-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use auto-generated client code to communicate with API server #2007
Conversation
a677fb7
to
62cf3a2
Compare
217fcb3
to
0bdbe96
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks good, 2 comments inline.
|
||
// ParseToCiliumRule returns an api.Rule with all the labels parsed into cilium | ||
// labels. | ||
func ParseToCiliumRule(namespace, name string, r *api.Rule) *api.Rule { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this function tested anywhere? There is a lot of logic there, would be nice if at least some paths were tested.
|
||
// NewForConfigOrDie creates a new CiliumV1Client for the given config and | ||
// panics if there is an error in the config. | ||
func NewForConfigOrDie(c *rest.Config) *CiliumV1Client { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this function used anywhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note to reviewers: the code under pkg/k8s/client was autogenerated.
:-)
|
||
var ( | ||
// log is the k8s package logger object. | ||
log = logrus.WithField(logfields.LogSubsys, subsysK8s) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be the only usage of this, there is not much point for a const. I would just encode it here. The comment is not even needed then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've noticed at the end of my changes that I'm using subsysK8s = "k8s"
for both version. What if I would create a log package in k8s/log
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we gaining anything from a separate package? This string is never going to change again.
} | ||
|
||
var ( | ||
SchemeBuilder runtime.SchemeBuilder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add comments to variables needed by the auto generated code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
|
||
log.Info("Creating v1.CiliumNetworkPolicy ThirdPartyResource") | ||
// wait for TPR being established | ||
err = wait.Poll(500*time.Millisecond, 60*time.Second, func() (bool, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is 1 minute enough? Why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be, in here, we have the k8s client already set up so if we take more than 1 minute to install the TPR rule something is wrong. Don't you agree?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the Get subject to a different timeout than the Create? I'm assuming both are subject to communication with the API server. Why does the get require a separate timeout?
// is to check if the return error was or not nil | ||
return true, nil | ||
}) | ||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When is err != nil
? Do we need to inform the user or stop the agent?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The error comes from line 102. And is returned to the caller of this function which is currently stopping the agent because we can't run cilium without installing the TPR to listen for CNP on k8s < 1.7
|
||
var ( | ||
// log is the k8s package logger object. | ||
log = logrus.WithField(logfields.LogSubsys, subsysK8s) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Answered
daemon/k8s_watcher.go
Outdated
|
||
stopCiliumRulesController := make(chan struct{}) | ||
go ciliumRulesController.Run(stopCiliumRulesController) | ||
si := informer.NewSharedInformerFactory(ciliumNPClient, reSyncPeriod) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
daemon/k8s_watcher.go
Outdated
go ciliumRulesController.Run(stopCiliumRulesController) | ||
si := informer.NewSharedInformerFactory(ciliumNPClient, reSyncPeriod) | ||
|
||
createHandlerStore := func(si informer.SharedInformerFactory, version int) (cnpStore cache.Store) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this an inline func?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had restructured the code differently and before I needed the inline func. I've remove it.
daemon/k8s_watcher.go
Outdated
if err != nil { | ||
if err == nil { | ||
if len(rules) > 0 { | ||
// All rules were stored with the same labels so there's no need |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand this comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// On a CNP, the transformed rule is stored in the local repository
// with a set of labels. On a CNP with multiple rules all rules are
// stored in the local repository with the same set of labels.
// Therefore the deletion on the local repository can be done with
// the set of labels of the first rule.
better?
daemon/k8s_watcher.go
Outdated
return | ||
} | ||
|
||
// Since we are updating the status map from all nodes we need to prevent |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume this comment means that we want to ignore updates if no spec change has occured
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Ignore updates of the spec remains unchanged.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if
- Moved common code to utils.go Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: André Martins <andre@cilium.io>
After creating DeepCopy methods, it is necessary to create a event handler for each cilium version type in kubernetes watcher. That lead to use the auto-generated clientset in order to talk with the kube-apiserver. Since kubernetes client-go was updated, the watcher doesn't stop receiving events after receiving a bad policy, but still prints the error messages AND the watcher only continues to work after the bad policy is removed from the kube-apiserver. Unfortunately the splitage of cilium network policies into 2 different and dedicated version lead to some code duplication. Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: André Martins <andre@cilium.io>
0bdbe96
to
df4601b
Compare
) | ||
|
||
// FakeCiliumNetworkPolicies implements CiliumNetworkPolicyInterface | ||
type FakeCiliumNetworkPolicies struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type name will be used as fake.FakeCiliumNetworkPolicies by other packages, and that stutters; consider calling this CiliumNetworkPolicies
|
||
package v2 | ||
|
||
type CiliumNetworkPolicyExpansion interface{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported type CiliumNetworkPolicyExpansion should have comment or be unexported
// ThirdPartyResourceGroup is the name of the third party resource group | ||
ThirdPartyResourceGroup = k8sconst.GroupName | ||
|
||
// CustomResourceDefinitionVersion is the current version of the resource |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comment on exported const ThirdPartyResourceVersion should be of the form "ThirdPartyResourceVersion ..."
