Changing some permissions of the new controllers.

liqotech · Jul 1, 2021 · a4ca6e8 · a4ca6e8
1 parent 431848e
commit a4ca6e8
Show file tree

Hide file tree

Showing 16 changed files with 87 additions and 32 deletions.
diff --git a/cmd/advertisement-operator/main.go b/cmd/advertisement-operator/main.go
@@ -81,6 +81,7 @@ func main() {
 	var enableLeaderElection bool
 	var kubeletNamespace, kubeletImage, initKubeletImage string
 	var resyncPeriod int64
+	var offloadingStatusControllerRequeueTime int64
 
 	flag.StringVar(&metricsAddr, "metrics-addr", defaultMetricsaddr, "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
@@ -89,6 +90,8 @@ func main() {
 		"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
 
 	flag.Int64Var(&resyncPeriod, "resyncPeriod", int64(10*time.Hour), "Period after that operators and informers will requeue events.")
+	flag.Int64Var(&offloadingStatusControllerRequeueTime, "offloadingStatusControllerRequeueTime", int64(10*time.Second),
+		"Period after that the offloadingStatusController is awaken on every namespaceOffloading in order to set its status.")
 	flag.StringVar(&localKubeconfig, "local-kubeconfig", "", "The path to the kubeconfig of your local cluster.")
 	flag.StringVar(&clusterId, "cluster-id", "", "The cluster ID of your cluster")
 	flag.StringVar(&kubeletNamespace,
@@ -245,7 +248,7 @@ func main() {
 	offloadingStatusReconciler := &offloadingctrl.OffloadingStatusReconciler{
 		Client:      mgr.GetClient(),
 		Scheme:      mgr.GetScheme(),
-		RequeueTime: time.Second * 10,
+		RequeueTime: time.Duration(offloadingStatusControllerRequeueTime),
 	}
 
 	if err = offloadingStatusReconciler.SetupWithManager(mgr); err != nil {

diff --git a/deployments/liqo/files/liqo-namespace-controller-ClusterRole.yaml b/deployments/liqo/files/liqo-namespace-controller-ClusterRole.yaml
@@ -5,6 +5,7 @@ rules:
   - namespaces
   verbs:
   - get
+  - list
   - watch
 - apiGroups:
   - offloading.liqo.io
@@ -14,4 +15,5 @@ rules:
   - create
   - delete
   - get
+  - list
   - watch
diff --git a/deployments/liqo/files/liqo-namespace-map-controller-ClusterRole.yaml b/deployments/liqo/files/liqo-namespace-map-controller-ClusterRole.yaml
@@ -21,6 +21,7 @@ rules:
   - namespacemaps
   verbs:
   - get
+  - list
   - patch
   - update
   - watch
diff --git a/deployments/liqo/files/liqo-namespace-offloading-controller-ClusterRole.yaml b/deployments/liqo/files/liqo-namespace-offloading-controller-ClusterRole.yaml
@@ -5,13 +5,16 @@ rules:
   - namespaces
   verbs:
   - get
+  - list
+  - patch
   - update
   - watch
 - apiGroups:
   - ""
   resources:
   - nodes
   verbs:
+  - get
   - list
   - watch
 - apiGroups:
@@ -20,13 +23,17 @@ rules:
   - namespaceoffloadings
   verbs:
   - get
+  - list
   - patch
+  - update
   - watch
 - apiGroups:
   - virtualKubelet.liqo.io
   resources:
   - namespacemaps
   verbs:
+  - get
   - list
   - patch
+  - update
   - watch
diff --git a/deployments/liqo/files/liqo-offloading-status-controller-ClusterRole.yaml b/deployments/liqo/files/liqo-offloading-status-controller-ClusterRole.yaml
@@ -5,13 +5,16 @@ rules:
   - namespaceoffloadings
   verbs:
   - get
+  - list
   - patch
+  - update
   - watch
 - apiGroups:
   - virtualKubelet.liqo.io
   resources:
   - namespacemaps
   verbs:
   - delete
+  - get
   - list
   - watch
diff --git a/deployments/liqo/files/liqo-virtual-node-controller-ClusterRole.yaml b/deployments/liqo/files/liqo-virtual-node-controller-ClusterRole.yaml
@@ -5,7 +5,9 @@ rules:
   - nodes
   verbs:
   - get
+  - list
   - patch
+  - update
   - watch
 - apiGroups:
   - discovery.liqo.io
@@ -22,5 +24,6 @@ rules:
   verbs:
   - create
   - delete
+  - get
   - list
   - watch
diff --git a/pkg/liqo-controller-manager/namespace-controller/namespace_controller.go b/pkg/liqo-controller-manager/namespace-controller/namespace_controller.go
@@ -28,8 +28,8 @@ const (
 )
 
