fix(EE-4782): add portainer internal label to created ingress rules (#8196)

2022-12-20 16:46:51 +13:00 · 2022-12-20 16:46:51 +13:00 · 95558ed4ad
parent e1b474d04f
commit 95558ed4ad
4 changed files with 16 additions and 4 deletions
--- a/api/http/handler/kubernetes/ingresses.go
+++ b/api/http/handler/kubernetes/ingresses.go
@ -10,6 +10,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	portainerDsErrors "github.com/portainer/portainer/api/dataservices/errors"
 	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	"github.com/portainer/portainer/api/http/security"
 )

 func (handler *Handler) getKubernetesIngressControllers(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
@ -515,6 +516,12 @@ func (handler *Handler) createKubernetesIngress(w http.ResponseWriter, r *http.R
 		)
 	}

+	owner := "admin"
+	tokenData, err := security.RetrieveTokenData(r)
+	if err == nil && tokenData != nil {
+		owner = tokenData.Username
+	}
+
 	cli, ok := handler.KubernetesClientFactory.GetProxyKubeClient(
 		strconv.Itoa(endpointID), r.Header.Get("Authorization"),
 	)
@ -525,7 +532,7 @@ func (handler *Handler) createKubernetesIngress(w http.ResponseWriter, r *http.R
 		)
 	}

-	err = cli.CreateIngress(namespace, payload)
+	err = cli.CreateIngress(namespace, payload, owner)
 	if err != nil {
 		return httperror.InternalServerError(
 			"Unable to retrieve the ingress",
--- a/api/kubernetes/cli/ingress.go
+++ b/api/kubernetes/cli/ingress.go
@ -5,6 +5,7 @@ import (
 	"strings"

 	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	"github.com/portainer/portainer/api/stacks/stackutils"
 	"github.com/rs/zerolog/log"
 	netv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -150,7 +151,7 @@ func (kcl *KubeClient) GetIngresses(namespace string) ([]models.K8sIngressInfo,
 }

 // CreateIngress creates a new ingress in a given namespace in a k8s endpoint.
-func (kcl *KubeClient) CreateIngress(namespace string, info models.K8sIngressInfo) error {
+func (kcl *KubeClient) CreateIngress(namespace string, info models.K8sIngressInfo, owner string) error {
 	ingressClient := kcl.cli.NetworkingV1().Ingresses(namespace)
 	var ingress netv1.Ingress

@ -160,6 +161,10 @@ func (kcl *KubeClient) CreateIngress(namespace string, info models.K8sIngressInf
 		ingress.Spec.IngressClassName = &info.ClassName
 	}
 	ingress.Annotations = info.Annotations
+	if ingress.Labels == nil {
+		ingress.Labels = make(map[string]string)
+	}
+	ingress.Labels["io.portainer.kubernetes.application.owner"] = stackutils.SanitizeLabel(owner)

 	// Store TLS information.
 	var tls []netv1.IngressTLS
--- a/api/kubernetes/cli/namespace.go
+++ b/api/kubernetes/cli/namespace.go
@ -59,7 +59,7 @@ func (kcl *KubeClient) GetNamespace(name string) (portainer.K8sNamespaceInfo, er
 	return result, nil
 }

-// CreateIngress creates a new ingress in a given namespace in a k8s endpoint.
+// CreateNamespace creates a new ingress in a given namespace in a k8s endpoint.
 func (kcl *KubeClient) CreateNamespace(info models.K8sNamespaceDetails) error {
 	client := kcl.cli.CoreV1().Namespaces()

--- a/api/portainer.go
+++ b/api/portainer.go
@ -1381,7 +1381,7 @@ type (
 		GetIngressControllers() (models.K8sIngressControllers, error)
 		GetMetrics() (models.K8sMetrics, error)
 		GetStorage() ([]KubernetesStorageClassConfig, error)
-		CreateIngress(namespace string, info models.K8sIngressInfo) error
+		CreateIngress(namespace string, info models.K8sIngressInfo, owner string) error
 		UpdateIngress(namespace string, info models.K8sIngressInfo) error
 		GetIngresses(namespace string) ([]models.K8sIngressInfo, error)
 		DeleteIngresses(reqs models.K8sIngressDeleteRequests) error