Adding api keys during cluster creation

Author: davidjumani

engine/schema/src/main/resources/META-INF/db/schema-41400to41500.sql

@@ -222,8 +222,8 @@ ALTER VIEW `cloud`.`image_store_view` AS
         `cloud`.`image_store_details` ON image_store_details.store_id = image_store.id;
 
 -- TODO : Move to 416
-ALTER TABLE `cloud`.`kubernetes_cluster` ADD COLUMN `autoscaling_enabled` tinyint(1) NOT NULL DEFAULT '0';
+ALTER TABLE `cloud`.`kubernetes_cluster` ADD COLUMN `autoscaling_enabled` tinyint(1) unsigned NOT NULL DEFAULT 0;
 ALTER TABLE `cloud`.`kubernetes_cluster` ADD COLUMN `minsize` bigint;
 ALTER TABLE `cloud`.`kubernetes_cluster` ADD COLUMN `maxsize` bigint;
 
-ALTER TABLE `cloud`.`kubernetes_cluster_vm_map` ADD COLUMN `is_master` tinyint(1) NOT NULL DEFAULT '0';
+ALTER TABLE `cloud`.`kubernetes_cluster_vm_map` ADD COLUMN `is_master` tinyint(1) unsigned NOT NULL DEFAULT 0;

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java

@@ -37,6 +37,7 @@ enum Event {
         StopRequested,
         DestroyRequested,
         RecoveryRequested,
+        AutoscaleRequested,
         ScaleUpRequested,
         ScaleDownRequested,
         UpgradeRequested,
@@ -81,6 +82,7 @@ enum State {
 
             s_fsm.addTransition(State.Running, Event.FaultsDetected, State.Alert);
 
+            s_fsm.addTransition(State.Running, Event.AutoscaleRequested, State.Scaling);
             s_fsm.addTransition(State.Running, Event.ScaleUpRequested, State.Scaling);
             s_fsm.addTransition(State.Running, Event.ScaleDownRequested, State.Scaling);
             s_fsm.addTransition(State.Scaling, Event.OperationSucceeded, State.Running);

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java

@@ -26,25 +26,18 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import java.util.stream.Collectors;
 
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
 import org.apache.cloudstack.acl.ControlledEntity;
-import org.apache.cloudstack.acl.Role;
-import org.apache.cloudstack.acl.RoleService;
-import org.apache.cloudstack.acl.RoleType;
-import org.apache.cloudstack.acl.Rule;
 import org.apache.cloudstack.acl.SecurityChecker;
-import org.apache.cloudstack.acl.RolePermissionEntity.Permission;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiConstants.VMDetails;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
@@ -141,7 +134,6 @@
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.AccountService;
-import com.cloud.user.AccountVO;
 import com.cloud.user.SSHKeyPairVO;
 import com.cloud.user.User;
 import com.cloud.user.UserAccount;
@@ -210,8 +202,6 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     @Inject
     protected AccountDao accountDao;
     @Inject
-    protected RoleService roleService;
-    @Inject
     protected AccountService accountService;
     @Inject
     protected AccountManager accountManager;
@@ -244,45 +234,6 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     @Inject
     protected FirewallRulesDao firewallRulesDao;
 
