feat(kubernetes): support for jobs and cron jobs - r8s-182 (#260)

Co-authored-by: James Carppe <85850129+jamescarppe@users.noreply.github.com> Co-authored-by: Anthony Lapenna <anthony.lapenna@portainer.io> Co-authored-by: andres-portainer <91705312+andres-portainer@users.noreply.github.com> Co-authored-by: Oscar Zhou <100548325+oscarzhou-portainer@users.noreply.github.com> Co-authored-by: Yajith Dayarathna <yajith.dayarathna@portainer.io> Co-authored-by: LP B <xAt0mZ@users.noreply.github.com> Co-authored-by: oscarzhou <oscar.zhou@portainer.io> Co-authored-by: testA113 <aliharriss1995@gmail.com>
2025-07-24 15:59:41 +02:00 · 2025-01-10 13:21:27 +13:00 · 2025-01-10 13:21:27 +13:00 · d32b0f8b7e
commit d32b0f8b7e
parent 24fdb1f600
51 changed files with 1786 additions and 22 deletions
--- a/api/http/handler/kubernetes/cron_job.go
+++ b/api/http/handler/kubernetes/cron_job.go
@ -0,0 +1,78 @@
+package kubernetes
+
+import (
+	"net/http"
+
+	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/portainer/portainer/pkg/libhttp/request"
+	"github.com/portainer/portainer/pkg/libhttp/response"
+	"github.com/rs/zerolog/log"
+)
+
+// @id GetKubernetesCronJobs
+// @summary Get a list of kubernetes Cron Jobs
+// @description Get a list of kubernetes Cron Jobs that the user has access to.
+// @description **Access policy**: Authenticated user.
+// @tags kubernetes
+// @security ApiKeyAuth || jwt
+// @produce json
+// @param id path int true "Environment identifier"
+// @success 200 {array} models.K8sCronJob "Success"
+// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
+// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
+// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
+// @failure 404 "Unable to find an environment with the specified identifier."
+// @failure 500 "Server error occurred while attempting to retrieve the list of Cron Jobs."
+// @router /kubernetes/{id}/cron_jobs [get]
+func (handler *Handler) getAllKubernetesCronJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	cli, httpErr := handler.prepareKubeClient(r)
+	if httpErr != nil {
+		log.Error().Err(httpErr).Str("context", "GetAllKubernetesCronJobs").Msg("Unable to prepare kube client")
+		return httperror.InternalServerError("unable to prepare kube client. Error: ", httpErr)
+	}
+
+	cronJobs, err := cli.GetCronJobs("")
+	if err != nil {
+		log.Error().Err(err).Str("context", "GetAllKubernetesCronJobs").Msg("Unable to fetch Cron Jobs across all namespaces")
+		return httperror.InternalServerError("unable to fetch Cron Jobs. Error: ", err)
+	}
+
+	return response.JSON(w, cronJobs)
+}
+
+// @id DeleteCronJobs
+// @summary Delete Cron Jobs
+// @description Delete the provided list of Cron Jobs.
+// @description **Access policy**: Authenticated user.
+// @tags kubernetes
+// @security ApiKeyAuth || jwt
+// @accept json
+// @param id path int true "Environment identifier"
+// @param payload body models.K8sCronJobDeleteRequests true "A map where the key is the namespace and the value is an array of Cron Jobs to delete"
+// @success 204 "Success"
+// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
+// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
+// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
+// @failure 404 "Unable to find an environment with the specified identifier or unable to find a specific service account."
+// @failure 500 "Server error occurred while attempting to delete Cron Jobs."
