cuisongliu · pull · Aug 1, 2023 · Jul 31, 2023 · Jul 31, 2023 · Jul 31, 2023
diff --git a/.gitignore b/.gitignore
@@ -20,3 +20,4 @@ vendor
 .vscode/
 pkg/registry/save/testdata/registry
 .dummy.report.md
+deploy/cloud/tars
diff --git a/controllers/account/config/default/manager_auth_proxy_patch.yaml b/controllers/account/config/default/manager_auth_proxy_patch.yaml
@@ -35,6 +35,7 @@ spec:
         envFrom:
           - secretRef:
               name: payment-secret
+              optional: true
         securityContext:
           runAsNonRoot: true
           allowPrivilegeEscalation: false

diff --git a/controllers/account/config/rbac/role.yaml b/controllers/account/config/rbac/role.yaml
@@ -245,6 +245,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - limitranges
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:

diff --git a/controllers/account/controllers/account_controller.go b/controllers/account/controllers/account_controller.go
@@ -24,12 +24,17 @@ import (
 	"strings"
 	"time"
 
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/source"
+
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+
+	"github.com/labring/sealos/controllers/pkg/common"
+
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 
-	"sigs.k8s.io/controller-runtime/pkg/builder"
-
 	"github.com/labring/sealos/controllers/pkg/crypto"
 
 	retry2 "k8s.io/client-go/util/retry"
@@ -53,23 +58,21 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"github.com/labring/sealos/pkg/pay"
-	"sigs.k8s.io/controller-runtime/pkg/handler"
-	"sigs.k8s.io/controller-runtime/pkg/source"
-
 	accountv1 "github.com/labring/sealos/controllers/account/api/v1"
+	"github.com/labring/sealos/pkg/pay"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 const (
-	ACCOUNTNAMESPACEENV         = "ACCOUNT_NAMESPACE"
-	DEFAULTACCOUNTNAMESPACE     = "sealos-system"
-	AccountAnnotationNewAccount = "account.sealos.io/new-account"
-	NEWACCOUNTAMOUNTENV         = "NEW_ACCOUNT_AMOUNT"
-	RECHARGEGIFT                = "recharge-gift"
-	SEALOS                      = "sealos"
+	ACCOUNTNAMESPACEENV          = "ACCOUNT_NAMESPACE"
+	DEFAULTACCOUNTNAMESPACE      = "sealos-system"
+	AccountAnnotationNewAccount  = "account.sealos.io/new-account"
+	AccountAnnotationIgnoreQuota = "account.sealos.io/ignore-quota"
+	NEWACCOUNTAMOUNTENV          = "NEW_ACCOUNT_AMOUNT"
+	RECHARGEGIFT                 = "recharge-gift"
+	SEALOS                       = "sealos"
 )
 
 // AccountReconciler reconciles a Account object
@@ -84,6 +87,8 @@ type AccountReconciler struct {
 //+kubebuilder:rbac:groups=account.sealos.io,resources=accounts,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=account.sealos.io,resources=accounts/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=account.sealos.io,resources=accounts/finalizers,verbs=update
+//+kubebuilder:rbac:groups=core,resources=resourcequotas,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=core,resources=limitranges,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=user.sealos.io,resources=users,verbs=get;list;watch
 //+kubebuilder:rbac:groups=account.sealos.io,resources=accountbalances,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=account.sealos.io,resources=accountbalances/status,verbs=get;list;watch;create;update;patch;delete
@@ -218,6 +223,9 @@ func (r *AccountReconciler) syncAccount(ctx context.Context, name, accountNamesp
 		},
 	}
 	if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, &account, func() error {
+		if account.Annotations == nil {
+			account.Annotations = make(map[string]string)
+		}
 		return nil
 	}); err != nil {
 		return nil, err
@@ -230,15 +238,20 @@ func (r *AccountReconciler) syncAccount(ctx context.Context, name, accountNamesp
 	if err != nil {
 		return nil, fmt.Errorf("sync init balance failed: %v", err)
 	}
+	if account.GetAnnotations()[AccountAnnotationIgnoreQuota] != "true" {
+		if err := r.syncResourceQuotaAndLimitRange(ctx, userNamespace); err != nil {
+			return nil, fmt.Errorf("sync resource resourceQuota and limitRange failed: %v", err)
+		}
+	}
 	// add account balance when account is new user
 	stringAmount := os.Getenv(NEWACCOUNTAMOUNTENV)
 	if stringAmount == "" {
 		r.Logger.V(1).Info("NEWACCOUNTAMOUNTENV is empty", "account", account)
 		return &account, nil
 	}
 
