Merge pull request #92 from ibuildthecloud/master

Various

charts/fleet-crd/templates/crds.yaml

@@ -1850,8 +1850,9 @@ spec:
       properties:
         spec:
           properties:
-            ttlSeconds:
-              type: integer
+            ttl:
+              nullable: true
+              type: string
           type: object
         status:
           properties:

docs/cluster-tokens.md

@@ -35,8 +35,8 @@ metadata:
     name: new-token
     namespace: clusters
 spec:
-    # The number of seconds this token is valid after creation. A value <= 0 means infinite time.
-    ttlSeconds: 604800
+    # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.
+    ttl: 240h
 ```
 
 ## Obtaining Token Value (Agent values.yaml)

modules/cli/agentmanifest/template.go

@@ -14,7 +14,7 @@ func objects(namespace string, data map[string][]byte) []runtime.Object {
 			ObjectMeta: metav1.ObjectMeta{
 				Name: namespace,
 				Annotations: map[string]string{
-					fleet.ManagedAnnotation: "true",
+					fleet.ManagedLabel: "true",
 				},
 			},
 		},

pkg/apis/fleet.cattle.io/v1alpha1/target.go

@@ -6,14 +6,11 @@ import (
 )
 
 var (
-	ClusterConditionReady           = "Ready"
-	ClusterGroupAnnotation          = "fleet.cattle.io/cluster-group"
-	ClusterGroupNamespaceAnnotation = "fleet.cattle.io/cluster-group-namespace"
-	ClusterNamespaceAnnotation      = "fleet.cattle.io/cluster-namespace"
-	ClusterAnnotation               = "fleet.cattle.io/cluster"
-	TTLSecondsAnnotation            = "fleet.cattle.io/ttl-seconds"
-	ManagedAnnotation               = "fleet.cattle.io/managed"
-	AnnotationGroup                 = "fleet.cattle.io/"
+	ClusterConditionReady      = "Ready"
+	ClusterGroupAnnotation     = "fleet.cattle.io/cluster-group"
+	ClusterNamespaceAnnotation = "fleet.cattle.io/cluster-namespace"
+	ClusterAnnotation          = "fleet.cattle.io/cluster"
+	ManagedLabel               = "fleet.cattle.io/managed"
 
 	BootstrapToken = "fleet.cattle.io/bootstrap-token"
 )
@@ -128,10 +125,10 @@ type ClusterRegistrationToken struct {
 }
 
 type ClusterRegistrationTokenSpec struct {
-	TTLSeconds int `json:"ttlSeconds,omitempty"`
+	TTL *metav1.Duration `json:"ttl,omitempty"`
 }
 
 type ClusterRegistrationTokenStatus struct {
-	Expires    metav1.Time `json:"expires,omitempty"`
-	SecretName string      `json:"secretName,omitempty"`
+	Expires    *metav1.Time `json:"expires,omitempty"`
+	SecretName string       `json:"secretName,omitempty"`
 }

pkg/controllers/bootstrap/bootstrap.go

@@ -187,6 +187,9 @@ func (h *handler) getSecret(bootstrapNamespace string, cfg clientcmd.ClientConfi
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "local-cluster",
 			Namespace: bootstrapNamespace,
+			Labels: map[string]string{
+				fleet.ManagedLabel: "true",
+			},
 		},
 		Data: map[string][]byte{
 			"value":        value,

pkg/controllers/bundle/controller.go

@@ -4,12 +4,14 @@ import (
 	"context"
 
 	fleet "github.com/rancher/fleet/pkg/apis/fleet.cattle.io/v1alpha1"
+	"github.com/rancher/fleet/pkg/controllers/git"
 	fleetcontrollers "github.com/rancher/fleet/pkg/generated/controllers/fleet.cattle.io/v1alpha1"
 	"github.com/rancher/fleet/pkg/summary"
 	"github.com/rancher/fleet/pkg/target"
 	"github.com/rancher/wrangler/pkg/apply"
 	"github.com/rancher/wrangler/pkg/generic"
 	"github.com/rancher/wrangler/pkg/relatedresource"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 )
@@ -20,6 +22,7 @@ const (
 
 type handler struct {
 	targets *target.Manager
+	gitRepo fleetcontrollers.GitRepoCache
 	bundles fleetcontrollers.BundleController
 }
 
@@ -28,11 +31,13 @@ func Register(ctx context.Context,
 	targets *target.Manager,
 	bundles fleetcontrollers.BundleController,
 	clusters fleetcontrollers.ClusterController,
+	gitRepo fleetcontrollers.GitRepoCache,
 	bundleDeployments fleetcontrollers.BundleDeploymentController,
 ) {
 	h := &handler{
