Add cluster name and uid as cluster controller identifier (#10)

Signed-off-by: rasel <[email protected]>
appscode-cloud · Mar 7, 2024 · dd320dc · dd320dc
1 parent 99401ab
commit dd320dc
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 93 deletions.
diff --git a/contrib/example-backend/controllers/clusterbinding/clusterbinding_reconcile.go b/contrib/example-backend/controllers/clusterbinding/clusterbinding_reconcile.go
@@ -30,7 +30,6 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
-	"k8s.io/klog/v2"
 	"k8s.io/utils/ptr"
 	conditionsapi "kmodules.xyz/client-go/api/v1"
 	"kmodules.xyz/client-go/conditions"
@@ -60,9 +59,6 @@ type reconciler struct {
 func (r *reconciler) reconcile(ctx context.Context, clusterBinding *v1alpha1.ClusterBinding) error {
 	var errs []error
 
-	//if err := r.ensureKubeSystemNSAccess(ctx, clusterBinding); err != nil {
-	//	errs = append(errs, err)
-	//}
 	r.ensureClusterBindingConditions(clusterBinding)
 	if err := r.ensureRBACRoleBinding(ctx, clusterBinding); err != nil {
 		errs = append(errs, err)
@@ -117,82 +113,6 @@ func (r *reconciler) ensureClusterBindingConditions(clusterBinding *v1alpha1.Clu
 	}
 }
 
-func (r *reconciler) ensureKubeSystemNSAccess(ctx context.Context, clusterBinding *v1alpha1.ClusterBinding) error {
-	roleName := "kube-binder-namespace"
-	clusterRole, err := r.getClusterRole(roleName)
-	if err != nil && !errors.IsNotFound(err) {
-		return fmt.Errorf("failed to get ClusterRole %s: %w", roleName, err)
-	}
-	ns, err := r.getNamespace(clusterBinding.Namespace)
-	if err != nil {
-		return fmt.Errorf("failed to get Namespace %s: %w", clusterBinding.Namespace, err)
-	}
-
-	expectedRole := &rbacv1.ClusterRole{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: roleName,
-		},
-		Rules: []rbacv1.PolicyRule{
-			{
-				APIGroups:     []string{""},
-				Resources:     []string{"namespaces"},
-				Verbs:         []string{"get"},
-				ResourceNames: []string{"kube-system"},
-			},
-		},
-	}
-	if clusterRole == nil {
-		_, err = r.createClusterRole(ctx, expectedRole)
-		if err != nil {
-			return err
-		}
-		klog.Infof(fmt.Sprintf("clusterrole %s created", roleName))
-	}
-
-	rbName := roleName + "-" + clusterBinding.Namespace
-
-	expectedRB := &rbacv1.ClusterRoleBinding{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: rbName,
-			OwnerReferences: []metav1.OwnerReference{
-				{
-					APIVersion: "v1",
-					Kind:       "Namespace",
-					Name:       clusterBinding.Namespace,
-					Controller: ptr.To(true),
-					UID:        ns.UID,
-				},
-			},
-		},
-		Subjects: []rbacv1.Subject{
-			{
-				Kind:      "ServiceAccount",
-				Namespace: clusterBinding.Namespace,
-				Name:      kuberesources.ServiceAccountName,
-			},
-		},
-		RoleRef: rbacv1.RoleRef{
-			Kind:     "ClusterRole",
-			Name:     roleName,
-			APIGroup: "rbac.authorization.k8s.io",
-		},
-	}
-
-	rb, err := r.getClusterRoleBinding(rbName)
-	if err != nil && !errors.IsNotFound(err) {
-		return err
-	}
-	if rb == nil {
-		_, err = r.createClusterRoleBinding(ctx, expectedRB)
-		if err != nil {
-			return err
-		}
-		klog.Infof(fmt.Sprintf("clusterrolebinding %s created", rbName))
-
-	}
-	return nil
-}
-
 func (r *reconciler) ensureRBACClusterRole(ctx context.Context, clusterBinding *v1alpha1.ClusterBinding) error {
 	name := "kube-binder-" + clusterBinding.Namespace
 	role, err := r.getClusterRole(name)

diff --git a/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_reconcile.go b/pkg/konnector/controllers/cluster/clusterbinding/clusterbinding_reconcile.go
@@ -94,6 +94,7 @@ func (r *reconciler) ensureRightScopedServiceBinding(ctx context.Context, bindin
 				sb.Spec.Providers[i].ClusterUID = binding.Status.Provider.ClusterUID
 				sb.Spec.Providers[i].ClusterName = binding.Status.Provider.ClusterName
 				if err = r.updateServiceBinding(ctx, &sb); err != nil {
+					klog.Errorf(err.Error())
 					return err
 				}
 				break

diff --git a/pkg/konnector/konnector_reconcile.go b/pkg/konnector/konnector_reconcile.go
@@ -69,7 +69,7 @@ func (r *reconciler) reconcile(ctx context.Context, binding *kubebindv1alpha1.AP
 		} else if errors.IsNotFound(err) {
 			logger.V(2).Info("secret not found", "secret", p.Kubeconfig.Namespace+"/"+p.Kubeconfig.Name)
 		} else {
-			kubeconfigs = append(kubeconfigs, string(secret.Data[p.Kubeconfig.Key]))
+			kubeconfigs = append(kubeconfigs, string(secret.Data[p.Kubeconfig.Key])+p.ClusterName+p.ClusterUID)
 			idf := providerIdentifier{
 				kubeconfig:         string(secret.Data[p.Kubeconfig.Key]),
 				secretRefName:      p.Kubeconfig.Name,
@@ -141,18 +141,6 @@ func (r *reconciler) reconcile(ctx context.Context, binding *kubebindv1alpha1.AP
 		}
 		provider.ConsumerSecretRefKey = identifier.secretRefNamespace + "/" + identifier.secretRefName
 
-		// set cluster uid
-		//kubeclient, err := kubernetesclient.NewForConfig(provider.Config)
-		//if err != nil {
-		//	return err
-		//}
-		//ns, err := kubeclient.CoreV1().Namespaces().Get(ctx, namespaceKubeSystem, metav1.GetOptions{})
-		//if err != nil {
-		//	klog.Error(err.Error())
-		//	return err
-		//}
-		//provider.ClusterID = string(ns.GetUID())
-
 		provider.ClusterID = identifier.clusterUID
 
 		providerInfos = append(providerInfos, &provider)