-	if newAccountFlag := account.Annotations[AccountAnnotationNewAccount]; newAccountFlag == "false" {
-		r.Logger.V(1).Info("account is not a new user ", "account", account)
+	if account.Annotations[AccountAnnotationNewAccount] == "false" {
+		//r.Logger.V(1).Info("account is not a new user ", "account", account)
 		return &account, nil
 	}
 
@@ -249,7 +262,7 @@ func (r *AccountReconciler) syncAccount(ctx context.Context, name, accountNamesp
 	}
 	if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, &account, func() error {
 		if account.Annotations == nil {
-			account.Annotations = make(map[string]string, 0)
+			account.Annotations = make(map[string]string)
 		}
 		account.Annotations[AccountAnnotationNewAccount] = "false"
 		return nil
@@ -269,29 +282,23 @@ func (r *AccountReconciler) syncAccount(ctx context.Context, name, accountNamesp
 	}
 	r.Logger.Info("account created,will charge new account some money", "account", account, "stringAmount", stringAmount)
 
-	if err := r.syncResourceQuota(ctx, userNamespace); err != nil {
-		return nil, fmt.Errorf("sync resource quota failed: %v", err)
-	}
 	return &account, nil
 }
 
-func (r *AccountReconciler) syncResourceQuota(ctx context.Context, nsName string) error {
-	quota := &corev1.ResourceQuota{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      ResourceQuotaPrefix + nsName,
-			Namespace: nsName,
-		},
-	}
-
-	return retry.Retry(10, 1*time.Second, func() error {
-		if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, quota, func() error {
-			quota.Spec.Hard = DefaultResourceQuota()
-			return nil
-		}); err != nil {
-			return fmt.Errorf("sync resource quota failed: %v", err)
+func (r *AccountReconciler) syncResourceQuotaAndLimitRange(ctx context.Context, nsName string) error {
+	objs := []client.Object{client.Object(common.GetDefaultLimitRange(nsName, nsName)), client.Object(common.GetDefaultResourceQuota(nsName, ResourceQuotaPrefix+nsName))}
+	for i := range objs {
+		err := retry.Retry(10, 1*time.Second, func() error {
+			_, err := controllerutil.CreateOrUpdate(ctx, r.Client, objs[i], func() error {
+				return nil
+			})
+			return err
+		})
+		if err != nil {
+			return fmt.Errorf("sync resource %T failed: %v", objs[i], err)
 		}
-		return nil
-	})
+	}
+	return nil
 }
 
 func (r *AccountReconciler) syncRoleAndRoleBinding(ctx context.Context, name, namespace string) error {
@@ -478,10 +485,9 @@ func (r *AccountReconciler) SetupWithManager(mgr ctrl.Manager, rateOpts controll
 		return fmt.Errorf("mongo url is empty")
 	}
 	return ctrl.NewControllerManagedBy(mgr).
-		For(&accountv1.Account{}).
+		For(&userV1.User{}, builder.WithPredicates(predicate.Or(predicate.GenerationChangedPredicate{}))).
 		Watches(&source.Kind{Type: &accountv1.Payment{}}, &handler.EnqueueRequestForObject{}).
 		Watches(&source.Kind{Type: &accountv1.AccountBalance{}}, &handler.EnqueueRequestForObject{}, builder.WithPredicates(&NamespaceFilterPredicate{Namespace: r.AccountSystemNamespace})).
-		Watches(&source.Kind{Type: &userV1.User{}}, &handler.EnqueueRequestForObject{}).
 		WithOptions(rateOpts).
 		Complete(r)
 }

