Use auto-generated client code to communicate with API server #2007
Conversation
aanm
force-pushed
the
moving-tpr-to-v1
branch
from
a677fb7
to
62cf3a2
Compare
aanm
force-pushed
the
moving-tpr-to-v1
branch
4 times, most recently
from
217fcb3
to
0bdbe96
Compare
aanm
added
sig/k8s
|
|
||
| // ParseToCiliumRule returns an api.Rule with all the labels parsed into cilium | ||
| // labels. | ||
| func ParseToCiliumRule(namespace, name string, r *api.Rule) *api.Rule { |
There was a problem hiding this comment.
Is this function tested anywhere? There is a lot of logic there, would be nice if at least some paths were tested.
|
|
||
| // NewForConfigOrDie creates a new CiliumV1Client for the given config and | ||
| // panics if there is an error in the config. | ||
| func NewForConfigOrDie(c *rest.Config) *CiliumV1Client { |
There was a problem hiding this comment.
Note to reviewers: the code under pkg/k8s/client was autogenerated.
:-)
|
|
||
| var ( | ||
| // log is the k8s package logger object. | ||
| log = logrus.WithField(logfields.LogSubsys, subsysK8s) |
There was a problem hiding this comment.
This seems to be the only usage of this, there is not much point for a const. I would just encode it here. The comment is not even needed then.
There was a problem hiding this comment.
I've noticed at the end of my changes that I'm using subsysK8s = "k8s" for both version. What if I would create a log package in k8s/log?
There was a problem hiding this comment.
Are we gaining anything from a separate package? This string is never going to change again.
| } | ||
|
|
||
| var ( | ||
| SchemeBuilder runtime.SchemeBuilder |
There was a problem hiding this comment.
Please add comments to variables needed by the auto generated code
|
|
||
| log.Info("Creating v1.CiliumNetworkPolicy ThirdPartyResource") | ||
| // wait for TPR being established | ||
| err = wait.Poll(500*time.Millisecond, 60*time.Second, func() (bool, error) { |
There was a problem hiding this comment.
It should be, in here, we have the k8s client already set up so if we take more than 1 minute to install the TPR rule something is wrong. Don't you agree?
There was a problem hiding this comment.
Is the Get subject to a different timeout than the Create? I'm assuming both are subject to communication with the API server. Why does the get require a separate timeout?
| // is to check if the return error was or not nil | ||
| return true, nil | ||
| }) | ||
| if err != nil { |
There was a problem hiding this comment.
When is err != nil? Do we need to inform the user or stop the agent?
There was a problem hiding this comment.
The error comes from line 102. And is returned to the caller of this function which is currently stopping the agent because we can't run cilium without installing the TPR to listen for CNP on k8s < 1.7
|
|
||
| var ( | ||
| // log is the k8s package logger object. | ||
| log = logrus.WithField(logfields.LogSubsys, subsysK8s) |
daemon/k8s_watcher.go
Outdated
|
|
||
| stopCiliumRulesController := make(chan struct{}) | ||
| go ciliumRulesController.Run(stopCiliumRulesController) | ||
| si := informer.NewSharedInformerFactory(ciliumNPClient, reSyncPeriod) |
daemon/k8s_watcher.go
Outdated
| go ciliumRulesController.Run(stopCiliumRulesController) | ||
| si := informer.NewSharedInformerFactory(ciliumNPClient, reSyncPeriod) | ||
|
|
||
| createHandlerStore := func(si informer.SharedInformerFactory, version int) (cnpStore cache.Store) { |
There was a problem hiding this comment.
I had restructured the code differently and before I needed the inline func. I've remove it.
daemon/k8s_watcher.go
Outdated
| if err != nil { | ||
| if err == nil { | ||
| if len(rules) > 0 { | ||
| // All rules were stored with the same labels so there's no need |
There was a problem hiding this comment.
// On a CNP, the transformed rule is stored in the local repository
// with a set of labels. On a CNP with multiple rules all rules are
// stored in the local repository with the same set of labels.
// Therefore the deletion on the local repository can be done with
// the set of labels of the first rule.
better?
daemon/k8s_watcher.go
Outdated
| return | ||
| } | ||
|
|
||
| // Since we are updating the status map from all nodes we need to prevent |
There was a problem hiding this comment.
I assume this comment means that we want to ignore updates if no spec change has occured
There was a problem hiding this comment.
// Ignore updates of the spec remains unchanged.
tgraf
changed the title
- Moved common code to utils.go Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: André Martins <andre@cilium.io>
After creating DeepCopy methods, it is necessary to create a event handler for each cilium version type in kubernetes watcher. That lead to use the auto-generated clientset in order to talk with the kube-apiserver. Since kubernetes client-go was updated, the watcher doesn't stop receiving events after receiving a bad policy, but still prints the error messages AND the watcher only continues to work after the bad policy is removed from the kube-apiserver. Unfortunately the splitage of cilium network policies into 2 different and dedicated version lead to some code duplication. Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: André Martins <andre@cilium.io>
aanm
force-pushed
the
moving-tpr-to-v1
branch
from
0bdbe96
to
df4601b
Compare
| ) | ||
|
|
||
| // FakeCiliumNetworkPolicies implements CiliumNetworkPolicyInterface | ||
| type FakeCiliumNetworkPolicies struct { |
There was a problem hiding this comment.
type name will be used as fake.FakeCiliumNetworkPolicies by other packages, and that stutters; consider calling this CiliumNetworkPolicies
|
|
||
| package v2 | ||
|
|
||
| type CiliumNetworkPolicyExpansion interface{} |
There was a problem hiding this comment.
exported type CiliumNetworkPolicyExpansion should have comment or be unexported
| // ThirdPartyResourceGroup is the name of the third party resource group | ||
| ThirdPartyResourceGroup = k8sconst.GroupName | ||
|
|
||
| // CustomResourceDefinitionVersion is the current version of the resource |
There was a problem hiding this comment.
comment on exported const ThirdPartyResourceVersion should be of the form "ThirdPartyResourceVersion ..."
| func (in *CiliumNetworkPolicyList) DeepCopyObject() runtime.Object { | ||
| if c := in.DeepCopy(); c != nil { | ||
| return c | ||
| } else { |
There was a problem hiding this comment.
if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
| func (in *CiliumNetworkPolicy) DeepCopyObject() runtime.Object { | ||
| if c := in.DeepCopy(); c != nil { | ||
| return c | ||
| } else { |
There was a problem hiding this comment.
if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
| ) | ||
|
|
||
| var Scheme = runtime.NewScheme() | ||
| var Codecs = serializer.NewCodecFactory(Scheme) |
There was a problem hiding this comment.
exported var Codecs should have comment or be unexported
| serializer "k8s.io/apimachinery/pkg/runtime/serializer" | ||
| ) | ||
|
|
||
| var Scheme = runtime.NewScheme() |
There was a problem hiding this comment.
exported var Scheme should have comment or be unexported
|
|
||
| // This package is generated by client-gen with custom arguments. | ||
|
|
||
| // This package has the automatically generated typed clients. |
There was a problem hiding this comment.
package comment should be of the form "Package v1 ..."
| ) | ||
|
|
||
| // FakeCiliumNetworkPolicies implements CiliumNetworkPolicyInterface | ||
| type FakeCiliumNetworkPolicies struct { |
There was a problem hiding this comment.
type name will be used as fake.FakeCiliumNetworkPolicies by other packages, and that stutters; consider calling this CiliumNetworkPolicies
| *testing.Fake | ||
| } | ||
|
|
||
| func (c *FakeCiliumV1) CiliumNetworkPolicies(namespace string) v1.CiliumNetworkPolicyInterface { |
There was a problem hiding this comment.
exported method FakeCiliumV1.CiliumNetworkPolicies should have comment or be unexported
| ) | ||
|
|
||
| // FakeCiliumNetworkPolicies implements CiliumNetworkPolicyInterface | ||
| type FakeCiliumNetworkPolicies struct { |
There was a problem hiding this comment.
type name will be used as fake.FakeCiliumNetworkPolicies by other packages, and that stutters; consider calling this CiliumNetworkPolicies
|
|
||
| package v2 | ||
|
|
||
| type CiliumNetworkPolicyExpansion interface{} |
There was a problem hiding this comment.
exported type CiliumNetworkPolicyExpansion should have comment or be unexported
| // ThirdPartyResourceGroup is the name of the third party resource group | ||
| ThirdPartyResourceGroup = k8sconst.GroupName | ||
|
|
||
| // CustomResourceDefinitionVersion is the current version of the resource |
There was a problem hiding this comment.
comment on exported const ThirdPartyResourceVersion should be of the form "ThirdPartyResourceVersion ..."
| func (in *CiliumNetworkPolicyList) DeepCopyObject() runtime.Object { | ||
| if c := in.DeepCopy(); c != nil { | ||
| return c | ||
| } else { |
There was a problem hiding this comment.
if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
| func (in *CiliumNetworkPolicy) DeepCopyObject() runtime.Object { | ||
| if c := in.DeepCopy(); c != nil { | ||
| return c | ||
| } else { |
There was a problem hiding this comment.
if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
| ) | ||
|
|
||
| var Scheme = runtime.NewScheme() | ||
| var Codecs = serializer.NewCodecFactory(Scheme) |
There was a problem hiding this comment.
exported var Codecs should have comment or be unexported
| serializer "k8s.io/apimachinery/pkg/runtime/serializer" | ||
| ) | ||
|
|
||
| var Scheme = runtime.NewScheme() |
There was a problem hiding this comment.
exported var Scheme should have comment or be unexported
|
|
||
| // This package is generated by client-gen with custom arguments. | ||
|
|
||
| // This package has the automatically generated typed clients. |
There was a problem hiding this comment.
package comment should be of the form "Package v1 ..."
| ) | ||
|
|
||
| // FakeCiliumNetworkPolicies implements CiliumNetworkPolicyInterface | ||
| type FakeCiliumNetworkPolicies struct { |
There was a problem hiding this comment.
type name will be used as fake.FakeCiliumNetworkPolicies by other packages, and that stutters; consider calling this CiliumNetworkPolicies
| *testing.Fake | ||
| } | ||
|
|
||
| func (c *FakeCiliumV1) CiliumNetworkPolicies(namespace string) v1.CiliumNetworkPolicyInterface { |
There was a problem hiding this comment.
exported method FakeCiliumV1.CiliumNetworkPolicies should have comment or be unexported
This PR moves the TPR code to the v1 package, allowing us to have a package for each type of cilium network policy.
Note to reviewers: the code under
pkg/k8s/clientwas autogenerated.