Merge branch 'main' into release-v1.0

Makefile

@@ -3,7 +3,7 @@
 # that can be found in the LICENSE file.
 
 IMG ?= hub.c.163.com/kubecube/cube:v0.0.1
-MULTI_ARCH ?= false
+MULTI_ARCH ?= true
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
 

README.md

@@ -87,7 +87,9 @@ The architecture of KubeCube described in the figure below includes interaction
 
 ## Feedback & Contact
 
-[FAQ](https://www.kubecube.io/docs/faq/)
+Contact us by wechat
+
+<img src="./docs/kubecube-wechat.png" alt="kubecube-wechat" width="20%" height="20%" />
 
 ## License
 

cmd/cube/app/options/flags/auth.go

@@ -17,8 +17,9 @@ limitations under the License.
 package flags
 
 import (
-	"github.com/kubecube-io/kubecube/pkg/authenticator/jwt"
-	"github.com/kubecube-io/kubecube/pkg/authenticator/ldap"
+	"github.com/kubecube-io/kubecube/pkg/authentication/authenticators/jwt"
+	"github.com/kubecube-io/kubecube/pkg/authentication/identityprovider/generic"
+	"github.com/kubecube-io/kubecube/pkg/authentication/identityprovider/ldap"
 	"github.com/kubecube-io/kubecube/pkg/utils/constants"
 	"github.com/urfave/cli/v2"
 )
@@ -28,7 +29,7 @@ func init() {
 		// Ldap Client
 		&cli.BoolFlag{
 			Name:        "ldap-is-enable",
-			Value:       true,
+			Value:       false,
 			Destination: &ldap.Config.LdapIsEnable,
 		},
 		&cli.StringFlag{
@@ -67,7 +68,7 @@ func init() {
 			Destination: &ldap.Config.LdapAdminPassword,
 		},
 
-		//jwt
+		// jwt
 		&cli.Int64Flag{
 			Name:        "token-expire-duration",
 			Value:       constants.DefaultTokenExpireDuration,
@@ -77,5 +78,37 @@ func init() {
 			Name:        "jwt-issuer",
 			Destination: &jwt.Config.JwtIssuer,
 		},
+
+		// generic
+		&cli.BoolFlag{
+			Name:        "generic-auth-is-enable",
+			Value:       false,
+			Destination: &generic.Config.GenericAuthIsEnable,
+		},
+		&cli.StringFlag{
+			Name:        "generic-auth-url",
+			Value:       "http://127.0.0.1:8888/api/v1/cube-ultimate/auth",
+			Destination: &generic.Config.URL,
+		},
+		&cli.StringFlag{
+			Name:        "generic-auth-method",
+			Destination: &generic.Config.Method,
+		},
+		&cli.StringFlag{
+			Name:        "generic-auth-scheme",
+			Destination: &generic.Config.Scheme,
+		},
+		&cli.BoolFlag{
+			Name:        "generic-auth-insecure-skip-verify",
+			Destination: &generic.Config.InsecureSkipVerify,
+		},
+		&cli.StringFlag{
+			Name:        "generic-auth-tls-cert",
+			Destination: &generic.Config.TLSCert,
+		},
+		&cli.StringFlag{
+			Name:        "generic-auth-tls-key",
+			Destination: &generic.Config.TLSKey,
+		},
 	}...)
 }

cmd/cube/app/options/options.go

@@ -19,13 +19,13 @@ package options
 import (
 	"fmt"
 
-	"github.com/kubecube-io/kubecube/pkg/clog"
-
 	"github.com/kubecube-io/kubecube/pkg/apiserver"
-	"github.com/kubecube-io/kubecube/pkg/authenticator"
+	"github.com/kubecube-io/kubecube/pkg/authentication"
 	"github.com/kubecube-io/kubecube/pkg/clients"
+	"github.com/kubecube-io/kubecube/pkg/clog"
 	"github.com/kubecube-io/kubecube/pkg/ctrlmgr"
 	"github.com/kubecube-io/kubecube/pkg/cube"
+
 	"github.com/spf13/viper"
 )
 
@@ -40,7 +40,7 @@ type CubeOptions struct {
 	CtrlMgrOpts     *ctrlmgr.Config
 	ClientMgrOpts   *clients.Config
 	CubeLoggerOpts  *clog.Config
-	AuthMgrOpts     *authenticator.Config
+	AuthMgrOpts     *authentication.Config
 }
 
 func NewCubeOptions() *CubeOptions {
@@ -50,7 +50,7 @@ func NewCubeOptions() *CubeOptions {
 		CtrlMgrOpts:     &ctrlmgr.Config{},
 		ClientMgrOpts:   &clients.Config{},
 		CubeLoggerOpts:  &clog.Config{},
-		AuthMgrOpts:     &authenticator.Config{},
+		AuthMgrOpts:     &authentication.Config{},
 	}
 
 	return cubeOpts

cmd/cube/main.go

@@ -18,6 +18,7 @@ package main
 
 import (
 	"log"
+	"math/rand"
 	"os"
 	"strconv"
 	"time"
@@ -32,6 +33,8 @@ import (
 var version = "1.0.0"
 
 func main() {
+	rand.Seed(time.Now().UnixNano())
+
 	app := cli.NewApp()
 	app.Name = "KubeCube"
 	app.Usage = "KubCube is foundation of the world upon"

config/crd/bases/extension.kubecube.io_externalresources.yaml

@@ -0,0 +1,56 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.1
+  creationTimestamp: null
+  name: externalresources.extension.kubecube.io
+spec:
+  group: extension.kubecube.io
+  names:
+    categories:
+    - extension
+    kind: ExternalResource
+    listKind: ExternalResourceList
+    plural: externalresources
+    singular: externalresource
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: ExternalResource for mapping non-k8s resource so that we can
+          use it as general k8s resource to rbac
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ExternalResourceSpec defines the desired state of ExternalResource
+            properties:
+              namespaced:
+                description: Namespaced the scope of resource
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crd/kustomization.yaml

