Resource quota refactor - no more template

shenyunfeng · Aug 24, 2018 · fdbaffd · fdbaffd
1 parent 75c9a6e
commit fdbaffd
Show file tree

Hide file tree

Showing 15 changed files with 562 additions and 639 deletions.
diff --git a/app/role_data.go b/app/role_data.go
@@ -33,7 +33,6 @@ func addRoles(management *config.ManagementContext) (string, error) {
 	rb.addRole("Manage Authentication", "authn-manage").addRule().apiGroups("management.cattle.io").resources("authconfigs").verbs("get", "list", "watch", "update")
 	rb.addRole("Manage Settings", "settings-manage").addRule().apiGroups("management.cattle.io").resources("settings").verbs("*")
 	rb.addRole("Manage PodSecurityPolicy Templates", "podsecuritypolicytemplates-manage").addRule().apiGroups("management.cattle.io").resources("podsecuritypolicytemplates").verbs("*")
-	rb.addRole("Manage ResourceQuota Templates", "resourcequotatemplates-manage").addRule().apiGroups("management.cattle.io").resources("resourcequotatemplates").verbs("*")
 
 	rb.addRole("Admin", "admin").addRule().apiGroups("*").resources("*").verbs("*").
 		addRule().apiGroups().nonResourceURLs("*").verbs("*")
@@ -48,9 +47,7 @@ func addRoles(management *config.ManagementContext) (string, error) {
 		addRule().apiGroups("management.cattle.io").resources("nodetemplates").verbs("*").
 		addRule().apiGroups("management.cattle.io").resources("sourcecodecredentials").verbs("*").
 		addRule().apiGroups("management.cattle.io").resources("sourcecoderepositories").verbs("*").
-		addRule().apiGroups("management.cattle.io").resources("resourcequotatemplates").verbs("get", "list", "watch")
-
-	rb.addRole("User Base", "user-base").addRule().apiGroups("management.cattle.io").resources("preferences").verbs("*").
+		rb.addRole("User Base", "user-base").addRule().apiGroups("management.cattle.io").resources("preferences").verbs("*").
 		addRule().apiGroups("management.cattle.io").resources("settings").verbs("get", "list", "watch")
 
 	// TODO user should be dynamically authorized to only see herself
@@ -86,9 +83,7 @@ func addRoles(management *config.ManagementContext) (string, error) {
 		addRule().apiGroups("management.cattle.io").resources("clusterloggings").verbs("get", "list", "watch").
 		addRule().apiGroups("management.cattle.io").resources("clusteralerts").verbs("get", "list", "watch").
 		addRule().apiGroups("management.cattle.io").resources("notifiers").verbs("get", "list", "watch").
-		addRule().apiGroups("management.cattle.io").resources("resourcequotatemplates").verbs("*")
-
-	rb.addRoleTemplate("Create Projects", "projects-create", "cluster", true, false, false).
+		rb.addRoleTemplate("Create Projects", "projects-create", "cluster", true, false, false).
 		addRule().apiGroups("management.cattle.io").resources("projects").verbs("create")
 
 	rb.addRoleTemplate("View All Projects", "projects-view", "cluster", true, false, false).
@@ -100,7 +95,6 @@ func addRoles(management *config.ManagementContext) (string, error) {
 		addRule().apiGroups("*").resources("storageclasses").verbs("get", "list", "watch").
 		addRule().apiGroups("*").resources("persistentvolumeclaims").verbs("get", "list", "watch").
 		addRule().apiGroups("management.cattle.io").resources("clusterevents").verbs("get", "list", "watch").
-		addRule().apiGroups("management.cattle.io").resources("resourcequotatemplates").verbs("get", "list", "watch").
 		setRoleTemplateNames("view")
 
 	rb.addRoleTemplate("Manage Nodes", "nodes-manage", "cluster", true, false, false).
@@ -138,7 +132,6 @@ func addRoles(management *config.ManagementContext) (string, error) {
 		addRule().apiGroups("management.cattle.io").resources("notifiers").verbs("get", "list", "watch").
 		addRule().apiGroups("management.cattle.io").resources("projectalerts").verbs("*").
 		addRule().apiGroups("management.cattle.io").resources("projectloggings").verbs("*").
-		addRule().apiGroups("management.cattle.io").resources("resourcequotatemplates").verbs("get", "list", "watch").
 		setRoleTemplateNames("admin")
 
