feat: license controller.

.github/workflows/controllers.yml

@@ -82,6 +82,8 @@ jobs:
           - { name: app, path: app }
           - { name: db-bytebase, path: db/bytebase }
           - { name: db-adminer, path: db/adminer }
+          - { name: license, path: license }
+          - { name: job-init, path: job/init }
           - { name: resources, path: resources }
           - { name: resources-metering, path: resources/metering }
           - { name: node, path: node }
@@ -183,6 +185,8 @@ jobs:
           - { name: app, path: app }
           - { name: db-bytebase, path: db/bytebase }
           - { name: db-adminer, path: db/adminer }
+          - { name: license, path: license }
+          - { name: job-init, path: job/init }
           - { name: resources, path: resources }
           - { name: resources-metering, path: resources/metering }
           - { name: node, path: node }

.gitignore

@@ -11,8 +11,9 @@ scripts/release/Note.md
 .ossutil_checkpoint
 bin
 .run
-tools
 coverage.out
+tools/*
+tools/!*.go
 tmp
 **/.DS_Store
 node_modules

controllers/job/init/.dockerignore

@@ -0,0 +1,3 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+testbin/

controllers/job/init/.gitignore

@@ -0,0 +1,26 @@
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin/*
+Dockerfile.cross
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+.vscode
+*.swp
+*.swo
+*~

controllers/job/init/Dockerfile

@@ -0,0 +1,9 @@
+FROM gcr.io/distroless/static:nonroot
+ARG TARGETARCH
+
+WORKDIR /
+USER 65532:65532
+
+COPY bin/controller-job-init-$TARGETARCH /preset
+
+ENTRYPOINT ["/preset"]

controllers/job/init/Makefile

@@ -0,0 +1,88 @@
+
+# Image URL to use all building/pushing image targets
+IMG ?= ghcr.io/labring/sealos-job-init-controller:latest
+TARGETARCH ?= amd64
+GOARCH ?= amd64
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
+
+.PHONY: all
+all: build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+CONTROLLER_PKG=github.com/labring/sealos/controllers/pkg
+CONTROLLER_LICENSE=github.com/labring/sealos/controllers/license/internal/controller
+build: fmt vet ## Build manager binary.
+	CGO_ENABLED=0 GOOS=linux  go build -o bin/preset-${GOARCH} cmd/preset/main.go && chmod +x bin/preset-${GOARCH} && cp bin/preset-${GOARCH} bin/manager
+
+
+.PHONY: run
+run: fmt vet ## Run a controller from your host.
+	go run ./cmd/preset/main.go
+
+# If you wish built the manager image targeting other platforms you can use the --platform flag.
+# (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it.
+# More info: https://docs.docker.com/develop/develop-images/build_enhancements/
+.PHONY: docker-build
+docker-build: ## Build docker image with the manager.
+	mv bin/preset-${TARGETARCH} bin/controller-job-init-${TARGETARCH} || true
+	chmod +x bin/controller-job-init-${TARGETARCH}
+	docker build -t ${IMG} . --build-arg TARGETARCH=${TARGETARCH}
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+# PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple
+# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
+# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/
+# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
+# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> then the export will fail)
+# To properly provided solutions that supports more than one platform you should use this option.
+PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+.PHONY: docker-buildx
+docker-buildx: test ## Build and push docker image for the manager for cross-platform support
+	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
+	sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
+	- docker buildx create --name project-v3-builder
+	docker buildx use project-v3-builder
+	- docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross .
+	- docker buildx rm project-v3-builder
+	rm Dockerfile.cross

