chore: optimize user && terminal config. (#32)

* chore: optimize terminal config. Signed-off-by: yy <[email protected]> Signed-off-by: yy <[email protected]> * chore: optimize user && terminal config. Signed-off-by: yy <[email protected]> Signed-off-by: yy <[email protected]> * chore: optimize user && terminal config. Signed-off-by: yy <[email protected]> Signed-off-by: yy <[email protected]> * chore: optimize user && terminal config. Signed-off-by: yy <[email protected]> Signed-off-by: yy <[email protected]> * chore: optimize user && terminal config. Signed-off-by: yy <[email protected]> Signed-off-by: yy <[email protected]> --------- Signed-off-by: yy <[email protected]>
lingdie · Apr 22, 2024 · 68d5b5e · 68d5b5e
1 parent 4b2d3c0
commit 68d5b5e
Show file tree

Hide file tree

Showing 13 changed files with 165 additions and 58 deletions.
diff --git a/controllers/pkg/config/global.go b/controllers/pkg/config/global.go
@@ -0,0 +1,42 @@
+package config
+
+import (
+	"gopkg.in/yaml.v3"
+	"io/ioutil"
+)
+
+type Global struct {
+	CloudDomain    string `yaml:"cloudDomain"`
+	CloudPort      string `yaml:"cloudPort"`
+	RegionUid      string `yaml:"regionUid"`
+	CertSecretName string `yaml:"certSecretName"`
+}
+
+type Kube struct {
+	Version       string `yaml:"version"`
+	ApiServerHost string `yaml:"apiServerHost"`
+	ApiServerPort string `yaml:"apiServerPort"`
+}
+
+type Common struct {
+	GuideEnabled string `yaml:"guideEnabled"`
+	ApiEnabled   string `yaml:"apiEnabled"`
+}
+
+type Database struct {
+	MongodbUri             string `yaml:"mongodbUri"`
+	GlobalCockroachdbUri   string `yaml:"globalCockroachdbUri"`
+	RegionalCockroachdbUri string `yaml:"regionalCockroachdbUri"`
+}
+
+func LoadConfig(path string, target interface{}) error {
+	configData, err := ioutil.ReadFile(path)
+	if err != nil {
+		return err
+	}
+	err = yaml.Unmarshal(configData, target)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/controllers/terminal/config/manager/manager.yaml b/controllers/terminal/config/manager/manager.yaml
@@ -52,6 +52,7 @@ spec:
         - /manager
         args:
         - --leader-elect
+        - --config-file-path=/config.yaml
         image: controller:latest
         name: manager
         imagePullPolicy: Always
@@ -82,14 +83,13 @@ spec:
           requests:
             cpu: 10m
             memory: 64Mi
-        env:
-          - name: USER_NAMESPACE
-            value: "user-system"
-          - name: DOMAIN
-            value: "cloud.sealos.io"
-          - name: SECRET_NAME
-            value: "wildcard-cloud-sealos-io-cert"
-          - name: SECRET_NAMESPACE
-            value: "sealos-system"
+        volumeMounts:
+          - name: terminal-controller-volume
+            mountPath: /config.yaml
+            subPath: config.yaml
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
+      volumes:
+        - name: terminal-controller-volume
+          configMap:
+            name: terminal-controller-config
diff --git a/controllers/terminal/controllers/config.go b/controllers/terminal/controllers/config.go
@@ -0,0 +1,14 @@
+package controllers
+
+import (
+	"github.com/labring/sealos/controllers/pkg/config"
+)
+
+type Config struct {
+	config.Global  `yaml:"global"`
+	TerminalConfig TerminalConfig `yaml:"terminalController"`
+}
+
+type TerminalConfig struct {
+	IngressTlsSecretName string `yaml:"ingressTlsSecretName"`
+}
diff --git a/controllers/terminal/controllers/ingress.go b/controllers/terminal/controllers/ingress.go
@@ -35,7 +35,7 @@ if ($flag = '02'){ return 403; }`
 )
 
 func (r *TerminalReconciler) createNginxIngress(terminal *terminalv1.Terminal, host string) *networkingv1.Ingress {
-	cors := fmt.Sprintf("https://%s,https://*.%s", r.terminalDomain+r.getPort(), r.terminalDomain+r.getPort())
+	cors := fmt.Sprintf("https://%s,https://*.%s", r.CtrConfig.Global.CloudDomain+r.getPort(), r.CtrConfig.Global.CloudDomain+r.getPort())
 
 	objectMeta := metav1.ObjectMeta{
 		Name:      terminal.Name,
@@ -78,7 +78,7 @@ func (r *TerminalReconciler) createNginxIngress(terminal *terminalv1.Terminal, h
 
 	tls := networkingv1.IngressTLS{
 		Hosts:      []string{host},
-		SecretName: r.secretName,
+		SecretName: r.CtrConfig.TerminalConfig.IngressTlsSecretName,
 	}
 
 	ingress := &networkingv1.Ingress{

diff --git a/controllers/terminal/controllers/terminal_controller.go b/controllers/terminal/controllers/terminal_controller.go
@@ -73,13 +73,10 @@ const (
 // TerminalReconciler reconciles a Terminal object
 type TerminalReconciler struct {
 	client.Client
-	Scheme          *runtime.Scheme
-	recorder        record.EventRecorder
-	Config          *rest.Config
-	terminalDomain  string
-	terminalPort    string
-	secretName      string
-	secretNamespace string
+	Scheme    *runtime.Scheme
+	recorder  record.EventRecorder
+	Config    *rest.Config
+	CtrConfig *Config
 }
 
