TencentBlueKing · yuyudeqiu · Nov 19, 2024 · Nov 19, 2024 · Nov 19, 2024 · Nov 20, 2024
diff --git a/bcs-services/bcs-bkcmdb-synchronizer/config/bcs-bkcmdb-synchronizer.json.template b/bcs-services/bcs-bkcmdb-synchronizer/config/bcs-bkcmdb-synchronizer.json.template
@@ -45,5 +45,8 @@
     "bk_username": "${cmdb_bkUsername}",
     "server": "${cmdb_server}",
     "debug": ${cmdb_debug}
+  },
+  "shared_cluster": {
+    "annotation_key_proj_code": "${sharedCluster_annoKeyProjCode}"
   }
 }
diff --git a/bcs-services/bcs-bkcmdb-synchronizer/internal/pkg/handler/handler.go b/bcs-services/bcs-bkcmdb-synchronizer/internal/pkg/handler/handler.go
@@ -2781,7 +2781,8 @@ func (b *BcsBkcmdbSynchronizerHandler) handleNamespaceCreate(
 	}
 
 	bizid := bkCluster.BizID
-	if projectCode, ok := namespace.Annotations["io.tencent.bcs.projectcode"]; ok {
+	annotationKey := b.Syncer.BkcmdbSynchronizerOption.SharedCluster.AnnotationKeyProjCode
+	if projectCode, ok := namespace.Annotations[annotationKey]; ok {
 		gpr := pmp.GetProjectRequest{
 			ProjectIDOrCode: projectCode,
 		}

diff --git a/bcs-services/bcs-bkcmdb-synchronizer/internal/pkg/option/option.go b/bcs-services/bcs-bkcmdb-synchronizer/internal/pkg/option/option.go
@@ -17,12 +17,13 @@ import "github.com/Tencent/bk-bcs/bcs-common/common/conf"
 
 // BkcmdbSynchronizerOption options for CostManager
 type BkcmdbSynchronizerOption struct {
-	Synchronizer SynchronizerConfig `json:"synchronizer" value:"synchronizer"`
-	Client       ClientConfig       `json:"client"`
-	Bcslog       conf.LogConfig     `json:"bcslog"`
-	Bcsapi       BcsapiConfig       `json:"bcsapi"`
-	RabbitMQ     RabbitMQConfig     `json:"rabbitmq"`
-	CMDB         CMDBConfig         `json:"cmdb"`
+	Synchronizer  SynchronizerConfig  `json:"synchronizer" value:"synchronizer"`
+	Client        ClientConfig        `json:"client"`
+	Bcslog        conf.LogConfig      `json:"bcslog"`
+	Bcsapi        BcsapiConfig        `json:"bcsapi"`
+	RabbitMQ      RabbitMQConfig      `json:"rabbitmq"`
+	CMDB          CMDBConfig          `json:"cmdb"`
+	SharedCluster SharedClusterConfig `json:"shared_cluster"`
 }
 
 // SynchronizerConfig synchronizer config
@@ -70,3 +71,8 @@ type CMDBConfig struct {
 	Server     string `json:"server"`
 	Debug      bool   `json:"debug"`
 }
+
+// SharedClusterConfig shared cluster config
+type SharedClusterConfig struct {
+	AnnotationKeyProjCode string `json:"annotation_key_proj_code"`
+}
diff --git a/bcs-services/bcs-bkcmdb-synchronizer/internal/pkg/syncer/syncer.go b/bcs-services/bcs-bkcmdb-synchronizer/internal/pkg/syncer/syncer.go
@@ -365,7 +365,7 @@ func (s *Syncer) SyncNamespaces(cluster *cmp.Cluster, bkCluster *bkcmdbkube.Clus
 			}
 		} else {
 			bizid := bkCluster.BizID
-			if projectCode, ok := v.Data.Annotations["io.tencent.bcs.projectcode"]; ok {
+			if projectCode, ok := v.Data.Annotations[s.BkcmdbSynchronizerOption.SharedCluster.AnnotationKeyProjCode]; ok {
 				gpr := pmp.GetProjectRequest{
 					ProjectIDOrCode: projectCode,
 				}

diff --git a/bcs-services/bcs-bkcmdb-synchronizer/internal/synchronizer/synchronizer.go b/bcs-services/bcs-bkcmdb-synchronizer/internal/synchronizer/synchronizer.go
@@ -121,6 +121,7 @@ func (s *Synchronizer) Init() {
 		blog.Errorf("init mq failed, err: %s", err.Error())
 	}
 
