From d54c69427645db7d19e3cc9f0014dc113bf8e0d8 Mon Sep 17 00:00:00 2001 From: Manoj Surudwad Date: Wed, 5 Feb 2025 18:23:50 +0530 Subject: [PATCH 1/5] feat: adds cluster's ownerref on cilium helm values source object --- docs/content/addons/cni.md | 2 - .../generic/lifecycle/ccm/nutanix/handler.go | 8 ++- .../generic/lifecycle/cni/cilium/handler.go | 29 +++++++++++ .../generic/lifecycle/csi/nutanix/handler.go | 8 ++- .../imageregistries/credentials/inject.go | 8 ++- pkg/handlers/utils/secrets.go | 51 +++++++++++++++---- pkg/handlers/utils/secrets_test.go | 7 ++- 7 files changed, 94 insertions(+), 19 deletions(-) diff --git a/docs/content/addons/cni.md b/docs/content/addons/cni.md index 1a8f509a1..b562219b0 100644 --- a/docs/content/addons/cni.md +++ b/docs/content/addons/cni.md @@ -75,8 +75,6 @@ data: mode: kubernetes kind: ConfigMap metadata: - labels: - clusterctl.cluster.x-k8s.io/move: "" name: -cilium-cni-helm-values-template namespace: ``` diff --git a/pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go b/pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go index 4c9b12fc9..026d1b38d 100644 --- a/pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go +++ b/pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go @@ -13,6 +13,7 @@ import ( "github.com/go-logr/logr" "github.com/spf13/pflag" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" @@ -84,10 +85,13 @@ func (p *provider) Apply( // However, that would leave the credentials visible in the HelmChartProxy. // Instead, we'll create the Secret on the remote cluster and reference it in the Helm values. if clusterConfig.Addons.CCM.Credentials != nil { - err := handlersutils.EnsureOwnerReferenceForSecret( + err := handlersutils.EnsureClusterOwnerReferenceForObject( ctx, p.client, - clusterConfig.Addons.CCM.Credentials.SecretRef.Name, + &corev1.TypedLocalObjectReference{ + Kind: "Secret", + Name: clusterConfig.Addons.CCM.Credentials.SecretRef.Name, + }, cluster, ) if err != nil { diff --git a/pkg/handlers/generic/lifecycle/cni/cilium/handler.go b/pkg/handlers/generic/lifecycle/cni/cilium/handler.go index 3ace8ce26..dd748cc7c 100644 --- a/pkg/handlers/generic/lifecycle/cni/cilium/handler.go +++ b/pkg/handlers/generic/lifecycle/cni/cilium/handler.go @@ -8,6 +8,7 @@ import ( "fmt" "github.com/spf13/pflag" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" @@ -22,6 +23,7 @@ import ( "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/generic/lifecycle/addons" "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/generic/lifecycle/config" "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/options" + handlersutils "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/utils" ) type CNIConfig struct { @@ -183,6 +185,33 @@ func (c *CiliumCNI) apply( helmValuesSourceRefName = cniVar.Values.SourceRef.Name // Use cluster's namespace since Values.SourceRef is always a LocalObjectReference targetNamespace = cluster.Namespace + + err := handlersutils.EnsureClusterOwnerReferenceForObject( + ctx, + c.client, + &corev1.TypedLocalObjectReference{ + Kind: cniVar.Values.SourceRef.Kind, + Name: cniVar.Values.SourceRef.Name, + }, + cluster, + ) + if err != nil { + log.Error( + err, + "error updating Cluster's owner reference on cilium helm values source object", + "name", + cniVar.Values.SourceRef.Name, + "kind", + cniVar.Values.SourceRef.Kind, + ) + resp.SetStatus(runtimehooksv1.ResponseStatusFailure) + resp.SetMessage( + fmt.Sprintf( + "failed to set Cluster's owner reference on cilium helm values source object: %v", + err, + ), + ) + } } strategy = addons.NewHelmAddonApplier( diff --git a/pkg/handlers/generic/lifecycle/csi/nutanix/handler.go b/pkg/handlers/generic/lifecycle/csi/nutanix/handler.go