Add auto network when tenant is added

Move tenant to default system ns Delete auto network when tenant is deleted Implements: blueprint cni-controller Change-Id: I886d9ee4892297461c7a1d2eb02570c8c14bd581
2017-07-20 23:01:00 +08:00 · 2017-07-20 23:01:00 +08:00 · 8456f51d7f
commit 8456f51d7f
parent c72fe929db
5 changed files with 76 additions and 19 deletions
--- a/cmd/stackube-controller/stackube-controller.go
+++ b/cmd/stackube-controller/stackube-controller.go
@ -24,8 +24,8 @@ var (
 		"path to kubernetes admin config file")
 	cloudconfig = pflag.String("cloudconfig", "/etc/stackube.conf",
 		"path to stackube config file")
-	systemCIDR    = pflag.String("system-cidr", "10.10.10.10/24", "system Pod network CIDR")
+	userCIDR    = pflag.String("user-cidr", "10.244.0.0/16", "user Pod network CIDR")
-	systemGateway = pflag.String("system-gateway", "10.10.10.1", "system Pod network gateway")
+	userGateway = pflag.String("user-gateway", "10.244.0.1", "user Pod network gateway")
 )
 func startControllers(kubeconfig, cloudconfig string) error {
@ -43,10 +43,10 @@ func startControllers(kubeconfig, cloudconfig string) error {
 	}
 	// Creates a new RBAC controller
-	rm, err := rbacmanager.New(kubeconfig,
+	rm, err := rbacmanager.NewRBACController(kubeconfig,
 		tc.GetKubeCRDClient(),
-		*systemCIDR,
+		*userCIDR,
-		*systemGateway,
+		*userGateway,
 	)
 	if err != nil {
 		return err
--- a/pkg/auth-controller/rbacmanager/rbac_controller.go
+++ b/pkg/auth-controller/rbacmanager/rbac_controller.go
@ -29,15 +29,15 @@ type Controller struct {
 	nsInf         cache.SharedIndexInformer
 	queue         workqueue.RateLimitingInterface
 	kubeCRDClient *crdClient.CRDClient
-	systemCIDR    string
+	userCIDR      string
-	systemGateway string
+	userGateway   string
 }
 // New creates a new RBAC controller.
-func New(kubeconfig string,
+func NewRBACController(kubeconfig string,
 	kubeCRDClient *crdClient.CRDClient,
-	systemCIDR string,
+	userCIDR string,
-	systemGateway string,
+	userGateway string,
 ) (*Controller, error) {
 	cfg, err := util.NewClusterConfig(kubeconfig)
 	if err != nil {
@ -52,8 +52,8 @@ func New(kubeconfig string,
 		kclient:       client,
 		queue:         workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "rbacmanager"),
 		kubeCRDClient: kubeCRDClient,
-		systemCIDR:    systemCIDR,
+		userCIDR:      userCIDR,
-		systemGateway: systemGateway,
+		userGateway:   userGateway,
 	}
 	o.nsInf = cache.NewSharedIndexInformer(
@ -146,15 +146,45 @@ func (c *Controller) handleNamespaceAdd(obj interface{}) {
 			glog.Error(err)
 			return
 		}
 	} else {
 		if err := c.createNetworkForTenant(key); err != nil {
 			glog.Error(err)
 			return
 		}
 	}
 	glog.V(4).Infof("Added namespace %s", key)
 	c.enqueue(key)
 }
 // createNetworkForTenant automatically create network for given non-system tenant
 func (c *Controller) createNetworkForTenant(namespace string) error {
 	network := &crv1.Network{
 		ObjectMeta: metav1.ObjectMeta{
 			// use the namespace name as network
 			Name:      namespace,
 			Namespace: namespace,
 		},
 		Spec: crv1.NetworkSpec{
 			CIDR:    c.userCIDR,
 			Gateway: c.userGateway,
 		},
 	}
 	// network controller will always check if Tenant is ready so we will not wait here
 	if err := c.kubeCRDClient.AddNetwork(network); err != nil {
 		return err
 	}
 	return nil
 }
 // initSystemReservedTenantNetwork automatically create tenant network for system namespace
 func (c *Controller) initSystemReservedTenantNetwork() error {
 	tenant := &crv1.Tenant{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      util.SystemTenant,
+			Name: util.SystemTenant,
 			// always add tenant to system namespace
 			Namespace: util.SystemTenant,
 		},
 		Spec: crv1.TenantSpec{
@ -176,8 +206,8 @@ func (c *Controller) initSystemReservedTenantNetwork() error {
 			Namespace: util.SystemTenant,
 		},
 		Spec: crv1.NetworkSpec{
-			CIDR:    c.systemCIDR,
+			CIDR:    c.userCIDR,
-			Gateway: c.systemGateway,
+			Gateway: c.userGateway,
 		},
 	}
@ -194,6 +224,7 @@ func (c *Controller) handleNamespaceDelete(obj interface{}) {
 	if !ok {
 		return
 	}
 	glog.V(4).Infof("Deleted namespace %s", key)
 	c.enqueue(key)
 }
--- a/pkg/auth-controller/tenant/tenant_controller.go
+++ b/pkg/auth-controller/tenant/tenant_controller.go
@ -137,6 +137,13 @@ func (c *TenantController) onDelete(obj interface{}) {
 		glog.V(4).Infof("Deleted ClusterRoleBinding %s", tenantName)
 	}
 	// Delete automatically created network
 	// TODO(harry) so that we can not deal with network with different name and namespace,
 	// we need to document that.
 	if err := c.kubeCRDClient.DeleteNetork(tenantName); err != nil {
 		glog.Errorf("failed to delete network for tenant: %v", tenantName)
 	}
 	//Delete namespace
 	err = c.deleteNamespace(tenantName)
 	if err != nil {
--- a/pkg/auth-controller/tenant/tenant_controller_helper.go
+++ b/pkg/auth-controller/tenant/tenant_controller_helper.go
@ -30,7 +30,7 @@ func (c *TenantController) syncTenant(tenant *crv1.Tenant) {
 		// Create tenant if the tenant not exist in keystone
 		tenantID, err := c.openstackClient.CreateTenant(tenant.Name)
 		if err != nil {
-			glog.Errorf("Failed create tenant %s: %v", tenant, err)
+			glog.Errorf("Failed create tenant %#v: %v", tenant, err)
 			return
 		}
 		// Create user with the spec username and password in the created tenant
--- a/pkg/kubecrd/crdclient.go
+++ b/pkg/kubecrd/crdclient.go
@ -9,6 +9,8 @@ import (
 	"k8s.io/client-go/rest"
 	crv1 "git.openstack.org/openstack/stackube/pkg/apis/v1"
 	"git.openstack.org/openstack/stackube/pkg/util"
 	"github.com/golang/glog"
 )
@ -61,7 +63,7 @@ func (c *CRDClient) UpdateNetwork(network *crv1.Network) {
 func (c *CRDClient) UpdateTenant(tenant *crv1.Tenant) {
 	err := c.Client.Put().
 		Name(tenant.Name).
-		Namespace(tenant.Namespace).
+		Namespace(util.SystemTenant).
 		Resource(crv1.TenantResourcePlural).
 		Body(tenant).
 		Do().
@ -74,12 +76,14 @@ func (c *CRDClient) UpdateTenant(tenant *crv1.Tenant) {
 	}
 }
 // GetTenant returns tenant from CRD
 // NOTE: all tenant are stored under system namespace
 func (c *CRDClient) GetTenant(tenantName string) (*crv1.Tenant, error) {
 	tenant := crv1.Tenant{}
 	// tenant always has same name and namespace
 	err := c.Client.Get().
 		Resource(crv1.TenantResourcePlural).
-		Namespace(tenantName).
+		Namespace(util.SystemTenant).
 		Name(tenantName).
 		Do().Into(&tenant)
 	if err != nil {
@ -88,9 +92,11 @@ func (c *CRDClient) GetTenant(tenantName string) (*crv1.Tenant, error) {
 	return &tenant, nil
 }
 // AddTenant adds tenant to CRD
 // NOTE: all tenant are added to system namespace
 func (c *CRDClient) AddTenant(tenant *crv1.Tenant) error {
 	err := c.Client.Post().
-		Namespace(tenant.GetNamespace()).
+		Namespace(util.SystemTenant).
 		Resource(crv1.TenantResourcePlural).
 		Body(tenant).
 		Do().Error()
@ -111,3 +117,16 @@ func (c *CRDClient) AddNetwork(network *crv1.Network) error {
 	}
 	return nil
 }
 func (c *CRDClient) DeleteNetork(namespace string) error {
 	// NOTE: the automatically created network for tenant use namespace as name
 	err := c.Client.Delete().
 		Resource(crv1.NetworkResourcePlural).
 		Namespace(namespace).
 		Name(namespace).
 		Do().Error()
 	if err != nil {
 		return fmt.Errorf("failed to delete Network: %v", err)
 	}
 	return nil
 }