From fc68f9a7be365ac4dd5b47b33a086bf6f44fa25c Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 11:58:48 +0200 Subject: [PATCH 01/17] First version of kubeconfig fetching implemented --- cmd/main.go | 51 +++++++++++++++++++----- internal/gardener/KubeConfigProvider.go | 53 ++++++++++++++++++++++++- internal/gardener/client.go | 11 ++--- 3 files changed, 96 insertions(+), 19 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index ff30184c..76291b83 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -18,8 +18,11 @@ package main import ( "flag" + "fmt" "os" + "time" + gardener_apis "github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1" infrastructuremanagerv1 "github.com/kyma-project/infrastructure-manager/api/v1" "github.com/kyma-project/infrastructure-manager/internal/controller" "github.com/kyma-project/infrastructure-manager/internal/gardener" @@ -30,6 +33,7 @@ import ( // to ensure that exec-entrypoint and run can make use of them. _ "k8s.io/client-go/plugin/pkg/client/auth" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" ) @@ -51,6 +55,8 @@ func main() { var enableLeaderElection bool var probeAddr string var gardenerKubeconfigPath string + var gardenerProjectName string + var expirationInHours int64 flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") @@ -58,7 +64,8 @@ func main() { "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") flag.StringVar(&gardenerKubeconfigPath, "gardener-kubeconfig-path", "/gardener/kubeconfig/kubeconfig", "Kubeconfig file for Gardener cluster") - + flag.StringVar(&gardenerProjectName, "gardener-project-name", "gardener-project", "Name of the Gardener project") + flag.Int64Var(&expirationInHours, "expiration-in-hours", 12, "Dynamic kubeconfig expiration time in seconds") opts := zap.Options{ Development: true, } @@ -93,9 +100,16 @@ func main() { os.Exit(1) } - provider := gardener.KubeconfigProvider{} + gardenerNamespace := fmt.Sprintf("garden-%s", gardenerProjectName) + expirationInSeconds := int64(time.Duration(expirationInHours).Seconds()) + kubeconfigProvider, err := setupKubernetesKubeconfigProvider(gardenerKubeconfigPath, gardenerNamespace, expirationInSeconds) + + if err != nil { + setupLog.Error(err, "unable to initialize kubeconfig provider", "controller", "GardenerCluster") + os.Exit(1) + } - if err = (controller.NewGardenerClusterController(mgr, provider, logger)).SetupWithManager(mgr); err != nil { + if err = (controller.NewGardenerClusterController(mgr, kubeconfigProvider, logger)).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "GardenerCluster") os.Exit(1) } @@ -110,15 +124,34 @@ func main() { os.Exit(1) } - _, err = gardener.NewClientFromFile(gardenerKubeconfigPath) - if err != nil { - setupLog.Error(err, "failed to load Gardener kubeconfig") - os.Exit(1) - } - setupLog.Info("starting manager") if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { setupLog.Error(err, "problem running manager") os.Exit(1) } } + +func setupKubernetesKubeconfigProvider(kubeconfigPath string, namespace string, expirationInSeconds int64) (gardener.KubeconfigProvider, error) { + restConfig, err := gardener.NewRestConfigFromFile(kubeconfigPath) + if err != nil { + return gardener.KubeconfigProvider{}, err + } + + gardenerClientSet, err := gardener_apis.NewForConfig(restConfig) + if err != nil { + return gardener.KubeconfigProvider{}, err + } + + gardenerClient, err := client.New(restConfig, client.Options{}) + if err != nil { + return gardener.KubeconfigProvider{}, err + } + + shootClient := gardenerClientSet.Shoots(namespace) + dynamicKubeconfigAPI := gardenerClient.SubResource("adminkubeconfig") + + return gardener.NewKubeconfigProvider(shootClient, + dynamicKubeconfigAPI, + namespace, + expirationInSeconds), nil +} diff --git a/internal/gardener/KubeConfigProvider.go b/internal/gardener/KubeConfigProvider.go index fefaeec5..9a64f048 100644 --- a/internal/gardener/KubeConfigProvider.go +++ b/internal/gardener/KubeConfigProvider.go @@ -1,8 +1,57 @@ package gardener +import ( + "context" + authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" + "github.com/gardener/gardener/pkg/apis/core/v1beta1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gardenerClient "sigs.k8s.io/controller-runtime/pkg/client" +) + type KubeconfigProvider struct { + shootNamespace string + shootClient ShootClient + dynamicKubeconfigAPI DynamicKubeconfigAPI + expirationInSeconds int64 +} + +type ShootClient interface { + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.Shoot, error) +} + +type DynamicKubeconfigAPI interface { + Create(ctx context.Context, obj gardenerClient.Object, subResource gardenerClient.Object, opts ...gardenerClient.SubResourceCreateOption) error } -func (receiver KubeconfigProvider) Fetch(shootName string) (string, error) { - return "kubeconfig-" + shootName, nil +func NewKubeconfigProvider( + shootClient ShootClient, + dynamicKubeconfigAPI DynamicKubeconfigAPI, + shootNamespace string, + expirationInSeconds int64) KubeconfigProvider { + return KubeconfigProvider{ + shootClient: shootClient, + dynamicKubeconfigAPI: dynamicKubeconfigAPI, + shootNamespace: shootNamespace, + expirationInSeconds: expirationInSeconds, + } +} + +func (kp KubeconfigProvider) Fetch(shootName string) (string, error) { + shoot, err := kp.shootClient.Get(context.Background(), shootName, v1.GetOptions{}) + if err != nil { + return "", err + } + + adminKubeconfigRequest := authenticationv1alpha1.AdminKubeconfigRequest{ + Spec: authenticationv1alpha1.AdminKubeconfigRequestSpec{ + ExpirationSeconds: &kp.expirationInSeconds, + }, + } + + err = kp.dynamicKubeconfigAPI.Create(context.Background(), shoot, &adminKubeconfigRequest) + if err != nil { + return "", err + } + + return string(adminKubeconfigRequest.Status.Kubeconfig), nil } diff --git a/internal/gardener/client.go b/internal/gardener/client.go index 379fc0ff..7fab48a0 100644 --- a/internal/gardener/client.go +++ b/internal/gardener/client.go @@ -4,11 +4,11 @@ import ( "fmt" "os" - gardener_apis "github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1" + restclient "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" ) -func NewClientFromFile(kubeconfigFilePath string) (*gardener_apis.CoreV1beta1Client, error) { +func NewRestConfigFromFile(kubeconfigFilePath string) (*restclient.Config, error) { rawKubeconfig, err := os.ReadFile(kubeconfigFilePath) if err != nil { return nil, fmt.Errorf("failed to read Gardener Kubeconfig from path %s: %s", kubeconfigFilePath, err.Error()) @@ -19,10 +19,5 @@ func NewClientFromFile(kubeconfigFilePath string) (*gardener_apis.CoreV1beta1Cli return nil, err } - clientset, err := gardener_apis.NewForConfig(restConfig) - if err != nil { - return nil, err - } - - return clientset, nil + return restConfig, err } From 812c5cd2d2090166c87aeae584fc9282ac22abbd Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 12:10:00 +0200 Subject: [PATCH 02/17] Linter issue fixed --- internal/gardener/KubeConfigProvider.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/gardener/KubeConfigProvider.go b/internal/gardener/KubeConfigProvider.go index 9a64f048..acd72df7 100644 --- a/internal/gardener/KubeConfigProvider.go +++ b/internal/gardener/KubeConfigProvider.go @@ -2,6 +2,7 @@ package gardener import ( "context" + authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" From b032b344176914e69e4186dfb3d533b763ae2291 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 12:12:55 +0200 Subject: [PATCH 03/17] Linter issue fixed --- cmd/main.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 76291b83..6cb147ee 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -50,6 +50,8 @@ func init() { //+kubebuilder:scaffold:scheme } +const defaultExpirationTimeInHours = 7 * 12 + func main() { var metricsAddr string var enableLeaderElection bool @@ -64,8 +66,8 @@ func main() { "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") flag.StringVar(&gardenerKubeconfigPath, "gardener-kubeconfig-path", "/gardener/kubeconfig/kubeconfig", "Kubeconfig file for Gardener cluster") - flag.StringVar(&gardenerProjectName, "gardener-project-name", "gardener-project", "Name of the Gardener project") - flag.Int64Var(&expirationInHours, "expiration-in-hours", 12, "Dynamic kubeconfig expiration time in seconds") + flag.StringVar(&gardenerProjectName, "gardener-project-name", "frog-dev", "Name of the Gardener project") + flag.Int64Var(&expirationInHours, "expiration-in-hours", defaultExpirationTimeInHours, "Dynamic