index 571bafd68..3bee5b725 100644 --- a/pkg/handlers/generic/lifecycle/csi/nutanix/handler.go +++ b/pkg/handlers/generic/lifecycle/csi/nutanix/handler.go @@ -9,6 +9,7 @@ import ( "github.com/go-logr/logr" "github.com/spf13/pflag" + corev1 "k8s.io/api/core/v1" "k8s.io/utils/ptr" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" @@ -108,10 +109,13 @@ func (n *NutanixCSI) Apply( } if provider.Credentials != nil { - err := handlersutils.EnsureOwnerReferenceForSecret( + err := handlersutils.EnsureClusterOwnerReferenceForObject( ctx, n.client, - provider.Credentials.SecretRef.Name, + &corev1.TypedLocalObjectReference{ + Kind: "Secret", + Name: provider.Credentials.SecretRef.Name, + }, cluster, ) if err != nil { diff --git a/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go b/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go index c5daa175a..5ab6c3bc4 100644 --- a/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go +++ b/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go @@ -8,6 +8,7 @@ import ( "errors" "fmt" + corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" @@ -287,10 +288,13 @@ func ensureOwnerReferenceOnCredentialsSecrets( if secretName := handlersutils.SecretNameForImageRegistryCredentials(credential); secretName != "" { // Ensure the Secret is owned by the Cluster so it is correctly moved and deleted with the Cluster. // This code assumes that Secret exists and that was validated before calling this function. - err := handlersutils.EnsureOwnerReferenceForSecret( + err := handlersutils.EnsureClusterOwnerReferenceForObject( ctx, c, - secretName, + &corev1.TypedLocalObjectReference{ + Kind: "Secret", + Name: secretName, + }, cluster, ) if err != nil { diff --git a/pkg/handlers/utils/secrets.go b/pkg/handlers/utils/secrets.go index de5200199..d54a3a933 100644 --- a/pkg/handlers/utils/secrets.go +++ b/pkg/handlers/utils/secrets.go @@ -9,6 +9,8 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" "sigs.k8s.io/cluster-api/controllers/remote" ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" @@ -64,30 +66,61 @@ func CopySecretToRemoteCluster( return nil } -// EnsureOwnerReferenceForSecret will ensure that the secretName Secret has an OwnerReference of the cluster. -func EnsureOwnerReferenceForSecret( +// EnsureClusterOwnerReferenceForObject ensures that OwnerReference of the cluster is added on provided object. +func EnsureClusterOwnerReferenceForObject( ctx context.Context, cl ctrlclient.Client, - secretName string, + objectRef *corev1.TypedLocalObjectReference, cluster *clusterv1.Cluster, ) error { - secret, err := getSecretForCluster(ctx, cl, secretName, cluster) + targetObj, err := GetResourceFromTypedLocalObjectReference( + ctx, + cl, + objectRef, + cluster.Namespace, + ) if err != nil { - return err + return fmt.Errorf("failed to get object from TypedLocalObjectReference: %w", err) } - err = controllerutil.SetOwnerReference(cluster, secret, cl.Scheme()) + err = controllerutil.SetOwnerReference(cluster, targetObj, cl.Scheme()) if err != nil { - return fmt.Errorf("failed to set owner reference on Secret: %w", err) + return fmt.Errorf("failed to set cluster's owner reference on object: %w", err) } - err = cl.Update(ctx, secret) + err = cl.Update(ctx, targetObj) if err != nil { - return fmt.Errorf("failed to update Secret with owner references: %w", err) + return fmt.Errorf("failed to update object with cluster's owner reference: %w", err) } return nil } +// GetResourceFromTypedLocalObjectReference gets the resource from the provided TypedLocalObjectReference. +func GetResourceFromTypedLocalObjectReference( + ctx context.Context, + cl ctrlclient.Client, + objectRef *corev1.TypedLocalObjectReference, + ns