 //+kubebuilder:rbac:groups=terminal.sealos.io,resources=terminals,verbs=get;list;watch;create;update;patch;delete
@@ -90,15 +87,6 @@ type TerminalReconciler struct {
 //+kubebuilder:rbac:groups="",resources=events,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete
 
-// Reconcile is part of the main kubernetes reconciliation loop which aims to
-// move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
-// the Terminal object against the actual cluster state, and then
-// perform operations to make the cluster state reflect the state specified by
-// the user.
-//
-// For more details, check Reconcile and its Result here:
-// - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile
 func (r *TerminalReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx, "terminal", req.NamespacedName)
 	terminal := &terminalv1.Terminal{}
@@ -172,7 +160,7 @@ func (r *TerminalReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 
 func (r *TerminalReconciler) syncIngress(ctx context.Context, terminal *terminalv1.Terminal, hostname string, recLabels map[string]string) error {
 	var err error
-	host := hostname + "." + r.terminalDomain
+	host := hostname + "." + r.CtrConfig.Global.CloudDomain
 	switch terminal.Spec.IngressType {
 	case terminalv1.Nginx:
 		err = r.syncNginxIngress(ctx, terminal, host, recLabels)
@@ -417,10 +405,10 @@ func getSecretNamespace() string {
 }
 
 func (r *TerminalReconciler) getPort() string {
-	if r.terminalPort == "" || r.terminalPort == "80" || r.terminalPort == "443" {
+	if r.CtrConfig.Global.CloudPort == "" || r.CtrConfig.Global.CloudPort == "80" || r.CtrConfig.Global.CloudPort == "443" {
 		return ""
 	}
-	return ":" + r.terminalPort
+	return ":" + r.CtrConfig.Global.CloudPort
 }
 
 func NewCache() cache.NewCacheFunc {
@@ -443,10 +431,6 @@ func NewCache() cache.NewCacheFunc {
 // SetupWithManager sets up the controller with the Manager.
 func (r *TerminalReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	r.recorder = mgr.GetEventRecorderFor("sealos-terminal-controller")
-	r.terminalDomain = getDomain()
-	r.terminalPort = getPort()
-	r.secretName = getSecretName()
-	r.secretNamespace = getSecretNamespace()
 	r.Config = mgr.GetConfig()
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&terminalv1.Terminal{}).

diff --git a/controllers/terminal/deploy/manifests/deploy.yaml.tmpl b/controllers/terminal/deploy/manifests/deploy.yaml.tmpl
@@ -345,6 +345,12 @@ data:
     # if you are doing or is intended to do any operation such as perform cleanups
     # after the manager stops then its usage might be unsafe.
     # leaderElectionReleaseOnCancel: true
+  config.yaml: |
+    global:
+      cloudDomain: {{ .cloudDomain }}
+      cloudPort: {{ if .cloudPort }}:{{ .cloudPort }}{{ end }}
+    terminalController:
+      ingressTlsSecretName: {{ .wildcardCertSecretName }}
 kind: ConfigMap
 metadata:
   name: terminal-manager-config
@@ -414,21 +420,15 @@ spec:
         - --health-probe-bind-address=:8081
         - --metrics-bind-address=127.0.0.1:8080
         - --leader-elect
+        - --config-file-path=/config.yaml
         command:
         - /manager
-        env:
-        - name: USER_NAMESPACE
-          value: {{ .userNamespace }}
-        - name: DOMAIN
-          value: {{ .cloudDomain }}
-        - name: PORT
-          value: '{{ .cloudPort }}'
-        - name: SECRET_NAME
-          value: {{ .wildcardCertSecretName }}
-        - name: SECRET_NAMESPACE
-          value: {{ .wildcardCertSecretNamespace }}
         image: ghcr.io/labring/sealos-terminal-controller:latest
         imagePullPolicy: Always
+        volumeMounts:
+        - name: terminal-manager-volume
+          mountPath: /config.yaml
+          subPath: config.yaml
         livenessProbe:
           httpGet:
             path: /healthz
@@ -470,4 +470,8 @@ spec:
                   operator: In
                   values:
                   - controller-manager
-              topologyKey: "kubernetes.io/hostname"
+              topologyKey: "kubernetes.io/hostname"
+      volumes:
+        - name: terminal-manager-volume
+          configMap:
+            name: terminal-manager-config
diff --git a/controllers/terminal/main.go b/controllers/terminal/main.go
@@ -31,6 +31,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
+	configpkg "github.com/labring/sealos/controllers/pkg/config"
 	terminalv1 "github.com/labring/sealos/controllers/terminal/api/v1"
 	"github.com/labring/sealos/controllers/terminal/controllers"
 	//+kubebuilder:scaffold:imports
@@ -51,11 +52,13 @@ func main() {
 	var metricsAddr string
 	var enableLeaderElection bool
 	var probeAddr string
+	var configFilePath string
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
+	flag.StringVar(&configFilePath, "config-file-path", "/config.yaml", "The path of the config file")
 	opts := zap.Options{
 		Development: true,
 	}
@@ -91,9 +94,17 @@ func main() {
 		os.Exit(1)
 	}
 
