Verify that cert manager is installed

[ANeumann82]

What this PR does / why we need it:

• Verify that cert manager is installed before installing with web hook
• Add code to allow pre-checks before starting any installation

Fixes #1130

[ANeumann82]

Draft because still missing some more tests

[kensipe]

commits not signed off

[ANeumann82]

@kensipe Could you please review again?

[gerred]

@kensipe Will you take a deep pass here? There's a few things that I think we should talk about in line with standard code review comments / Brian Ketelsen (as Ashley MacNamara ;)) things here like "New". I think where you're going is good @ANeumann82 for validating the cert manager and adding preflight checks, but we just all need to get on the same page for styling.

Additionally, instead of having Description, I recommend embedding the Stringer interface. You can replace Description() string with Stringer and embed the interface and get a lot more power.

[kensipe]

1. Description should NOT be used for something that is well defined in Go . (which is the Stringer interface)
2. in crds.go, there is a NewInitializer func and an Initializer struct with associated methods... I'm not convinced we should have these as outlined in inlined comments.. however if we are to continue on this path it seems more go like to have a package named initializer with a func that is New() resulting in calling code calling initializer.New() to communicate the full message. This also encapsulates the init struct behavior.

There seems to be a lot of code that is written in another style (perhaps Java). with lots of structure. Perhaps we could pair on this?

[kensipe]

totally agree this should be Stringer interface...

I'm not exactly sure how we got to the "Initializerstruct in the first place. TheInitStepalso feels completely off. An interface would be something you would use more than once and would be reduced in size. If this was aStepI might be able to see it... but anInitStep`. How many and how many kinds of InitSteps are expected?

[kensipe]

I would encourage adding in the needed "Verify that cert manager is installed before installing with web hook" without a complete debatable restructuring of all things init.

[ANeumann82]

Are you generally opposed to refactoring the init code, or just in the context of adding this feature?

Some thoughts on the structure (which I hope is generally not a bad thing, it is a bit much though, I agree on that)

• There are multiple init steps:
  • CRDs
  • PreReqNamespace
  • PreReqServiceAccount & RoleBinding
  • PreReqWebHook
  • Manager

Each of these Steps should be able to:

• Verify that it is correctly installed ( or is outdated, looking at the KUDO upgrade)
• Check that it can be installed (i.e. webhook needs cert-manager)
  • Some of the checks here are only warnings, as we can't fully validate the prerequisite, for example the cert-manager may run in a different namespace.
• Install (or upgrade from the existing state)
• Output/Return the installed resources as YAML

The Initializer should actually be the only interface there. The InitStep inside the prereqs is kind of duplicated and does the same thing, and should be flattened into the list from above.

With regards to the Result: I totally agree that copying the code is a bad thing(TM), although I have no idea to make it reusable without generics. But i'm very open to have a different pattern here.

Stringer interface makes a lot of sense, didn't know about that one.

[ANeumann82]

Reworked this quite a bit:

• I decided to stay with the Result return type, as I do want to verify the installation, and want warnings for the preInstall verification as well
• The actual Installation returns simple golang errors
• Moved Result into pkg/kudoctl/verify and removed the duplicate code
• Renamed InitStep to Step
• Split up the Step interface into multiple smaller ones and used composition. Was a bit unsure about this, but it does make the different responsibilities more clear

There is one more refactoring that I would like to make, in the kudoinit/prereqs package, but I'll leave that for another PR.

[gerred]

Looks mostly good to me now. The verify errors code could be made a lot more idiomatic, but I think would potentially look like a larger restructuring. I'm 👍 on this now and maybe we shape it up over the next few passes over this code.

[ANeumann82]

I've just tried to rebasing this to fix the DCO things in the early commits. It did... not go well. So for this PR i'd probably manually override the DCO check

[kensipe]

the simple solution to the DCO issue is to squash the commits... they get squash anyway on merge (by our convention), so if we are ready to merge it makes sense.
I rebased to latest master with a squash on all commits. Now to review.

[kensipe]

I'm just against the verify.Result approach... it completely makes sense for verification processes where a report of warnings and errors is provided to an end user... it does not make sense for standard error flow (of an action like init)
If allowed it would cause confusion as to when to use standard go error handling vs this approach through the application.

[ANeumann82]

Thanks for the squash and the comment. I do get the issue you have with that, and I hoped that the current state does take care of it:

• The verify.Result is only used in the InstallVerify interface: This will contain methods that will only do verification and will not do any modifications.
• For the actual Init action, there is a simple error result, as I do agree that the verify.Result shouldn't be used for the standard error flow.

There is just the thing that the init process should have - in my opionion - a verification step, that provides a list of warnings and errors before doing any potentially irreversable actions on the cluster. And I feel for this verification step the verify.Result is a good fit.

Can we agree on something like "verify.Result should only be used in non-modifying methods"?

If you have any constructive ideas how to handle this, please let me know. I can write some ideas that I have:

• Get rid of the verify.Result in the PreInstallVerify and return an error that contains either warnings or errors wrapped in a golang error type. Might be an option, but a custom error would get very close to the existing verify.Result`
• Don't return warnings, only return the first error: Could work too, but limits us severly, in my opinion.
• Separate the verification and the actual installation/upgrade more (than just a different method/interface): Would be quite hard, as a lot of the same code is used by both, but might be possible.
• ...

[kensipe]

/lgtm

thanks for the pair coding review! I like the changes we made and you convinced me that the results are useful