diff --git a/controllers/account/controllers/billing_controller.go b/controllers/account/controllers/billing_controller.go
@@ -31,7 +31,6 @@ import (
 	v1 "github.com/labring/sealos/controllers/user/api/v1"
 	gonanoid "github.com/matoous/go-nanoid/v2"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/event"
@@ -290,18 +289,3 @@ func (r *BillingReconciler) SetupWithManager(mgr ctrl.Manager, rateOpts controll
 func getUsername(namespace string) string {
 	return strings.TrimPrefix(namespace, UserNamespacePrefix)
 }
-
-func DefaultResourceQuota() corev1.ResourceList {
-	return corev1.ResourceList{
-		//corev1.ResourceRequestsCPU:    resource.MustParse("100"),
-		corev1.ResourceLimitsCPU: resource.MustParse("16"),
-		//corev1.ResourceRequestsMemory: resource.MustParse("100"),
-		corev1.ResourceLimitsMemory: resource.MustParse("64Gi"),
-		//For all PVCs, the total demand for storage resources cannot exceed this value
-		corev1.ResourceRequestsStorage: resource.MustParse("100Gi"),
-		//"limit.storage": resource.MustParse("100Gi"),
-		//Local ephemeral storage
-		corev1.ResourceLimitsEphemeralStorage: resource.MustParse("100Gi"),
-		//corev1.ResourceRequestsEphemeralStorage: resource.MustParse("100Gi"),
-	}
-}
diff --git a/controllers/account/deploy/Kubefile b/controllers/account/deploy/Kubefile
@@ -8,4 +8,4 @@ COPY manifests manifests
 ENV DEFAULT_NAMESPACE account-system
 ENV MONGO_URI "mongodb://mongo:27017/resources"
 
-CMD ["( kubectl create -f manifests/mongo-secret.yaml -n $DEFAULT_NAMESPACE || true ) && kubectl apply -f manifests/deploy.yaml -n $DEFAULT_NAMESPACE"]
+CMD ["( kubectl create ns $DEFAULT_NAMESPACE || true ) && ( kubectl create -f manifests/mongo-secret.yaml -n $DEFAULT_NAMESPACE || true ) && kubectl apply -f manifests/deploy.yaml -n $DEFAULT_NAMESPACE"]
diff --git a/controllers/account/deploy/manifests/deploy.yaml b/controllers/account/deploy/manifests/deploy.yaml
@@ -875,6 +875,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - limitranges
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -1168,6 +1180,7 @@ spec:
         envFrom:
         - secretRef:
             name: payment-secret
+            optional: true
         image: ghcr.io/labring/sealos-account-controller:latest
         imagePullPolicy: Always
         livenessProbe:

diff --git a/controllers/licenseissuer/deploy/Kubefile b/controllers/licenseissuer/deploy/Kubefile
@@ -7,10 +7,10 @@ COPY manifests manifests
 
 ENV canConnectToExternalNetwork "true"
 ENV enableMonitor "true"
-ENV CollectorURL "https://license.sealos.io/collector",
-ENV NotificationURL "https://license.sealos.io/notify",
-ENV RegisterURL "https://license.sealos.io/register",
-ENV CloudSyncURL "https://license.sealos.io/datasync",
+ENV CollectorURL "https://license.sealos.io/collector"
+ENV NotificationURL "https://license.sealos.io/notify"
+ENV RegisterURL "https://license.sealos.io/register"
+ENV CloudSyncURL "https://license.sealos.io/datasync"
 ENV LicenseMonitorURL "https://license.sealos.io/license"
 
