mirror of https://github.com/portainer/portainer
75 lines
1.8 KiB
Go
75 lines
1.8 KiB
Go
package cli
|
|
|
|
import (
|
|
"context"
|
|
"strconv"
|
|
|
|
"github.com/pkg/errors"
|
|
v1 "k8s.io/api/core/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
const (
|
|
systemNamespaceLabel = "io.portainer.kubernetes.namespace.system"
|
|
)
|
|
|
|
func defaultSystemNamespaces() map[string]struct{} {
|
|
return map[string]struct{}{
|
|
"kube-system": {},
|
|
"kube-public": {},
|
|
"kube-node-lease": {},
|
|
"portainer": {},
|
|
}
|
|
}
|
|
|
|
func isSystemNamespace(namespace v1.Namespace) bool {
|
|
systemLabelValue, hasSystemLabel := namespace.Labels[systemNamespaceLabel]
|
|
if hasSystemLabel {
|
|
return systemLabelValue == "true"
|
|
}
|
|
|
|
systemNamespaces := defaultSystemNamespaces()
|
|
|
|
_, isSystem := systemNamespaces[namespace.Name]
|
|
|
|
return isSystem
|
|
}
|
|
|
|
// ToggleSystemState will set a namespace as a system namespace, or remove this state
|
|
// if isSystem is true it will set `systemNamespaceLabel` to "true" and false otherwise
|
|
// this will skip if namespace is "default" or if the required state is already set
|
|
func (kcl *KubeClient) ToggleSystemState(namespaceName string, isSystem bool) error {
|
|
if namespaceName == "default" {
|
|
return nil
|
|
}
|
|
|
|
nsService := kcl.cli.CoreV1().Namespaces()
|
|
|
|
namespace, err := nsService.Get(context.TODO(), namespaceName, metav1.GetOptions{})
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed fetching namespace object")
|
|
}
|
|
|
|
if isSystemNamespace(*namespace) == isSystem {
|
|
return nil
|
|
}
|
|
|
|
if namespace.Labels == nil {
|
|
namespace.Labels = map[string]string{}
|
|
}
|
|
|
|
namespace.Labels[systemNamespaceLabel] = strconv.FormatBool(isSystem)
|
|
|
|
_, err = nsService.Update(context.TODO(), namespace, metav1.UpdateOptions{})
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed updating namespace object")
|
|
}
|
|
|
|
if isSystem {
|
|
return kcl.NamespaceAccessPoliciesDeleteNamespace(namespaceName)
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|