kubeconfig expiration time in seconds") opts := zap.Options{ Development: true, } From 57b2bd04e75fbde981983edcb53f1034f595e14e Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 12:19:42 +0200 Subject: [PATCH 04/17] Linter issue fixed --- cmd/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/main.go b/cmd/main.go index 6cb147ee..ba5090a9 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -66,7 +66,7 @@ func main() { "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") flag.StringVar(&gardenerKubeconfigPath, "gardener-kubeconfig-path", "/gardener/kubeconfig/kubeconfig", "Kubeconfig file for Gardener cluster") - flag.StringVar(&gardenerProjectName, "gardener-project-name", "frog-dev", "Name of the Gardener project") + flag.StringVar(&gardenerProjectName, "gardener-project-name", "gardener-project", "Name of the Gardener project") flag.Int64Var(&expirationInHours, "expiration-in-hours", defaultExpirationTimeInHours, "Dynamic kubeconfig expiration time in seconds") opts := zap.Options{ Development: true, From a775bfa86194dca9acb8abdfbf993731e91ed5a3 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 12:24:59 +0200 Subject: [PATCH 05/17] Samples updated --- config/samples/clusterinventory_v1_cluster.yaml | 0 config/samples/clusterinventory_v1_gardenercluster.yaml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 config/samples/clusterinventory_v1_cluster.yaml diff --git a/config/samples/clusterinventory_v1_cluster.yaml b/config/samples/clusterinventory_v1_cluster.yaml deleted file mode 100644 index e69de29b..00000000 diff --git a/config/samples/clusterinventory_v1_gardenercluster.yaml b/config/samples/clusterinventory_v1_gardenercluster.yaml index d571200b..a699ef82 100644 --- a/config/samples/clusterinventory_v1_gardenercluster.yaml +++ b/config/samples/clusterinventory_v1_gardenercluster.yaml @@ -1,4 +1,4 @@ -apiVersion: clusterinventory.kyma-project.io/v1 +apiVersion: infrastructuremanager.kyma-project.io/v1 kind: GardenerCluster metadata: labels: From 84c6cec820b2960ae5f54ac553e094a51f1ce2c3 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 17:59:54 +0200 Subject: [PATCH 06/17] Trying to run with Gardener --- config/rbac/role.yaml | 18 ++++++++++-------- .../controller/gardener_cluster_controller.go | 2 +- internal/gardener/KubeConfigProvider.go | 5 +++-- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 78ec8c8b..dae32328 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -5,28 +5,30 @@ metadata: name: manager-role rules: - apiGroups: - - infrastructuremanager.kyma-project.io + - "" resources: - - gardenerclusters + - secrets verbs: - create - delete - get - list - - patch - update - - watch - apiGroups: - infrastructuremanager.kyma-project.io resources: - - gardenerclusters/finalizers + - gardenerclusters verbs: + - create + - delete + - get + - list + - patch - update + - watch - apiGroups: - infrastructuremanager.kyma-project.io resources: - - gardenerclusters/status + - gardenerclusters/finalizers verbs: - - get - - patch - update diff --git a/internal/controller/gardener_cluster_controller.go b/internal/controller/gardener_cluster_controller.go index 1d107632..3eea00cb 100644 --- a/internal/controller/gardener_cluster_controller.go +++ b/internal/controller/gardener_cluster_controller.go @@ -61,7 +61,7 @@ type KubeconfigProvider interface { } //+kubebuilder:rbac:groups=infrastructuremanager.kyma-project.io,resources=gardenerclusters,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=infrastructuremanager.kyma-project.io,resources=gardenerclusters/status,verbs=get;update;patch +//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;create;update;delete //+kubebuilder:rbac:groups=infrastructuremanager.kyma-project.io,resources=gardenerclusters/finalizers,verbs=update // Reconcile is part of the main kubernetes reconciliation loop which aims to diff --git a/internal/gardener/KubeConfigProvider.go b/internal/gardener/KubeConfigProvider.go index acd72df7..9e844552 100644 --- a/internal/gardener/KubeConfigProvider.go +++ b/internal/gardener/KubeConfigProvider.go @@ -2,6 +2,7 @@ package gardener import ( "context" + "github.com/pkg/errors" authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" "github.com/gardener/gardener/pkg/apis/core/v1beta1" @@ -40,7 +41,7 @@ func NewKubeconfigProvider( func (kp KubeconfigProvider) Fetch(shootName string) (string, error) { shoot, err := kp.shootClient.Get(context.Background(), shootName, v1.GetOptions{}) if err != nil { - return "", err + return "", errors.Wrap(err, "failed to get shoot") } adminKubeconfigRequest := authenticationv1alpha1.AdminKubeconfigRequest{ @@ -51,7 +52,7 @@ func (kp KubeconfigProvider) Fetch(shootName string) (string, error) { err = kp.dynamicKubeconfigAPI.Create(context.Background(), shoot, &adminKubeconfigRequest) if err != nil { - return "", err + return "", errors.Wrap(err, "failed to create AdminKubeconfigRequest") } return string(adminKubeconfigRequest.Status.Kubeconfig), nil From 1ac2d809b526607595b11afdcc242a8e51fc1c8c Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 18:13:06 +0200 Subject: [PATCH 07/17] Trying to run with Gardener --- internal/controller/gardener_cluster_controller.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/controller/gardener_cluster_controller.go b/internal/controller/gardener_cluster_controller.go index 3eea00cb..2f5e622a 100644 --- a/internal/controller/gardener_cluster_controller.go +++ b/internal/controller/gardener_cluster_controller.go @@ -158,8 +158,10 @@ func (r *GardenerClusterController) newSecret(cluster infrastructuremanagerv1.Ga labels["operator.kyma-project.io/managed-by"] = "infrastructure-manager" labels[clusterCRNameLabel] = cluster.Name + r.log.Info("Fetching kubeconfig from Gardener") kubeconfig, err := r.KubeconfigProvider.Fetch(cluster.Spec.Shoot.Name) if err != nil { + r.log.Error(err, "failed to fetch kubeconfig from Gardener") return corev1.Secret{}, err } From 94d5d0930bc99baaa1929fa338880fecaad65b3d Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 18:16:10 +0200 Subject: [PATCH 08/17] linter --- internal/gardener/KubeConfigProvider.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/gardener/KubeConfigProvider.go b/internal/gardener/KubeConfigProvider.go index 9e844552..83c81879 100644 --- a/internal/gardener/KubeConfigProvider.go +++ b/internal/gardener/KubeConfigProvider.go @@ -2,10 +2,10 @@ package gardener import ( "context" - "github.com/pkg/errors" authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" "github.com/gardener/gardener/pkg/apis/core/v1beta1" + "github.com/pkg/errors" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gardenerClient "sigs.k8s.io/controller-runtime/pkg/client" ) From 726027b3af611041c0d2855cea483add6de8291d Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 18:27:20 +0200 Subject: [PATCH 09/17] logging --- internal/controller/gardener_cluster_controller.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/internal/controller/gardener_cluster_controller.go b/internal/controller/gardener_cluster_controller.go index 2f5e622a..c6e9f7e5 100644 --- a/internal/controller/gardener_cluster_controller.go +++ b/internal/controller/gardener_cluster_controller.go @@ -141,8 +141,10 @@ func (r *GardenerClusterController) getSecret(shootName string) (*corev1.Secret, } func (r *GardenerClusterController) createSecret(ctx context.Context, cluster infrastructuremanagerv1.GardenerCluster) error { + r.log.Info("About to create new secret") secret, err := r.newSecret(cluster) if err != nil { + r.log.Error(err, "failed to create secret") return err } @@ -152,6 +154,8 @@ func (r *GardenerClusterController) createSecret(ctx context.Context, cluster in func (r *GardenerClusterController) newSecret(cluster infrastructuremanagerv1.GardenerCluster) (corev1.Secret, error) { labels := map[string]string{} + r.log.Info("Creating new secret") + for key, val := range cluster.Labels { labels[key] = val } From dd63eb8031632380948d8edc85b9da6f4b24e952 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 22 Sep 2023 18:41:00 +0200 Subject: [PATCH 10/17] logging --- internal/controller/gardener_cluster_controller.