登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
开源项目 > 服务器应用 > 容器/虚拟机 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
36 Star 395 Fork 71

GVPrancher / rancher

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
deployer.go 11.27 KB
一键复制 编辑 原始数据 按行查看 历史
orangedeng 提交于 2019-04-17 08:36 . Use system account as system app creator
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344
package deployer



import (

	"fmt"

	"reflect"

	"time"



	"github.com/rancher/norman/controller"

	alertutil "github.com/rancher/rancher/pkg/controllers/user/alert/common"

	"github.com/rancher/rancher/pkg/controllers/user/alert/manager"

	"github.com/rancher/rancher/pkg/controllers/user/helm/common"

	monitorutil "github.com/rancher/rancher/pkg/monitoring"

	"github.com/rancher/rancher/pkg/namespace"

	projectutil "github.com/rancher/rancher/pkg/project"

	"github.com/rancher/rancher/pkg/ref"

	"github.com/rancher/rancher/pkg/settings"

	"github.com/rancher/rancher/pkg/systemaccount"

	appsv1beta2 "github.com/rancher/types/apis/apps/v1beta2"

	"github.com/rancher/types/apis/core/v1"

	mgmtv3 "github.com/rancher/types/apis/management.cattle.io/v3"

	projectv3 "github.com/rancher/types/apis/project.cattle.io/v3"

	rbacv1 "github.com/rancher/types/apis/rbac.authorization.k8s.io/v1"

	"github.com/rancher/types/config"



	"golang.org/x/sync/errgroup"

	"gopkg.in/yaml.v2"

	corev1 "k8s.io/api/core/v1"

	apierrors "k8s.io/apimachinery/pkg/api/errors"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

	"k8s.io/apimachinery/pkg/labels"

	"k8s.io/apimachinery/pkg/runtime"

)



var (

	creatorIDAnn       = "field.cattle.io/creatorId"

	systemProjectLabel = map[string]string{"authz.management.cattle.io/system-project": "true"}

)



type Deployer struct {

	clusterName             string

	alertManager            *manager.AlertManager

	clusterAlertGroupLister mgmtv3.ClusterAlertGroupLister

	projectAlertGroupLister mgmtv3.ProjectAlertGroupLister

	notifierLister          mgmtv3.NotifierLister

	projectLister           mgmtv3.ProjectLister

	clusters                mgmtv3.ClusterInterface

	appDeployer             *appDeployer

	operaterDeployer        *operaterDeployer

}



type appDeployer struct {

	appsGetter           projectv3.AppsGetter

	namespaces           v1.NamespaceInterface

	secrets              v1.SecretInterface

	templateVersions     mgmtv3.CatalogTemplateVersionInterface

	statefulsets         appsv1beta2.StatefulSetInterface

	systemAccountManager *systemaccount.Manager

}



type operaterDeployer struct {

	templateVersions mgmtv3.CatalogTemplateVersionInterface

	projectsGetter   mgmtv3.ProjectsGetter

	appsGetter       projectv3.AppsGetter

	rbacs            rbacv1.Interface

	cores            v1.Interface

	apps             appsv1beta2.Interface

}



func NewDeployer(cluster *config.UserContext, manager *manager.AlertManager) *Deployer {

	appsgetter := cluster.Management.Project

	ad := &appDeployer{

		appsGetter:           appsgetter,

		namespaces:           cluster.Core.Namespaces(metav1.NamespaceAll),

		secrets:              cluster.Core.Secrets(metav1.NamespaceAll),

		templateVersions:     cluster.Management.Management.CatalogTemplateVersions(namespace.GlobalNamespace),

		statefulsets:         cluster.Apps.StatefulSets(metav1.NamespaceAll),

		systemAccountManager: systemaccount.NewManager(cluster.Management),

	}



	op := &operaterDeployer{

		templateVersions: cluster.Management.Management.CatalogTemplateVersions(namespace.GlobalNamespace),

		projectsGetter:   cluster.Management.Management,

		appsGetter:       appsgetter,

		rbacs:            cluster.RBAC,

		cores:            cluster.Core,

	}



	return &Deployer{

		clusterName:             cluster.ClusterName,

		alertManager:            manager,

		clusterAlertGroupLister: cluster.Management.Management.ClusterAlertGroups(cluster.ClusterName).Controller().Lister(),

		projectAlertGroupLister: cluster.Management.Management.ProjectAlertGroups(metav1.NamespaceAll).Controller().Lister(),

		notifierLister:          cluster.Management.Management.Notifiers(cluster.ClusterName).Controller().Lister(),

		projectLister:           cluster.Management.Management.Projects(cluster.ClusterName).Controller().Lister(),

		clusters:                cluster.Management.Management.Clusters(metav1.NamespaceAll),

		appDeployer:             ad,

		operaterDeployer:        op,

	}

}



func (d *Deployer) ProjectGroupSync(key string, alert *mgmtv3.ProjectAlertGroup) (runtime.Object, error) {

	return nil, d.sync()

