fix: forbid install namepsace (#29)

beclab · Jun 21, 2024 · 17a11d5 · 17a11d5
1 parent 1609e3e
commit 17a11d5
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/pkg/apiserver/handler_installer.go b/pkg/apiserver/handler_installer.go
@@ -61,7 +61,7 @@ func (h *Handler) install(req *restful.Request, resp *restful.Response) {
 		return
 	}
 
-	if utils.IsProtectedNamespace(appConfig.Namespace) {
+	if utils.IsForbidNamespace(appConfig.Namespace) {
 		api.HandleBadRequest(resp, req, fmt.Errorf("unsupported namespace: %s", appConfig.Namespace))
 		return
 	}

diff --git a/pkg/utils/app.go b/pkg/utils/app.go
@@ -35,6 +35,18 @@ var protectedNamespace = []string{
 	"os-system",
 }
 
+var forbidNamespace = []string{
+	"default",
+	"kube-node-lease",
+	"kube-public",
+	"kube-system",
+	"kubekey-system",
+	"kubesphere-controls-system",
+	"kubesphere-monitoring-federated",
+	"kubesphere-monitoring-system",
+	"kubesphere-system",
+}
+
 // GetClient returns versioned ClientSet.
 func GetClient() (*versioned.Clientset, error) {
 	config, err := ctrl.GetConfig()
@@ -365,3 +377,12 @@ func IsProtectedNamespace(namespace string) bool {
 	}
 	return false
 }
+
+func IsForbidNamespace(namespace string) bool {
+	for _, n := range forbidNamespace {
+		if namespace == n {
+			return true
+		}
+	}
+	return false
+}
-Original file line number
+Diff line change
@@ Expand Up @@
     		return
     	}
-    	if utils.IsProtectedNamespace(appConfig.Namespace) {
+    	if utils.IsForbidNamespace(appConfig.Namespace) {
     		api.HandleBadRequest(resp, req, fmt.Errorf("unsupported namespace: %s", appConfig.Namespace))
     		return
     	}
@@ Expand Down @@