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/controller/gardener_cluster_controller.go b/internal/controller/gardener_cluster_controller.go index c6e9f7e5..c773cc96 100644 --- a/internal/controller/gardener_cluster_controller.go +++ b/internal/controller/gardener_cluster_controller.go @@ -97,8 +97,9 @@ func (r *GardenerClusterController) Reconcile(ctx context.Context, req ctrl.Requ } if secret == nil { - r.log.Error(err, "Secret not found, and will be created") + r.log.Error(err, "Secret not found, and will be created!!!") + r.log.Info("Calling createSecret") err = r.createSecret(ctx, cluster) if err != nil { From 7dc6932454bb4d76f4306134e85ec3855fba9cc3 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Tue, 26 Sep 2023 07:32:33 +0200 Subject: [PATCH 11/17] Fix for dynamic kubeconfig creation --- cmd/main.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cmd/main.go b/cmd/main.go index ba5090a9..d40e2b02 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -19,6 +19,8 @@ package main import ( "flag" "fmt" + "github.com/gardener/gardener/pkg/apis/core/v1beta1" + "github.com/pkg/errors" "os" "time" @@ -152,6 +154,12 @@ func setupKubernetesKubeconfigProvider(kubeconfigPath string, namespace string, shootClient := gardenerClientSet.Shoots(namespace) dynamicKubeconfigAPI := gardenerClient.SubResource("adminkubeconfig") + err = v1beta1.AddToScheme(gardenerClient.Scheme()) + + if err != nil { + errors.Wrap(err, "Failed ") + } + return gardener.NewKubeconfigProvider(shootClient, dynamicKubeconfigAPI, namespace, From 73af5b7aa02687f5d7b7a624a98355407b1357e4 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Tue, 26 Sep 2023 07:39:34 +0200 Subject: [PATCH 12/17] Fix for dynamic kubeconfig creation --- cmd/main.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index d40e2b02..520bfeb9 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -19,15 +19,15 @@ package main import ( "flag" "fmt" - "github.com/gardener/gardener/pkg/apis/core/v1beta1" - "github.com/pkg/errors" "os" "time" + "github.com/gardener/gardener/pkg/apis/core/v1beta1" gardener_apis "github.com/gardener/gardener/pkg/client/core/clientset/versioned/typed/core/v1beta1" infrastructuremanagerv1 "github.com/kyma-project/infrastructure-manager/api/v1" "github.com/kyma-project/infrastructure-manager/internal/controller" "github.com/kyma-project/infrastructure-manager/internal/gardener" + "github.com/pkg/errors" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" @@ -155,9 +155,8 @@ func setupKubernetesKubeconfigProvider(kubeconfigPath string, namespace string, dynamicKubeconfigAPI := gardenerClient.SubResource("adminkubeconfig") err = v1beta1.AddToScheme(gardenerClient.Scheme()) - if err != nil { - errors.Wrap(err, "Failed ") + return gardener.KubeconfigProvider{}, errors.Wrap(err, "failed to register Gardener schema") } return gardener.NewKubeconfigProvider(shootClient, From 8fd892a73f8d5ee7a85ce37670fe095303c7bdb5 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Tue, 26 Sep 2023 08:50:54 +0200 Subject: [PATCH 13/17] Time conversion issue fixed --- cmd/main.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 520bfeb9..83add7b6 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -52,7 +52,7 @@ func init() { //+kubebuilder:scaffold:scheme } -const defaultExpirationTimeInHours = 7 * 12 +const defaultExpirationTimeInHours = 7 * 12 * time.Hour func main() { var metricsAddr string @@ -60,7 +60,7 @@ func main() { var probeAddr string var gardenerKubeconfigPath string var gardenerProjectName string - var expirationInHours int64 + var expirationInHours time.Duration flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") @@ -69,7 +69,7 @@ func main() { "Enabling this will ensure there is only one active controller manager.") flag.StringVar(&gardenerKubeconfigPath, "gardener-kubeconfig-path", "/gardener/kubeconfig/kubeconfig", "Kubeconfig file for Gardener cluster") flag.StringVar(&gardenerProjectName, "gardener-project-name", "gardener-project", "Name of the Gardener project") - flag.Int64Var(&expirationInHours, "expiration-in-hours", defaultExpirationTimeInHours, "Dynamic kubeconfig expiration time in seconds") + flag.DurationVar(&expirationInHours, "", defaultExpirationTimeInHours, "Dynamic kubeconfig expiration time in hours") opts := zap.Options{ Development: true, } @@ -105,7 +105,7 @@ func main() { } gardenerNamespace := fmt.Sprintf("garden-%s", gardenerProjectName) - expirationInSeconds := int64(time.Duration(expirationInHours).Seconds()) + expirationInSeconds := int64(expirationInHours.Seconds()) kubeconfigProvider, err := setupKubernetesKubeconfigProvider(gardenerKubeconfigPath, gardenerNamespace, expirationInSeconds) if err != nil { From 5215be6a4cd0026225ba3fc818495cf5ecb871f7 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Tue, 26 Sep 2023 09:09:48 +0200 Subject: [PATCH 14/17] Changed time parameter type --- cmd/main.