}



func (d *Deployer) ClusterGroupSync(key string, alert *mgmtv3.ClusterAlertGroup) (runtime.Object, error) {

	return nil, d.sync()

}



func (d *Deployer) ProjectRuleSync(key string, alert *mgmtv3.ProjectAlertRule) (runtime.Object, error) {

	return nil, d.sync()

}



func (d *Deployer) ClusterRuleSync(key string, alert *mgmtv3.ClusterAlertRule) (runtime.Object, error) {

	return nil, d.sync()

}



// //deploy or clean up resources(alertmanager deployment, service, namespace) required by alerting.

func (d *Deployer) sync() error {

	appName, appTargetNamespace := monitorutil.ClusterAlertManagerInfo()



	systemProject, err := projectutil.GetSystemProject(d.clusterName, d.projectLister)

	if err != nil {

		return err

	}



	systemProjectID := ref.Ref(systemProject)



	needDeploy, err := d.needDeploy()

	if err != nil {

		return fmt.Errorf("check alertmanager deployment failed, %v", err)

	}



	cluster, err := d.clusters.Get(d.clusterName, metav1.GetOptions{})

	if err != nil {

		return fmt.Errorf("get cluster %s failed, %v", d.clusterName, err)

	}

	newCluster := cluster.DeepCopy()

	newCluster.Spec.EnableClusterAlerting = needDeploy



	if needDeploy {

		if !reflect.DeepEqual(cluster, newCluster) {

			_, err = d.clusters.Update(newCluster)

			if err != nil {

				return fmt.Errorf("update cluster %v failed, %v", d.clusterName, err)

			}



			cluster, err := d.clusters.Get(d.clusterName, metav1.GetOptions{})

			if err != nil {

				return fmt.Errorf("get cluster %s failed, %v", d.clusterName, err)

			}

			newCluster = cluster.DeepCopy()

		}



		if d.alertManager.IsDeploy, err = d.appDeployer.deploy(appName, appTargetNamespace, systemProjectID); err != nil {

			return fmt.Errorf("deploy alertmanager failed, %v", err)

		}



		if err = d.appDeployer.isDeploySuccess(newCluster, alertutil.GetAlertManagerDaemonsetName(appName), appTargetNamespace); err != nil {

			return err

		}

	} else {

		if d.alertManager.IsDeploy, err = d.appDeployer.cleanup(appName, appTargetNamespace, systemProjectID); err != nil {

			return fmt.Errorf("clean up alertmanager failed, %v", err)

		}

		mgmtv3.ClusterConditionAlertingEnabled.False(newCluster)

	}



	if !reflect.DeepEqual(cluster, newCluster) {

		_, err = d.clusters.Update(newCluster)

		if err != nil {

			return fmt.Errorf("update cluster %v failed, %v", d.clusterName, err)

		}

	}



	return nil



}



// //only deploy the alertmanager when notifier is configured and alert is using it.

func (d *Deployer) needDeploy() (bool, error) {

	notifiers, err := d.notifierLister.List("", labels.NewSelector())

	if err != nil {

		return false, err

	}



	if len(notifiers) == 0 {

		return false, err

	}



	clusterAlerts, err := d.clusterAlertGroupLister.List("", labels.NewSelector())

	if err != nil {

		return false, err

	}



	for _, alert := range clusterAlerts {

		if len(alert.Spec.Recipients) > 0 {

			return true, nil

		}

	}



	projectAlerts, err := d.projectAlertGroupLister.List("", labels.NewSelector())

	if err != nil {

		return false, nil

	}



	for _, alert := range projectAlerts {

		if controller.ObjectInCluster(d.clusterName, alert) {

			if len(alert.Spec.Recipients) > 0 {

				return true, nil

			}

		}

	}



	return false, nil

}



func (d *appDeployer) isDeploySuccess(cluster *mgmtv3.Cluster, appName, appTargetNamespace string) error {

	_, err := mgmtv3.ClusterConditionAlertingEnabled.DoUntilTrue(cluster, func() (runtime.Object, error) {

		_, err := d.statefulsets.GetNamespaced(appTargetNamespace, appName, metav1.GetOptions{})

		if err != nil {

			if apierrors.IsNotFound(err) {

				time.Sleep(5 * time.Second)

			}

			return nil, fmt.Errorf("failed to get Alertmanager Deployment information, %v", err)

