kyma-project · kyma-bot · Nov 7, 2023 · Sep 26, 2023 · Sep 26, 2023 · Sep 26, 2023
@@ -17,6 +17,9 @@ limitations under the License.
 package v1
 
 import (
+	"fmt"
+
+	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -67,10 +70,25 @@ type Secret struct {
 type State string
 
 const (
-	ReadyState      State = "Ready"
-	ProcessingState State = "Processing"
-	ErrorState      State = "Error"
-	DeletingState   State = "Deleting"
+	ReadyState State = "Ready"
+	ErrorState State = "Error"
+)
+
+type ConditionReason string
+
+const (
+	ConditionReasonKubeconfigSecretCreated ConditionReason = "KubeconfigSecretCreated"
+	ConditionReasonKubeconfigSecretRotated ConditionReason = "KubeconfigSecretRotated"
+	ConditionReasonFailedToGetSecret       ConditionReason = "FailedToCheckSecret"
+	ConditionReasonFailedToCreateSecret    ConditionReason = "ConditionReasonFailedToCreateSecret"
+	ConditionReasonFailedToUpdateSecret    ConditionReason = "FailedToUpdateSecret"
+	ConditionReasonFailedToGetKubeconfig   ConditionReason = "FailedToGetKubeconfig"
+)
+
+type ConditionType string
+
+const (
+	ConditionTypeKubeconfigManagement ConditionType = "KubeconfigManagement"
 )
 
 // GardenerClusterStatus defines the observed state of GardenerCluster
@@ -86,6 +104,54 @@ type GardenerClusterStatus struct {
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }
 
+func (cluster *GardenerCluster) UpdateConditionForReadyState(conditionType ConditionType, reason ConditionReason, conditionStatus metav1.ConditionStatus) {
+	cluster.Status.State = ReadyState
+
+	condition := metav1.Condition{
+		Type:               string(conditionType),
+		Status:             conditionStatus,
+		LastTransitionTime: metav1.Now(),
+		Reason:             string(reason),
+		Message:            getMessage(reason),
+	}
+	meta.RemoveStatusCondition(&cluster.Status.Conditions, condition.Type)
+	meta.SetStatusCondition(&cluster.Status.Conditions, condition)
+}
+
+func (cluster *GardenerCluster) UpdateConditionForErrorState(conditionType ConditionType, reason ConditionReason, conditionStatus metav1.ConditionStatus, error error) {
+	cluster.Status.State = ErrorState
+
+	condition := metav1.Condition{
+		Type:               string(conditionType),
+		Status:             conditionStatus,
+		LastTransitionTime: metav1.Now(),
+		Reason:             string(reason),
+		Message:            fmt.Sprintf("%s Error: %s", getMessage(reason), error.Error()),
+	}
+	meta.RemoveStatusCondition(&cluster.Status.Conditions, condition.Type)
+	meta.SetStatusCondition(&cluster.Status.Conditions, condition)
+}
+
+func getMessage(reason ConditionReason) string {
+	switch reason {
+	case ConditionReasonKubeconfigSecretCreated:
+		return "Secret created successfully."
+	case ConditionReasonKubeconfigSecretRotated:
+		return "Secret rotated successfully."
+	case ConditionReasonFailedToCreateSecret:
+		return "Failed to create secret."
+	case ConditionReasonFailedToUpdateSecret:
+		return "Failed to rotate secret."
+	case ConditionReasonFailedToGetSecret:
+		return "Failed to get secret."
+	case ConditionReasonFailedToGetKubeconfig:
+		return "Failed to get kubeconfig."
+
+	default:
+		return "Unknown condition"
+	}
+}
+
 func init() {
 	SchemeBuilder.Register(&GardenerCluster{}, &GardenerClusterList{})
 }
@@ -40,6 +40,9 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 )
 
+// The ratio determines what is the minimal time that needs to pass to rotate certificate.
+const minimalRotationTimeRatio = 0.6
+
 var (
 	scheme   = runtime.NewScheme()        //nolint:gochecknoglobals
 	setupLog = ctrl.Log.WithName("setup") //nolint:gochecknoglobals
@@ -106,15 +109,15 @@ func main() {
 	}
 
 	gardenerNamespace := fmt.Sprintf("garden-%s", gardenerProjectName)
-	expirationInSeconds := int64(expirationTime.Seconds())
-	kubeconfigProvider, err := setupKubernetesKubeconfigProvider(gardenerKubeconfigPath, gardenerNamespace, expirationInSeconds)
+	kubeconfigProvider, err := setupKubernetesKubeconfigProvider(gardenerKubeconfigPath, gardenerNamespace, expirationTime)
 
 	if err != nil {
 		setupLog.Error(err, "unable to initialize kubeconfig provider", "controller", "GardenerCluster")
 		os.Exit(1)
 	}
 
-	if err = (controller.NewGardenerClusterController(mgr, kubeconfigProvider, logger)).SetupWithManager(mgr); err != nil {
+	rotationPeriod := time.Duration(minimalRotationTimeRatio*expirationTime.Minutes()) * time.Minute
+	if err = (controller.NewGardenerClusterController(mgr, kubeconfigProvider, logger, rotationPeriod)).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "GardenerCluster")
 		os.Exit(1)
 	}
@@ -129,14 +132,15 @@ func main() {
 		os.Exit(1)
 	}
 
-	setupLog.Info("starting manager")
+	setupLog.Info("Starting Manager", "kubeconfigExpirationTime", expirationTime, "kubeconfigRotationPeriod", rotationPeriod)
+
 	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
 		setupLog.Error(err, "problem running manager")
 		os.Exit(1)
 	}
 }
 
-func setupKubernetesKubeconfigProvider(kubeconfigPath string, namespace string, expirationInSeconds int64) (gardener.KubeconfigProvider, error) {
+func setupKubernetesKubeconfigProvider(kubeconfigPath string, namespace string, expirationTime time.Duration) (gardener.KubeconfigProvider, error) {
 	restConfig, err := gardener.NewRestConfigFromFile(kubeconfigPath)
 	if err != nil {
 		return gardener.KubeconfigProvider{}, err
@@ -163,5 +167,5 @@ func setupKubernetesKubeconfigProvider(kubeconfigPath string, namespace string,
 	return gardener.NewKubeconfigProvider(shootClient,
 		dynamicKubeconfigAPI,
 		namespace,
-		expirationInSeconds), nil
+		int64(expirationTime.Seconds())), nil
 }
@@ -33,3 +33,9 @@ rules:
   - gardenerclusters/finalizers
   verbs:
   - update
+- apiGroups:
+  - infrastructuremanager.kyma-project.io
+  resources:
+  - gardenerclusters/status
+  verbs:
+  - update