func (in *CiliumNetworkPolicyList) DeepCopyObject() runtime.Object { | ||
if c := in.DeepCopy(); c != nil { | ||
return c | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
func (in *CiliumNetworkPolicy) DeepCopyObject() runtime.Object { | ||
if c := in.DeepCopy(); c != nil { | ||
return c | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
) | ||
|
||
var Scheme = runtime.NewScheme() | ||
var Codecs = serializer.NewCodecFactory(Scheme) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported var Codecs should have comment or be unexported
serializer "k8s.io/apimachinery/pkg/runtime/serializer" | ||
) | ||
|
||
var Scheme = runtime.NewScheme() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported var Scheme should have comment or be unexported
|
||
// This package is generated by client-gen with custom arguments. | ||
|
||
// This package has the automatically generated typed clients. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package comment should be of the form "Package v1 ..."
) | ||
|
||
// FakeCiliumNetworkPolicies implements CiliumNetworkPolicyInterface | ||
type FakeCiliumNetworkPolicies struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type name will be used as fake.FakeCiliumNetworkPolicies by other packages, and that stutters; consider calling this CiliumNetworkPolicies
*testing.Fake | ||
} | ||
|
||
func (c *FakeCiliumV1) CiliumNetworkPolicies(namespace string) v1.CiliumNetworkPolicyInterface { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported method FakeCiliumV1.CiliumNetworkPolicies should have comment or be unexported
) | ||
|
||
// FakeCiliumNetworkPolicies implements CiliumNetworkPolicyInterface | ||
type FakeCiliumNetworkPolicies struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type name will be used as fake.FakeCiliumNetworkPolicies by other packages, and that stutters; consider calling this CiliumNetworkPolicies
|
||
package v2 | ||
|
||
type CiliumNetworkPolicyExpansion interface{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported type CiliumNetworkPolicyExpansion should have comment or be unexported
// ThirdPartyResourceGroup is the name of the third party resource group | ||
ThirdPartyResourceGroup = k8sconst.GroupName | ||
|
||
// CustomResourceDefinitionVersion is the current version of the resource |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comment on exported const ThirdPartyResourceVersion should be of the form "ThirdPartyResourceVersion ..."
func (in *CiliumNetworkPolicyList) DeepCopyObject() runtime.Object { | ||
if c := in.DeepCopy(); c != nil { | ||
return c | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
func (in *CiliumNetworkPolicy) DeepCopyObject() runtime.Object { | ||
if c := in.DeepCopy(); c != nil { | ||
return c | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if block ends with a return statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary)
) | ||
|
||
var Scheme = runtime.NewScheme() | ||
var Codecs = serializer.NewCodecFactory(Scheme) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported var Codecs should have comment or be unexported
serializer "k8s.io/apimachinery/pkg/runtime/serializer" | ||
) | ||
|
||
var Scheme = runtime.NewScheme() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported var Scheme should have comment or be unexported
|
||
// This package is generated by client-gen with custom arguments. | ||
|
||
// This package has the automatically generated typed clients. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package comment should be of the form "Package v1 ..."
) | ||
|
||
// FakeCiliumNetworkPolicies implements CiliumNetworkPolicyInterface | ||
type FakeCiliumNetworkPolicies struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type name will be used as fake.FakeCiliumNetworkPolicies by other packages, and that stutters; consider calling this CiliumNetworkPolicies
*testing.Fake | ||
} | ||
|
||
func (c *FakeCiliumV1) CiliumNetworkPolicies(namespace string) v1.CiliumNetworkPolicyInterface { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported method FakeCiliumV1.CiliumNetworkPolicies should have comment or be unexported
This PR moves the TPR code to the v1 package, allowing us to have a package for each type of cilium network policy.
Note to reviewers: the code under
pkg/k8s/client
was autogenerated.