
if in == nil {
return nil
}
out := new(ServicePolicyCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServicePolicyList) DeepCopyInto(out *ServicePolicyList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ServicePolicy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicyList.
func (in *ServicePolicyList) DeepCopy() *ServicePolicyList {
if in == nil {
return nil
}
out := new(ServicePolicyList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ServicePolicyList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServicePolicySpec) DeepCopyInto(out *ServicePolicySpec) {
*out = *in
if in.Selector != nil {
in, out := &in.Selector, &out.Selector
*out = new(v1.LabelSelector)
(*in).DeepCopyInto(*out)
}
in.Template.DeepCopyInto(&out.Template)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicySpec.
func (in *ServicePolicySpec) DeepCopy() *ServicePolicySpec {
if in == nil {
return nil
}
out := new(ServicePolicySpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServicePolicyStatus) DeepCopyInto(out *ServicePolicyStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]ServicePolicyCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.StartTime != nil {
in, out := &in.StartTime, &out.StartTime
*out = (*in).DeepCopy()
}
if in.CompletionTime != nil {
in, out := &in.CompletionTime, &out.CompletionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicyStatus.
func (in *ServicePolicyStatus) DeepCopy() *ServicePolicyStatus {
if in == nil {
return nil
}
out := new(ServicePolicyStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Strategy) DeepCopyInto(out *Strategy) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Strategy.
func (in *Strategy) DeepCopy() *Strategy {
if in == nil {
return nil
}
out := new(Strategy)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Strategy) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *StrategyCondition) DeepCopyInto(out *StrategyCondition) {
*out = *in
in.LastProbeTime.DeepCopyInto(&out.LastProbeTime)
in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrategyCondition.
func (in *StrategyCondition) DeepCopy() *StrategyCondition {
if in == nil {
return nil
}
out := new(StrategyCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *StrategyList) DeepCopyInto(out *StrategyList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Strategy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrategyList.
func (in *StrategyList) DeepCopy() *StrategyList {
if in == nil {
return nil
}
out := new(StrategyList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *StrategyList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *StrategySpec) DeepCopyInto(out *StrategySpec) {
*out = *in
if in.Selector != nil {
in, out := &in.Selector, &out.Selector
*out = new(v1.LabelSelector)
(*in).DeepCopyInto(*out)
}
in.Template.DeepCopyInto(&out.Template)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrategySpec.
func (in *StrategySpec) DeepCopy() *StrategySpec {
if in == nil {
return nil
}
out := new(StrategySpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *StrategyStatus) DeepCopyInto(out *StrategyStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]StrategyCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.StartTime != nil {
in, out := &in.StartTime, &out.StartTime
*out = (*in).DeepCopy()
}
if in.CompletionTime != nil {
in, out := &in.CompletionTime, &out.CompletionTime
*out = (*in).DeepCopy()
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrategyStatus.
func (in *StrategyStatus) DeepCopy() *StrategyStatus {
if in == nil {
return nil
}
out := new(StrategyStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *VirtualServiceTemplateSpec) DeepCopyInto(out *VirtualServiceTemplateSpec) {
*out = *in
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualServiceTemplateSpec.
func (in *VirtualServiceTemplateSpec) DeepCopy() *VirtualServiceTemplateSpec {
if in == nil {
return nil
}
out := new(VirtualServiceTemplateSpec)
in.DeepCopyInto(out)
return out
}

20
pkg/apis/tenant/group.go
View File

@@ -1,20 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package tenant contains tenant API versions
package tenant

33
pkg/apis/tenant/install/install.go
View File

@@ -1,33 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package install
import (
"github.com/emicklei/go-restful"
urlruntime "k8s.io/apimachinery/pkg/util/runtime"
tenantv1alpha2 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha2"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
func init() {
Install(runtime.Container)
}
func Install(container *restful.Container) {
urlruntime.Must(tenantv1alpha2.AddToContainer(container))
}

25
pkg/apis/tenant/v1alpha1/doc.go
View File

@@ -1,25 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1alpha1 contains API Schema definitions for the tenant v1alpha1 API group
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=kubesphere.io/kubesphere/pkg/apis/tenant
// +k8s:defaulter-gen=TypeMeta
// +groupName=tenant.kubesphere.io
package v1alpha1

48
pkg/apis/tenant/v1alpha1/register.go
View File

@@ -1,48 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// NOTE: Boilerplate only. Ignore this file.
// Package v1alpha1 contains API Schema definitions for the tenant v1alpha1 API group
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package,register
// +k8s:conversion-gen=kubesphere.io/kubesphere/pkg/apis/tenant
// +k8s:defaulter-gen=TypeMeta
// +groupName=tenant.kubesphere.io
package v1alpha1
import (
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/runtime/scheme"
)
var (
// SchemeGroupVersion is group version used to register these objects
SchemeGroupVersion = schema.GroupVersion{Group: "tenant.kubesphere.io", Version: "v1alpha1"}
// SchemeBuilder is used to add go types to the GroupVersionKind scheme
SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
// AddToScheme is required by pkg/client/...
AddToScheme = SchemeBuilder.AddToScheme
)
// Resource is required by pkg/client/listers/...
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}

57
pkg/apis/tenant/v1alpha1/v1alpha1_suite_test.go
View File

@@ -1,57 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
"log"
"os"
"path/filepath"
"testing"
"k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/envtest"
)
var cfg *rest.Config
var c client.Client
func TestMain(m *testing.M) {
t := &envtest.Environment{
CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "..", "config", "crds")},
}
err := SchemeBuilder.AddToScheme(scheme.Scheme)
if err != nil {
log.Fatal(err)
}
if cfg, err = t.Start(); err != nil {
log.Fatal(err)
}
if c, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}); err != nil {
log.Fatal(err)
}
code := m.Run()
t.Stop()
os.Exit(code)
}

64
pkg/apis/tenant/v1alpha1/workspace_types.go
View File

@@ -1,64 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
// WorkspaceSpec defines the desired state of Workspace
type WorkspaceSpec struct {
Manager string `json:"manager,omitempty"`
}
// WorkspaceStatus defines the observed state of Workspace
type WorkspaceStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +genclient:nonNamespaced
// Workspace is the Schema for the workspaces API
// +k8s:openapi-gen=true
type Workspace struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec WorkspaceSpec `json:"spec,omitempty"`
Status WorkspaceStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +genclient:nonNamespaced
// WorkspaceList contains a list of Workspace
type WorkspaceList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Workspace `json:"items"`
}
func init() {
SchemeBuilder.Register(&Workspace{}, &WorkspaceList{})
}

58
pkg/apis/tenant/v1alpha1/workspace_types_test.go
View File

@@ -1,58 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
"testing"
"github.com/onsi/gomega"
"golang.org/x/net/context"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
)
func TestStorageWorkspace(t *testing.T) {
key := types.NamespacedName{
Name: "foo",
}
created := &Workspace{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
}}
g := gomega.NewGomegaWithT(t)
// Test Create
fetched := &Workspace{}
g.Expect(c.Create(context.TODO(), created)).NotTo(gomega.HaveOccurred())
g.Expect(c.Get(context.TODO(), key, fetched)).NotTo(gomega.HaveOccurred())
g.Expect(fetched).To(gomega.Equal(created))
// Test Updating the Labels
updated := fetched.DeepCopy()
updated.Labels = map[string]string{"hello": "world"}
g.Expect(c.Update(context.TODO(), updated)).NotTo(gomega.HaveOccurred())
g.Expect(c.Get(context.TODO(), key, fetched)).NotTo(gomega.HaveOccurred())
g.Expect(fetched).To(gomega.Equal(updated))
// Test Delete
g.Expect(c.Delete(context.TODO(), fetched)).NotTo(gomega.HaveOccurred())
g.Expect(c.Get(context.TODO(), key, fetched)).To(gomega.HaveOccurred())
}

118
pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go
View File

@@ -1,118 +0,0 @@
// +build !ignore_autogenerated
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha1
import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Workspace) DeepCopyInto(out *Workspace) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
out.Spec = in.Spec
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workspace.
func (in *Workspace) DeepCopy() *Workspace {
if in == nil {
return nil
}
out := new(Workspace)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *Workspace) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WorkspaceList) DeepCopyInto(out *WorkspaceList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]Workspace, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceList.
func (in *WorkspaceList) DeepCopy() *WorkspaceList {
if in == nil {
return nil
}
out := new(WorkspaceList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *WorkspaceList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WorkspaceSpec) DeepCopyInto(out *WorkspaceSpec) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceSpec.
func (in *WorkspaceSpec) DeepCopy() *WorkspaceSpec {
if in == nil {
return nil
}
out := new(WorkspaceSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WorkspaceStatus) DeepCopyInto(out *WorkspaceStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceStatus.
func (in *WorkspaceStatus) DeepCopy() *WorkspaceStatus {
if in == nil {
return nil
}
out := new(WorkspaceStatus)
in.DeepCopyInto(out)
return out
}