 	rb.addRoleTemplate("Project Member", "project-member", "project", true, false, false).
@@ -154,7 +147,6 @@ func addRoles(management *config.ManagementContext) (string, error) {
 		addRule().apiGroups("management.cattle.io").resources("notifiers").verbs("get", "list", "watch").
 		addRule().apiGroups("management.cattle.io").resources("projectalerts").verbs("*").
 		addRule().apiGroups("management.cattle.io").resources("projectloggings").verbs("get", "list", "watch").
-		addRule().apiGroups("management.cattle.io").resources("resourcequotatemplates").verbs("get", "list", "watch").
 		setRoleTemplateNames("edit")
 
 	rb.addRoleTemplate("Read-only", "read-only", "project", true, false, false).
@@ -169,7 +161,6 @@ func addRoles(management *config.ManagementContext) (string, error) {
 		addRule().apiGroups("management.cattle.io").resources("notifiers").verbs("get", "list", "watch").
 		addRule().apiGroups("management.cattle.io").resources("projectalerts").verbs("get", "list", "watch").
 		addRule().apiGroups("management.cattle.io").resources("projectloggings").verbs("get", "list", "watch").
-		addRule().apiGroups("management.cattle.io").resources("resourcequotatemplates").verbs("get", "list", "watch").
 		setRoleTemplateNames("view")
 
 	rb.addRoleTemplate("Create Namespaces", "create-ns", "project", true, false, false).

diff --git a/pkg/api/server/managementstored/setup.go b/pkg/api/server/managementstored/setup.go
@@ -80,7 +80,6 @@ func Setup(ctx context.Context, apiContext *config.ScaledContext, clusterManager
 		client.ProjectNetworkPolicyType,
 		client.ProjectRoleTemplateBindingType,
 		client.ProjectType,
-		client.ResourceQuotaTemplateType,
 		client.RoleTemplateType,
 		client.SettingType,
 		client.TemplateContentType,

diff --git a/pkg/api/store/namespace/store.go b/pkg/api/store/namespace/store.go
@@ -28,7 +28,13 @@ type Store struct {
 }
 
 func (p *Store) Create(apiContext *types.APIContext, schema *types.Schema, data map[string]interface{}) (map[string]interface{}, error) {
-	values.PutValue(data, "{\"conditions\": [{\"type\": \"InitialRolesPopulated\", \"status\": \"Unknown\", \"message\": \"Populating initial roles\"}]}",
-		"annotations", "cattle.io/status")
+	if _, ok := data["resourceQuota"]; ok {
+		values.PutValue(data, "{\"conditions\": [{\"type\": \"InitialRolesPopulated\", \"status\": \"Unknown\", \"message\": \"Populating initial roles\"},{\"type\": \"ResourceQuotaValidated\", \"status\": \"Unknown\", \"message\": \"Validating resource quota\"}]}",
+			"annotations", "cattle.io/status")
+	} else {
+		values.PutValue(data, "{\"conditions\": [{\"type\": \"InitialRolesPopulated\", \"status\": \"Unknown\", \"message\": \"Populating initial roles\"}]}",
+			"annotations", "cattle.io/status")
+	}
+
 	return p.Store.Create(apiContext, schema, data)
 }
diff --git a/pkg/controllers/management/auth/crtb_handler.go b/pkg/controllers/management/auth/crtb_handler.go
@@ -23,7 +23,7 @@ const (
 
 var clusterManagmentPlaneResources = []string{"clusterroletemplatebindings", "nodes", "nodepools", "clusterevents",
 	"projects", "clusterregistrationtokens", "clusterloggings", "notifiers", "clusteralerts",
-	"podsecuritypolicytemplateprojectbindings", "resourcequotatemplates"}
+	"podsecuritypolicytemplateprojectbindings"}
 