+	s.initSharedClusterConf()
 }
 
 func (s *Synchronizer) initTlsConfig() error {
@@ -168,6 +169,12 @@ func (s *Synchronizer) initMQ() error {
 	return nil
 }
 
+func (s *Synchronizer) initSharedClusterConf() {
+	if s.Syncer.BkcmdbSynchronizerOption.SharedCluster.AnnotationKeyProjCode == "" {
+		s.Syncer.BkcmdbSynchronizerOption.SharedCluster.AnnotationKeyProjCode = "io.tencent.bcs.projectcode"
+	}
+}
+
 // Run run the synchronizer
 // nolint funlen
 func (s *Synchronizer) Run() {

diff --git a/bcs-services/bcs-cluster-manager/conf/bcs-cluster-manager.json.template b/bcs-services/bcs-cluster-manager/conf/bcs-cluster-manager.json.template
@@ -193,6 +193,9 @@
         "enableInsTypeUsage": ${enableInsTypeUsage},
         "enableAllocateCidr": ${enableAllocateCidr}
     },
+    "sharedCluster": {
+      "annoKeyProjCode": "${bcsSharedClusterAnnoKeyProjCode}"
+    }
     "tagDepart": "${tagDepart}",
     "prefixVcluster": "${prefixVcluster}",
     "version": "${bcsClusterManagerVersion}",

diff --git a/bcs-services/bcs-cluster-manager/internal/actions/cluster/create_vcluster.go b/bcs-services/bcs-cluster-manager/internal/actions/cluster/create_vcluster.go
@@ -186,11 +186,11 @@ func (ca *CreateVirtualClusterAction) validate() error {
 	}
 	if ca.req.Ns.Annotations == nil {
 		ca.req.Ns.Annotations = map[string]string{
-			utils.ProjectCode:      ca.req.ProjectCode,
+			options.GetGlobalCMOptions().SharedCluster.AnnoKeyProjCode: ca.req.ProjectCode,
 			utils.NamespaceCreator: ca.req.Creator,
 		}
 	} else {
-		ca.req.Ns.Annotations[utils.ProjectCode] = ca.req.ProjectCode
+		ca.req.Ns.Annotations[options.GetGlobalCMOptions().SharedCluster.AnnoKeyProjCode] = ca.req.ProjectCode
 		ca.req.Ns.Annotations[utils.NamespaceCreator] = ca.req.Creator
 	}
 

diff --git a/bcs-services/bcs-cluster-manager/internal/app/app.go b/bcs-services/bcs-cluster-manager/internal/app/app.go
@@ -865,6 +865,12 @@ func (cm *ClusterManager) initCommonHandler(router *mux.Router) error {
 	return nil
 }
 
+func (cm *ClusterManager) initSharedClusterConf() {
+	if cm.opt.SharedCluster.AnnoKeyProjCode == "" {
+		cm.opt.SharedCluster.AnnoKeyProjCode = utils.ProjectCode
+	}
+}
+
 // initHTTPService init http service
 func (cm *ClusterManager) initHTTPService() error {
 	router := mux.NewRouter()
@@ -1180,6 +1186,8 @@ func (cm *ClusterManager) Init() error {
 		blog.Errorf("initCloudTemplateConfig failed: %v", err)
 	}
 
+	// init shared cluster config
+	cm.initSharedClusterConf()
 	// init metric, pprof
 	cm.initExtraModules()
 	// init system signal handler

diff --git a/bcs-services/bcs-cluster-manager/internal/options/options.go b/bcs-services/bcs-cluster-manager/internal/options/options.go
@@ -291,6 +291,11 @@ type DaemonConfig struct {
 	EnableAllocateCidr bool `json:"enableAllocateCidr"`
 }
 
