Add secret reconciling support (#58 embeded)

deploy/0.prepare-certificates.yaml

@@ -9,6 +9,7 @@ spec:
   selfSigned: {}
 
 ---
+
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -25,7 +26,9 @@ spec:
     name: selfsigned-issuer
     kind: ClusterIssuer
     group: cert-manager.io
+
 ---
+
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
@@ -36,6 +39,7 @@ spec:
     secretName: root-secret
 
 ---
+
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:

internal/controllers/httproute_controller.go

@@ -22,9 +22,9 @@ import (
 	"time"
 
 	"github.com/f5devcentral/bigip-kubernetes-gateway/internal/pkg"
-	"github.com/google/uuid"
 	"github.com/f5devcentral/f5-bigip-rest-go/deployer"
 	"github.com/f5devcentral/f5-bigip-rest-go/utils"
+	"github.com/google/uuid"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -78,7 +78,7 @@ func (r *HttpRouteReconciler) GetResObject() client.Object {
 
 func handleDeletingHTTPRoute(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	hr := pkg.ActiveSIGs.GetHTTPRoute(req.NamespacedName.String())
-	gws := pkg.ActiveSIGs.GatewayRefsOf(hr)
+	gws := pkg.ActiveSIGs.GatewayRefsOfHR(hr)
 	drs := map[string]*deployer.DeployRequest{}
 	for _, gw := range gws {
 		if _, f := drs[string(gw.Spec.GatewayClassName)]; !f {
@@ -150,7 +150,7 @@ func handleUpsertingHTTPRoute(ctx context.Context, obj *gatewayv1beta1.HTTPRoute
 	slog.Debugf("upserting " + reqnsn)
 
 	hr := pkg.ActiveSIGs.GetHTTPRoute(reqnsn)
-	gws := pkg.ActiveSIGs.GatewayRefsOf(hr)
+	gws := pkg.ActiveSIGs.GatewayRefsOfHR(hr)
 	drs := map[string]*deployer.DeployRequest{}
 
 	for _, gw := range gws {
@@ -182,7 +182,7 @@ func handleUpsertingHTTPRoute(ctx context.Context, obj *gatewayv1beta1.HTTPRoute
 
 	// We still need to consider gateways that were previously associated but are no longer associated,
 	// Or the previously associated gateways may be recognized as resource deletions.
-	gws = unifiedGateways(append(gws, pkg.ActiveSIGs.GatewayRefsOf(obj.DeepCopy())...))
+	gws = pkg.UnifiedGateways(append(gws, pkg.ActiveSIGs.GatewayRefsOfHR(obj.DeepCopy())...))
 
 	for _, gw := range gws {
 		if _, f := drs[string(gw.Spec.GatewayClassName)]; !f {
@@ -219,18 +219,3 @@ func handleUpsertingHTTPRoute(ctx context.Context, obj *gatewayv1beta1.HTTPRoute
 
 	return ctrl.Result{}, nil
 }
-
-func unifiedGateways(objs []*gatewayv1beta1.Gateway) []*gatewayv1beta1.Gateway {
-
-	m := map[string]bool{}
-	rlt := []*gatewayv1beta1.Gateway{}
-
-	for _, obj := range objs {
-		name := utils.Keyname(obj.Namespace, obj.Name)
-		if _, f := m[name]; !f {
-			m[name] = true
-			rlt = append(rlt, obj)
-		}
-	}
-	return rlt
-}

internal/controllers/referencegrant_controller.go

@@ -18,11 +18,12 @@ package controllers
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	"github.com/f5devcentral/bigip-kubernetes-gateway/internal/pkg"
-	"github.com/google/uuid"
 	"github.com/f5devcentral/f5-bigip-rest-go/utils"
+	"github.com/google/uuid"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gatewayv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
@@ -44,23 +45,42 @@ func (r *ReferenceGrantReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		return ctrl.Result{Requeue: true}, nil
 	}
 
+	keyname := req.NamespacedName.String()
 	lctx := context.WithValue(ctx, utils.CtxKey_Logger, utils.NewLog().WithRequestID(uuid.New().String()).WithLevel(r.LogLevel))
 	slog := utils.LogFromContext(lctx)
 
