fix: Fix panic when applying CNI CRS via hook (#13)

jimmidyson · web-flow · commit c3ec48d1296e · 2023-02-02T12:57:14.000-08:00
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -12,8 +12,6 @@ on:
       - opened
       - synchronize
       - reopened
-    branches:
-      - main
 
 permissions:
   contents: read
diff --git a/charts/capi-runtime-extensions/templates/clusterrole.yaml b/charts/capi-runtime-extensions/templates/clusterrole.yaml
@@ -9,8 +9,8 @@ metadata:
   name: {{ include "chart.name" . }}
 rules:
 - apiGroups: [""]
-  resources: ["secrets"]
-  verbs: ["watch", "list", "get"]
+  resources: ["configmaps"]
+  verbs: ["watch", "list", "get", "create", "patch", "update", "delete"]
 - apiGroups:
     - addons.cluster.x-k8s.io
     - bootstrap.cluster.x-k8s.io
@@ -20,4 +20,4 @@ rules:
     - ipam.cluster.x-k8s.io
     - runtime.cluster.x-k8s.io
   resources: ["*"]
-  verbs: ["watch", "list", "get"]
+  verbs: ["watch", "list", "get", "create", "patch", "update", "delete"]
diff --git a/make/clusterctl.mk b/make/clusterctl.mk
@@ -3,7 +3,10 @@
 
 .PHONY: clusterctl.init
 clusterctl.init: install-tool.clusterctl
-	env CLUSTER_TOPOLOGY=true EXP_RUNTIME_SDK=true clusterctl init \
+	env CLUSTER_TOPOLOGY=true \
+			EXP_RUNTIME_SDK=true \
+			EXP_CLUSTER_RESOURCE_SET=true \
+			clusterctl init \
 		--kubeconfig=$(KIND_KUBECONFIG) \
 		--infrastructure docker \
 		--wait-providers
diff --git a/pkg/addons/crs.go b/pkg/addons/crs.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"sigs.k8s.io/cluster-api/cmd/clusterctl/client/config"
 	"sigs.k8s.io/cluster-api/cmd/clusterctl/client/repository"
 	"sigs.k8s.io/cluster-api/cmd/clusterctl/client/yamlprocessor"
 )
@@ -25,9 +26,10 @@ func crsObjsFromTemplates(ns string, templates ...[]byte) ([]unstructured.Unstru
 
 func objsFromTemplate(template []byte, ns string) ([]unstructured.Unstructured, error) {
 	ti := repository.TemplateInput{
-		RawArtifact:     template,
-		TargetNamespace: ns,
-		Processor:       yamlprocessor.NewSimpleProcessor(),
+		RawArtifact:           template,
+		TargetNamespace:       ns,
+		Processor:             yamlprocessor.NewSimpleProcessor(),
+		ConfigVariablesClient: config.NewMemoryReader(),
 	}
 
 	t, err := repository.NewTemplate(ti)
diff --git a/pkg/addons/templates/cni/calico-cni-installation-crs.yaml b/pkg/addons/templates/cni/calico-cni-installation-crs.yaml
@@ -14,4 +14,4 @@ spec:
       name: tigera-operator
     - kind: ConfigMap
       name: calico-cni-installation
-  strategy: ApplyAlways
+  strategy: ApplyOnce
diff --git a/pkg/addons/templates/cni/docker-calico-cni-installation-configmap.yaml b/pkg/addons/templates/cni/docker-calico-cni-installation-configmap.yaml
@@ -18,7 +18,7 @@ data:
         # Note: The ipPools section cannot be modified post-install.
         ipPools:
         - blockSize: 26
-          cidr: ${POD_SUBNET}
+          cidr: 192.168.0.0/16
           encapsulation: VXLANCrossSubnet
           natOutgoing: Enabled
           nodeSelector: all()
diff --git a/pkg/handlers/lifecycle/handlers.go b/pkg/handlers/lifecycle/handlers.go
@@ -52,7 +52,7 @@ func (m *ExtensionHandlers) DoAfterControlPlaneInitialized(
 		response.Message = err.Error()
 		return
 	}
-	err = genericResourcesClient.Create(ctx, objs)
+	err = genericResourcesClient.Apply(ctx, objs)
 	if err != nil {
 		response.Status = runtimehooksv1.ResponseStatusFailure
 		response.Message = err.Error()
diff --git a/pkg/k8s/client/client.go b/pkg/k8s/client/client.go
@@ -8,17 +8,16 @@ import (
 	"fmt"
 
 	"github.com/go-logr/logr"
-	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-type k8sResourcesCreateError struct {
+type k8sResourcesApplyError struct {
 	err error
 }
 
-func (e k8sResourcesCreateError) Error() string {
-	return fmt.Sprintf("unable to create kubernetes resource: %v", e.err)
+func (e k8sResourcesApplyError) Error() string {
+	return fmt.Sprintf("unable to apply Kubernetes resource: %v", e.err)
 }
 
 type GenericResourcesClient struct {
@@ -33,18 +32,21 @@ func NewGenericResourcesClient(client ctrlclient.Client, log logr.Logger) *Gener
 	}
 }
 
-// Create will create objects, ignoring individual already exists errors.
-func (c *GenericResourcesClient) Create(
+// Apply will apply objects via server-side apply. This will overwrite any changes that have been manually applied.
+func (c *GenericResourcesClient) Apply(
 	ctx context.Context,
 	objects []unstructured.Unstructured,
 ) error {
-	opts := &ctrlclient.CreateOptions{}
-
-	// try to create, continue if it is just an alreadyExists error, fail otherwise
 	for i := range objects {
-		err := c.client.Create(ctx, &objects[i], opts)
-		if err != nil && !errors.IsAlreadyExists(err) {
-			return k8sResourcesCreateError{err: err}
+		err := c.client.Patch(
+			ctx,
+			&objects[i],
+			ctrlclient.Apply,
+			ctrlclient.ForceOwnership,
+			ctrlclient.FieldOwner("capi-runtime-extensions"),
+		)
+		if err != nil {
+			return k8sResourcesApplyError{err: err}
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ func (m *ExtensionHandlers) DoAfterControlPlaneInitialized(`
`52`	`52`	`response.Message = err.Error()`
`53`	`53`	`return`
`54`	`54`	`}`
`55`		`- err = genericResourcesClient.Create(ctx, objs)`
	`55`	`+ err = genericResourcesClient.Apply(ctx, objs)`
`56`	`56`	`if err != nil {`
`57`	`57`	`response.Status = runtimehooksv1.ResponseStatusFailure`
`58`	`58`	`response.Message = err.Error()`