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 83add7b6..8145f397 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -52,7 +52,7 @@ func init() { //+kubebuilder:scaffold:scheme } -const defaultExpirationTimeInHours = 7 * 12 * time.Hour +const defaultExpirationTime = 7 * 12 * time.Hour func main() { var metricsAddr string @@ -60,7 +60,7 @@ func main() { var probeAddr string var gardenerKubeconfigPath string var gardenerProjectName string - var expirationInHours time.Duration + var expirationTime time.Duration flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") @@ -69,7 +69,8 @@ func main() { "Enabling this will ensure there is only one active controller manager.") flag.StringVar(&gardenerKubeconfigPath, "gardener-kubeconfig-path", "/gardener/kubeconfig/kubeconfig", "Kubeconfig file for Gardener cluster") flag.StringVar(&gardenerProjectName, "gardener-project-name", "gardener-project", "Name of the Gardener project") - flag.DurationVar(&expirationInHours, "", defaultExpirationTimeInHours, "Dynamic kubeconfig expiration time in hours") + flag.DurationVar(&expirationTime, "kubeconfig-expiration-time", defaultExpirationTime, "Dynamic kubeconfig expiration time") + opts := zap.Options{ Development: true, } @@ -105,7 +106,7 @@ func main() { } gardenerNamespace := fmt.Sprintf("garden-%s", gardenerProjectName) - expirationInSeconds := int64(expirationInHours.Seconds()) + expirationInSeconds := int64(expirationTime.Seconds()) kubeconfigProvider, err := setupKubernetesKubeconfigProvider(gardenerKubeconfigPath, gardenerNamespace, expirationInSeconds) if err != nil { From df6974ca4c4b864d4181fb8d18dd8e5a2d95e10f Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Tue, 26 Sep 2023 09:35:13 +0200 Subject: [PATCH 15/17] Some debugging --- internal/controller/gardener_cluster_controller.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/internal/controller/gardener_cluster_controller.go b/internal/controller/gardener_cluster_controller.go index c773cc96..035141a8 100644 --- a/internal/controller/gardener_cluster_controller.go +++ b/internal/controller/gardener_cluster_controller.go @@ -101,7 +101,6 @@ func (r *GardenerClusterController) Reconcile(ctx context.Context, req ctrl.Requ r.log.Info("Calling createSecret") err = r.createSecret(ctx, cluster) - if err != nil { return r.ResultWithoutRequeue(), err } @@ -142,14 +141,21 @@ func (r *GardenerClusterController) getSecret(shootName string) (*corev1.Secret, } func (r *GardenerClusterController) createSecret(ctx context.Context, cluster infrastructuremanagerv1.GardenerCluster) error { - r.log.Info("About to create new secret") + r.log.Info("Preparing new secret") secret, err := r.newSecret(cluster) if err != nil { - r.log.Error(err, "failed to create secret") + r.log.Error(err, "failed to prepare secret") return err } - return r.Client.Create(ctx, &secret) + r.log.Info("Creating new secret") + + err = r.Client.Create(ctx, &secret) + if err != nil { + r.log.Error(err, "failed to create secret") + } + + return err } func (r *GardenerClusterController) newSecret(cluster infrastructuremanagerv1.GardenerCluster) (corev1.Secret, error) { From 1d0c683f838f856298782197a6bb8c9f956e6506 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Tue, 26 Sep 2023 12:11:08 +0200 Subject: [PATCH 16/17] Removed some logging messages --- config/rbac/role.yaml | 1 + .../controller/gardener_cluster_controller.go | 25 +++---------------- 2 files changed, 4 insertions(+), 22 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index dae32328..0f9269f5 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -14,6 +14,7 @@ rules: - get - list - update + - watch - apiGroups: - infrastructuremanager.kyma-project.io resources: diff --git