+// SharedClusterConfig config for shared cluster
+type SharedClusterConfig struct {
+	AnnoKeyProjCode string `json:"annoKeyProjCode"`
+}
+
 // ClusterManagerOptions options of cluster manager
 type ClusterManagerOptions struct {
 	Etcd               EtcdOption            `json:"etcd"`
@@ -325,6 +330,7 @@ type ClusterManagerOptions struct {
 	TracingConfig      conf.TracingConfig    `json:"tracingConfig"`
 	Encrypt            encryptv2.Config      `json:"encrypt"`
 	Daemon             DaemonConfig          `json:"daemon"`
+	SharedCluster      SharedClusterConfig   `json:"sharedCluster"`
 	ServerConfig
 	ClientConfig
 }

diff --git a/bcs-services/bcs-data-manager/cmd/options.go b/bcs-services/bcs-data-manager/cmd/options.go
@@ -118,29 +118,35 @@ type KafkaConfig struct {
 	Password  string `json:"password"`
 }
 
+// SharedClusterConfig options of shared cluster
+type SharedClusterConfig struct {
+	AnnoKeyProjCode string `json:"annoKeyProjCode"`
+}
+
 // DataManagerOptions options of data manager
 type DataManagerOptions struct {
 	conf.FileConfig
 	conf.LogConfig
 	ClientConfig
 	ServerConfig
-	Mongo                  MongoOption        `json:"mongoConf"`
-	BcsMonitorConf         BcsMonitorConfig   `json:"bcsMonitorConf"`
-	QueueConfig            QueueConfig        `json:"queueConfig"`
-	HandleConfig           HandleConfig       `json:"handleConfig"`
-	Etcd                   EtcdOption         `json:"etcd"`
-	BcsAPIConf             BcsAPIConfig       `json:"bcsApiConf"`
-	Debug                  bool               `json:"debug"`
-	FilterRules            ClusterFilterRules `json:"filterRules"`
-	AppCode                string             `json:"appCode"`
-	AppSecret              string             `json:"appSecret"`
-	ProducerConfig         ProducerConfig     `json:"producerConfig"`
-	KafkaConfig            KafkaConfig        `json:"kafkaConfig"`
-	NeedSendKafka          bool               `json:"needSendKafka"`
-	IgnoreBkMonitorCluster bool               `json:"ignoreBkMonitorCluster"`
-	QueryFromBkMonitor     bool               `json:"queryFromBkMonitor"`
-	BkbaseConfigPath       string             `json:"bkbaseConfigPath"`
-	TspiderConfigPath      string             `json:"tspiderConfigPath"`
+	Mongo                  MongoOption         `json:"mongoConf"`
+	BcsMonitorConf         BcsMonitorConfig    `json:"bcsMonitorConf"`
+	QueueConfig            QueueConfig         `json:"queueConfig"`
+	HandleConfig           HandleConfig        `json:"handleConfig"`
+	Etcd                   EtcdOption          `json:"etcd"`
+	BcsAPIConf             BcsAPIConfig        `json:"bcsApiConf"`
+	Debug                  bool                `json:"debug"`
+	FilterRules            ClusterFilterRules  `json:"filterRules"`
+	AppCode                string              `json:"appCode"`
+	AppSecret              string              `json:"appSecret"`
+	ProducerConfig         ProducerConfig      `json:"producerConfig"`
+	KafkaConfig            KafkaConfig         `json:"kafkaConfig"`
+	SharedClusterConfig    SharedClusterConfig `json:"sharedClusterConfig"`
+	NeedSendKafka          bool                `json:"needSendKafka"`
+	IgnoreBkMonitorCluster bool                `json:"ignoreBkMonitorCluster"`
+	QueryFromBkMonitor     bool                `json:"queryFromBkMonitor"`
+	BkbaseConfigPath       string              `json:"bkbaseConfigPath"`
+	TspiderConfigPath      string              `json:"tspiderConfigPath"`
 }
 
 // ClusterFilterRules rules for cluster filter

diff --git a/bcs-services/bcs-data-manager/cmd/server.go b/bcs-services/bcs-data-manager/cmd/server.go
@@ -124,6 +124,8 @@ func (s *Server) Init() error {
 		return err
 	}
 
