Skip to content

Commit

Permalink
Merge pull request #298 from m00g3n/provision_killswitch
Browse files Browse the repository at this point in the history
Add provision killswitch
  • Loading branch information
kyma-bot authored Jul 26, 2024
2 parents 484f217 + 4d4ecd5 commit 2ac5f00
Show file tree
Hide file tree
Showing 9 changed files with 153 additions and 15 deletions.
13 changes: 10 additions & 3 deletions api/v1/runtime_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ import (
const (
Finalizer = "runtime-controller.infrastructure-manager.kyma-project.io/deletion-hook"
AnnotationGardenerCloudDelConfirmation = "confirmation.gardener.cloud/deletion"
LabelControlledByProvisioner = "kyma-project.io/controlled-by-provisioner"
)

const (
Expand Down Expand Up @@ -60,9 +61,10 @@ const (
type RuntimeConditionType string

const (
ConditionTypeRuntimeProvisioned RuntimeConditionType = "Provisioned"
ConditionTypeRuntimeKubeconfigReady RuntimeConditionType = "KubeconfigReady"
ConditionTypeRuntimeConfigured RuntimeConditionType = "Configured"
ConditionTypeRuntimeProvisioned RuntimeConditionType = "Provisioned"
ConditionTypeRuntimeProvisionedDryRun RuntimeConditionType = "ProvisionedDryRun"
ConditionTypeRuntimeKubeconfigReady RuntimeConditionType = "KubeconfigReady"
ConditionTypeRuntimeConfigured RuntimeConditionType = "Configured"
)

type RuntimeConditionReason string
Expand Down Expand Up @@ -294,3 +296,8 @@ func (k *Runtime) ValidateRequiredLabels() error {
}
return nil
}

func (k *Runtime) IsControlledByProvisioner() bool {
value, found := k.Labels[LabelControlledByProvisioner]
return !found || value != "false"
}
76 changes: 76 additions & 0 deletions api/v1/runtime_types_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
package v1_test

import (
"fmt"
"testing"

imv1 "github.com/kyma-project/infrastructure-manager/api/v1"
"github.com/stretchr/testify/assert"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func Test_Runtime_IsControlledByProvisioner(t *testing.T) {
var tests = []struct {
desc string
rt imv1.Runtime
expected bool
}{
{
desc: "rt without labels (zero value) should be controlled by the provisioner",
rt: imv1.Runtime{},
expected: true,
},
{
desc: "rt without labels (empty map) should be controlled by the provisioner",
rt: imv1.Runtime{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{},
},
},
expected: true,
},
{
desc: fmt.Sprintf(`rt without label: "%s" should be controlled by the provisioner`, imv1.LabelControlledByProvisioner),
rt: imv1.Runtime{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{"test": "me"},
},
},
expected: true,
},
{
desc: fmt.Sprintf(`rt with label: "%s=true" should be controlled by the provisioner`, imv1.LabelControlledByProvisioner),
rt: imv1.Runtime{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{imv1.LabelControlledByProvisioner: "true"},
},
},
expected: true,
},
{
desc: fmt.Sprintf(`rt with label: "%s=sth" should be controlled by the provisioner`, imv1.LabelControlledByProvisioner),
rt: imv1.Runtime{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{imv1.LabelControlledByProvisioner: "sth"},
},
},
expected: true,
},
{
desc: fmt.Sprintf(`rt with label: "%s=false" should NOT be controlled by the provisioner`, imv1.LabelControlledByProvisioner),
rt: imv1.Runtime{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{imv1.LabelControlledByProvisioner: "false"},
},
},
expected: false,
},
}

for i, tt := range tests {
t.Run(fmt.Sprintf("%02d", i), func(t *testing.T) {
actual := tt.rt.IsControlledByProvisioner()
assert.Equal(t, tt.expected, actual, tt.desc)
})
}
}
2 changes: 1 addition & 1 deletion cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func init() {

const defaultMinimalRotationTimeRatio = 0.6
const defaultExpirationTime = 24 * time.Hour
const defaultRuntimeReconcilerEnabled = false
const defaultRuntimeReconcilerEnabled = true
const defaultGardenerRequestTimeout = 60 * time.Second

func main() {
Expand Down
6 changes: 5 additions & 1 deletion docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,18 @@ You can configure the Infrastructure Manager deployment with the following argum
3. `minimal-rotation-time` - the ratio determines what is the minimal time that needs to pass to rotate the certificate
4. `kubeconfig-expiration-time` - maximum time after which kubeconfig is rotated. The rotation happens between (`minimal-rotation-time` * `kubeconfig-expiration-time`) and `kubeconfig-expiration-time`.
4. `gardener-request-timeout` - specifies the timeout for requests to Gardener. Default value is `60s`.
5. `runtime-reconciler-enabled` - feature flag responsible for enabling the runtime reconciler. Default value is `false`.
5. `runtime-reconciler-enabled` - feature flag responsible for enabling the runtime reconciler. Default value is `true`.
6. `shoot-spec-dump-enabled` - feature flag responsible for enabling the shoot spec dump. Default value is `false`.


See [manager_gardener_secret_patch.yaml](../config/default/manager_gardener_secret_patch.yaml) for default values.