a/internal/controller/gardener_cluster_controller.go b/internal/controller/gardener_cluster_controller.go index 035141a8..356b8481 100644 --- a/internal/controller/gardener_cluster_controller.go +++ b/internal/controller/gardener_cluster_controller.go @@ -61,7 +61,7 @@ type KubeconfigProvider interface { } //+kubebuilder:rbac:groups=infrastructuremanager.kyma-project.io,resources=gardenerclusters,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;create;update;delete +//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;delete //+kubebuilder:rbac:groups=infrastructuremanager.kyma-project.io,resources=gardenerclusters/finalizers,verbs=update // Reconcile is part of the main kubernetes reconciliation loop which aims to @@ -73,21 +73,18 @@ type KubeconfigProvider interface { // For more details, check Reconcile and its Result here: // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.15.0/pkg/reconcile func (r *GardenerClusterController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { //nolint:revive - r.log.Info("Starting reconciliation loop") + r.log.Info(fmt.Sprintf("Starting reconciliation loop for GardenerCluster resource: %v", req.NamespacedName)) var cluster infrastructuremanagerv1.GardenerCluster err := r.Client.Get(ctx, req.NamespacedName, &cluster) if err != nil { - r.log.Error(err, "could not get the CR for "+req.NamespacedName.Name) return r.ResultWithoutRequeue(), err } secret, err := r.getSecret(cluster.Spec.Shoot.Name) if err != nil { - r.log.Error(err, "could not get the Secret for "+cluster.Spec.Shoot.Name) - if !k8serrors.IsNotFound(err) { return ctrl.Result{ Requeue: true, @@ -97,9 +94,6 @@ func (r *GardenerClusterController) Reconcile(ctx context.Context, req ctrl.Requ } if secret == nil { - r.log.Error(err, "Secret not found, and will be created!!!") - - r.log.Info("Calling createSecret") err = r.createSecret(ctx, cluster) if err != nil { return r.ResultWithoutRequeue(), err @@ -141,38 +135,25 @@ func (r *GardenerClusterController) getSecret(shootName string) (*corev1.Secret, } func (r *GardenerClusterController) createSecret(ctx context.Context, cluster infrastructuremanagerv1.GardenerCluster) error { - r.log.Info("Preparing new secret") secret, err := r.newSecret(cluster) if err != nil { - r.log.Error(err, "failed to prepare secret") return err } - r.log.Info("Creating new secret") - - err = r.Client.Create(ctx, &secret) - if err != nil { - r.log.Error(err, "failed to create secret") - } - - return err + return r.Client.Create(ctx, &secret) } func (r *GardenerClusterController) newSecret(cluster infrastructuremanagerv1.GardenerCluster) (corev1.Secret, error) { labels := map[string]string{} - r.log.Info("Creating new secret") - for key, val := range cluster.Labels { labels[key] = val } labels["operator.kyma-project.io/managed-by"] = "infrastructure-manager" labels[clusterCRNameLabel] = cluster.Name - r.log.Info("Fetching kubeconfig from Gardener") kubeconfig, err := r.KubeconfigProvider.Fetch(cluster.Spec.Shoot.Name) if err != nil { - r.log.Error(err, "failed to fetch kubeconfig from Gardener") return corev1.Secret{}, err } From e3f80cb8b4b2f3ac1d6e5a5b98842c0a946de145 Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Tue, 26 Sep 2023 15:19:39 +0200 Subject: [PATCH 17/17] Added expiration time to patch yaml --- cmd/main.go | 2 +- config/default/manager_gardener_secret_patch.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/main.go b/cmd/main.go index 8145f397..6004474b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -52,7 +52,7 @@ func init() { //+kubebuilder:scaffold:scheme } -const defaultExpirationTime = 7 * 12 * time.Hour +const defaultExpirationTime = 24 * time.Hour func main() { var metricsAddr string diff --git a/config/default/manager_gardener_secret_patch.yaml b/config/default/manager_gardener_secret_patch.yaml index 72713b5c..4afb921f 100644 --- a/config/default/manager_gardener_secret_patch.yaml +++ b/config/default/manager_gardener_secret_patch.yaml @@ -19,6 +19,8 @@ spec: - /manager args: - --gardener-kubeconfig-path=/gardener/credentials/kubeconfig + - --gardener-project-name=kyma-dev + - --kubeconfig-expiration-time=24h volumeMounts: - name: gardener-kubeconfig mountPath: /gardener/credentials