-    private Role createKubeadminRole() {
-        Role kubeadminRole = roleService.createRole(KUBEADMIN_ACCOUNT_NAME, RoleType.Admin, "Default Kubeadmin role");
-        roleService.createRolePermission(kubeadminRole, new Rule("listKubernetesClusters"), Permission.ALLOW, "");
-        roleService.createRolePermission(kubeadminRole, new Rule("scaleKubernetesCluster"), Permission.ALLOW, "");
-        roleService.createRolePermission(kubeadminRole, new Rule("*"), Permission.DENY, "");
-        return kubeadminRole;
-    }
-
-    private void init() {
-
-        // Check and create Kubeadmin role
-        Role kubeadminRole = null;
-        List<Role> roles = roleService.findRolesByName(KUBEADMIN_ACCOUNT_NAME);
-        if (roles == null) {
-            kubeadminRole = createKubeadminRole();
-        } else {
-            roles = roles.stream().filter(x -> x.getDescription() == "Default Kubeadmin role").collect(Collectors.toList());
-            if (roles.size() != 1 ) {
-                kubeadminRole = createKubeadminRole();
-            } else {
-                kubeadminRole = roles.get(0);
-            }
-        }
-
-        // Check and create Kubeadmin account
-        if (accountManager.getActiveAccountByName(KUBEADMIN_ACCOUNT_NAME, 1L) != null) {
-            return;
-        }
-
-        AccountVO kubeadmin = new AccountVO();
-        kubeadmin.setAccountName(KUBEADMIN_ACCOUNT_NAME);
-        kubeadmin.setUuid(UUID.randomUUID().toString());
-        kubeadmin.setState(Account.State.enabled);
-        kubeadmin.setDomainId(1);
-        kubeadmin.setType(RoleType.Admin.getAccountType());
-        kubeadmin.setRoleId(kubeadminRole.getId());
-        kubeadmin = accountDao.persist(kubeadmin);
-    }
-
     private void logMessage(final Level logLevel, final String message, final Exception e) {
         if (logLevel == Level.WARN) {
             if (e != null) {
@@ -946,11 +897,6 @@ private void validateKubernetesClusterScaleParameters(ScaleKubernetesClusterCmd
                 throw new InvalidParameterValueException("autoscaling can not be passed along with nodeids or clustersize or service offering");
             }
 
-            String csUrl = ApiServiceConfiguration.ApiServletPath.value();
-            if (csUrl == null || csUrl.contains("localhost")) {
-                throw new InvalidParameterValueException("Global setting endpointe.url has to be set to the Management Server's API end point");
-            }
-
             if (minSize == null || maxSize == null) {
                 throw new InvalidParameterValueException("autoscaling requires minsize and maxsize to be passed");
             }
@@ -1105,6 +1051,12 @@ public KubernetesCluster createKubernetesCluster(CreateKubernetesClusterCmd cmd)
             logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
         }
 
+        // Need this for cloudstack-kubernetes-provider && autoscaler
+        String csUrl = ApiServiceConfiguration.ApiServletPath.value();
+        if (csUrl == null || csUrl.contains("localhost")) {
+            throw new InvalidParameterValueException("Global setting endpointe.url has to be set to the Management Server's API end point");
+        }
+
         validateKubernetesClusterCreateParameters(cmd);
 
         final DataCenter zone = dataCenterDao.findById(cmd.getZoneId());
@@ -1190,14 +1142,18 @@ public boolean startKubernetesCluster(long kubernetesClusterId, boolean onCreate
         if (zone == null) {
             logAndThrow(Level.WARN, String.format("Unable to find zone for Kubernetes cluster ID: %s", kubernetesCluster.getUuid()));
         }
-        KubernetesClusterStartWorker startWorker =
-                new KubernetesClusterStartWorker(kubernetesCluster, this);
-        startWorker = ComponentContext.inject(startWorker);
         if (onCreate) {
             // Start for Kubernetes cluster in 'Created' state
+            String[] keys = getServiceUserKeys();
+            KubernetesClusterStartWorker startWorker =
+                new KubernetesClusterStartWorker(kubernetesCluster, this, keys);
+            startWorker = ComponentContext.inject(startWorker);
             return startWorker.startKubernetesClusterOnCreate();
         } else {
             // Start for Kubernetes cluster in 'Stopped' state. Resources are already provisioned, just need to be started
+            KubernetesClusterStartWorker startWorker =
+                new KubernetesClusterStartWorker(kubernetesCluster, this);
+            startWorker = ComponentContext.inject(startWorker);
             return startWorker.startStoppedKubernetesCluster();
         }
     }
@@ -1324,8 +1280,7 @@ public KubernetesClusterConfigResponse getKubernetesClusterConfig(GetKubernetesC
         return response;
     }
 