		}

		return cluster, nil

	})



	return err

}



func (d *appDeployer) cleanup(appName, appTargetNamespace, systemProjectID string) (bool, error) {

	_, systemProjectName := ref.Parse(systemProjectID)



	var errgrp errgroup.Group



	errgrp.Go(func() error {

		return d.appsGetter.Apps(systemProjectName).Delete(appName, &metav1.DeleteOptions{})

	})



	errgrp.Go(func() error {

		secretName := alertutil.GetAlertManagerSecretName(appName)

		return d.secrets.DeleteNamespaced(appTargetNamespace, secretName, &metav1.DeleteOptions{})

	})



	if err := errgrp.Wait(); err != nil && !apierrors.IsNotFound(err) {

		return false, err

	}



	return false, nil

}



func (d *appDeployer) getSecret(secretName, secretNamespace string) *corev1.Secret {

	cfg := manager.GetAlertManagerDefaultConfig()

	data, err := yaml.Marshal(cfg)

	if err != nil {

		return nil

	}



	return &corev1.Secret{

		ObjectMeta: metav1.ObjectMeta{

			Namespace: secretNamespace,

			Name:      secretName,

		},

		Data: map[string][]byte{

			"alertmanager.yaml": data,

			"notification.tmpl": []byte(NotificationTmpl),

		},

	}

}



func (d *appDeployer) deploy(appName, appTargetNamespace, systemProjectID string) (bool, error) {

	_, systemProjectName := ref.Parse(systemProjectID)



	ns := &corev1.Namespace{

		ObjectMeta: metav1.ObjectMeta{

			Name: appTargetNamespace,

		},

	}



	if _, err := d.namespaces.Create(ns); err != nil && !apierrors.IsAlreadyExists(err) {

		return false, fmt.Errorf("create ns %s failed, %v", appTargetNamespace, err)

	}



	secretName := alertutil.GetAlertManagerSecretName(appName)

	secret := d.getSecret(secretName, appTargetNamespace)

	if _, err := d.secrets.Create(secret); err != nil && !apierrors.IsAlreadyExists(err) {

		return false, fmt.Errorf("create secret %s:%s failed, %v", appTargetNamespace, appName, err)

	}



	app, err := d.appsGetter.Apps(systemProjectName).Get(appName, metav1.GetOptions{})

	if err != nil && !apierrors.IsNotFound(err) {

		return false, fmt.Errorf("failed to query %q App in %s Project, %v", appName, systemProjectName, err)

	}

	if app.Name == appName {

		if app.DeletionTimestamp != nil {

			return false, fmt.Errorf("stale %q App in %s Project is still on terminating", appName, systemProjectName)

		}

		return true, nil

	}



	catalogID := settings.SystemMonitoringCatalogID.Get()

	templateVersionID, templateVersionNamespace, err := common.ParseExternalID(catalogID)

	if err != nil {

		return false, fmt.Errorf("failed to parse catalog ID %q, %v", catalogID, err)

	}

	if _, err := d.templateVersions.GetNamespaced(templateVersionNamespace, templateVersionID, metav1.GetOptions{}); err != nil {

		return false, fmt.Errorf("failed to find catalog by ID %q, %v", catalogID, err)

	}



	creator, err := d.systemAccountManager.GetProjectSystemUser(systemProjectName)

	if err != nil {

		return false, err

	}



	app = &projectv3.App{

		ObjectMeta: metav1.ObjectMeta{

			Annotations: map[string]string{

				creatorIDAnn: creator.Name,

			},

			Labels:    monitorutil.OwnedLabels(appName, appTargetNamespace, systemProjectID, monitorutil.SystemLevel),

			Name:      appName,

			Namespace: systemProjectName,

		},

		Spec: projectv3.AppSpec{

			Answers: map[string]string{

				"alertmanager.enabled":                "true",

				"alertmanager.serviceMonitor.enabled": "true",

				"alertmanager.apiGroup":               monitorutil.APIVersion.Group,

				"alertmanager.enabledRBAC":            "false",

				"alertmanager.configFromSecret":       secret.Name,

			},

			Description:     "Alertmanager for Rancher Monitoring",

			ExternalID:      catalogID,

			ProjectName:     systemProjectID,

			TargetNamespace: appTargetNamespace,

		},

	}

	if _, err := d.appsGetter.Apps(systemProjectName).Create(app); err != nil && !apierrors.IsAlreadyExists(err) {

		return false, fmt.Errorf("failed to create %q App, %v", appName, err)

	}



	return true, nil

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/rancher/rancher.git
git@gitee.com:rancher/rancher.git
rancher
rancher
rancher
v2.2.3-rc4
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
344bd9b3 5694891 D2dac590 5694891