115
pkg/apis/tenant/v1alpha2/register.go
View File

@@ -1,115 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/emicklei/go-restful"
"github.com/emicklei/go-restful-openapi"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/apiserver/tenant"
)
const GroupName = "tenant.kubesphere.io"
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
var (
WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
AddToContainer = WebServiceBuilder.AddToContainer
)
func addWebService(c *restful.Container) error {
tags := []string{"Tenant"}
ws := runtime.NewWebService(GroupVersion)
ws.Route(ws.GET("/workspaces").
To(tenant.ListWorkspaces).
Doc("List workspace by user").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}").
To(tenant.DescribeWorkspace).
Doc("Get workspace detail").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/rules").
To(tenant.ListWorkspaceRules).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("List the rules for the current user").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/namespaces/{namespace}/rules").
To(tenant.ListNamespaceRules).
Param(ws.PathParameter("namespace", "namespace")).
Doc("List the rules for the current user").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/devops/{devops}/rules").
To(tenant.ListDevopsRules).
Param(ws.PathParameter("devops", "devops project id")).
Doc("List the rules for the current user").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/namespaces").
To(tenant.ListNamespaces).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("List the namespaces for the current user").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/members/{username}/namespaces").
To(tenant.ListNamespaces).
Param(ws.PathParameter("workspace", "workspace name")).
Param(ws.PathParameter("username", "workspace member's username")).
Doc("List the namespaces for the workspace member").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.POST("/workspaces/{workspace}/namespaces").
To(tenant.CreateNamespace).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("Create namespace").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.DELETE("/workspaces/{workspace}/namespaces/{namespace}").
To(tenant.DeleteNamespace).
Param(ws.PathParameter("workspace", "workspace name")).
Param(ws.PathParameter("namespace", "namespace")).
Doc("Delete namespace").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/devops").
To(tenant.ListDevopsProjects).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("List devops projects for the current user").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/workspaces/{workspace}/members/{username}/devops").
To(tenant.ListDevopsProjects).
Param(ws.PathParameter("workspace", "workspace name")).
Param(ws.PathParameter("username", "workspace member's username")).
Doc("List the devops projects for the workspace member").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.POST("/workspaces/{workspace}/devops").
To(tenant.CreateDevopsProject).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("Create devops project").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.DELETE("/workspaces/{workspace}/devops/{id}").
To(tenant.DeleteDevopsProject).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("Delete devops project").
Metadata(restfulspec.KeyOpenAPITags, tags))
ws.Route(ws.GET("/logging").
To(tenant.LogQuery).
Doc("Query cluster-level logs in a multi-tenants environment").
Metadata(restfulspec.KeyOpenAPITags, tags))
c.Add(ws)
return nil
}

33
pkg/apis/terminal/install/install.go
View File

@@ -1,33 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package install
import (
"github.com/emicklei/go-restful"
urlruntime "k8s.io/apimachinery/pkg/util/runtime"
terminalv1alpha2 "kubesphere.io/kubesphere/pkg/apis/terminal/v1alpha2"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
)
func init() {
Install(runtime.Container)
}
func Install(c *restful.Container) {
urlruntime.Must(terminalv1alpha2.AddToContainer(c))
}

56
pkg/apis/terminal/v1alpha2/register.go
View File

@@ -1,56 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
import (
"github.com/emicklei/go-restful"
"github.com/emicklei/go-restful-openapi"
"k8s.io/apimachinery/pkg/runtime/schema"
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
"kubesphere.io/kubesphere/pkg/apiserver/terminal"
"kubesphere.io/kubesphere/pkg/models"
)
const GroupName = "terminal.kubesphere.io"
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
var (
WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
AddToContainer = WebServiceBuilder.AddToContainer
)
func addWebService(c *restful.Container) error {
webservice := runtime.NewWebService(GroupVersion)
tags := []string{"Terminal"}
webservice.Route(webservice.GET("/namespaces/{namespace}/pods/{pod}").
To(terminal.CreateTerminalSession).
Doc("create terminal session").
Metadata(restfulspec.KeyOpenAPITags, tags).
Writes(models.PodInfo{}))
path := runtime.ApiRootPath + "/" + GroupVersion.String() + "/sockjs"
c.Handle(path+"/", terminal.NewTerminalHandler(path))
c.Add(webservice)
return nil
}

Some files were not shown because too many files have changed in this diff Show More