+// @router /kubernetes/{id}/cron_jobs/delete [POST]
+func (handler *Handler) deleteKubernetesCronJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var payload models.K8sCronJobDeleteRequests
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return httperror.BadRequest("Invalid request payload", err)
+	}
+
+	cli, handlerErr := handler.getProxyKubeClient(r)
+	if handlerErr != nil {
+		return handlerErr
+	}
+
+	err = cli.DeleteCronJobs(payload)
+	if err != nil {
+		return httperror.InternalServerError("Unable to delete Cron Jobs", err)
+	}
+
+	return response.Empty(w)
+}
--- a/api/http/handler/kubernetes/handler.go
+++ b/api/http/handler/kubernetes/handler.go
@ -55,6 +55,10 @@ func NewHandler(bouncer security.BouncerService, authorizationService *authoriza
 	endpointRouter.Handle("/applications/count", httperror.LoggerHandler(h.getAllKubernetesApplicationsCount)).Methods(http.MethodGet)
 	endpointRouter.Handle("/configmaps", httperror.LoggerHandler(h.GetAllKubernetesConfigMaps)).Methods(http.MethodGet)
 	endpointRouter.Handle("/configmaps/count", httperror.LoggerHandler(h.getAllKubernetesConfigMapsCount)).Methods(http.MethodGet)
+	endpointRouter.Handle("/cron_jobs", httperror.LoggerHandler(h.getAllKubernetesCronJobs)).Methods(http.MethodGet)
+	endpointRouter.Handle("/cron_jobs/delete", httperror.LoggerHandler(h.deleteKubernetesCronJobs)).Methods(http.MethodPost)
+	endpointRouter.Handle("/jobs", httperror.LoggerHandler(h.getAllKubernetesJobs)).Methods(http.MethodGet)
+	endpointRouter.Handle("/jobs/delete", httperror.LoggerHandler(h.deleteKubernetesJobs)).Methods(http.MethodPost)
 	endpointRouter.Handle("/cluster_roles", httperror.LoggerHandler(h.getAllKubernetesClusterRoles)).Methods(http.MethodGet)
 	endpointRouter.Handle("/cluster_roles/delete", httperror.LoggerHandler(h.deleteClusterRoles)).Methods(http.MethodPost)
 	endpointRouter.Handle("/cluster_role_bindings", httperror.LoggerHandler(h.getAllKubernetesClusterRoleBindings)).Methods(http.MethodGet)
--- a/api/http/handler/kubernetes/job.go
+++ b/api/http/handler/kubernetes/job.go
@ -0,0 +1,85 @@
+package kubernetes
+
+import (
+	"net/http"
+
+	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/portainer/portainer/pkg/libhttp/request"
+	"github.com/portainer/portainer/pkg/libhttp/response"
+	"github.com/rs/zerolog/log"
+)
+
+// @id GetKubernetesJobs
+// @summary Get a list of kubernetes Jobs
+// @description Get a list of kubernetes Jobs that the user has access to.
+// @description **Access policy**: Authenticated user.
+// @tags kubernetes
+// @security ApiKeyAuth || jwt
+// @produce json
+// @param id path int true "Environment identifier"
+// @param includeCronJobChildren query bool false "Whether to include Jobs that have a cronjob owner"
+// @success 200 {array} models.K8sJob "Success"
+// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
+// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
+// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
+// @failure 404 "Unable to find an environment with the specified identifier."
+// @failure 500 "Server error occurred while attempting to retrieve the list of Jobs."
+// @router /kubernetes/{id}/jobs [get]
+func (handler *Handler) getAllKubernetesJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	includeCronJobChildren, err := request.RetrieveBooleanQueryParameter(r, "includeCronJobChildren", true)
+	if err != nil {
+		log.Error().Err(err).Str("context", "GetAllKubernetesJobs").Msg("Invalid query parameter includeCronJobChildren")
+		return httperror.BadRequest("an error occurred during the GetAllKubernetesJobs operation, invalid query parameter includeCronJobChildren. Error: ", err)
+	}
+
+	cli, httpErr := handler.prepareKubeClient(r)
+	if httpErr != nil {
+		log.Error().Err(httpErr).Str("context", "GetAllKubernetesJobs").Msg("Unable to prepare kube client")
+		return httperror.InternalServerError("unable to prepare kube client. Error: ", httpErr)
+	}
+
+	jobs, err := cli.GetJobs("", includeCronJobChildren)
+	if err != nil {
+		log.Error().Err(err).Str("context", "GetAllKubernetesJobs").Msg("Unable to fetch Jobs across all namespaces")
+		return httperror.InternalServerError("unable to fetch Jobs. Error: ", err)
+	}
+
+	return response.JSON(w, jobs)
+}
+
+// @id DeleteJobs
+// @summary Delete Jobs
+// @description Delete the provided list of Jobs.