string, +) (*unstructured.Unstructured, error) { + targetObj := &unstructured.Unstructured{} + + apiVersion := corev1.SchemeGroupVersion.String() + if objectRef.APIGroup != nil { + apiVersion = *objectRef.APIGroup + } + + targetObj.SetGroupVersionKind(schema.FromAPIVersionAndKind(apiVersion, objectRef.Kind)) + err := cl.Get(ctx, ctrlclient.ObjectKey{ + Namespace: ns, + Name: objectRef.Name, + }, targetObj) + if err != nil { + return nil, err + } + + return targetObj, nil +} + func getSecretForCluster( ctx context.Context, c ctrlclient.Client, diff --git a/pkg/handlers/utils/secrets_test.go b/pkg/handlers/utils/secrets_test.go index 770bac7db..3ae1cb015 100644 --- a/pkg/handlers/utils/secrets_test.go +++ b/pkg/handlers/utils/secrets_test.go @@ -104,10 +104,13 @@ func Test_EnsureOwnerReferenceForSecret(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - err := EnsureOwnerReferenceForSecret( + err := EnsureClusterOwnerReferenceForObject( context.Background(), tt.client, - tt.secretName, + &corev1.TypedLocalObjectReference{ + Kind: "Secret", + Name: tt.secretName, + }, tt.cluster, ) require.Equal(t, tt.wantErr, err) From 0c03f6015b31fcbcbd395a6f3199ec7c23ba593e Mon Sep 17 00:00:00 2001 From: Manoj Surudwad Date: Wed, 5 Feb 2025 22:56:10 +0530 Subject: [PATCH 2/5] refactor: modified func to use external.Get() method --- pkg/handlers/utils/secrets.go | 27 ++++++++++++++------------- pkg/handlers/utils/secrets_test.go | 21 ++++++++++++++++++--- 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/pkg/handlers/utils/secrets.go b/pkg/handlers/utils/secrets.go index d54a3a933..0fef180af 100644 --- a/pkg/handlers/utils/secrets.go +++ b/pkg/handlers/utils/secrets.go @@ -10,8 +10,8 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime/schema" clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + "sigs.k8s.io/cluster-api/controllers/external" "sigs.k8s.io/cluster-api/controllers/remote" ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -80,7 +80,7 @@ func EnsureClusterOwnerReferenceForObject( cluster.Namespace, ) if err != nil { - return fmt.Errorf("failed to get object from TypedLocalObjectReference: %w", err) + return err } err = controllerutil.SetOwnerReference(cluster, targetObj, cl.Scheme()) @@ -99,23 +99,24 @@ func EnsureClusterOwnerReferenceForObject( func GetResourceFromTypedLocalObjectReference( ctx context.Context, cl ctrlclient.Client, - objectRef *corev1.TypedLocalObjectReference, + typedLocalObjectRef *corev1.TypedLocalObjectReference, ns string, ) (*unstructured.Unstructured, error) { - targetObj := &unstructured.Unstructured{} - apiVersion := corev1.SchemeGroupVersion.String() - if objectRef.APIGroup != nil { - apiVersion = *objectRef.APIGroup + if typedLocalObjectRef.APIGroup != nil { + apiVersion = *typedLocalObjectRef.APIGroup + } + + objectRef := &corev1.ObjectReference{ + APIVersion: apiVersion, + Kind: typedLocalObjectRef.Kind, + Name: typedLocalObjectRef.Name, + Namespace: ns, } - targetObj.SetGroupVersionKind(schema.FromAPIVersionAndKind(apiVersion, objectRef.Kind)) - err := cl.Get(ctx, ctrlclient.ObjectKey{ - Namespace: ns, - Name: objectRef.Name, - }, targetObj) + targetObj, err := external.Get(ctx, cl, objectRef, ns) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get resource from object reference: %w", err) } return targetObj, nil diff --git a/pkg/handlers/utils/secrets_test.go b/pkg/handlers/utils/secrets_test.go index 3ae1cb015..3d005c388 100644 --- a/pkg/handlers/utils/secrets_test.go +++ b/pkg/handlers/utils/secrets_test.go @@ -5,12 +5,14 @@ package utils import ( "context" + "fmt" "testing" + "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" + apiErrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -97,7 +99,16 @@ func