 type crtbLifecycle struct {
 	mgr           *manager

diff --git a/pkg/controllers/user/rbac/handler_base.go b/pkg/controllers/user/rbac/handler_base.go
@@ -97,12 +97,12 @@ func Register(workload *config.UserContext) {
 	workload.Management.Management.Clusters("").AddHandler("global-admin-cluster-sync", newClusterHandler(workload))
 
 	sync := &resourcequota.SyncController{
-		Namespaces:                  workload.Core.Namespaces(""),
-		NamespaceLister:             workload.Core.Namespaces("").Controller().Lister(),
-		ResourceQuotas:              workload.Core.ResourceQuotas(""),
-		ResourceQuotaLister:         workload.Core.ResourceQuotas("").Controller().Lister(),
-		ResourceQuotaTemplateLister: workload.Management.Management.ResourceQuotaTemplates(workload.ClusterName).Controller().Lister(),
-		ProjectLister:               workload.Management.Management.Projects(workload.ClusterName).Controller().Lister(),
+		Namespaces:          workload.Core.Namespaces(""),
+		NamespaceLister:     workload.Core.Namespaces("").Controller().Lister(),
+		NsIndexer:           nsInformer.GetIndexer(),
+		ResourceQuotas:      workload.Core.ResourceQuotas(""),
+		ResourceQuotaLister: workload.Core.ResourceQuotas("").Controller().Lister(),
+		ProjectLister:       workload.Management.Management.Projects(workload.ClusterName).Controller().Lister(),
 	}
 	workload.Core.Namespaces("").AddLifecycle("namespace-auth", newNamespaceLifecycle(r, sync))
 

diff --git a/pkg/controllers/user/rbac/namespace_handler.go b/pkg/controllers/user/rbac/namespace_handler.go
@@ -8,8 +8,8 @@ import (
 	"github.com/pkg/errors"
 	"github.com/rancher/norman/types/convert"
 	"github.com/rancher/norman/types/slice"
-	namespaceutil "github.com/rancher/rancher/pkg/controllers/user/namespace"
 	"github.com/rancher/rancher/pkg/controllers/user/resourcequota"
+	namespaceutil "github.com/rancher/rancher/pkg/namespace"
 	"github.com/rancher/types/apis/management.cattle.io/v3"
 	"github.com/sirupsen/logrus"
 	"k8s.io/api/core/v1"

diff --git a/...resourcequota/namespace_template_reset.go → ...er/resourcequota/namespace_quota_reset.go b/...resourcequota/namespace_template_reset.go → ...er/resourcequota/namespace_quota_reset.go
@@ -10,15 +10,15 @@ import (
 )
 
 /*
-templateResetController is responsible for resetting resource quota template from the namespace
+quotaResetController is responsible for resetting resource quota on the namespace
 when project resource quota gets reset
 */
-type templateResetController struct {
+type quotaResetController struct {
 	namespaces v1.NamespaceInterface
 	nsIndexer  clientcache.Indexer
 }
 
-func (c *templateResetController) resetTemplate(key string, project *v3.Project) error {
+func (c *quotaResetController) resetNamespaceQuota(key string, project *v3.Project) error {
 	if project == nil || project.DeletionTimestamp != nil {
 		return nil
 	}
@@ -32,13 +32,12 @@ func (c *templateResetController) resetTemplate(key string, project *v3.Project)
 	}
 	for _, n := range namespaces {
 		ns := n.(*corev1.Namespace)
-		templateID := getTemplateID(ns)
-		if templateID == "" {
+		quota := getNamespaceResourceQuota(ns)
+		if quota == "" {
 			continue
 		}
 		toUpdate := ns.DeepCopy()
-		delete(toUpdate.Annotations, resourceQuotaTemplateIDAnnotation)
-		delete(toUpdate.Annotations, resourceQuotaAppliedTemplateIDAnnotation)
+		delete(toUpdate.Annotations, resourceQuotaAnnotation)
 		if _, err := c.namespaces.Update(toUpdate); err != nil {
 			return err
 		}

