This repository has been archived by the owner on Apr 18, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathinstall.go
78 lines (68 loc) · 2.36 KB
/
install.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package kubewebview
import (
"context"
"fmt"
"time"
"github.com/flanksource/karina/pkg/ca"
"github.com/flanksource/kommons"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/flanksource/karina/pkg/constants"
"github.com/flanksource/karina/pkg/platform"
"github.com/flanksource/karina/pkg/types"
)
const (
Namespace = constants.PlatformSystem
Group = "system:reporting"
User = "kube-web-view"
ClusterConfig = "kube-web-view-clusters"
)
func Install(p *platform.Platform) error {
if p.KubeWebView == nil {
p.KubeWebView = &types.KubeWebView{} // this sets p.KubeWebView.Disabled to false
p.KubeWebView.Disabled = true
}
if p.DryRun && !p.KubeWebView.Disabled {
return p.ApplySpecs(Namespace, "kube-web-view.yaml")
} else if p.DryRun {
return nil
}
if p.KubeWebView.Disabled {
// remove the secret containing access information to external clusters
cs, err := p.GetClientset()
if err != nil {
return err
}
if p.HasSecret(Namespace, ClusterConfig) {
err = cs.CoreV1().Secrets(Namespace).Delete(context.TODO(), "kube-web-view-clusters", metav1.DeleteOptions{})
if err != nil {
return err
}
}
return p.DeleteSpecs(Namespace, "kube-web-view.yaml")
}
// make sure the namespace exists
if err := p.CreateOrUpdateNamespace(Namespace, nil, nil); err != nil {
return fmt.Errorf("install: failed to create/update namespace: %v", err)
}
// we use our own root CA for ALL cluster accesses
ca, err := ca.ReadCA(p.CA)
if err != nil {
return fmt.Errorf("unable to get root CA %v", err)
}
// kube-web-view can't use the service account to access it's own cluster
// so we add user/cert access via the default internal API endpoint
p.KubeWebView.ExternalClusters.AddSelf(p.Name)
// create a secret containing a kubeconfig file that allows access to
// this cluster via user/cert as well as the given external clusters
kubeConfig, err := kommons.CreateMultiKubeConfig(ca, p.KubeWebView.ExternalClusters, Group, User, 2*356*24*time.Hour)
if err != nil {
return fmt.Errorf("failed to generate kubeconfig for multi-cluster access: %v", err)
}
err = p.CreateOrUpdateSecret("kube-web-view-clusters", Namespace, map[string][]byte{
"config": kubeConfig,
})
if err != nil {
return fmt.Errorf("failed to generate kubeconfig secret for multi-cluster access: %v", err)
}
return p.ApplySpecs(Namespace, "kube-web-view.yaml")
}