 CMD ["kubectl apply -f manifests/customconfig.yaml -f manifests/deploy.yaml"]
diff --git a/controllers/licenseissuer/deploy/manifests/customconfig.yaml.tmpl b/controllers/licenseissuer/deploy/manifests/customconfig.yaml.tmpl
@@ -11,13 +11,29 @@ apiVersion: v1
 data:
   config.json: |
     {
-      "CollectorURL": {{ .CollectorURL }},
-      "NotificationURL": {{ .NotificationURL }},
-      "RegisterURL": {{ .RegisterURL }},
-      "CloudSyncURL": {{ .CloudSyncURL }},
-      "LicenseMonitorURL": {{ .LicenseMonitorURL }}
+      "CollectorURL": "{{ .CollectorURL }}",
+      "NotificationURL": "{{ .NotificationURL }}",
+      "RegisterURL": "{{ .RegisterURL }}",
+      "CloudSyncURL": "{{ .CloudSyncURL }}",
+      "LicenseMonitorURL": "{{ .LicenseMonitorURL }}"
     }
 kind: ConfigMap
 metadata:
   name: url-config
   namespace: sealos-system
+---
+apiVersion: v1
+data: null
+kind: ConfigMap
+metadata:
+  name: license-history
+  namespace: sealos-system
+---
+apiVersion: infostream.sealos.io/v1
+kind: Launcher
+metadata:
+  name: launcher
+  namespace: sealos-system
+spec:
+  description: This YAML file is responsible for launching the entire cloud module.
+  name: Cloud-Launcher
diff --git a/controllers/licenseissuer/deploy/manifests/deploy.yaml b/controllers/licenseissuer/deploy/manifests/deploy.yaml
@@ -583,7 +583,7 @@ spec:
         resources:
           limits:
             cpu: 500m
-            memory: 128Mi
+            memory: 64Mi
           requests:
             cpu: 5m
             memory: 64Mi
@@ -629,7 +629,7 @@ spec:
             memory: 1024Mi
           requests:
             cpu: 10m
-            memory: 512Mi
+            memory: 128Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:

diff --git a/controllers/licenseissuer/internal/controller/license_controller.go b/controllers/licenseissuer/internal/controller/license_controller.go
@@ -19,7 +19,6 @@ package controller
 import (
 	"context"
 	"os"
-	"time"
 
 	"github.com/go-logr/logr"
 	accountv1 "github.com/labring/sealos/controllers/account/api/v1"
@@ -128,27 +127,15 @@ func (r *LicenseReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 	} else {
 		payload, ok = issuer.LicenseCheckOnInternalNetwork(license)
 	}
+
 	// pre-check for license
 	if !ok {
 		pack := issuer.NewNotificationPackage(issuer.LicenseNoticeTitle, issuer.SEALOS, issuer.InvalidLicenseMessage)
 		issuer.SubmitNotificationWithUser(ctx, r.Client, req.Namespace, pack)
 		r.logger.Info("invalid license")
 		return ctrl.Result{}, r.Client.Delete(ctx, &license)
 	}
-	// check license creat time
-	creatTime, err := issuer.InterfaceToInt64(payload[issuer.CreatTimeField])
-	if err != nil {
-		r.logger.Error(err, "failed to convert license creat time")
-		pack := issuer.NewNotificationPackage(issuer.LicenseNoticeTitle, issuer.SEALOS, issuer.InvalidLicenseMessage)
-		issuer.SubmitNotificationWithUser(ctx, r.Client, req.Namespace, pack)
-		return ctrl.Result{}, r.Client.Delete(ctx, &license)
-	}
-	if time.Unix(creatTime, 0).Add(issuer.LicenseLifetime).Before(time.Now()) {
-		pack := issuer.NewNotificationPackage(issuer.LicenseNoticeTitle, issuer.SEALOS, issuer.ExpiredLicenseMessage)
-		issuer.SubmitNotificationWithUser(ctx, r.Client, req.Namespace, pack)
-		r.logger.Info("expired license")
-		return ctrl.Result{}, r.Client.Delete(ctx, &license)
-	}
+
 	// recharge
 	(&issuer.WriteEventBuilder{}).WithCallback(func() error {
 		if !issuer.ContainsFields(payload, issuer.AmountField) {