+	// init shared cluster config
+	s.initSharedClusterConf()
 	// init metric, pprof
 	s.initExtraModules()
 	// init system signal handler
@@ -445,7 +447,7 @@ func (s *Server) initWorker() error {
 	}
 	// init resourceGetter
 	s.resourceGetter = common.NewGetter(s.opt.FilterRules.NeedFilter, selectClusters, s.opt.FilterRules.Env,
-		pmClient, bcsMonitorCli)
+		s.opt.SharedClusterConfig.AnnoKeyProjCode, pmClient, bcsMonitorCli)
 	// init producer
 	producerCron := cron.New()
 	s.producer = worker.NewProducer(s.ctx, msgQueue, producerCron, cmCli, k8sStorageCli, mesosStorageCli,
@@ -656,6 +658,13 @@ func (s *Server) initStorageCli() (bcsapi.Storage, bcsapi.Storage, error) {
 	return k8sStorageCli, mesosStorageCli, nil
 }
 
+// initSharedClusterConf init shared cluster config
+func (s *Server) initSharedClusterConf() {
+	if s.opt.SharedClusterConfig.AnnoKeyProjCode == "" {
+		s.opt.SharedClusterConfig.AnnoKeyProjCode = types.AnnotationKeyProjectCode
+	}
+}
+
 // initExtraModules xxx
 // init pprof and metric
 func (s *Server) initExtraModules() {

diff --git a/bcs-services/bcs-data-manager/image/bcs-data-manager.json.template b/bcs-services/bcs-data-manager/image/bcs-data-manager.json.template
@@ -70,6 +70,9 @@
       "username": "${kafkaUsername}",
       "password": "${kafkaPassword}"
   },
+  "sharedClusterConfig": {
+      "annoKeyProjCode": "${sharedClusterAnnoKeyProjCode}"
+  }
   "bkbaseConfigPath": "${bkbaseConfigPath}",
   "tspiderConfigPath": "${tspiderConfigPath}"
 }
diff --git a/bcs-services/bcs-data-manager/pkg/common/common.go b/bcs-services/bcs-data-manager/pkg/common/common.go
@@ -60,28 +60,30 @@ type GetterInterface interface {
 
 // ResourceGetter common resource getter
 type ResourceGetter struct {
-	needFilter     bool
-	clusterIDs     map[string]bool
-	env            string
-	cache          *cache.Cache
-	projectManager bcsproject.BcsProjectManagerClient
-	bcsMonitorCli  bcsmonitor.ClientInterface
+	needFilter      bool
+	clusterIDs      map[string]bool
+	env             string
+	cache           *cache.Cache
+	projectManager  bcsproject.BcsProjectManagerClient
+	bcsMonitorCli   bcsmonitor.ClientInterface
+	AnnoKeyProjCode string
 }
 
 // NewGetter new common resource getter
-func NewGetter(needFilter bool, clusterIds []string, env string,
+func NewGetter(needFilter bool, clusterIds []string, env string, annoKeyProjCode string,
 	pmClient bcsproject.BcsProjectManagerClient, bcsMonitorCli bcsmonitor.ClientInterface) GetterInterface {
 	clusterMap := make(map[string]bool, len(clusterIds))
 	for index := range clusterIds {
 		clusterMap[clusterIds[index]] = true
 	}
 	return &ResourceGetter{
-		needFilter:     needFilter,
-		clusterIDs:     clusterMap,
-		env:            env,
-		cache:          cache.New(time.Minute*10, time.Minute*60),
-		projectManager: pmClient,
-		bcsMonitorCli:  bcsMonitorCli,
+		needFilter:      needFilter,
+		clusterIDs:      clusterMap,
+		env:             env,
+		cache:           cache.New(time.Minute*10, time.Minute*60),
+		projectManager:  pmClient,
+		bcsMonitorCli:   bcsMonitorCli,
+		AnnoKeyProjCode: annoKeyProjCode,
 	}
 }
 