 		targets: targets,
 		bundles: bundles,
+		gitRepo: gitRepo,
 	}
 
 	fleetcontrollers.RegisterBundleGeneratingHandler(ctx,
@@ -47,6 +52,7 @@ func Register(ctx context.Context,
 
 	relatedresource.Watch(ctx, "app", h.resolveApp, bundles, bundleDeployments)
 	clusters.OnChange(ctx, "app", h.OnClusterChange)
+	bundles.OnChange(ctx, "bundle-orphan", h.OnPurgeOrphaned)
 }
 
 func (h *handler) resolveApp(_ string, _ string, obj runtime.Object) ([]relatedresource.Key, error) {
@@ -81,6 +87,26 @@ func (h *handler) OnClusterChange(_ string, cluster *fleet.Cluster) (*fleet.Clus
 	return cluster, nil
 }
 
+func (h *handler) OnPurgeOrphaned(key string, bundle *fleet.Bundle) (*fleet.Bundle, error) {
+	if bundle == nil {
+		return bundle, nil
+	}
+
+	repo := bundle.Labels[git.RepoLabel]
+	if repo == "" {
+		return nil, nil
+	}
+
+	_, err := h.gitRepo.Get(bundle.Namespace, repo)
+	if apierrors.IsNotFound(err) {
+		return nil, h.bundles.Delete(bundle.Namespace, bundle.Name, nil)
+	} else if err != nil {
+		return nil, err
+	}
+
+	return bundle, nil
+}
+
 func (h *handler) OnBundleChange(bundle *fleet.Bundle, status fleet.BundleStatus) ([]runtime.Object, fleet.BundleStatus, error) {
 	targets, err := h.targets.Targets(bundle)
 	if err != nil {

pkg/controllers/cleanup/handler.go

@@ -93,7 +93,7 @@ func (h *handler) cleanup(ns runtime.Object) error {
 	if err != nil {
 		return err
 	}
-	if meta.GetAnnotations()[fleet.ManagedAnnotation] != "true" {
+	if meta.GetLabels()[fleet.ManagedLabel] != "true" {
 		return nil
 	}
 	return h.apply.PurgeOrphan(ns)

pkg/controllers/cluster/controller.go

@@ -5,6 +5,7 @@ import (
 	"sort"
 
 	fleet "github.com/rancher/fleet/pkg/apis/fleet.cattle.io/v1alpha1"
+	"github.com/rancher/fleet/pkg/controllers/clusterregistration"
 	fleetcontrollers "github.com/rancher/fleet/pkg/generated/controllers/fleet.cattle.io/v1alpha1"
 	"github.com/rancher/fleet/pkg/summary"
 	"github.com/rancher/wrangler/pkg/apply"
@@ -86,7 +87,13 @@ func (h *handler) OnClusterChanged(cluster *fleet.Cluster, status fleet.ClusterS
 		return nil, status, err
 	}
 
-	status.Namespace = name.SafeConcatName("cluster", cluster.Namespace, cluster.Name)
+	if status.Namespace == "" {
+		ns := name.SafeConcatName("cluster",
+			cluster.Namespace,
+			cluster.Name,
+			clusterregistration.KeyHash(cluster.Namespace+"::"+cluster.Name))
+		status.Namespace = ns
+	}
 	status.Summary = fleet.BundleSummary{}
 
 	sort.Slice(bundleDeployments, func(i, j int) bool {
@@ -104,10 +111,12 @@ func (h *handler) OnClusterChanged(cluster *fleet.Cluster, status fleet.ClusterS
 		&v1.Namespace{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: status.Namespace,
+				Labels: map[string]string{
+					fleet.ManagedLabel: "true",
+				},
 				Annotations: map[string]string{
 					fleet.ClusterNamespaceAnnotation: cluster.Namespace,
 					fleet.ClusterAnnotation:          cluster.Name,
-					fleet.ManagedAnnotation:          "true",
 				},
 			},
 		},

pkg/controllers/cluster/import.go

@@ -23,15 +23,15 @@ import (
 
 var (
 	ImportTokenPrefix = "import-token-"
-	ImportTokenTTL    = int((12 * time.Hour) / time.Second)
+	ImportTokenTTL    = 12 * time.Hour
 	t                 = true
 )
 
 type importHandler struct {
 	ctx             context.Context
 	systemNamespace string
 	secrets         corecontrollers.SecretCache
-	clusters        fleetcontrollers.ClusterClient
+	clusters        fleetcontrollers.ClusterController
 	tokens          fleetcontrollers.ClusterRegistrationTokenCache
 	tokenClient     fleetcontrollers.ClusterRegistrationTokenClient
 }
@@ -145,10 +145,11 @@ func (i *importHandler) importCluster(cluster *fleet.Cluster, status fleet.Clust
 				Name:      ImportTokenPrefix + cluster.Name,
 			},
 			Spec: fleet.ClusterRegistrationTokenSpec{
-				TTLSeconds: ImportTokenTTL,
+				TTL: &metav1.Duration{Duration: ImportTokenTTL},
