Skip to content

Commit

Permalink
fix: add cert-manager to missing pipelines + fix linter issues (#702)
Browse files Browse the repository at this point in the history
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
odubajDT authored Jan 27, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent eab9397 commit a4ab1e3
Showing 11 changed files with 112 additions and 88 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/golangci-lint.yml
Original file line number Diff line number Diff line change
@@ -24,6 +24,8 @@ jobs:
folder: "operator/"
- name: "scheduler"
folder: "scheduler/"
- name: "klt-cert-manager"
folder: "klt-cert-manager/"
steps:
- name: Check out code
uses: actions/checkout@v3
14 changes: 13 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -49,6 +49,8 @@ jobs:
folder: "scheduler/"
- name: "functions-runtime"
folder: "functions-runtime/"
- name: "klt-cert-manager"
folder: "klt-cert-manager/"
runs-on: ubuntu-22.04
permissions:
contents: write
@@ -137,6 +139,13 @@ jobs:
path: ./scheduler/bin
key: build-tools-${{ github.ref_name }}

- name: Cache build tools cert-manager
id: cache-build-tools-klt-cert-manager
uses: actions/cache@v3
with:
path: ./klt-cert-manager/bin
key: build-tools-${{ github.ref_name }}

- name: Set up Go
uses: actions/setup-go@v3
with:
@@ -151,9 +160,12 @@ jobs:
make release-manifests
cd ../operator
make controller-gen release-manifests
cd ../klt-cert-manager
make controller-gen release-manifests
cd ..
echo "---" >> operator/config/rendered/release.yaml
cat operator/config/rendered/release.yaml scheduler/config/rendered/release.yaml > manifest.yaml
echo "---" >> scheduler/config/rendered/release.yaml
cat operator/config/rendered/release.yaml scheduler/config/rendered/release.yaml klt-cert-manager/config/rendered/release.yaml > manifest.yaml
- name: Attach release assets
uses: softprops/action-gh-release@v1
1 change: 1 addition & 0 deletions .github/workflows/validate-semantic-pr.yml
Original file line number Diff line number Diff line change
@@ -35,6 +35,7 @@ jobs:
scopes: |
scheduler
operator
cert-manager
functions-runtime
dashboards
# Configure that a scope must always be provided.
Original file line number Diff line number Diff line change
@@ -32,8 +32,8 @@ func newCertificateSecret(clt client.Client) *certificateSecret {
}

func (certSecret *certificateSecret) setSecretFromReader(ctx context.Context, namespace string, log logr.Logger) error {
query := kubeutils.NewSecretQuery(ctx, nil, certSecret.clt, log)
secret, err := query.Get(types.NamespacedName{Name: buildSecretName(), Namespace: namespace})
query := kubeutils.NewSecretQuery(nil, certSecret.clt, log)
secret, err := query.Get(ctx, types.NamespacedName{Name: buildSecretName(), Namespace: namespace})

if k8serrors.IsNotFound(err) {
certSecret.secret = kubeutils.NewSecret(buildSecretName(), namespace, map[string][]byte{})
Original file line number Diff line number Diff line change
@@ -21,7 +21,6 @@ import (

// KeptnWebhookCertificateReconciler reconciles a KeptnWebhookCertificate object
type KeptnWebhookCertificateReconciler struct {
ctx context.Context
Client client.Client
Scheme *runtime.Scheme
CancelMgrFunc context.CancelFunc
@@ -45,35 +44,24 @@ func (r *KeptnWebhookCertificateReconciler) Reconcile(ctx context.Context, reque
r.Log.Info("reconciling webhook certificates",
"namespace", request.Namespace, "name", request.Name)

r.ctx = ctx

mutatingWebhookConfiguration, err := r.getMutatingWebhookConfiguration()
mutatingWebhookConfiguration, err := r.getMutatingWebhookConfiguration(ctx)
if err != nil {
r.Log.Error(err, "could not find mutating webhook configuration")
}

validatingWebhookConfiguration, err := r.getValidatingWebhookConfiguration()
validatingWebhookConfiguration, err := r.getValidatingWebhookConfiguration(ctx)
if err != nil {
r.Log.Error(err, "could not find validating webhook configuration")
}

crds := &apiv1.CustomResourceDefinitionList{}
crds, err = r.getCRDConfigurations()
crds, err := r.getCRDConfigurations(ctx)
if err != nil {
r.Log.Error(err, "could not find CRDs")
}

certSecret := newCertificateSecret(r.Client)

err = certSecret.setSecretFromReader(r.ctx, namespace, r.Log)
if err != nil {
r.Log.Error(err, "could not get secret")
return reconcile.Result{}, errors.WithStack(err)
}

err = certSecret.setCertificates(namespace)
if err != nil {
r.Log.Error(err, "could not validate certificate")
if err := r.setCertificates(ctx, certSecret); err != nil {
return reconcile.Result{}, errors.WithStack(err)
}

