Merge pull request #23 from lingdie/jh-init

Jh init

controllers/init/.dockerignore

@@ -0,0 +1,3 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+testbin/

controllers/init/.gitignore

@@ -0,0 +1,26 @@
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin/*
+Dockerfile.cross
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+.vscode
+*.swp
+*.swo
+*~

controllers/init/Dockerfile

@@ -0,0 +1,9 @@
+FROM gcr.io/distroless/static:nonroot
+ARG TARGETARCH
+
+WORKDIR /
+USER 65532:65532
+
+COPY bin/launcher-$TARGETARCH /preset
+
+ENTRYPOINT ["/preset"]

controllers/init/Makefile

@@ -0,0 +1,174 @@
+
+# Image URL to use all building/pushing image targets
+IMG ?= ghcr.io/labring/sealos-license-controller:latest
+
+GOARCH ?= amd64
+
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+ENVTEST_K8S_VERSION = 1.26.1
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
+
+.PHONY: all
+all: build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Development
+
+.PHONY: manifests
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+
+.PHONY: generate
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+.PHONY: test
+test: manifests generate fmt vet envtest ## Run tests.
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out
+
+
+##@ Build
+
+.PHONY: build
+CONTROLLER_PKG=github.com/labring/sealos/controllers/pkg
+CONTROLLER_LICENSE=github.com/labring/sealos/controllers/license/internal/controller
+build: manifests generate fmt vet ## Build manager binary.
+	LD_FLAGS=""; \
+	[ -n "$(CRYPTOKEY)" ] && LD_FLAGS+="-X ${CONTROLLER_PKG}/crypto.encryptionKey=${CRYPTOKEY} -X ${CONTROLLER_PKG}/database.cryptoKey=${CRYPTOKEY}"; \
+	[ -n "$(LICENSE_KEY)" ] && LD_FLAGS+=" -X ${CONTROLLER_LICENSE}/util/key.EncryptionKey=${LICENSE_KEY}"; \
+	CGO_ENABLED=0 GOOS=linux  go build -ldflags "$${LD_FLAGS}" -o bin/manager cmd/manager/main.go && \
+	CGO_ENABLED=0 GOOS=linux  go build -o bin/preset-${GOARCH} cmd/preset/main.go && chmod +x bin/preset-${GOARCH} && \
+	CGO_ENABLED=0 GOOS=linux  go build -o bin/launcher-${GOARCH} cmd/launcher/main.go && chmod +x bin/launcher-${GOARCH}
+
+
+.PHONY: run
+run: manifests generate fmt vet ## Run a controller from your host.
+	go run ./cmd/manager/main.go
+
+# If you wish built the manager image targeting other platforms you can use the --platform flag.
+# (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it.
+# More info: https://docs.docker.com/develop/develop-images/build_enhancements/
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+# PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple
+# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
+# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/
+# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
+# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> then the export will fail)
+# To properly provided solutions that supports more than one platform you should use this option.
+PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+.PHONY: docker-buildx
+docker-buildx: test ## Build and push docker image for the manager for cross-platform support
+	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
+	sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
+	- docker buildx create --name project-v3-builder
+	docker buildx use project-v3-builder
+	- docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross .
+	- docker buildx rm project-v3-builder
+	rm Dockerfile.cross
+
+##@ Deployment
+
+ifndef ignore-not-found
+  ignore-not-found = false
+endif
+
+.PHONY: install
+install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+.PHONY: pre-deploy
+pre-deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default  > deploy/manifests/deploy.yaml
+
+.PHONY: deploy
+deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+##@ Build Dependencies
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
+ENVTEST ?= $(LOCALBIN)/setup-envtest
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v4.2.0
+CONTROLLER_TOOLS_VERSION ?= v0.8.0
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
+$(KUSTOMIZE): $(LOCALBIN)
+	@if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \
+		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
+		rm -rf $(LOCALBIN)/kustomize; \
+	fi
+	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; }
+
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest

controllers/init/PROJECT

@@ -0,0 +1,20 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
+domain: sealos.io
+layout:
+- go.kubebuilder.io/v4
+projectName: license
+repo: github.com/labring/sealos/controllers/license
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: sealos.io
+  group: license
+  kind: License
+  path: github.com/labring/sealos/controllers/license/api/v1
+  version: v1
+version: "3"