@@ -9,6 +9,7 @@ resources:
 - bases/user.kubecube.io_keys.yaml
 - bases/quota.kubecube.io_cuberesourcequota.yaml
 - bases/hotplug.kubecube.io_hotplugs.yaml
+- bases/extension.kubecube.io_externalresources.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

config/rbac/externalresource_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit externalresources.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: externalresource-editor-role
+rules:
+- apiGroups:
+  - extension.kubecube.io
+  resources:
+  - externalresources
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - extension.kubecube.io
+  resources:
+  - externalresources/status
+  verbs:
+  - get

config/rbac/externalresource_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view externalresources.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: externalresource-viewer-role
+rules:
+- apiGroups:
+  - extension.kubecube.io
+  resources:
+  - externalresources
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - extension.kubecube.io
+  resources:
+  - externalresources/status
+  verbs:
+  - get

config/samples/extension_v1_externalresource.yaml

@@ -0,0 +1,6 @@
+apiVersion: extension.kubecube.io/v1
+kind: ExternalResource
+metadata:
+  name: bookinfo
+spec:
+  namespaced: false

deploy/template/authConfigmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubecube-auth-config
+  namespace: kubecube-system
+data:
+  github: |
+    enabled: true
+    clientId: 876364ef6ea13b05bf8b
+    clientSecret: b0afeedaa0751cfd94794f49c092fb8e6e1a759e

deploy/template/featureConfigmap.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubecube-feature-config
+  namespace: kubecube-system

docs/README-zh_CN.md

@@ -76,7 +76,10 @@ KubeCube 产品由 KubeCube Service、Warden、CloudShell 和 AuditLog Server 
 
 ## 讨论与反馈
 
-[FAQ](https://www.kubecube.io/docs/faq/)
+欢迎加入微信群交流。
+
+<img src="./kubecube-wechat.png" alt="kubecube-wechat" width="20%" height="20%" />
+
 
 ## 开源协议
 

go.sum

@@ -957,7 +957,7 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190515120540-06a5c4944338/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190610200419-93c9922d18ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

hack/run_cube.sh

@@ -19,9 +19,10 @@ cd "${REPO_ROOT}"
 
 mkdir -p logs
 
-export WARDEN_IMAGE=hub.c.163.com/kubecube/warden:0.2.5-deploy
+export INSTALLER_VERSION=v1.0.0
+export WARDEN_IMAGE=hub.c.163.com/kubecube/warden:v1.0.0
 export JWT_SECRET=56F0D8DB90241C6E
-export WARDEN_INIT_IMAGE=hub.c.163.com/kubecube/warden-init:0.0.1
+export WARDEN_INIT_IMAGE=hub.c.163.com/kubecube/warden-init:v1.0.0
 export PIVOT_CUBE_HOST=kubecube:7443
 
 go run -mod=vendor cmd/cube/main.go -log-level=debug -secure-port=7443 -tls-cert=deploy/tls/tls.crt -tls-key=deploy/tls/tls.key -webhook-cert=deploy/tls -webhook-server-port=9443 -leader-elect=false -log-file=logs/cube.log

pkg/apis/addtoscheme_extension_v1.go

@@ -0,0 +1,23 @@
+/*
+Copyright 2021 KubeCube Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package apis
+
+import v1 "github.com/kubecube-io/kubecube/pkg/apis/extension/v1"
+
+func init() {
+	AddToSchemes = append(AddToSchemes, v1.SchemeBuilder.AddToScheme)
+}

pkg/apis/cluster/v1/cluster_types.go

@@ -23,9 +23,23 @@ import (
 type ClusterState string
 
 const (
+	// ClusterInitFailed happened when init cluster failed
+	// generally when network error occurred
+	ClusterInitFailed ClusterState = "initFailed"
+
+	// ClusterReconnectedFailed happened when kubecube retry connect
+	// with member cluster exceed, in that state, user can delete
+	// cluster or reconnect manually
+	ClusterReconnectedFailed ClusterState = "reconnectedFailed"
+
+	// ClusterProcessing wait for cluster be taken over
 	ClusterProcessing ClusterState = "processing"
-	ClusterNormal     ClusterState = "normal"
-	ClusterAbnormal   ClusterState = "abnormal"
+
+	// ClusterNormal represent cluster is healthy
+	ClusterNormal ClusterState = "normal"
+
+	// ClusterAbnormal represent cluster is unhealthy
+	ClusterAbnormal ClusterState = "abnormal"
 )
 
 // ClusterSpec defines the desired state of Cluster