@@ -92,24 +80,7 @@ func (r *KeptnWebhookCertificateReconciler) Reconcile(ctx context.Context, reque
return reconcile.Result{RequeueAfter: SuccessDuration}, nil
}

if err = certSecret.createOrUpdateIfNecessary(r.ctx); err != nil {
return reconcile.Result{}, errors.WithStack(err)
}

bundle, err := certSecret.loadCombinedBundle()
if err != nil {
return reconcile.Result{}, errors.WithStack(err)
}

if err := r.updateClientConfigurations(bundle, mutatingWebhookConfigs, mutatingWebhookConfiguration); err != nil {
return reconcile.Result{}, errors.WithStack(err)
}

if err := r.updateClientConfigurations(bundle, validatingWebhookConfigs, validatingWebhookConfiguration); err != nil {
return reconcile.Result{}, errors.WithStack(err)
}

if err = r.updateCRDsConfiguration(crds, bundle); err != nil {
if err = r.updateConfigurations(ctx, certSecret, crds, mutatingWebhookConfigs, mutatingWebhookConfiguration, validatingWebhookConfigs, validatingWebhookConfiguration); err != nil {
return reconcile.Result{}, errors.WithStack(err)
}

@@ -127,17 +98,59 @@ func (r *KeptnWebhookCertificateReconciler) SetupWithManager(mgr ctrl.Manager) e

}

func (r *KeptnWebhookCertificateReconciler) setCertificates(ctx context.Context, certSecret *certificateSecret) error {
err := certSecret.setSecretFromReader(ctx, namespace, r.Log)
if err != nil {
r.Log.Error(err, "could not get secret")
return err
}

err = certSecret.setCertificates(namespace)
if err != nil {
r.Log.Error(err, "could not validate certificate")
return err
}

return nil
}

func (r *KeptnWebhookCertificateReconciler) updateConfigurations(ctx context.Context, certSecret *certificateSecret, crds *apiv1.CustomResourceDefinitionList,
mutatingWebhookConfigs []*admissionregistrationv1.WebhookClientConfig, mutatingWebhookConfiguration *admissionregistrationv1.MutatingWebhookConfiguration,
validatingWebhookConfigs []*admissionregistrationv1.WebhookClientConfig, validatingWebhookConfiguration *admissionregistrationv1.ValidatingWebhookConfiguration) error {
if err := certSecret.createOrUpdateIfNecessary(ctx); err != nil {
return err
}

bundle, err := certSecret.loadCombinedBundle()
if err != nil {
return err
}

if err := r.updateClientConfigurations(ctx, bundle, mutatingWebhookConfigs, mutatingWebhookConfiguration); err != nil {
return err
}

if err := r.updateClientConfigurations(ctx, bundle, validatingWebhookConfigs, validatingWebhookConfiguration); err != nil {
return err
}

if err = r.updateCRDsConfiguration(ctx, crds, bundle); err != nil {
return err
}
return nil
}

func (r *KeptnWebhookCertificateReconciler) cancelMgr() {
if r.CancelMgrFunc != nil {
r.Log.Info("stopping manager after certificates creation")
r.CancelMgrFunc()
}
}

func (r *KeptnWebhookCertificateReconciler) getMutatingWebhookConfiguration() (
func (r *KeptnWebhookCertificateReconciler) getMutatingWebhookConfiguration(ctx context.Context) (
*admissionregistrationv1.MutatingWebhookConfiguration, error) {
var mutatingWebhook admissionregistrationv1.MutatingWebhookConfiguration
if err := r.Client.Get(r.ctx, client.ObjectKey{
if err := r.Client.Get(ctx, client.ObjectKey{
Name: MutatingWebhookconfig,
}, &mutatingWebhook); err != nil {
return nil, err
@@ -149,10 +162,10 @@ func (r *KeptnWebhookCertificateReconciler) getMutatingWebhookConfiguration() (
return &mutatingWebhook, nil
}

func (r *KeptnWebhookCertificateReconciler) getValidatingWebhookConfiguration() (
func (r *KeptnWebhookCertificateReconciler) getValidatingWebhookConfiguration(ctx context.Context) (
*admissionregistrationv1.ValidatingWebhookConfiguration, error) {
var validatingWebhook admissionregistrationv1.ValidatingWebhookConfiguration
if err := r.Client.Get(r.ctx, client.ObjectKey{
if err := r.Client.Get(ctx, client.ObjectKey{
Name: ValidatingWebhookconfig,
}, &validatingWebhook); err != nil {
return nil, err
@@ -164,7 +177,7 @@ func (r *KeptnWebhookCertificateReconciler) getValidatingWebhookConfiguration()
return &validatingWebhook, nil
}

