[Backport release-1.4] Feat: enhance controller auth by removing useless features & add authentication for componentrevision+healthcheck (#4023)

* Feat: use application identity in gc & componentrevision & collectHealthStatus Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit 63fc4bcc69) * Chore: remove useless features and roles Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit f4ef77b2b3) * Fix: remove DELETE from mutating webhook Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit 75f3d5dc35) * Chore: enhance deploy error display Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit e69079bdae) * Fix: e2e test vela cli output match & controllerrevision recycle for serviceaccount impersonation Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit 05b85573a2) Co-authored-by: Somefive <yd219913@alibaba-inc.com>
2026-05-24 10:13:01 +00:00 · 2022-05-27 16:00:04 +08:00
parent 371affb389
commit e20ef02a6a
21 changed files with 54 additions and 96 deletions
--- a/cmd/core/main.go
+++ b/cmd/core/main.go
@@ -36,7 +36,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"

-	apicommon "github.com/oam-dev/kubevela/apis/core.oam.dev/common"
 	"github.com/oam-dev/kubevela/apis/types"
 	"github.com/oam-dev/kubevela/pkg/auth"
 	ctrlClient "github.com/oam-dev/kubevela/pkg/client"
@@ -46,13 +45,11 @@ import (
 	oamv1alpha2 "github.com/oam-dev/kubevela/pkg/controller/core.oam.dev/v1alpha2"
 	"github.com/oam-dev/kubevela/pkg/controller/utils"
 	"github.com/oam-dev/kubevela/pkg/cue/packages"
-	"github.com/oam-dev/kubevela/pkg/features"
 	_ "github.com/oam-dev/kubevela/pkg/monitor/metrics"
 	"github.com/oam-dev/kubevela/pkg/multicluster"
 	"github.com/oam-dev/kubevela/pkg/oam"
 	"github.com/oam-dev/kubevela/pkg/oam/discoverymapper"
 	"github.com/oam-dev/kubevela/pkg/resourcekeeper"
-	pkgutils "github.com/oam-dev/kubevela/pkg/utils"
 	"github.com/oam-dev/kubevela/pkg/utils/common"
 	"github.com/oam-dev/kubevela/pkg/utils/system"
 	"github.com/oam-dev/kubevela/pkg/utils/util"
@@ -205,18 +202,10 @@ func main() {
 	restConfig.QPS = float32(qps)
 	restConfig.Burst = burst
 	restConfig.Wrap(auth.NewImpersonatingRoundTripper)
-	if utilfeature.DefaultMutableFeatureGate.Enabled(features.ControllerAutoImpersonation) {
-		restConfig.Impersonate.UserName = types.VelaCoreName
-		restConfig.Impersonate.Groups = []string{apicommon.Group}
-		pkgutils.AutoSetSelfImpersonationInConfig(restConfig)
-	}
 	klog.InfoS("Kubernetes Config Loaded",
 		"UserAgent", restConfig.UserAgent,
 		"QPS", restConfig.QPS,
 		"Burst", restConfig.Burst,
-		"Auto-Impersonation", utilfeature.DefaultMutableFeatureGate.Enabled(features.ControllerAutoImpersonation),
-		"Impersonate-User", restConfig.Impersonate.UserName,
-		"Impersonate-Group", strings.Join(restConfig.Impersonate.Groups, ","),
 	)

 	// wrapper the round tripper by multi cluster rewriter