Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: only set the canary in the ownerReferences if the namespace is known & matches the resources's namespace #2343

Merged
merged 2 commits into from
Nov 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 50 additions & 1 deletion api/v1/checks.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import (
"github.com/samber/lo"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
k8sTypes "k8s.io/apimachinery/pkg/types"
)

Expand Down Expand Up @@ -978,12 +979,50 @@ type KubernetesResourceCheck struct {
WaitFor KubernetesResourceCheckWaitFor `json:"waitFor,omitempty"`
}

func (c *KubernetesResourceCheck) SetCanaryOwnerReference(id, name string) {
func (c *KubernetesResourceCheck) HasResourcesWithMissingNamespace() bool {
for _, r := range append(c.StaticResources, c.Resources...) {
if r.GetNamespace() == "" {
return true
}
}

return false
}

// SetMissingNamespace will set the parent canaries name to resources whose namespace
// is not explicitly specified.
func (c *KubernetesResourceCheck) SetMissingNamespace(parent Canary, namespacedResources map[schema.GroupVersionKind]bool) {
for i, r := range c.StaticResources {
if r.GetNamespace() == "" && namespacedResources[r.GroupVersionKind()] {
c.StaticResources[i].SetNamespace(parent.GetNamespace())
}
}

for i, r := range c.Resources {
if r.GetNamespace() == "" && namespacedResources[r.GroupVersionKind()] {
c.Resources[i].SetNamespace(parent.GetNamespace())
}
}
}

func (c *KubernetesResourceCheck) SetCanaryOwnerReference(parent Canary) {
var (
id = parent.GetPersistedID()
name = parent.GetName()
namespace = parent.GetNamespace()
)

if id == "" || name == "" {
// if the canary isn't persisted
return
}

if namespace == "" {
// we don't know the canaries namespace
// so we can't set it in the owner references.
return
}

canaryOwnerRef := metav1.OwnerReference{
APIVersion: "canaries.flanksource.com/v1",
Kind: "Canary",
Expand All @@ -993,12 +1032,22 @@ func (c *KubernetesResourceCheck) SetCanaryOwnerReference(id, name string) {
}

for i, resource := range c.StaticResources {
if resource.GetNamespace() != namespace {
// the canary and the resource to be created are in different namespaces.
// ownerRef enforces the owner to be in the same repo.
continue
}

ownerRefs := resource.GetOwnerReferences()
ownerRefs = append(ownerRefs, canaryOwnerRef)
c.StaticResources[i].SetOwnerReferences(ownerRefs)
}

for i, resource := range c.Resources {
if resource.GetNamespace() != namespace {
continue
}

ownerRefs := resource.GetOwnerReferences()
ownerRefs = append(ownerRefs, canaryOwnerRef)
c.Resources[i].SetOwnerReferences(ownerRefs)
Expand Down
51 changes: 47 additions & 4 deletions checks/kubernetes_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/flanksource/gomplate/v3"
"github.com/flanksource/is-healthy/pkg/health"
"github.com/flanksource/is-healthy/pkg/lua"
"github.com/patrickmn/go-cache"
"github.com/samber/lo"
"github.com/sethvargo/go-retry"
"golang.org/x/sync/errgroup"
Expand Down Expand Up @@ -70,8 +71,6 @@ func (c *KubernetesResourceChecker) Check(ctx context.Context, check v1.Kubernet
return results.Failf("validation: %v", err)
}

check.SetCanaryOwnerReference(ctx.Canary.GetPersistedID(), ctx.Canary.Name)

if check.Kubeconfig != nil {
var err error
ctx, err = ctx.WithKubeconfig(*check.Kubeconfig)
Expand All @@ -80,13 +79,24 @@ func (c *KubernetesResourceChecker) Check(ctx context.Context, check v1.Kubernet
}
}

if check.HasResourcesWithMissingNamespace() {
namespacedResources, err := fetchNamespacedResources(ctx)
if err != nil {
return results.Failf("failed to get api resources: %w", err)
}

check.SetMissingNamespace(ctx.Canary, namespacedResources)
}

check.SetCanaryOwnerReference(ctx.Canary)

if err := templateKubernetesResourceCheck(ctx.Canary.GetPersistedID(), ctx.Canary.GetCheckID(check.GetName()), &check); err != nil {
return results.Failf("templating error: %v", err)
}

for i := range check.StaticResources {
resource := check.StaticResources[i]
if err := ctx.Kommons().ApplyUnstructured(utils.Coalesce(resource.GetNamespace(), ctx.Namespace), &resource); err != nil {
if err := ctx.Kommons().ApplyUnstructured(resource.GetNamespace(), &resource); err != nil {
return results.Failf("failed to apply static resource %s: %v", resource.GetName(), err)
}
}
Expand All @@ -105,7 +115,7 @@ func (c *KubernetesResourceChecker) Check(ctx context.Context, check v1.Kubernet

for i := range check.Resources {
resource := check.Resources[i]
if err := ctx.Kommons().ApplyUnstructured(utils.Coalesce(resource.GetNamespace(), ctx.Namespace), &resource); err != nil {
if err := ctx.Kommons().ApplyUnstructured(resource.GetNamespace(), &resource); err != nil {
return results.Failf("failed to apply resource (%s/%s/%s): %v", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err)
}
}
Expand Down Expand Up @@ -477,3 +487,36 @@ func templateKubernetesResourceCheck(canaryID, checkID string, check *v1.Kuberne

return nil
}

var apiResourceCache = cache.New(time.Hour*24, time.Hour*24)

func fetchNamespacedResources(ctx context.Context) (map[schema.GroupVersionKind]bool, error) {
kubeconfigCacheKey := ctx.KubernetesRestConfig().Host + ctx.KubernetesRestConfig().APIPath
if val, ok := apiResourceCache.Get(kubeconfigCacheKey); ok {
return val.(map[schema.GroupVersionKind]bool), nil
}

_, resourceList, err := ctx.Kubernetes().Discovery().ServerGroupsAndResources()
if err != nil {
return nil, fmt.Errorf("failed to get server groups & resources: %w", err)
}

namespaceResources := make(map[schema.GroupVersionKind]bool)
for _, apiResourceList := range resourceList {
for _, resource := range apiResourceList.APIResources {
if resource.Namespaced {
gv, _ := schema.ParseGroupVersion(apiResourceList.GroupVersion)
key := schema.GroupVersionKind{
Group: gv.Group,
Version: gv.Version,
Kind: resource.Kind,
}

namespaceResources[key] = true
}
}
}

apiResourceCache.SetDefault(kubeconfigCacheKey, namespaceResources)
return namespaceResources, nil
}
Loading