func (r *KeptnWebhookCertificateReconciler) updateClientConfigurations(bundle []byte,
func (r *KeptnWebhookCertificateReconciler) updateClientConfigurations(ctx context.Context, bundle []byte,
webhookClientConfigs []*admissionregistrationv1.WebhookClientConfig, webhookConfig client.Object) error {
if webhookConfig == nil || reflect.ValueOf(webhookConfig).IsNil() {
return nil
@@ -174,29 +187,29 @@ func (r *KeptnWebhookCertificateReconciler) updateClientConfigurations(bundle []
webhookClientConfigs[i].CABundle = bundle
}

if err := r.Client.Update(r.ctx, webhookConfig); err != nil {
if err := r.Client.Update(ctx, webhookConfig); err != nil {
return err
}
return nil
}

func (r *KeptnWebhookCertificateReconciler) getCRDConfigurations() (
func (r *KeptnWebhookCertificateReconciler) getCRDConfigurations(ctx context.Context) (
*apiv1.CustomResourceDefinitionList, error) {
var crds apiv1.CustomResourceDefinitionList
opt := client.MatchingLabels{
"crdGroup": crdGroup,
}
if err := r.Client.List(r.ctx, &crds, opt); err != nil {
if err := r.Client.List(ctx, &crds, opt); err != nil {
return nil, err
}

return &crds, nil
}

func (r *KeptnWebhookCertificateReconciler) updateCRDsConfiguration(crds *apiv1.CustomResourceDefinitionList, bundle []byte) error {
func (r *KeptnWebhookCertificateReconciler) updateCRDsConfiguration(ctx context.Context, crds *apiv1.CustomResourceDefinitionList, bundle []byte) error {
fail := false
for _, crd := range crds.Items {
if err := r.updateCRDConfiguration(crd.Name, bundle); err != nil {
if err := r.updateCRDConfiguration(ctx, crd.Name, bundle); err != nil {
fail = true
}

@@ -207,9 +220,9 @@ func (r *KeptnWebhookCertificateReconciler) updateCRDsConfiguration(crds *apiv1.
return nil
}

func (r *KeptnWebhookCertificateReconciler) updateCRDConfiguration(crdName string, bundle []byte) error {
func (r *KeptnWebhookCertificateReconciler) updateCRDConfiguration(ctx context.Context, crdName string, bundle []byte) error {
var crd apiv1.CustomResourceDefinition
if err := r.Client.Get(r.ctx, types.NamespacedName{Name: crdName}, &crd); err != nil {
if err := r.Client.Get(ctx, types.NamespacedName{Name: crdName}, &crd); err != nil {
return err
}

@@ -220,7 +233,7 @@ func (r *KeptnWebhookCertificateReconciler) updateCRDConfiguration(crdName strin

// update crd
crd.Spec.Conversion.Webhook.ClientConfig.CABundle = bundle
if err := r.Client.Update(r.ctx, &crd); err != nil {
if err := r.Client.Update(ctx, &crd); err != nil {
return err
}
return nil
Original file line number Diff line number Diff line change
@@ -404,7 +404,6 @@ func createTestSecret(_ *testing.T, certData map[string][]byte) *corev1.Secret {

func prepareController(t *testing.T, clt client.Client) (*KeptnWebhookCertificateReconciler, reconcile.Request) {
rec := &KeptnWebhookCertificateReconciler{
ctx: context.TODO(),
Client: clt,
Log: testr.New(t),
}
2 changes: 2 additions & 0 deletions klt-cert-manager/eventfilter/eventfilter_test.go
Original file line number Diff line number Diff line change
@@ -64,6 +64,7 @@ func TestForObjectNameAndNamespace(t *testing.T) {
}))
}

//nolint:dupl
func TestForNamespace(t *testing.T) {
deployment := &v1.Deployment{
ObjectMeta: metav1.ObjectMeta{
@@ -106,6 +107,7 @@ func TestForNamespace(t *testing.T) {
assert.True(t, isInNamespace(deployment, testNamespace2))
}

//nolint:dupl
func TestForName(t *testing.T) {
deployment := &v1.Deployment{
ObjectMeta: metav1.ObjectMeta{
6 changes: 1 addition & 5 deletions klt-cert-manager/kubeutils/query.go
Original file line number Diff line number Diff line change
@@ -1,24 +1,20 @@
package kubeutils

import (
"context"