@@ -449,7 +451,7 @@ func (g *ResourceGetter) GetK8sNamespaceList(ctx context.Context, clusterMeta *t
 	for _, namespace := range namespaces {
 		if clusterLabel != nil && clusterLabel["isShared"] == "true" {
 			nsAnnotation := namespace.Data.Annotations
-			if projectCode, ok := nsAnnotation["io.tencent.bcs.projectcode"]; ok {
+			if projectCode, ok := nsAnnotation[g.AnnoKeyProjCode]; ok {
 				namespaceProjectCode = projectCode
 				project, err := g.GetProjectInfo(ctx, "", namespaceProjectCode, pmCli)
 				if err != nil {

diff --git a/bcs-services/bcs-data-manager/pkg/types/types.go b/bcs-services/bcs-data-manager/pkg/types/types.go
@@ -106,6 +106,12 @@ const (
 	SecondTimeFormat = "2006-01-02 15:04:05"
 )
 
+// Shared cluster
+const (
+	// AnnotationKeyProjectCode default project code annotation key
+	AnnotationKeyProjectCode = "io.tencent.bcs.projectcode"
+)
+
 // ProjectMeta meta for project
 type ProjectMeta struct {
 	ProjectID   string            `json:"projectID"`

diff --git a/bcs-services/bcs-helm-manager/internal/app/app.go b/bcs-services/bcs-helm-manager/internal/app/app.go
@@ -143,6 +143,7 @@ func (hm *HelmManager) Init() error {
 		hm.initRegistry,
 		hm.initJWTClient,
 		hm.initIAMClient,
+		hm.initSharedClusterConf,
 		hm.InitComponentConfig,
 		hm.initDiscovery,
 		hm.initMicro,
@@ -604,6 +605,14 @@ func (hm *HelmManager) initIAMClient() error {
 	return nil
 }
 
+// initSharedClusterConf init conf value for shared cluster
+func (hm *HelmManager) initSharedClusterConf() error {
+	if hm.opt.SharedCluster.AnnotationKeyProjCode == "" {
+		hm.opt.SharedCluster.AnnotationKeyProjCode = common.AnnotationKeyProjectCode
+	}
+	return nil
+}
+
 func (hm *HelmManager) initCryptor() error {
 	if !hm.opt.Encrypt.Enable {
 		return nil

diff --git a/bcs-services/bcs-helm-manager/internal/auth/iam.go b/bcs-services/bcs-helm-manager/internal/auth/iam.go
@@ -26,6 +26,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 
 	"github.com/Tencent/bk-bcs/bcs-services/bcs-helm-manager/internal/component"
+	"github.com/Tencent/bk-bcs/bcs-services/bcs-helm-manager/internal/options"
 )
 
 var (
@@ -37,9 +38,6 @@ var (
 	ClusterIamClient *cluster.BCSClusterPerm
 	// NamespaceIamClient namespace iam client
 	NamespaceIamClient *namespace.BCSNamespacePerm
-
-	// ProjCodeAnnoKey 项目 Code 在命名空间 Annotations 中的 Key
-	ProjCodeAnnoKey = "io.tencent.bcs.projectcode"
 )
 
 // InitPermClient new a perm client
@@ -105,7 +103,7 @@ func ReleaseResourcePermCheck(projectCode, clusterID string, namespaceCreated, c
 		if err != nil {
 			return false, "", nil, err
 		}
-		if ns.Annotations[ProjCodeAnnoKey] != projectCode {
+		if ns.Annotations[options.GlobalOptions.SharedCluster.AnnotationKeyProjCode] != projectCode {
 			return false, "", nil, fmt.Errorf("命名空间 %s 在该共享集群中不属于指定项目", v)
 		}
 	}

diff --git a/bcs-services/bcs-helm-manager/internal/common/constant.go b/bcs-services/bcs-helm-manager/internal/common/constant.go
@@ -51,3 +51,9 @@ const (
 	// LangCookieName 语言版本 Cookie 名称
 	LangCookieName = "blueking_language"
 )
+
+// shared cluster
+const (
+	// AnnotationKeyProjectCode namespace 的 projectcode 注解 key 默认值
+	AnnotationKeyProjectCode = "io.tencent.bcs.projectcode"
+)