 	var obj gatewayv1beta1.ReferenceGrant
 	slog.Infof("referencegrant event: %s", req.NamespacedName)
-	// TODO: update resources mappings since grant items are changed.
 	if err := r.Client.Get(ctx, req.NamespacedName, &obj); err != nil {
 		if client.IgnoreNotFound(err) == nil {
 			// delete resources
-			pkg.ActiveSIGs.UnsetReferenceGrant(req.NamespacedName.String())
-			return ctrl.Result{}, nil
+			rg := pkg.ActiveSIGs.GetReferenceGrant(keyname)
+			classNames := pkg.ActiveSIGs.RGImpactedGatewayClasses(rg)
+			if err := pkg.DeployForEvent(lctx, classNames, func() string {
+				pkg.ActiveSIGs.UnsetReferenceGrant(keyname)
+				return fmt.Sprintf("deleting referencegrant %s", keyname)
+			}); err != nil {
+				return ctrl.Result{}, err
+			} else {
+				return ctrl.Result{}, nil
+			}
 		} else {
 			return ctrl.Result{}, err
 		}
 	} else {
 		// upsert resources
-		pkg.ActiveSIGs.SetReferenceGrant(obj.DeepCopy())
-		return ctrl.Result{}, nil
+		org := pkg.ActiveSIGs.GetReferenceGrant(keyname)
+		nrg := obj.DeepCopy()
+		ocls := pkg.ActiveSIGs.RGImpactedGatewayClasses(org)
+		ncls := pkg.ActiveSIGs.RGImpactedGatewayClasses(nrg)
+		clss := utils.Unified(append(ocls, ncls...))
+		if err := pkg.DeployForEvent(lctx, clss, func() string {
+			pkg.ActiveSIGs.SetReferenceGrant(nrg)
+			return fmt.Sprintf("upserting referencegrant %s", keyname)
+		}); err != nil {
+			return ctrl.Result{}, nil
+		} else {
+			return ctrl.Result{}, err
+		}
 	}
 }

internal/controllers/secret_controller.go

@@ -18,11 +18,12 @@ package controllers
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	"github.com/f5devcentral/bigip-kubernetes-gateway/internal/pkg"
-	"github.com/google/uuid"
 	"github.com/f5devcentral/f5-bigip-rest-go/utils"
+	"github.com/google/uuid"
 	v1 "k8s.io/api/core/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -48,17 +49,51 @@ func (r *SecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	slog := utils.LogFromContext(lctx)
 
 	var obj v1.Secret
-	slog.Infof("serect event: %s", req.NamespacedName)
+	slog.Infof("secret event: %s", req.NamespacedName)
 
 	if err := r.Client.Get(ctx, req.NamespacedName, &obj); err != nil {
-		if client.IgnoreNotFound(err) != nil {
+		if client.IgnoreNotFound(err) == nil {
+			// delete
+			scrt := pkg.ActiveSIGs.GetSecret(req.NamespacedName.String())
+			gws, err := pkg.ActiveSIGs.GatewayRefsOfSecret(scrt)
+			if err == nil {
+				names := []string{}
+				for _, gw := range gws {
+					names = append(names, utils.Keyname(gw.Namespace, gw.Name))
+				}
+				if len(names) > 0 {
+					slog.Warnf("there are still gateways referring to secret '%s': %s "+
+						"-- they are not impacted, however, next deployments would fail "+
+						"because of missing the secret", req.NamespacedName, names)
+				}
+			}
+
+			pkg.ActiveSIGs.UnsetSerect(req.NamespacedName.String())
+			return ctrl.Result{}, err
+		} else {
+			return ctrl.Result{}, err
+		}
+	} else {
+		// upsert
+		scrt := obj.DeepCopy()
+		gws, err := pkg.ActiveSIGs.GatewayRefsOfSecret(scrt)
+		if err != nil {
+			pkg.ActiveSIGs.SetSecret(obj.DeepCopy())
 			return ctrl.Result{}, err
 		}
-		// Can not find Sercet, remove it from the local cache
-		pkg.ActiveSIGs.UnsetSerect(req.NamespacedName.String())
+		cls := []string{}
+		for _, gw := range gws {
+			cls = append(cls, string(gw.Spec.GatewayClassName))
+		}
+
+		apply := func() string {
+			pkg.ActiveSIGs.SetSecret(obj.DeepCopy())
+			return fmt.Sprintf("upserting secret %s", req.NamespacedName.String())
+		}
+		if err := pkg.DeployForEvent(lctx, cls, apply); err != nil {
+			return ctrl.Result{}, err
+		}
+
 		return ctrl.Result{}, nil
 	}
-	// Find Secret, add it to the local cache.
-	pkg.ActiveSIGs.SetSecret(obj.DeepCopy())
-	return ctrl.Result{}, nil
 }

internal/controllers/v1_controller.go

@@ -23,9 +23,9 @@ import (
 
 	"github.com/f5devcentral/bigip-kubernetes-gateway/internal/k8s"
 	"github.com/f5devcentral/bigip-kubernetes-gateway/internal/pkg"
-	"github.com/google/uuid"
 	"github.com/f5devcentral/f5-bigip-rest-go/deployer"
 	"github.com/f5devcentral/f5-bigip-rest-go/utils"
+	"github.com/google/uuid"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -99,8 +99,9 @@ func (r *EndpointsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 			return ctrl.Result{}, err
 		}
 	} else {
-		defer pkg.ActiveSIGs.SetEndpoints(&obj)
-		return handleUpsertingEndpoints(lctx, &obj)
+		eps := obj.DeepCopy()
+		defer pkg.ActiveSIGs.SetEndpoints(eps)
+		return handleUpsertingEndpoints(lctx, eps)
 	}
 }
 
@@ -121,8 +122,9 @@ func (r *ServiceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 			return ctrl.Result{}, err
 		}
 	} else {
-		defer pkg.ActiveSIGs.SetService(&obj)
-		return handleUpsertingService(lctx, &obj)
+		svc := obj.DeepCopy()
+		defer pkg.ActiveSIGs.SetService(svc)
+		return handleUpsertingService(lctx, svc)
 	}
 }