"github.com/go-logr/logr"
"sigs.k8s.io/controller-runtime/pkg/client"
)

type kubeQuery struct {
kubeClient client.Client
kubeReader client.Reader
ctx context.Context
log logr.Logger
}

func newKubeQuery(ctx context.Context, kubeClient client.Client, kubeReader client.Reader, log logr.Logger) kubeQuery {
func newKubeQuery(kubeClient client.Client, kubeReader client.Reader, log logr.Logger) kubeQuery {
return kubeQuery{
kubeClient: kubeClient,
kubeReader: kubeReader,
ctx: ctx,
log: log,
}
}
3 changes: 1 addition & 2 deletions klt-cert-manager/kubeutils/query_test.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package kubeutils

import (
"context"
"testing"

"github.com/go-logr/logr/testr"
@@ -10,5 +9,5 @@ import (

func TestKubeQuery(t *testing.T) {
fakeClient := fake.NewClient()
_ = newKubeQuery(context.TODO(), fakeClient, fakeClient, testr.New(t))
_ = newKubeQuery(fakeClient, fakeClient, testr.New(t))
}
24 changes: 12 additions & 12 deletions klt-cert-manager/kubeutils/secret.go
Original file line number Diff line number Diff line change
@@ -17,36 +17,36 @@ type SecretQuery struct {
kubeQuery
}

func NewSecretQuery(ctx context.Context, kubeClient client.Client, kubeReader client.Reader, log logr.Logger) SecretQuery {
func NewSecretQuery(kubeClient client.Client, kubeReader client.Reader, log logr.Logger) SecretQuery {
return SecretQuery{
newKubeQuery(ctx, kubeClient, kubeReader, log),
newKubeQuery(kubeClient, kubeReader, log),
}
}

func (query SecretQuery) Get(objectKey client.ObjectKey) (corev1.Secret, error) {
func (query SecretQuery) Get(ctx context.Context, objectKey client.ObjectKey) (corev1.Secret, error) {
var secret corev1.Secret
err := query.kubeReader.Get(query.ctx, objectKey, &secret)
err := query.kubeReader.Get(ctx, objectKey, &secret)

return secret, errors.WithStack(err)
}

func (query SecretQuery) Create(secret corev1.Secret) error {
func (query SecretQuery) Create(ctx context.Context, secret corev1.Secret) error {
query.log.Info("creating secret", "name", secret.Name, "namespace", secret.Namespace)

return errors.WithStack(query.kubeClient.Create(query.ctx, &secret))
return errors.WithStack(query.kubeClient.Create(ctx, &secret))
}

func (query SecretQuery) Update(secret corev1.Secret) error {
func (query SecretQuery) Update(ctx context.Context, secret corev1.Secret) error {
query.log.Info("updating secret", "name", secret.Name, "namespace", secret.Namespace)

return errors.WithStack(query.kubeClient.Update(query.ctx, &secret))
return errors.WithStack(query.kubeClient.Update(ctx, &secret))
}

func (query SecretQuery) CreateOrUpdate(secret corev1.Secret) error {
currentSecret, err := query.Get(types.NamespacedName{Name: secret.Name, Namespace: secret.Namespace})
func (query SecretQuery) CreateOrUpdate(ctx context.Context, secret corev1.Secret) error {
currentSecret, err := query.Get(ctx, types.NamespacedName{Name: secret.Name, Namespace: secret.Namespace})
if err != nil {
if k8serrors.IsNotFound(err) {
err = query.Create(secret)
err = query.Create(ctx, secret)
if err != nil {
return errors.WithStack(err)
}
@@ -60,7 +60,7 @@ func (query SecretQuery) CreateOrUpdate(secret corev1.Secret) error {
return nil
}

err = query.Update(secret)
err = query.Update(ctx, secret)
if err != nil {
return errors.WithStack(err)
}
36 changes: 18 additions & 18 deletions klt-cert-manager/kubeutils/secret_test.go
Original file line number Diff line number Diff line change
@@ -35,9 +35,9 @@ func testGetSecret(t *testing.T) {
}
fakeClient := fake.NewClient(&secret)

secretQuery := NewSecretQuery(context.TODO(), fakeClient, fakeClient, testr.New(t))
secretQuery := NewSecretQuery(fakeClient, fakeClient, testr.New(t))

foundSecret, err := secretQuery.Get(client.ObjectKey{Name: testSecretName, Namespace: testNamespace})
foundSecret, err := secretQuery.Get(context.TODO(), client.ObjectKey{Name: testSecretName, Namespace: testNamespace})