## Troubleshooting

1. Switching between the `provisioner` and `kim`.

The `kyma-project.io/controlled-by-provisioner` label provides fine-grained control over the `Runtime` CR. Only if the label value is set to `false`, the resource is considered managed and will be controlled by `kyma-application-manager`.

> TBD: List potential issues and provide tips on how to avoid or solve them. To structure the content, use the following sections:
>
> - **Symptom**
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package fsm

import (
"context"
"fmt"

imv1 "github.com/kyma-project/infrastructure-manager/api/v1"
ctrl "sigs.k8s.io/controller-runtime"
)

func sFnCreateShootDryRun(_ context.Context, m *fsm, s *systemState) (stateFn, *ctrl.Result, error) {
m.log.Info("Create shoot [dry-run]")

newShoot, err := convertShoot(&s.instance, m.ConverterConfig)
if err != nil {
m.log.Error(err, "Failed to convert Runtime instance to shoot object [dry-run]")
return updateStatePendingWithErrorAndStop(
&s.instance,
imv1.ConditionTypeRuntimeProvisioned,
imv1.ConditionReasonConversionError,
"Runtime conversion error")
}

s.shoot = &newShoot
s.instance.UpdateStateReady(
imv1.ConditionTypeRuntimeProvisionedDryRun,
imv1.ConditionReasonConfigurationCompleted,
"Runtime processing completed successfully [dry-run]")

// stop machine if persistence not enabled
if m.PVCPath == "" {
return updateStatusAndStop()
}

path := fmt.Sprintf("%s/%s-%s.yaml", m.PVCPath, s.shoot.Namespace, s.shoot.Name)
if err := persist(path, s.shoot, m.writerProvider); err != nil {
return updateStatusAndStopWithError(err)
}
return updateStatusAndStop()
}
5 changes: 4 additions & 1 deletion internal/controller/runtime/fsm/runtime_fsm_initialise.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,13 @@ func sFnInitialize(ctx context.Context, m *fsm, s *systemState) (stateFn, *ctrl.

if instanceIsNotBeingDeleted && s.shoot == nil {
m.log.Info("Gardener shoot does not exist, creating new one")
if s.instance.IsControlledByProvisioner() {
return switchState(sFnCreateShootDryRun)
}
return switchState(sFnCreateShoot)
}

if instanceIsNotBeingDeleted {
if instanceIsNotBeingDeleted && !s.instance.IsControlledByProvisioner() {
m.log.Info("Gardener shoot exists, processing")
return switchState(sFnSelectShootProcessing)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ var _ = Describe("KIM sFnInitialise", func() {
Name: "test-instance",
Namespace: "default",
Finalizers: []string{"test-me-plz"},
Labels: map[string]string{
imv1.LabelControlledByProvisioner: "false",
},
},
}

Expand Down
6 changes: 5 additions & 1 deletion internal/controller/runtime/runtime_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,10 @@ func (r *RuntimeReconciler) UpdateShootClient(client client.Client) {
func (r *RuntimeReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&imv1.Runtime{}).
WithEventFilter(predicate.GenerationChangedPredicate{}).
WithEventFilter(predicate.Or(
predicate.GenerationChangedPredicate{},
predicate.LabelChangedPredicate{},
predicate.AnnotationChangedPredicate{},
)).
Complete(r)
}
17 changes: 9 additions & 8 deletions internal/controller/runtime/runtime_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -186,14 +186,15 @@ func CreateRuntimeStub(resourceName string) *imv1.Runtime {
Name: resourceName,
Namespace: "default",
Labels: map[string]string{
imv1.LabelKymaRuntimeID: "059dbc39-fd2b-4186-b0e5-8a1bc8ede5b8",
imv1.LabelKymaInstanceID: "test-instance",
imv1.LabelKymaRegion: "region",
imv1.LabelKymaName: "caadafae-1234-1234-1234-123456789abc",
imv1.LabelKymaBrokerPlanID: "broker-plan-id",
imv1.LabelKymaBrokerPlanName: "aws",
imv1.LabelKymaGlobalAccountID: "461f6292-8085-41c8-af0c-e185f39b5e18",
imv1.LabelKymaSubaccountID: "c5ad84ae-3d1b-4592-bee1-f022661f7b30",
imv1.LabelKymaRuntimeID: "059dbc39-fd2b-4186-b0e5-8a1bc8ede5b8",
imv1.LabelKymaInstanceID: "test-instance",
imv1.LabelKymaRegion: "region",
imv1.LabelKymaName: "caadafae-1234-1234-1234-123456789abc",
imv1.LabelKymaBrokerPlanID: "broker-plan-id",
imv1.LabelKymaBrokerPlanName: "aws",
imv1.LabelKymaGlobalAccountID: "461f6292-8085-41c8-af0c-e185f39b5e18",
imv1.LabelKymaSubaccountID: "c5ad84ae-3d1b-4592-bee1-f022661f7b30",
imv1.LabelControlledByProvisioner: "false",
},
},
Spec: imv1.RuntimeSpec{
Expand Down

0 comments on commit 2ac5f00

Please sign in to comment.