controllers/init/cmd/preset/main.go

@@ -0,0 +1,141 @@
+package main
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/google/uuid"
+	userUtil "github.com/labring/sealos/controllers/license/internal/util/user"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/mongo"
+	mongoOptions "go.mongodb.org/mongo-driver/mongo/options"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+var (
+	scheme    = runtime.NewScheme()
+	presetLog = ctrl.Log.WithName("preset")
+	SaltKey   = os.Getenv("SaltKey")
+)
+
+const MaxRetryConnectDB = 10
+
+func main() {
+	// TODO do something
+	err := presetUser(context.Background())
+	if err != nil {
+		presetLog.Error(err, "failed to preset root user")
+		os.Exit(1)
+	}
+	presetLog.Info("preset root user successfully")
+}
+
+func presetUser(ctx context.Context) error {
+	//init mongodb database
+	client, err := initMongoDB(ctx)
+	defer client.Disconnect(context.Background())
+	if err != nil {
+		presetLog.Error(err, "unable to connect to database")
+		os.Exit(1)
+	}
+
+	// preset root user
+	uuid := uuid.New().String()
+	passwd := HashPassword(userUtil.DefaultPassword, SaltKey)
+	user := NewUser(uuid, userUtil.DefaultUser, userUtil.DefaultUser, passwd, userUtil.DefaultK8sUser)
+	userDB := os.Getenv("MONGO_USER_DB")
+	userCol := os.Getenv("MONGO_USER_COL")
+	collection := client.Database(userDB).Collection(userCol)
+
+	// check if the user already exists
+	exist := IsExists(ctx, collection)
+	if exist {
+		presetLog.Info("root user already exists")
+		return nil
+	}
+	// insert root user
+	insertResult, err := collection.InsertOne(context.Background(), user)
+	if err != nil {
+		presetLog.Error(err, "failed to insert root user")
+		return err
+	}
+	presetLog.Info("insert root user successfully", "insertResult", insertResult)
+	return nil
+}
+
+func IsExists(ctx context.Context, collection *mongo.Collection) bool {
+	filter := bson.M{"password_user": userUtil.DefaultUser}
+	var existingUser userUtil.User
+	err := collection.FindOne(ctx, filter).Decode(&existingUser)
+	return err == nil
+}
+
+func NewUser(uid, name, passwordUser, password, k8sUser string) userUtil.User {
+	return userUtil.User{
+		UID:          uid,
+		Name:         name,
+		PasswordUser: passwordUser,
+		Password:     password,
+		// to iso string
+		CreatedTime: time.Now().Format(time.RFC3339),
+		K8sUsers: []userUtil.K8sUser{
+			{
+				Name: k8sUser,
+			},
+		},
+	}
+}
+
+func HashPassword(password string, saltKey string) string {
+	hash := sha256.New()
+	validSalt, err := DecodeBase64(saltKey)
+	if err != nil {
+		presetLog.Error(err, "failed to decode salt")
+		os.Exit(1)
+	}
+	hash.Write([]byte(password + string(validSalt)))
+	return hex.EncodeToString(hash.Sum(nil))
+}
+
+func DecodeBase64(s string) ([]byte, error) {
+	data, err := base64.StdEncoding.DecodeString(s)
+	if err != nil {
+		presetLog.Error(err, "failed to decode base64")
+		return nil, err
+	}
+	return data, nil
+}
+
+func initMongoDB(ctx context.Context) (*mongo.Client, error) {
+	var client *mongo.Client
+	var err error
+	MongoURI := os.Getenv("MONGO_URI")
+	clientOptions := mongoOptions.Client().ApplyURI(MongoURI)
+	for i := 0; i < MaxRetryConnectDB; i++ {
+		client, err = mongo.Connect(ctx, clientOptions)
+		if err != nil {
+			presetLog.Error(err, "failed to connect to mongo")
+			time.Sleep(5 * time.Second)
+			continue
+		}
+		err = client.Ping(ctx, nil)
+		if err != nil {
+			presetLog.Error(err, "failed to ping mongo")
+			time.Sleep(5 * time.Second)
+			continue
+		}
+		presetLog.Info("connect to mongo successfully")
+		break
+	}
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect to mongo: %w", err)
+	}
+	return client, nil
+
+}

controllers/init/deploy/kubefile

@@ -0,0 +1,12 @@
+FROM scratch
+
+USER 65532:65532
+
+COPY registry registry
+COPY manifests manifests
+
+ENV cloudDomain="cloud.sealos.io"
+ENV cloudPort=""
+ENV MONGO_URI="mongodb://mongo:27017/resources"
+
+CMD ["kubectl apply -f manifests"]