From 4f0935a591ba0b3bc5d0d5ec673b072c92c16470 Mon Sep 17 00:00:00 2001 From: Derek Wang Date: Tue, 7 Feb 2023 10:49:04 -0800 Subject: [PATCH] fix: remove the secret watch privilege dependency from js eb ctrler (#2453) Signed-off-by: Derek Wang Signed-off-by: JohnWillker --- controllers/eventbus/installer/installer.go | 6 +-- controllers/eventbus/installer/jetstream.go | 48 ++++++++++++------- .../eventbus/installer/jetstream_test.go | 23 +++++---- .../controller-manager/controller-config.yaml | 7 ++- manifests/install.yaml | 7 ++- manifests/namespace-install.yaml | 7 ++- 6 files changed, 66 insertions(+), 32 deletions(-) diff --git a/controllers/eventbus/installer/installer.go b/controllers/eventbus/installer/installer.go index 338eecd044..7c211ee04a 100644 --- a/controllers/eventbus/installer/installer.go +++ b/controllers/eventbus/installer/installer.go @@ -48,7 +48,7 @@ func getInstaller(eventBus *v1alpha1.EventBus, client client.Client, kubeClient return NewNATSInstaller(client, eventBus, config, getLabels(eventBus), kubeClient, logger), nil } } else if js := eventBus.Spec.JetStream; js != nil { - return NewJetStreamInstaller(client, eventBus, config, getLabels(eventBus), logger), nil + return NewJetStreamInstaller(client, eventBus, config, getLabels(eventBus), kubeClient, logger), nil } return nil, fmt.Errorf("invalid eventbus spec") } @@ -76,7 +76,7 @@ func Uninstall(ctx context.Context, eventBus *v1alpha1.EventBus, client client.C return fmt.Errorf("failed to check if there is any EventSource linked, %w", err) } if linkedEventSources > 0 { - return fmt.Errorf("Can not delete an EventBus with %v EventSources connected", linkedEventSources) + return fmt.Errorf("can not delete an EventBus with %v EventSources connected", linkedEventSources) } linkedSensors, err := linkedSensors(ctx, eventBus.Namespace, eventBus.Name, client) @@ -85,7 +85,7 @@ func Uninstall(ctx context.Context, eventBus *v1alpha1.EventBus, client client.C return fmt.Errorf("failed to check if there is any Sensor linked, %w", err) } if linkedSensors > 0 { - return fmt.Errorf("Can not delete an EventBus with %v Sensors connected", linkedSensors) + return fmt.Errorf("can not delete an EventBus with %v Sensors connected", linkedSensors) } installer, err := getInstaller(eventBus, client, kubeClient, config, logger) diff --git a/controllers/eventbus/installer/jetstream.go b/controllers/eventbus/installer/jetstream.go index 15c8716e80..b9ead295d6 100644 --- a/controllers/eventbus/installer/jetstream.go +++ b/controllers/eventbus/installer/jetstream.go @@ -18,8 +18,9 @@ import ( apiresource "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" - apitypes "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/client-go/kubernetes" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" @@ -54,20 +55,22 @@ const ( ) type jetStreamInstaller struct { - client client.Client - eventBus *v1alpha1.EventBus - config *controllers.GlobalConfig - labels map[string]string - logger *zap.SugaredLogger + client client.Client + eventBus *v1alpha1.EventBus + kubeClient kubernetes.Interface + config *controllers.GlobalConfig + labels map[string]string + logger *zap.SugaredLogger } -func NewJetStreamInstaller(client client.Client, eventBus *v1alpha1.EventBus, config *controllers.GlobalConfig, labels map[string]string, logger *zap.SugaredLogger) Installer { +func NewJetStreamInstaller(client client.Client, eventBus *v1alpha1.EventBus, config *controllers.GlobalConfig, labels map[string]string, kubeClient kubernetes.Interface, logger *zap.SugaredLogger) Installer { return &jetStreamInstaller{ - client: client, - eventBus: eventBus, - config: config, - labels: labels, - logger: logger.With("eventbus", eventBus.Name), + client: client, + kubeClient: kubeClient, + eventBus: eventBus, + config: config, + labels: labels, + logger: logger.With("eventbus", eventBus.Name), } } @@ -488,12 +491,25 @@ func (r *jetStreamInstaller) buildStatefulSetSpec(jsVersion *controllers.JetStre return spec } +func (r *jetStreamInstaller) getSecret(ctx context.Context, name string) (*corev1.Secret, error) { + sl, err := r.kubeClient.CoreV1().Secrets(r.eventBus.Namespace).List(ctx, metav1.ListOptions{}) + if err != nil { + return nil, err + } + for _, s := range sl.Items { + if s.Name == name && metav1.IsControlledBy(&s, r.eventBus) { + return &s, nil + } + } + return nil, apierrors.NewNotFound(schema.GroupResource{}, "") +} + func (r *jetStreamInstaller) createSecrets(ctx context.Context) error { // first check to see if the secrets already exist oldServerObjExisting, oldClientObjExisting := true, true - oldSObj := &corev1.Secret{} - if err := r.client.Get(ctx, apitypes.NamespacedName{Namespace: r.eventBus.Namespace, Name: generateJetStreamServerSecretName(r.eventBus)}, oldSObj); err != nil { + oldSObj, err := r.getSecret(ctx, generateJetStreamServerSecretName(r.eventBus)) + if err != nil { if apierrors.IsNotFound(err) { oldServerObjExisting = false } else { @@ -501,8 +517,8 @@ func (r *jetStreamInstaller) createSecrets(ctx context.Context) error { } } - oldCObj := &corev1.Secret{} - if err := r.client.Get(ctx, apitypes.NamespacedName{Namespace: r.eventBus.Namespace, Name: generateJetStreamClientAuthSecretName(r.eventBus)}, oldCObj); err != nil { + oldCObj, err := r.getSecret(ctx, generateJetStreamClientAuthSecretName(r.eventBus)) + if err != nil { if apierrors.IsNotFound(err) { oldClientObjExisting = false } else { diff --git a/controllers/eventbus/installer/jetstream_test.go b/controllers/eventbus/installer/jetstream_test.go index 8d453187af..400e9abba5 100644 --- a/controllers/eventbus/installer/jetstream_test.go +++ b/controllers/eventbus/installer/jetstream_test.go @@ -14,6 +14,7 @@ import ( apiresource "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + k8sfake "k8s.io/client-go/kubernetes/fake" "sigs.k8s.io/controller-runtime/pkg/client/fake" ) @@ -40,11 +41,12 @@ func TestJetStreamBadInstallation(t *testing.T) { badEventBus := testJetStreamEventBus.DeepCopy() badEventBus.Spec.JetStream = nil installer := &jetStreamInstaller{ - client: fake.NewClientBuilder().Build(), - eventBus: badEventBus, - config: fakeConfig, - labels: testLabels, - logger: zaptest.NewLogger(t).Sugar(), + client: fake.NewClientBuilder().Build(), + kubeClient: k8sfake.NewSimpleClientset(), + eventBus: badEventBus, + config: fakeConfig, + labels: testLabels, + logger: zaptest.NewLogger(t).Sugar(), } _, err := installer.Install(context.TODO()) assert.Error(t, err) @@ -70,11 +72,12 @@ func TestJetStreamCreateObjects(t *testing.T) { cl := fake.NewClientBuilder().Build() ctx := context.TODO() i := &jetStreamInstaller{ - client: cl, - eventBus: testJetStreamEventBus, - config: fakeConfig, - labels: testLabels, - logger: zaptest.NewLogger(t).Sugar(), + client: cl, + kubeClient: k8sfake.NewSimpleClientset(), + eventBus: testJetStreamEventBus, + config: fakeConfig, + labels: testLabels, + logger: zaptest.NewLogger(t).Sugar(), } t.Run("test create sts", func(t *testing.T) { diff --git a/manifests/base/controller-manager/controller-config.yaml b/manifests/base/controller-manager/controller-config.yaml index 9ac9e2d9af..d49d58d746 100644 --- a/manifests/base/controller-manager/controller-config.yaml +++ b/manifests/base/controller-manager/controller-config.yaml @@ -28,7 +28,7 @@ data: duplicates: 300s versions: - version: latest - natsImage: nats:2.9.1 + natsImage: nats:2.9.12 metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 configReloaderImage: natsio/nats-server-config-reloader:0.7.0 startCommand: /nats-server @@ -57,3 +57,8 @@ data: metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 configReloaderImage: natsio/nats-server-config-reloader:0.7.0 startCommand: /nats-server + - version: 2.9.12 + natsImage: nats:2.9.12 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server diff --git a/manifests/install.yaml b/manifests/install.yaml index 07832dadfd..f6ad665089 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -332,7 +332,7 @@ data: duplicates: 300s versions: - version: latest - natsImage: nats:2.9.1 + natsImage: nats:2.9.12 metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 configReloaderImage: natsio/nats-server-config-reloader:0.7.0 startCommand: /nats-server @@ -361,6 +361,11 @@ data: metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 configReloaderImage: natsio/nats-server-config-reloader:0.7.0 startCommand: /nats-server + - version: 2.9.12 + natsImage: nats:2.9.12 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server kind: ConfigMap metadata: name: argo-events-controller-config diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 00de53e2fc..5f5878839e 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -252,7 +252,7 @@ data: duplicates: 300s versions: - version: latest - natsImage: nats:2.9.1 + natsImage: nats:2.9.12 metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 configReloaderImage: natsio/nats-server-config-reloader:0.7.0 startCommand: /nats-server @@ -281,6 +281,11 @@ data: metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 configReloaderImage: natsio/nats-server-config-reloader:0.7.0 startCommand: /nats-server + - version: 2.9.12 + natsImage: nats:2.9.12 + metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + configReloaderImage: natsio/nats-server-config-reloader:0.7.0 + startCommand: /nats-server kind: ConfigMap metadata: name: argo-events-controller-config