assert.NoError(t, err)
assert.True(t, AreSecretsEqual(secret, foundSecret))
@@ -46,7 +46,7 @@ func testGetSecret(t *testing.T) {
func testCreateSecret(t *testing.T) {
fakeClient := fake.NewClient()

secretQuery := NewSecretQuery(context.TODO(), fakeClient, fakeClient, testr.New(t))
secretQuery := NewSecretQuery(fakeClient, fakeClient, testr.New(t))
secret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: testSecretName,
@@ -55,7 +55,7 @@ func testCreateSecret(t *testing.T) {
Data: map[string][]byte{testKey1: []byte(testSecretValue)},
}

err := secretQuery.Create(secret)
err := secretQuery.Create(context.TODO(), secret)

assert.NoError(t, err)

@@ -76,9 +76,9 @@ func testUpdateSecret(t *testing.T) {
}
fakeClient := fake.NewClient()

secretQuery := NewSecretQuery(context.TODO(), fakeClient, fakeClient, testr.New(t))
secretQuery := NewSecretQuery(fakeClient, fakeClient, testr.New(t))

err := secretQuery.Update(secret)
err := secretQuery.Update(context.TODO(), secret)

assert.Error(t, err)

@@ -87,7 +87,7 @@ func testUpdateSecret(t *testing.T) {

secretQuery.kubeClient = fakeClient

err = secretQuery.Update(secret)
err = secretQuery.Update(context.TODO(), secret)

assert.NoError(t, err)

@@ -107,9 +107,9 @@ func testCreateOrUpdateSecret(t *testing.T) {
Data: map[string][]byte{testKey1: []byte(testSecretValue)},
}
fakeClient := fake.NewClient()
secretQuery := NewSecretQuery(context.TODO(), fakeClient, fakeClient, testr.New(t))
secretQuery := NewSecretQuery(fakeClient, fakeClient, testr.New(t))

err := secretQuery.CreateOrUpdate(secret)
err := secretQuery.CreateOrUpdate(context.TODO(), secret)
assert.NoError(t, err)

var createdSecret corev1.Secret
@@ -129,7 +129,7 @@ func testCreateOrUpdateSecret(t *testing.T) {
}
secretQuery.kubeClient = fakeClient

err = secretQuery.CreateOrUpdate(secret)
err = secretQuery.CreateOrUpdate(context.TODO(), secret)

assert.NoError(t, err)

@@ -155,9 +155,9 @@ func testIdenticalSecretIsNotUpdated(t *testing.T) {
})

secret := createTestSecret(labels, data)
secretQuery := NewSecretQuery(context.TODO(), fakeClient, fakeClient, testr.New(t))
secretQuery := NewSecretQuery(fakeClient, fakeClient, testr.New(t))

err := secretQuery.CreateOrUpdate(*secret)
err := secretQuery.CreateOrUpdate(context.TODO(), *secret)
assert.NoError(t, err)
}

@@ -176,9 +176,9 @@ func testUpdateSecretWhenDataChanged(t *testing.T) {
})

secret := createTestSecret(labels, data)
secretQuery := NewSecretQuery(context.TODO(), fakeClient, fakeClient, testr.New(t))
secretQuery := NewSecretQuery(fakeClient, fakeClient, testr.New(t))

err := secretQuery.CreateOrUpdate(*secret)
err := secretQuery.CreateOrUpdate(context.TODO(), *secret)
assert.NoError(t, err)

var updatedSecret corev1.Secret
@@ -203,9 +203,9 @@ func testUpdateSecretWhenLabelsChanged(t *testing.T) {
})

secret := createTestSecret(labels, data)
secretQuery := NewSecretQuery(context.TODO(), fakeClient, fakeClient, testr.New(t))
secretQuery := NewSecretQuery(fakeClient, fakeClient, testr.New(t))

err := secretQuery.CreateOrUpdate(*secret)
err := secretQuery.CreateOrUpdate(context.TODO(), *secret)
assert.NoError(t, err)

var updatedSecret corev1.Secret
@@ -229,9 +229,9 @@ func testCreateSecretInTargetNamespace(t *testing.T) {
})

secret := createTestSecret(labels, data)
secretQuery := NewSecretQuery(context.TODO(), fakeClient, fakeClient, testr.New(t))
secretQuery := NewSecretQuery(fakeClient, fakeClient, testr.New(t))

err := secretQuery.CreateOrUpdate(*secret)
err := secretQuery.CreateOrUpdate(context.TODO(), *secret)

assert.NoError(t, err)

0 comments on commit a4ab1e3

Please sign in to comment.