Test_EnsureOwnerReferenceForSecret(t *testing.T) { client: buildFakeClient(t, testSecret, testCluster), secretName: "missing-secret", cluster: testCluster, - wantErr: errors.NewNotFound(corev1.Resource("secrets"), "missing-secret"), + wantErr: fmt.Errorf( + "failed to get resource from object reference: %w", + errors.Wrapf( + apiErrors.NewNotFound(corev1.Resource("secrets"), "missing-secret"), + "failed to retrieve %s external object %q/%q", + "Secret", + "", + "missing-secret", + ), + ), }, } for _, tt := range tests { @@ -113,10 +124,14 @@ func Test_EnsureOwnerReferenceForSecret(t *testing.T) { }, tt.cluster, ) - require.Equal(t, tt.wantErr, err) + if tt.wantErr != nil { + assert.Equal(t, tt.wantErr.Error(), err.Error()) return + } else { + require.NoError(t, err) } + // verify that the owner reference was added secret := &corev1.Secret{} err = tt.client.Get( From c3744508346b8714ff166944d58ea58aebf846fd Mon Sep 17 00:00:00 2001 From: Manoj Surudwad Date: Wed, 5 Feb 2025 23:10:44 +0530 Subject: [PATCH 3/5] refactor: consistent naming for Cilium addon in its handler logs --- pkg/handlers/generic/lifecycle/cni/cilium/handler.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/handlers/generic/lifecycle/cni/cilium/handler.go b/pkg/handlers/generic/lifecycle/cni/cilium/handler.go index dd748cc7c..3bcc20c34 100644 --- a/pkg/handlers/generic/lifecycle/cni/cilium/handler.go +++ b/pkg/handlers/generic/lifecycle/cni/cilium/handler.go @@ -198,7 +198,7 @@ func (c *CiliumCNI) apply( if err != nil { log.Error( err, - "error updating Cluster's owner reference on cilium helm values source object", + "error updating Cluster's owner reference on Cilium helm values source object", "name", cniVar.Values.SourceRef.Name, "kind", @@ -207,7 +207,7 @@ func (c *CiliumCNI) apply( resp.SetStatus(runtimehooksv1.ResponseStatusFailure) resp.SetMessage( fmt.Sprintf( - "failed to set Cluster's owner reference on cilium helm values source object: %v", + "failed to set Cluster's owner reference on Cilium helm values source object: %v", err, ), ) From d6818dbb343db0e2d0cd2c13b3468e469dbdb500 Mon Sep 17 00:00:00 2001 From: Dimitri Koshkin Date: Wed, 5 Feb 2025 12:38:10 -0800 Subject: [PATCH 4/5] fixup! refactor: modified func to use external.Get() method --- pkg/handlers/utils/secrets.go | 2 +- pkg/handlers/utils/secrets_test.go | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/pkg/handlers/utils/secrets.go b/pkg/handlers/utils/secrets.go index 0fef180af..494fc8c82 100644 --- a/pkg/handlers/utils/secrets.go +++ b/pkg/handlers/utils/secrets.go @@ -114,7 +114,7 @@ func GetResourceFromTypedLocalObjectReference( Namespace: ns, } - targetObj, err := external.Get(ctx, cl, objectRef, ns) + targetObj, err := external.Get(ctx, cl, objectRef) if err != nil { return nil, fmt.Errorf("failed to get resource from object reference: %w", err) } diff --git a/pkg/handlers/utils/secrets_test.go b/pkg/handlers/utils/secrets_test.go index 3d005c388..6137315da 100644 --- a/pkg/handlers/utils/secrets_test.go +++ b/pkg/handlers/utils/secrets_test.go @@ -103,9 +103,8 @@ func Test_EnsureOwnerReferenceForSecret(t *testing.T) { "failed to get resource from object reference: %w", errors.Wrapf( apiErrors.NewNotFound(corev1.Resource("secrets"), "missing-secret"), - "failed to retrieve %s external object %q/%q", + "failed to retrieve %s %s", "Secret", - "", "missing-secret", ), ), From e78131c5313b48f3d925cfaf69a4229d3eeea6ef Mon Sep 17 00:00:00 2001 From: Dimitri Koshkin Date: Wed, 5 Feb 2025 13:38:44 -0800 Subject: [PATCH 5/5] fixup! feat: adds cluster's ownerref on cilium helm values source object --- pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go | 2 +- pkg/handlers/generic/lifecycle/cni/cilium/handler.go | 2 +- pkg/handlers/generic/lifecycle/csi/nutanix/handler.go | 2 +- .../generic/mutation/imageregistries/credentials/inject.go | 2 +- pkg/handlers/utils/secrets.go | 4 ++-- pkg/handlers/utils/secrets_test.go | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go b/pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go index 026d1b38d..1fd287e1b 100644 --- a/pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go +++ b/pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go @@ -88,7 +88,7 @@ func (p *provider) Apply( err := handlersutils.EnsureClusterOwnerReferenceForObject( ctx, p.client, - &corev1.TypedLocalObjectReference{ + corev1.TypedLocalObjectReference{ Kind: "Secret", Name: clusterConfig.Addons.CCM.Credentials.SecretRef.Name, }, diff --git a/pkg/handlers/generic/lifecycle/cni/cilium/handler.go b/pkg/handlers/generic/lifecycle/cni/cilium/handler.go index 3bcc20c34..9a19ad971 100644 --- a/pkg/handlers/generic/lifecycle/cni/cilium/handler.go +++ b/pkg/handlers/generic/lifecycle/cni/cilium/handler.go @@ -189,7 +189,7 @@ func (c *CiliumCNI) apply( err := handlersutils.EnsureClusterOwnerReferenceForObject( ctx, c.client, - &corev1.TypedLocalObjectReference{ + corev1.TypedLocalObjectReference{ Kind: cniVar.Values.SourceRef.Kind, Name: cniVar.Values.SourceRef.Name, }, diff --git a/pkg/handlers/generic/lifecycle/csi/nutanix/handler.go b/pkg/handlers/generic/lifecycle/csi/nutanix/handler.go index 3bee5b725..2a1752b22 100644 --- a/pkg/handlers/generic/lifecycle/csi/nutanix/handler.go +++ b/pkg/handlers/generic/lifecycle/csi/nutanix/handler.go @@ -112,7 +112,7 @@ func (n *NutanixCSI) Apply( err := handlersutils.EnsureClusterOwnerReferenceForObject( ctx, n.client, - &corev1.TypedLocalObjectReference{ + corev1.TypedLocalObjectReference{ Kind: "Secret", Name: provider.Credentials.SecretRef.Name, }, diff --git a/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go b/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go index 5ab6c3bc4..dcd59bda1 100644 --- a/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go +++ b/pkg/handlers/generic/mutation/imageregistries/credentials/inject.go @@ -291,7 +291,7 @@ func ensureOwnerReferenceOnCredentialsSecrets( err := handlersutils.EnsureClusterOwnerReferenceForObject( ctx, c, - &corev1.TypedLocalObjectReference{ + corev1.TypedLocalObjectReference{ Kind: "Secret", Name: secretName, }, diff --git a/pkg/handlers/utils/secrets.go b/pkg/handlers/utils/secrets.go index 494fc8c82..ec1c129ae 100644 --- a/pkg/handlers/utils/secrets.go +++ b/pkg/handlers/utils/secrets.go @@ -70,7 +70,7 @@ func CopySecretToRemoteCluster( func EnsureClusterOwnerReferenceForObject( ctx context.Context, cl ctrlclient.Client, - objectRef *corev1.TypedLocalObjectReference, + objectRef corev1.TypedLocalObjectReference, cluster *clusterv1.Cluster, ) error { targetObj, err := GetResourceFromTypedLocalObjectReference( @@ -99,7 +99,7 @@ func EnsureClusterOwnerReferenceForObject( func GetResourceFromTypedLocalObjectReference( ctx context.Context, cl ctrlclient.Client, - typedLocalObjectRef *corev1.TypedLocalObjectReference, + typedLocalObjectRef corev1.TypedLocalObjectReference, ns string, ) (*unstructured.Unstructured, error) { apiVersion := corev1.SchemeGroupVersion.String() diff --git a/pkg/handlers/utils/secrets_test.go b/pkg/handlers/utils/secrets_test.go index 6137315da..cf8f8c496 100644 --- a/pkg/handlers/utils/secrets_test.go +++ b/pkg/handlers/utils/secrets_test.go @@ -117,7 +117,7 @@ func Test_EnsureOwnerReferenceForSecret(t *testing.T) { err := EnsureClusterOwnerReferenceForObject( context.Background(), tt.client, - &corev1.TypedLocalObjectReference{ + corev1.TypedLocalObjectReference{ Kind: "Secret", Name: tt.secretName, },