diff --git a/pkg/controllers/user/resourcequota/register.go b/pkg/controllers/user/resourcequota/register.go
@@ -13,32 +13,21 @@ const (
 )
 
 func Register(ctx context.Context, cluster *config.UserContext) {
-	sync := &SyncController{
-		Namespaces:                  cluster.Core.Namespaces(""),
-		NamespaceLister:             cluster.Core.Namespaces("").Controller().Lister(),
-		ResourceQuotas:              cluster.Core.ResourceQuotas(""),
-		ResourceQuotaLister:         cluster.Core.ResourceQuotas("").Controller().Lister(),
-		ResourceQuotaTemplateLister: cluster.Management.Management.ResourceQuotaTemplates(cluster.ClusterName).Controller().Lister(),
-		ProjectLister:               cluster.Management.Management.Projects(cluster.ClusterName).Controller().Lister(),
-	}
-	cluster.Core.Namespaces("").AddHandler("resourceQuotaSyncController", sync.syncResourceQuota)
-
 	// Index for looking up Namespaces by projectID annotation
 	nsInformer := cluster.Core.Namespaces("").Controller().Informer()
 	nsIndexers := map[string]cache.IndexFunc{
 		nsByProjectIndex: nsByProjectID,
 	}
 	nsInformer.AddIndexers(nsIndexers)
-	validate := &validationController{
-		namespaces:                  cluster.Core.Namespaces(""),
-		nsIndexer:                   nsInformer.GetIndexer(),
-		resourceQuotaLister:         cluster.Core.ResourceQuotas("").Controller().Lister(),
-		projectLister:               cluster.Management.Management.Projects(cluster.ClusterName).Controller().Lister(),
-		resourceQuotaTemplateLister: cluster.Management.Management.ResourceQuotaTemplates(cluster.ClusterName).Controller().Lister(),
-		clusterName:                 cluster.ClusterName,
+	sync := &SyncController{
+		Namespaces:          cluster.Core.Namespaces(""),
+		NamespaceLister:     cluster.Core.Namespaces("").Controller().Lister(),
+		NsIndexer:           nsInformer.GetIndexer(),
+		ResourceQuotas:      cluster.Core.ResourceQuotas(""),
+		ResourceQuotaLister: cluster.Core.ResourceQuotas("").Controller().Lister(),
+		ProjectLister:       cluster.Management.Management.Projects(cluster.ClusterName).Controller().Lister(),
 	}
-
-	cluster.Core.Namespaces("").AddHandler("resourceQuotaValidationController", validate.validateTemplate)
+	cluster.Core.Namespaces("").AddHandler("resourceQuotaSyncController", sync.syncResourceQuota)
 
 	reconcile := &reconcileController{
 		namespaces: cluster.Core.Namespaces(""),
@@ -56,19 +45,18 @@ func Register(ctx context.Context, cluster *config.UserContext) {
 	cluster.Core.ResourceQuotas("").AddHandler("resourceQuotaCleanupController", cleanup.cleanup)
 
 	calculate := &calculateLimitController{
-		nsIndexer:                   nsInformer.GetIndexer(),
-		resourceQuotaTemplateLister: cluster.Management.Management.ResourceQuotaTemplates(cluster.ClusterName).Controller().Lister(),
-		projectLister:               cluster.Management.Management.Projects(cluster.ClusterName).Controller().Lister(),
-		projects:                    cluster.Management.Management.Projects(cluster.ClusterName),
-		clusterName:                 cluster.ClusterName,
+		nsIndexer:     nsInformer.GetIndexer(),
+		projectLister: cluster.Management.Management.Projects(cluster.ClusterName).Controller().Lister(),
+		projects:      cluster.Management.Management.Projects(cluster.ClusterName),
+		clusterName:   cluster.ClusterName,
 	}
 	cluster.Core.Namespaces("").AddHandler("resourceQuotaUsedLimitController", calculate.calculateResourceQuotaUsed)
 