+	// Load the configuration file
+	config := &controllers.Config{}
+	if err := configpkg.LoadConfig(configFilePath, config); err != nil {
+		setupLog.Error(err, "unable to load configuration file")
+		os.Exit(1)
+	}
+
 	if err = (&controllers.TerminalReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
+		Client:    mgr.GetClient(),
+		Scheme:    mgr.GetScheme(),
+		CtrConfig: config,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Terminal")
 		os.Exit(1)

diff --git a/controllers/user/config/default/manager_auth_proxy_patch.yaml b/controllers/user/config/default/manager_auth_proxy_patch.yaml
@@ -53,13 +53,18 @@ spec:
         - "--health-probe-bind-address=:8081"
         - "--metrics-bind-address=127.0.0.1:8080"
         - "--leader-elect"
+        - "--config-file-path=/config.yaml"
+        volumeMounts:
+          - name: user-manager-volume
+            mountPath: /config.yaml
+            subPath: config.yaml
         env:
           - name: NAMESPACE_NAME
             valueFrom:
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
-          - name: SEALOS_CLOUD_HOST
-            value: "cloud.sealos.io"
-          - name: APISERVER_PORT
-            value: "6443"
+      volumes:
+      - name: user-manager-volume
+        configMap:
+          name: user-manager-config
diff --git a/controllers/user/config/manager/manager.yaml b/controllers/user/config/manager/manager.yaml
@@ -30,7 +30,7 @@ spec:
   selector:
     matchLabels:
       control-plane: controller-manager
-  replicas: 3
+  replicas: 1
   template:
     metadata:
       annotations:

diff --git a/controllers/user/controllers/config.go b/controllers/user/controllers/config.go
@@ -0,0 +1,10 @@
+package controllers
+
+import (
+	"github.com/labring/sealos/controllers/pkg/config"
+)
+
+type Config struct {
+	config.Global `yaml:"global"`
+	config.Kube   `yaml:"kube"`
+}
diff --git a/controllers/user/deploy/Kubefile b/controllers/user/deploy/Kubefile
@@ -6,6 +6,6 @@ COPY registry registry
 COPY manifests manifests
 
 ENV cloudDomain="127.0.0.1.nip.io"
-ENV apiserverPort="6443"
+ENV apiServerPort="6443"
 
 CMD ["kubectl apply -f manifests/deploy.yaml","kubectl apply -f manifests/rbac.yaml"]
diff --git a/controllers/user/deploy/manifests/deploy.yaml.tmpl b/controllers/user/deploy/manifests/deploy.yaml.tmpl
@@ -469,6 +469,13 @@ data:
     # if you are doing or is intended to do any operation such as perform cleanups
     # after the manager stops then its usage might be unsafe.
     # leaderElectionReleaseOnCancel: true
+  config.yaml: |
+    global:
+      cloudDomain: {{ .cloudDomain }}
+    kube:
+      apiServerHost: {{ .cloudDomain }}
+      apiServerPort: "{{ .apiServerPort }}"
+
 kind: ConfigMap
 metadata:
   name: user-manager-config
@@ -527,6 +534,7 @@ spec:
         - --health-probe-bind-address=:8081
         - --metrics-bind-address=127.0.0.1:8080
         - --leader-elect
+        - --config-file-path=/config.yaml
         command:
         - /manager
         env:
@@ -535,10 +543,6 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-        - name: SEALOS_CLOUD_HOST
-          value: {{ .cloudDomain }}
-        - name: APISERVER_PORT
-          value: "{{ .apiserverPort }}"
         image: ghcr.io/labring/sealos-user-controller:latest
         imagePullPolicy: Always
         livenessProbe:
@@ -575,6 +579,9 @@ spec:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
+        - name: user-manager-volume
+          mountPath: /config.yaml
+          subPath: config.yaml
       - args:
         - --secure-listen-address=0.0.0.0:8443
         - --upstream=http://127.0.0.1:8080/
@@ -620,6 +627,9 @@ spec:
         secret:
           defaultMode: 420
           secretName: webhook-server-cert
+      - name: user-manager-volume
+        configMap:
+          name: user-manager-config
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate