Skip to content

Commit

Permalink
add controllers to watch garden and certificate resources on runtime …
Browse files Browse the repository at this point in the history 
…cluster; add webhook to patch sniconfig of virtual kube-apiserver deployment
  • Loading branch information
@MartinWeindel
MartinWeindel committed Jan 2, 2025
1 parent 7b99444 commit ab4b859
Show file tree
Hide file tree
Showing 17 changed files with 1,335 additions and 31 deletions.
21 changes: 17 additions & 4 deletions cmd/gardener-extension-shoot-cert-service/app/app.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller"
"github.com/gardener/gardener/extensions/pkg/controller/heartbeat"
"github.com/gardener/gardener/extensions/pkg/util"
operatorv1alpha1 "github.com/gardener/gardener/pkg/apis/operator/v1alpha1"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
componentbaseconfig "k8s.io/component-base/config"
Expand All @@ -20,8 +21,10 @@ import (
"sigs.k8s.io/controller-runtime/pkg/manager"

serviceinstall "github.com/gardener/gardener-extension-shoot-cert-service/pkg/apis/service/install"
"github.com/gardener/gardener-extension-shoot-cert-service/pkg/controller"
"github.com/gardener/gardener-extension-shoot-cert-service/pkg/controller/healthcheck"
certificatecontroller "github.com/gardener/gardener-extension-shoot-cert-service/pkg/controller/runtimecluster/certificate"
gardencontroller "github.com/gardener/gardener-extension-shoot-cert-service/pkg/controller/runtimecluster/garden"
"github.com/gardener/gardener-extension-shoot-cert-service/pkg/controller/shootcertservice"
)

// NewServiceControllerCommand creates a new command that is used to start the Certificate Service controller.
Expand Down Expand Up @@ -88,18 +91,28 @@ func (o *Options) run(ctx context.Context) error {
return fmt.Errorf("could not update manager scheme: %s", err)
}

if err := operatorv1alpha1.AddToScheme(mgr.GetScheme()); err != nil {
return fmt.Errorf("could not update manager scheme: %s", err)
}

ctrlConfig := o.certOptions.Completed()
ctrlConfig.ApplyHealthCheckConfig(&healthcheck.DefaultAddOptions.HealthCheckConfig)
ctrlConfig.Apply(&controller.DefaultAddOptions.ServiceConfig)
o.controllerOptions.Completed().Apply(&controller.DefaultAddOptions.ControllerOptions)
ctrlConfig.Apply(&shootcertservice.DefaultAddOptions.ServiceConfig)
o.controllerOptions.Completed().Apply(&shootcertservice.DefaultAddOptions.ControllerOptions)
o.healthOptions.Completed().Apply(&healthcheck.DefaultAddOptions.Controller)
o.reconcileOptions.Completed().Apply(&controller.DefaultAddOptions.IgnoreOperationAnnotation, &controller.DefaultAddOptions.ExtensionClass)
o.reconcileOptions.Completed().Apply(&shootcertservice.DefaultAddOptions.IgnoreOperationAnnotation, &shootcertservice.DefaultAddOptions.ExtensionClass)
o.heartbeatOptions.Completed().Apply(&heartbeat.DefaultAddOptions)
o.gardenControllerOptions.Completed().Apply(&gardencontroller.DefaultAddOptions)
o.certificateControllerOptions.Completed().Apply(&certificatecontroller.DefaultAddOptions)

if err := o.controllerSwitches.Completed().AddToManager(ctx, mgr); err != nil {
return fmt.Errorf("could not add controllers to manager: %s", err)
}

if _, err := o.webhookOptions.Completed().AddToManager(ctx, mgr, mgr); err != nil {
return fmt.Errorf("could not add webhooks to manager: %s", err)
}

if err := mgr.Start(ctx); err != nil {
return fmt.Errorf("error running manager: %s", err)
}
Expand Down
55 changes: 45 additions & 10 deletions cmd/gardener-extension-shoot-cert-service/app/options.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ import (

controllercmd "github.com/gardener/gardener/extensions/pkg/controller/cmd"
heartbeatcmd "github.com/gardener/gardener/extensions/pkg/controller/heartbeat/cmd"
extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
extensionscmdwebhook "github.com/gardener/gardener/extensions/pkg/webhook/cmd"

certificateservicecmd "github.com/gardener/gardener-extension-shoot-cert-service/pkg/cmd"
)
Expand All @@ -18,20 +20,28 @@ const ExtensionName = "extension-shoot-cert-service"

// Options holds configuration passed to the Certificate Service controller.
type Options struct {
generalOptions *controllercmd.GeneralOptions
certOptions *certificateservicecmd.CertificateServiceOptions
restOptions *controllercmd.RESTOptions
managerOptions *controllercmd.ManagerOptions
controllerOptions *controllercmd.ControllerOptions
healthOptions *controllercmd.ControllerOptions
heartbeatOptions *heartbeatcmd.Options
controllerSwitches *controllercmd.SwitchOptions
reconcileOptions *controllercmd.ReconcilerOptions
optionAggregator controllercmd.OptionAggregator
generalOptions *controllercmd.GeneralOptions
certOptions *certificateservicecmd.CertificateServiceOptions
restOptions *controllercmd.RESTOptions
managerOptions *controllercmd.ManagerOptions
controllerOptions *controllercmd.ControllerOptions
healthOptions *controllercmd.ControllerOptions
heartbeatOptions *heartbeatcmd.Options
gardenControllerOptions *controllercmd.ControllerOptions
certificateControllerOptions *controllercmd.ControllerOptions
controllerSwitches *controllercmd.SwitchOptions
reconcileOptions *controllercmd.ReconcilerOptions
optionAggregator controllercmd.OptionAggregator
webhookOptions *extensionscmdwebhook.AddToManagerOptions
}

// NewOptions creates a new Options instance.
func NewOptions() *Options {
mode, url := extensionswebhook.ModeService, os.Getenv("WEBHOOK_URL")
if v := os.Getenv("WEBHOOK_MODE"); v != "" {
mode = v
}

options := &Options{
generalOptions: &controllercmd.GeneralOptions{},
certOptions: &certificateservicecmd.CertificateServiceOptions{},
Expand All @@ -41,6 +51,9 @@ func NewOptions() *Options {
LeaderElection: true,
LeaderElectionID: controllercmd.LeaderElectionNameID(ExtensionName),
LeaderElectionNamespace: os.Getenv("LEADER_ELECTION_NAMESPACE"),

// These are default values.
WebhookServerPort: 10250,
},
controllerOptions: &controllercmd.ControllerOptions{
// This is a default value.
Expand All @@ -50,6 +63,14 @@ func NewOptions() *Options {
// This is a default value.
MaxConcurrentReconciles: 5,
},
gardenControllerOptions: &controllercmd.ControllerOptions{
// This is a default value.
MaxConcurrentReconciles: 1,
},
certificateControllerOptions: &controllercmd.ControllerOptions{
// This is a default value.
MaxConcurrentReconciles: 1,
},
heartbeatOptions: &heartbeatcmd.Options{
// This is a default value.
ExtensionName: ExtensionName,
Expand All @@ -58,6 +79,17 @@ func NewOptions() *Options {
},
controllerSwitches: certificateservicecmd.ControllerSwitches(),
reconcileOptions: &controllercmd.ReconcilerOptions{},
webhookOptions: extensionscmdwebhook.NewAddToManagerOptions(
"shoot-cert-service",
"",
nil,
&extensionscmdwebhook.ServerOptions{
Mode: mode,
URL: url,
ServicePort: 443,
Namespace: "garden",
},
certificateservicecmd.WebhookSwitches()),
}

options.optionAggregator = controllercmd.NewOptionAggregator(
Expand All @@ -68,8 +100,11 @@ func NewOptions() *Options {
options.certOptions,
controllercmd.PrefixOption("healthcheck-", options.healthOptions),
controllercmd.PrefixOption("heartbeat-", options.heartbeatOptions),
controllercmd.PrefixOption("garden-", options.gardenControllerOptions),
controllercmd.PrefixOption("certificate-", options.certificateControllerOptions),
options.controllerSwitches,
options.reconcileOptions,
options.webhookOptions,
)

return options
Expand Down
2 changes: 1 addition & 1 deletion example/controller-registration.yaml
View file

Large diffs are not rendered by default.

51 changes: 49 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ require (
github.com/spf13/pflag v1.0.5
go.uber.org/mock v0.5.0
golang.org/x/tools v0.28.0
gomodules.xyz/jsonpatch/v2 v2.4.0
k8s.io/api v0.31.3
k8s.io/apimachinery v0.31.3
k8s.io/client-go v0.31.3
Expand All @@ -26,57 +27,80 @@ require (

require (
dario.cat/mergo v1.0.1 // indirect
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
github.com/BurntSushi/toml v1.4.0 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.3.1 // indirect
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9 // indirect
github.com/andybalholm/brotli v1.1.1 // indirect
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cert-manager/cert-manager v1.16.2 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
github.com/cyphar/filepath-securejoin v0.3.4 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/dgryski/go-jump v0.0.0-20211018200510-ba001c3ffce0 // indirect
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/fatih/color v1.18.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fluent/fluent-operator/v2 v2.9.0 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/gardener/controller-manager-library v0.2.1-0.20241104074533-80cbeddadabc // indirect
github.com/gardener/dependency-watchdog v1.3.0 // indirect
github.com/gardener/etcd-druid v0.25.0 // indirect
github.com/gardener/external-dns-management v0.22.1 // indirect
github.com/gardener/machine-controller-manager v0.55.1 // indirect
github.com/go-acme/lego/v4 v4.20.4 // indirect
github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
github.com/go-kit/log v0.2.1 // indirect
github.com/go-ldap/ldap/v3 v3.4.8 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-logr/zapr v1.3.0 // indirect
github.com/go-openapi/errors v0.20.4 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/go-test/deep v1.1.0 // indirect
github.com/gobuffalo/flect v1.0.3 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/cel-go v0.20.1 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/gorilla/websocket v1.5.1 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/ironcore-dev/vgopath v0.1.5 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/jpillora/backoff v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.17.9 // indirect
github.com/kubernetes-csi/external-snapshotter/client/v4 v4.2.0 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/miekg/dns v1.1.62 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
Expand All @@ -85,27 +109,42 @@ require (
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.78.2 // indirect
github.com/prometheus/blackbox_exporter v0.25.0 // indirect
github.com/prometheus/client_golang v1.20.5 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.61.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/robfig/cron v1.2.0 // indirect
github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/shopspring/decimal v1.4.0 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.7.0 // indirect
github.com/spf13/viper v1.19.0 // indirect
github.com/stoewer/go-strcase v1.3.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
go.opentelemetry.io/otel v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 // indirect
go.opentelemetry.io/otel/metric v1.29.0 // indirect
go.opentelemetry.io/otel/sdk v1.29.0 // indirect
go.opentelemetry.io/otel/trace v1.29.0 // indirect
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/crypto v0.30.0 // indirect
Expand All @@ -118,9 +157,11 @@ require (
golang.org/x/term v0.27.0 // indirect
golang.org/x/text v0.21.0 // indirect
golang.org/x/time v0.8.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
google.golang.org/grpc v1.67.1 // indirect
google.golang.org/protobuf v1.35.2 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
Expand All @@ -139,11 +180,17 @@ require (
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-aggregator v0.31.3 // indirect
k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect
k8s.io/kube-state-metrics/v2 v2.13.0 // indirect
k8s.io/kubelet v0.31.3 // indirect
k8s.io/metrics v0.31.3 // indirect
k8s.io/pod-security-admission v0.31.3 // indirect
k8s.io/sample-controller v0.30.3 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20231015215740-bf15e44028f9 // indirect
sigs.k8s.io/controller-tools v0.16.5 // indirect
sigs.k8s.io/gateway-api v1.2.0 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
software.sslmate.com/src/go-pkcs12 v0.5.0 // indirect
)
Loading

0 comments on commit ab4b859

Please sign in to comment.