-	reset := &templateResetController{
+	reset := &quotaResetController{
 		nsIndexer:  nsInformer.GetIndexer(),
 		namespaces: cluster.Core.Namespaces(""),
 	}
-	cluster.Management.Management.Projects(cluster.ClusterName).AddHandler("resourceQuotaTemplateResetController", reset.resetTemplate)
+	cluster.Management.Management.Projects(cluster.ClusterName).AddHandler("namespaceResourceQuotaResetController", reset.resetNamespaceQuota)
 }
 
 func nsByProjectID(obj interface{}) ([]string, error) {

diff --git a/pkg/controllers/user/resourcequota/resource_quota_calculate_used.go b/pkg/controllers/user/resourcequota/resource_quota_calculate_used.go
@@ -3,10 +3,9 @@ package resourcequota
 import (
 	"reflect"
 
-	"github.com/rancher/norman/types/convert"
+	namespaceutil "github.com/rancher/rancher/pkg/namespace"
 	"github.com/rancher/types/apis/management.cattle.io/v3"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/labels"
 	clientcache "k8s.io/client-go/tools/cache"
 	api "k8s.io/kubernetes/pkg/apis/core"
 	"k8s.io/kubernetes/pkg/quota"
@@ -17,11 +16,10 @@ collectController is responsible for calculate the combined limit set on the pro
 and setting this information in the project
 */
 type calculateLimitController struct {
-	projectLister               v3.ProjectLister
-	projects                    v3.ProjectInterface
-	nsIndexer                   clientcache.Indexer
-	resourceQuotaTemplateLister v3.ResourceQuotaTemplateLister
-	clusterName                 string
+	projectLister v3.ProjectLister
+	projects      v3.ProjectInterface
+	nsIndexer     clientcache.Indexer
+	clusterName   string
 }
 
 func (c *calculateLimitController) calculateResourceQuotaUsed(key string, ns *corev1.Namespace) error {
@@ -46,23 +44,17 @@ func (c *calculateLimitController) calculateProjectResourceQuota(projectID strin
 	if err != nil {
 		return err
 	}
-
-	templates, err := c.resourceQuotaTemplateLister.List(c.clusterName, labels.NewSelector())
-	if err != nil {
-		return err
-	}
-	templatesMap := map[string]*v3.ResourceQuotaTemplate{}
-	for _, template := range templates {
-		templatesMap[formatTemplateID(template)] = template
-	}
 	nssResourceList := api.ResourceList{}
 	for _, n := range namespaces {
 		ns := n.(*corev1.Namespace)
-		templateID := getTemplateID(ns)
-		if templateID == "" {
+		set, err := namespaceutil.IsNamespaceConditionSet(ns, resourceQuotaValidatedCondition, true)
+		if err != nil {
+			return err
+		}
+		if !set {
 			continue
 		}
-		nsLimit, err := getNamespaceLimit(ns, templatesMap, false)
+		nsLimit, err := getNamespaceLimit(ns)
 		if err != nil {
 			return err
 		}
@@ -85,20 +77,3 @@ func (c *calculateLimitController) calculateProjectResourceQuota(projectID strin
 	_, err = c.projects.Update(toUpdate)
 	return err
 }
-
-func convertResourceListToLimit(rList api.ResourceList) (*v3.ProjectResourceLimit, error) {
-	converted, err := convert.EncodeToMap(rList)
-	if err != nil {
-		return nil, err
-	}
-
-	convertedMap := map[string]string{}
-	for key, value := range converted {
-		convertedMap[key] = convert.ToString(value)
-	}
-
-	toReturn := &v3.ProjectResourceLimit{}
-	err = convert.ToObj(convertedMap, toReturn)
-
-	return toReturn, err
-}
diff --git a/pkg/controllers/user/resourcequota/resource_quota_cleanup.go b/pkg/controllers/user/resourcequota/resource_quota_cleanup.go
@@ -41,7 +41,7 @@ func (c *cleanupController) needToCleanup(quota *corev1.ResourceQuota) (bool, er
 	if err != nil {
 		return false, err
 	}
-	projectLimit, _, err := getProjectLimit(ns, c.projectLister)
+	projectLimit, _, err := getProjectResourceQuotaLimit(ns, c.projectLister)
 	if err != nil {
 		return false, err
 	}