Fix Session validation for MCS Operator Mode (#191)

* Fix Session validation for MCS Operator Mode

* Updated assets

Author: dvaldivia

cluster/cluster.go

@@ -24,7 +24,7 @@ import (
 )
 
 func GetK8sConfig(token string) *rest.Config {
-	// if m3 is running inside k8s by default he will have access to the ca cert from the k8s local authority
+	// if console is running inside k8s by default he will have access to the ca cert from the k8s local authority
 	const (
 		rootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
 	)
@@ -33,7 +33,7 @@ func GetK8sConfig(token string) *rest.Config {
 		tlsClientConfig.CAFile = rootCAFile
 	}
 	config := &rest.Config{
-		Host:            getK8sAPIServer(),
+		Host:            GetK8sAPIServer(),
 		TLSClientConfig: tlsClientConfig,
 		APIPath:         "/",
 		BearerToken:     token,

cluster/config.go

@@ -34,27 +34,27 @@ var (
 	errCantDetermineMCImage    = errors.New("can't determine MC Image")
 )
 
-func getK8sAPIServer() string {
-	// if m3 is running inside a k8s pod KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT will contain the k8s api server apiServerAddress
-	// if m3 is not running inside k8s by default will look for the k8s api server on localhost:8001 (kubectl proxy)
+func GetK8sAPIServer() string {
+	// if console is running inside a k8s pod KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT will contain the k8s api server apiServerAddress
+	// if console is not running inside k8s by default will look for the k8s api server on localhost:8001 (kubectl proxy)
 	// NOTE: using kubectl proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
 	// more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
-	// you can override this using M3_K8S_API_SERVER, ie use the k8s cluster from `kubectl config view`
+	// you can override this using MCS_K8S_API_SERVER, ie use the k8s cluster from `kubectl config view`
 	host, port := env.Get("KUBERNETES_SERVICE_HOST", ""), env.Get("KUBERNETES_SERVICE_PORT", "")
 	apiServerAddress := "http://localhost:8001"
 	if host != "" && port != "" {
 		apiServerAddress = "https://" + net.JoinHostPort(host, port)
 	}
-	return env.Get(M3K8sAPIServer, apiServerAddress)
+	return env.Get(McsK8sAPIServer, apiServerAddress)
 }
 
 // getK8sAPIServerInsecure allow to tell the k8s client to skip TLS certificate verification, ie: when connecting to a k8s cluster
 // that uses certificate not trusted by your machine
 func getK8sAPIServerInsecure() bool {
-	return strings.ToLower(env.Get(m3k8SAPIServerInsecure, "off")) == "on"
+	return strings.ToLower(env.Get(McsK8SAPIServerInsecure, "off")) == "on"
 }
 
-// GetNsFromFile assumes mkube is running inside a k8s pod and extract the current namespace from the
+// GetNsFromFile assumes console is running inside a k8s pod and extract the current namespace from the
 // /var/run/secrets/kubernetes.io/serviceaccount/namespace file
 func GetNsFromFile() string {
 	dat, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
@@ -64,12 +64,12 @@ func GetNsFromFile() string {
 	return string(dat)
 }
 
-// This operation will run only once at mkube startup
+// This operation will run only once at console startup
 var namespace = GetNsFromFile()
 
 // Returns the namespace in which the controller is installed
 func GetNs() string {
-	return env.Get(M3Namespace, namespace)
+	return env.Get(McsNamespace, namespace)
 }
 
 // getLatestMinIOImage returns the latest docker image for MinIO if found on the internet
@@ -106,7 +106,7 @@ var latestMinIOImage, errLatestMinIOImage = getLatestMinIOImage(
 // a preferred image to be used (configured via ENVIRONMENT VARIABLES) GetMinioImage will return that
 // if not, GetMinioImage will try to obtain the image URL for the latest version of MinIO and return that
 func GetMinioImage() (*string, error) {
-	image := strings.TrimSpace(env.Get(M3MinioImage, ""))
+	image := strings.TrimSpace(env.Get(McsMinioImage, ""))
 	// if there is a preferred image configured by the user we'll always return that
 	if image != "" {
 		return &image, nil
@@ -156,7 +156,7 @@ func getLatestMCImage() (*string, error) {
 var latestMCImage, errLatestMCImage = getLatestMCImage()
 
 func GetMCImage() (*string, error) {
-	image := strings.TrimSpace(env.Get(M3MCImage, ""))
+	image := strings.TrimSpace(env.Get(McsMCImage, ""))
 	// if there is a preferred image configured by the user we'll always return that
 	if image != "" {
 		return &image, nil

cluster/const.go

@@ -17,9 +17,9 @@
 package cluster
 
 const (
-	M3K8sAPIServer         = "M3_K8S_API_SERVER"
-	m3k8SAPIServerInsecure = "M3_K8S_API_SERVER_INSECURE"
-	M3MinioImage           = "M3_MINIO_IMAGE"
-	M3MCImage              = "M3_MC_IMAGE"
-	M3Namespace            = "M3_NAMESPACE"
+	McsK8sAPIServer         = "MCS_K8S_API_SERVER"
+	McsK8SAPIServerInsecure = "MCS_K8S_API_SERVER_INSECURE"
+	McsMinioImage           = "MCS_MINIO_IMAGE"
+	McsMCImage              = "MCS_MC_IMAGE"
+	McsNamespace            = "MCS_NAMESPACE"
 )

k8s/base/kustomization.yaml renamed to k8s/console/base/kustomization.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mcs
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mcs
+  template:
+    metadata:
+      labels:
+        app: mcs
+    spec:
+      serviceAccountName: m3-sa
+      containers:
+        - name: mcs
+          image: minio/mcs:latest
+          imagePullPolicy: "IfNotPresent"
+          args:
+            - /mcs
+            - server
+          ports:
+            - containerPort: 9090
+              name: http
+            - containerPort: 9433
+              name: https