controllers/job/init/README.md

@@ -0,0 +1 @@
+# 

controllers/job/init/cmd/preset/main.go

@@ -0,0 +1,32 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"os"
+
+	"github.com/labring/sealos/controllers/job/init/internal/util/controller"
+	"github.com/labring/sealos/controllers/job/init/internal/util/database"
+	utilserror "github.com/labring/sealos/controllers/job/init/internal/util/errors"
+	"github.com/labring/sealos/controllers/pkg/utils/logger"
+)
+
+func main() {
+	ctx := context.Background()
+
+	if err := controller.PresetAdminUser(ctx); err != nil {
+		logger.Error(err, "preset admin user in kubernetes failed")
+		os.Exit(1)
+	}
+	logger.Info("preset admin user in kubernetes successfully")
+
+	if err := database.PresetAdminUser(ctx); err != nil {
+		if errors.Is(err, utilserror.ErrAdminExists) {
+			logger.Info("admin user already exists in database")
+		} else {
+			logger.Error(err, "preset admin user in database failed")
+			os.Exit(1)
+		}
+	}
+	logger.Info("preset admin user in database successfully")
+}

controllers/job/init/deploy/Kubefile

@@ -0,0 +1,8 @@
+FROM scratch
+
+USER 65532:65532
+
+COPY registry registry
+COPY manifests manifests
+
+CMD ["kubectl apply -f manifests"]

controllers/job/init/deploy/manifests/deploy.yaml

@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sealos-job-init-sa
+  namespace: sealos
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sealos-job-init-user-editor-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: user-editor-role
+subjects:
+  - kind: ServiceAccount
+    name: sealos-job-init-sa
+    namespace: sealos
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: init-job
+  namespace: sealos
+spec:
+  ttlSecondsAfterFinished: 86400
+  template:
+    spec:
+      serviceAccountName: sealos-job-init-sa
+      securityContext:
+        runAsNonRoot: true
+      containers:
+      - name: job-init
+        image: ghcr.io/labring/sealos-job-init-controller:latest
+        # get env from desktop-frontend-secret
+        env:
+          - name: MONGO_URI
+            valueFrom:
+              secretKeyRef:
+                name: desktop-frontend-secret
+                key: mongodb_uri
+          - name: PASSWORD_SALT_KEY
+            valueFrom:
+              secretKeyRef:
+                name: desktop-frontend-secret
+                key: password_salt
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+      restartPolicy: OnFailure
+  backoffLimit: 10

controllers/job/init/go.mod

@@ -0,0 +1,96 @@
+module github.com/labring/sealos/controllers/job/init
+
+go 1.20
+
+replace (
+	k8s.io/api => k8s.io/api v0.25.6
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.6
+	k8s.io/apimachinery => k8s.io/apimachinery v0.25.6
+	k8s.io/client-go => k8s.io/client-go v0.25.6
+	k8s.io/component-base => k8s.io/component-base v0.25.6
+)
+
+require (
+	github.com/google/uuid v1.3.0
+	github.com/labring/sealos/controllers/pkg v0.0.0-20231019082350-00726c66bb59
+	github.com/labring/sealos/controllers/user v0.0.0
+	go.mongodb.org/mongo-driver v1.12.1
+	k8s.io/apimachinery v0.27.4
+	k8s.io/client-go v0.27.4
+	sigs.k8s.io/controller-runtime v0.13.0
+)
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/zapr v1.2.4 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.1 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/onsi/ginkgo/v2 v2.10.0 // indirect
+	github.com/onsi/gomega v1.27.8 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus/client_golang v1.15.1 // indirect
+	github.com/prometheus/client_model v0.4.0 // indirect
+	github.com/prometheus/common v0.42.0 // indirect
+	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stretchr/testify v1.8.4 // indirect
+	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
+	github.com/xdg-go/scram v1.1.2 // indirect
+	github.com/xdg-go/stringprep v1.0.4 // indirect
+	github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
+	go.uber.org/goleak v1.2.1 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/crypto v0.10.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/oauth2 v0.8.0 // indirect
+	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sys v0.12.0 // indirect
+	golang.org/x/term v0.9.0 // indirect
+	golang.org/x/text v0.10.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.27.4 // indirect
+	k8s.io/apiextensions-apiserver v0.27.2 // indirect
+	k8s.io/component-base v0.27.2 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
+	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)
+
+replace github.com/labring/sealos/controllers/user => ../../user