-    private String[] createServiceAccount() {
-        // TODO : Maybe create a service account kubeadmin with restricted permissions and add the user to that instead
+    private String[] getServiceUserKeys() {
         Account caller = CallContext.current().getCallingAccount();
         String username = caller.getAccountName() + "-kubeadmin";
         UserAccount kubeadmin = accountService.getActiveUserAccount(username, caller.getDomainId());
@@ -1352,12 +1307,6 @@ public boolean scaleKubernetesCluster(ScaleKubernetesClusterCmd cmd) throws Clou
         }
         validateKubernetesClusterScaleParameters(cmd);
 
-        Boolean isAutoscalingEnabled = cmd.isAutoscalingEnabled();
-        String[] keys = null;
-        if (isAutoscalingEnabled != null && isAutoscalingEnabled) {
-            keys = createServiceAccount();
-        }
-
         KubernetesClusterScaleWorker scaleWorker =
             new KubernetesClusterScaleWorker(kubernetesClusterDao.findById(cmd.getId()),
                 serviceOfferingDao.findById(cmd.getServiceOfferingId()),
@@ -1366,7 +1315,6 @@ public boolean scaleKubernetesCluster(ScaleKubernetesClusterCmd cmd) throws Clou
                 cmd.isAutoscalingEnabled(),
                 cmd.getMinSize(),
                 cmd.getMaxSize(),
-                keys,
                 this);
         scaleWorker = ComponentContext.inject(scaleWorker);
         return scaleWorker.scaleCluster();

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterVO.java

@@ -316,8 +316,8 @@ public boolean isAutoscalingEnabled() {
         return isAutoscalingEnabled;
     }
 
-    public void setAutoscalingEnabled(boolean isAutoscalingEnabled) {
-        this.isAutoscalingEnabled = isAutoscalingEnabled;
+    public void setAutoscalingEnabled(boolean enabled) {
+        this.isAutoscalingEnabled = enabled;
     }
 
     public Long getMinSize() {

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java

@@ -28,6 +28,7 @@
 
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.ca.CAManager;
+import org.apache.cloudstack.config.ApiServiceConfiguration;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.commons.collections.CollectionUtils;
@@ -70,6 +71,7 @@
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.fsm.NoTransitionException;
 import com.cloud.utils.fsm.StateMachine2;
+import com.cloud.utils.ssh.SshHelper;
 import com.cloud.vm.UserVmService;
 import com.cloud.vm.dao.UserVmDao;
 import com.google.common.base.Strings;
@@ -383,4 +385,37 @@ protected boolean stateTransitTo(long kubernetesClusterId, KubernetesCluster.Eve
             return false;
         }
     }
+
+    protected boolean createSecret(String[] keys) {
+        File pkFile = getManagementServerSshPublicKeyFile();
+        Pair<String, Integer> publicIpSshPort = getKubernetesClusterServerIpSshPort(null);
+        publicIpAddress = publicIpSshPort.first();
+        sshPort = publicIpSshPort.second();
+
+        List<KubernetesClusterVmMapVO> clusterVMs = getKubernetesClusterVMMaps();
+        if (CollectionUtils.isEmpty(clusterVMs)) {
+            return false;
+        }
+
+        final UserVm userVm = userVmDao.findById(clusterVMs.get(0).getVmId());
+
+        String hostName = userVm.getHostName();
+        if (!Strings.isNullOrEmpty(hostName)) {
+            hostName = hostName.toLowerCase();
+        }
+
+        try {
+            Pair<Boolean, String> result = SshHelper.sshExecute(publicIpAddress, sshPort, CLUSTER_NODE_VM_USER,
+                pkFile, null, String.format("sudo kubectl -n kube-system create secret generic cloudstack-secret " +
+                    "--from-literal=api-url='%s' " +
+                    "--from-literal=api-key='%s' " +
+                    "--from-literal=secret-key='%s'", ApiServiceConfiguration.ApiServletPath.value(), keys[0], keys[1]),
+                    10000, 10000, 60000);
+            return result.first();
+        } catch (Exception e) {
+            String msg = String.format("Failed to add cloudstack-secret to Kubernetes cluster: %s", kubernetesCluster.getName());
+            LOGGER.warn(msg, e);
+        }
+        return true;
+    }
 }