Merge pull request #49 from aifoundry-org/namespace

use dedicated namespace

Author: deitch

cmd/root.go

@@ -44,6 +44,7 @@ func rootCmd() (*cobra.Command, error) {
 		kubeconfigPath              string
 		kubeconfigOverwrite         bool
 		controlPlaneSecret          string
+		controlPlaneNamespace       string
 		verbose                     int
 		address                     string
 		workerExternalIP            bool
@@ -159,7 +160,7 @@ func rootCmd() (*cobra.Command, error) {
 				cluster.NodeSpec{Image: cluster.Image{Name: controlPlaneImageName, Source: controlPlaneImageSource, Blocksize: controlPlaneImageBlocksize}, MemoryGB: int(controlPlaneMemory), CPUCount: int(controlPlaneCPU), ExternalIP: controlPlaneExternalIP, RootDiskSize: int(controlPlaneRootDiskSizeGB * cluster.GB), ExtraDiskSize: int(controlPlaneExtraDiskSizeGB * cluster.GB), TailscaleAuthKey: tailscaleAuthKey, TailscaleTag: tailscaleTag},
 				cluster.NodeSpec{Image: cluster.Image{Name: workerImageName, Source: workerImageSource, Blocksize: workerImageBlocksize}, MemoryGB: int(workerMemory), CPUCount: int(workerCPU), ExternalIP: workerExternalIP, RootDiskSize: int(workerRootDiskSizeGB * cluster.GB), ExtraDiskSize: int(workerExtraDiskSizeGB * cluster.GB), TailscaleAuthKey: tailscaleAuthKey, TailscaleTag: tailscaleTag},
 				imageParallelism,
-				controlPlaneSecret, kubeconfig, pubkey,
+				controlPlaneNamespace, controlPlaneSecret, kubeconfig, pubkey,
 				time.Duration(clusterInitWait)*time.Minute,
 				kubeconfigOverwrite,
 				tailscaleAPIKey,
@@ -253,7 +254,8 @@ func rootCmd() (*cobra.Command, error) {
 	cmd.Flags().StringVar(&userSSHPublicKey, "user-ssh-public-key", "", "Path to public key to inject in all deployed cloud instances")
 	cmd.Flags().StringVar(&kubeconfigPath, "kubeconfig", "~/.kube/oxide-controller-config", "Path to save kubeconfig when generating new cluster, or to use for accessing existing cluster")
 	cmd.Flags().BoolVar(&kubeconfigOverwrite, "kubeconfig-overwrite", false, "Whether or not to override the kubeconfig file if it already exists and a new cluster is created")
-	cmd.Flags().StringVar(&controlPlaneSecret, "control-plane-secret", "kube-system/oxide-controller-secret", "secret in Kubernetes cluster where the following are stored: join token, user ssh public key, controller ssh private/public keypair; should be as <namespace>/<name>")
+	cmd.Flags().StringVar(&controlPlaneSecret, "control-plane-secret", "oxide-controller-secret", "secret in Kubernetes cluster where the following are stored: join token, user ssh public key, controller ssh private/public keypair; will be in namespace provided by --namespace")
+	cmd.Flags().StringVar(&controlPlaneNamespace, "control-plane-namespace", "oxide-controller-system", "namespace in Kubernetes cluster where the resources live")
 	cmd.Flags().BoolVar(&workerExternalIP, "worker-external-ip", false, "Whether or not to assign an ephemeral public IP to the worker nodes, useful for debugging")
 	cmd.Flags().BoolVar(&controlPlaneExternalIP, "control-plane-external-ip", true, "Whether or not to assign an ephemeral public IP to the control plane nodes, needed to access cluster from outside sled, as well as for debugging")
 	cmd.Flags().IntVarP(&verbose, "verbose", "v", 0, "set log level, 0 is info, 1 is debug, 2 is trace")

pkg/cluster/cluster.go

@@ -29,6 +29,7 @@ type Cluster struct {
 	workerCount                  int
 	controlPlaneSpec, workerSpec NodeSpec
 	secretName                   string
+	namespace                    string
 	kubeconfig, userPubkey       []byte
 	controlPlaneIP               string
 	imageParallelism             int
@@ -37,7 +38,7 @@ type Cluster struct {
 }
 