+// @description **Access policy**: Authenticated user.
+// @tags kubernetes
+// @security ApiKeyAuth || jwt
+// @accept json
+// @param id path int true "Environment identifier"
+// @param payload body models.K8sJobDeleteRequests true "A map where the key is the namespace and the value is an array of Jobs to delete"
+// @success 204 "Success"
+// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
+// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
+// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
+// @failure 404 "Unable to find an environment with the specified identifier or unable to find a specific service account."
+// @failure 500 "Server error occurred while attempting to delete Jobs."
+// @router /kubernetes/{id}/jobs/delete [POST]
+func (handler *Handler) deleteKubernetesJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var payload models.K8sJobDeleteRequests
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return httperror.BadRequest("Invalid request payload", err)
+	}
+
+	cli, handlerErr := handler.getProxyKubeClient(r)
+	if handlerErr != nil {
+		return handlerErr
+	}
+
+	err = cli.DeleteJobs(payload)
+	if err != nil {
+		return httperror.InternalServerError("Unable to delete Jobs", err)
+	}
+
+	return response.Empty(w)
+}
--- a/api/http/models/kubernetes/cron_jobs.go
+++ b/api/http/models/kubernetes/cron_jobs.go
@ -0,0 +1,36 @@
+package kubernetes
+
+import (
+	"errors"
+	"net/http"
+)
+
+type K8sCronJob struct {
+	Id        string   `json:"Id"`
+	Name      string   `json:"Name"`
+	Namespace string   `json:"Namespace"`
+	Command   string   `json:"Command"`
+	Schedule  string   `json:"Schedule"`
+	Timezone  string   `json:"Timezone"`
+	Suspend   bool     `json:"Suspend"`
+	Jobs      []K8sJob `json:"Jobs"`
+	IsSystem  bool     `json:"IsSystem"`
+}
+
+type (
+	K8sCronJobDeleteRequests map[string][]string
+)
+
+func (r K8sCronJobDeleteRequests) Validate(request *http.Request) error {
+	if len(r) == 0 {
+		return errors.New("missing deletion request list in payload")
+	}
+
+	for ns := range r {
+		if len(ns) == 0 {
+			return errors.New("deletion given with empty namespace")
+		}
+	}
+
+	return nil
+}
--- a/api/http/models/kubernetes/jobs.go
+++ b/api/http/models/kubernetes/jobs.go
@ -0,0 +1,44 @@
+package kubernetes
+
+import (
+	"errors"
+	"net/http"
+
+	corev1 "k8s.io/api/core/v1"
+)
+
+// K8sJob struct
+type K8sJob struct {
+	ID           string           `json:"Id"`
+	Namespace    string           `json:"Namespace"`
+	Name         string           `json:"Name"`
+	PodName      string           `json:"PodName"`
+	Container    corev1.Container `json:"Container,omitempty"`
+	Command      string           `json:"Command,omitempty"`
+	BackoffLimit int32            `json:"BackoffLimit,omitempty"`
+	Completions  int32            `json:"Completions,omitempty"`
+	StartTime    string           `json:"StartTime"`
+	FinishTime   string           `json:"FinishTime"`
+	Duration     string           `json:"Duration"`
+	Status       string           `json:"Status"`
+	FailedReason string           `json:"FailedReason"`
+	IsSystem     bool             `json:"IsSystem"`
+}
+
+type (
+	K8sJobDeleteRequests map[string][]string
+)
+
+func (r K8sJobDeleteRequests) Validate(request *http.Request) error {
+	if len(r) == 0 {
+		return errors.New("missing deletion request list in payload")
+	}
+
+	for ns := range r {
+		if len(ns) == 0 {
+			return errors.New("deletion given with empty namespace")
+		}
+	}
+
+	return nil
+}