 			},
 		})
-		return status, err
+		i.clusters.EnqueueAfter(cluster.Namespace, cluster.Name, 2*time.Second)
+		return status, nil
 	}
 
 	output := &bytes.Buffer{}

pkg/controllers/clusterregistration/controller.go

@@ -109,15 +109,7 @@ func (h *handler) authorizeCluster(sa *v1.ServiceAccount, cluster *fleet.Cluster
 				fleet.ClusterAnnotation: cluster.Name,
 			},
 			Annotations: map[string]string{
-				fleet.ManagedAnnotation: "true",
-			},
-			OwnerReferences: []metav1.OwnerReference{
-				{
-					APIVersion: fleet.SchemeGroupVersion.String(),
-					Kind:       "Cluster",
-					Name:       cluster.Name,
-					UID:        cluster.UID,
-				},
+				fleet.ManagedLabel: "true",
 			},
 		},
 		Type: AgentCredentialSecretType,
@@ -162,6 +154,9 @@ func (h *handler) OnChange(request *fleet.ClusterRegistration, status fleet.Clus
 		}
 	}
 
+	logrus.Infof("Cluster registration %s/%s, secret created [%v], granted [%v]",
+		request.Namespace, request.Name, len(objects) > 0, status.Granted)
+
 	if !status.Granted {
 		// try again 2 seconds later
 		h.clusterRegistration.EnqueueAfter(request.Namespace, request.Name, 2*time.Second)
@@ -174,7 +169,7 @@ func (h *handler) OnChange(request *fleet.ClusterRegistration, status fleet.Clus
 				Name:      saName,
 				Namespace: cluster.Status.Namespace,
 				Annotations: map[string]string{
-					fleet.ManagedAnnotation: "true",
+					fleet.ManagedLabel:      "true",
 					fleet.ClusterAnnotation: cluster.Name,
 				},
 			},
@@ -183,8 +178,8 @@ func (h *handler) OnChange(request *fleet.ClusterRegistration, status fleet.Clus
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      request.Name,
 				Namespace: request.Namespace,
-				Annotations: map[string]string{
-					fleet.ManagedAnnotation: "true",
+				Labels: map[string]string{
+					fleet.ManagedLabel: "true",
 				},
 			},
 			Rules: []rbacv1.PolicyRule{
@@ -200,8 +195,8 @@ func (h *handler) OnChange(request *fleet.ClusterRegistration, status fleet.Clus
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      request.Name,
 				Namespace: cluster.Status.Namespace,
-				Annotations: map[string]string{
-					fleet.ManagedAnnotation: "true",
+				Labels: map[string]string{
+					fleet.ManagedLabel: "true",
 				},
 			},
 			Rules: []rbacv1.PolicyRule{
@@ -221,8 +216,8 @@ func (h *handler) OnChange(request *fleet.ClusterRegistration, status fleet.Clus
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      request.Name,
 				Namespace: cluster.Status.Namespace,
-				Annotations: map[string]string{
-					fleet.ManagedAnnotation: "true",
+				Labels: map[string]string{
+					fleet.ManagedLabel: "true",
 				},
 			},
 			Subjects: []rbacv1.Subject{
@@ -242,8 +237,8 @@ func (h *handler) OnChange(request *fleet.ClusterRegistration, status fleet.Clus
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      request.Name,
 				Namespace: request.Namespace,
-				Annotations: map[string]string{
-					fleet.ManagedAnnotation: "true",
+				Labels: map[string]string{
+					fleet.ManagedLabel: "true",
 				},
 			},
 			Subjects: []rbacv1.Subject{
@@ -262,8 +257,8 @@ func (h *handler) OnChange(request *fleet.ClusterRegistration, status fleet.Clus
 		&rbacv1.ClusterRole{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: name.SafeConcatName(request.Namespace, request.Name),
-				Annotations: map[string]string{
-					fleet.ManagedAnnotation: "true",
+				Labels: map[string]string{
+					fleet.ManagedLabel: "true",
 				},
 			},
 			Rules: []rbacv1.PolicyRule{
@@ -278,7 +273,7 @@ func (h *handler) OnChange(request *fleet.ClusterRegistration, status fleet.Clus
 			ObjectMeta: metav1.ObjectMeta{
 				Name: name.SafeConcatName(request.Namespace, request.Name),
 				Annotations: map[string]string{
-					fleet.ManagedAnnotation: "true",
+					fleet.ManagedLabel: "true",
 				},
 			},
 			Subjects: []rbacv1.Subject{