 // New creates a new Cluster instance
-func New(logger *log.Entry, client *oxide.Client, projectID string, controlPlanePrefix, workerPrefix string, controlPlaneCount, workerCount int, controlPlaneSpec, workerSpec NodeSpec, imageParallelism int, secretName string, kubeconfig, pubkey []byte, clusterInitWait time.Duration, kubeconfigOverwrite bool, tailscaleAPIKey, tailscaleTailnet string) *Cluster {
+func New(logger *log.Entry, client *oxide.Client, projectID string, controlPlanePrefix, workerPrefix string, controlPlaneCount, workerCount int, controlPlaneSpec, workerSpec NodeSpec, imageParallelism int, namespace, secretName string, kubeconfig, pubkey []byte, clusterInitWait time.Duration, kubeconfigOverwrite bool, tailscaleAPIKey, tailscaleTailnet string) *Cluster {
 	c := &Cluster{
 		logger:              logger.WithField("component", "cluster"),
 		client:              client,
@@ -47,6 +48,7 @@ func New(logger *log.Entry, client *oxide.Client, projectID string, controlPlane
 		controlPlaneSpec:    controlPlaneSpec,
 		workerSpec:          workerSpec,
 		secretName:          secretName,
+		namespace:           namespace,
 		kubeconfig:          kubeconfig,
 		userPubkey:          pubkey,
 		clusterInitWait:     clusterInitWait,
@@ -307,9 +309,15 @@ func (c *Cluster) ensureClusterExists(ctx context.Context) (newKubeconfig []byte
 			secrets[secretKeyWorkerCount] = []byte(fmt.Sprintf("%d", c.workerCount))
 		}
 
+		// ensure we have the namespace we need
+		namespace := c.namespace
+		if err := createNamespace(ctx, namespace, c.kubeconfig); err != nil {
+			return nil, fmt.Errorf("failed to create namespace: %w", err)
+		}
+
 		// save the join token, system ssh key pair, user ssh key to the Kubernetes secret
-		c.logger.Debugf("Saving secret %s to Kubernetes", secretName)
-		if err := saveSecret(ctx, c.logger, secretName, c.kubeconfig, secrets); err != nil {
+		c.logger.Debugf("Saving secret %s/%s to Kubernetes", namespace, secretName)
+		if err := saveSecret(ctx, c.logger, namespace, secretName, c.kubeconfig, secrets); err != nil {
 			return nil, fmt.Errorf("failed to save secret: %w", err)
 		}
 

pkg/cluster/namespace.go

@@ -0,0 +1,44 @@
+package cluster
+
+import (
+	"context"
+	"fmt"
+
+	v1 "k8s.io/api/core/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// createNamespace ensures a namespace exists or creates it.
+func createNamespace(ctx context.Context, namespace string, kubeconfig []byte) error {
+	clientset, err := getClientset(kubeconfig)
+	if err != nil {
+		return fmt.Errorf("failed to get clientset: %w", err)
+	}
+
+	nsClient := clientset.CoreV1().Namespaces()
+
+	// Check if the namespace already exists
+	_, err = nsClient.Get(ctx, namespace, metav1.GetOptions{})
+	if err == nil {
+		// Already exists
+		return nil
+	}
+	if !k8serrors.IsNotFound(err) {
+		return fmt.Errorf("failed to check namespace existence: %w", err)
+	}
+
+	// Create the namespace
+	ns := &v1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: namespace,
+		},
+	}
+
+	_, err = nsClient.Create(ctx, ns, metav1.CreateOptions{})
+	if err != nil {
+		return fmt.Errorf("failed to create namespace %q: %w", namespace, err)
+	}
+
+	return nil
+}

pkg/cluster/secret.go

@@ -73,7 +73,7 @@ func (c *Cluster) SetWorkerCount(ctx context.Context, count int) error {
 		return fmt.Errorf("failed to get secret: %w", err)
 	}
 	secretMap[secretKeyWorkerCount] = []byte(fmt.Sprintf("%d", count))
-	if err := saveSecret(ctx, c.logger, c.secretName, c.kubeconfig, secretMap); err != nil {
+	if err := saveSecret(ctx, c.logger, c.namespace, c.secretName, c.kubeconfig, secretMap); err != nil {
 		return fmt.Errorf("failed to save secret: %w", err)
 	}
 	return nil
@@ -103,14 +103,8 @@ func getSecret(ctx context.Context, logger *log.Entry, kubeconfigRaw []byte, sec
 }
 
 // saveSecret save a secret to the Kubernetes cluster
-func saveSecret(ctx context.Context, logger *log.Entry, secretRef string, kubeconfig []byte, data map[string][]byte) error {
-	logger.Debugf("Saving secret %s with kubeconfig size %d and keymap size %d", secretRef, len(kubeconfig), len(data))
-	// Parse namespace and name from <namespace>/<name>
-	parts := strings.SplitN(secretRef, "/", 2)
-	if len(parts) != 2 {
-		return fmt.Errorf("invalid secret reference: expected <namespace>/<name>")
-	}
-	namespace, name := parts[0], parts[1]
+func saveSecret(ctx context.Context, logger *log.Entry, namespace, name string, kubeconfig []byte, data map[string][]byte) error {
+	logger.Debugf("Saving secret %s with kubeconfig size %d and keymap size %d", name, len(kubeconfig), len(data))
 
 	clientset, err := getClientset(kubeconfig)
 	if err != nil {