 // cluster-role
-// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;watch
-// +kubebuilder:rbac:groups=offloading.liqo.io,resources=namespaceoffloadings,verbs=get;watch;create;delete
+// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;watch;list
+// +kubebuilder:rbac:groups=offloading.liqo.io,resources=namespaceoffloadings,verbs=get;watch;list;create;delete
 
 // Reconcile covers the case in which the user adds the enabling liqo label to his namespace, and the
 // NamespaceOffloading resource associated with that namespace is created, if it is not already there.

diff --git a/pkg/liqo-controller-manager/namespaceMap-controller/create_remote_clients.go b/pkg/liqo-controller-manager/namespaceMap-controller/create_remote_clients.go
@@ -59,7 +59,7 @@ func (r *NamespaceMapReconciler) checkRemoteClientPresence(ctx context.Context,
 		// Only remote namespace needed to be cached.
 		scheme := runtime.NewScheme()
 		_ = corev1.AddToScheme(scheme)
-		if r.RemoteClients[remoteClusterID], err = cachedclient.GetCachedClient(ctx, scheme, restConfig); err != nil {
+		if r.RemoteClients[remoteClusterID], err = cachedclient.GetCachedClientWithConfig(ctx, scheme, restConfig); err != nil {
 			klog.Errorf("unable to create client for cluster '%s'", remoteClusterID)
 			return err
 		}

diff --git a/pkg/liqo-controller-manager/namespaceMap-controller/namespacemap_controller.go b/pkg/liqo-controller-manager/namespaceMap-controller/namespacemap_controller.go
@@ -43,7 +43,7 @@ type NamespaceMapReconciler struct {
 
 // cluster-role
 // +kubebuilder:rbac:groups=discovery.liqo.io,resources=foreignclusters,verbs=get;list;watch
-// +kubebuilder:rbac:groups=virtualKubelet.liqo.io,resources=namespacemaps,verbs=get;watch;update;patch
+// +kubebuilder:rbac:groups=virtualKubelet.liqo.io,resources=namespacemaps,verbs=get;watch;list;update;patch
 // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch
 
 // Reconcile adds/removes NamespaceMap finalizer, and checks differences

diff --git a/pkg/liqo-controller-manager/namespaceOffloading-controller/namespaceoffloading_controller.go b/pkg/liqo-controller-manager/namespaceOffloading-controller/namespaceoffloading_controller.go
@@ -44,10 +44,10 @@ const (
 )
 
 // cluster-role
-// +kubebuilder:rbac:groups=offloading.liqo.io,resources=namespaceoffloadings,verbs=get;watch;patch
-// +kubebuilder:rbac:groups=virtualKubelet.liqo.io,resources=namespacemaps,verbs=list;watch;patch
-// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;watch;update
-// +kubebuilder:rbac:groups=core,resources=nodes,verbs=list;watch
+// +kubebuilder:rbac:groups=offloading.liqo.io,resources=namespaceoffloadings,verbs=get;list;watch;patch;update
+// +kubebuilder:rbac:groups=virtualKubelet.liqo.io,resources=namespacemaps,verbs=get;list;watch;patch;update
+// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch;update;patch
+// +kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;watch
 
 // NamespaceOffloadingReconciler ownership:
 // --> NamespaceOffloading.Spec.

diff --git a/pkg/liqo-controller-manager/offloadingStatus-controller/offloadingstatus_controller.go b/pkg/liqo-controller-manager/offloadingStatus-controller/offloadingstatus_controller.go
@@ -42,8 +42,8 @@ type OffloadingStatusReconciler struct {
 }
 
 // cluster-role
-// +kubebuilder:rbac:groups=offloading.liqo.io,resources=namespaceoffloadings,verbs=get;watch;patch
-// +kubebuilder:rbac:groups=virtualKubelet.liqo.io,resources=namespacemaps,verbs=list;watch;delete
+// +kubebuilder:rbac:groups=offloading.liqo.io,resources=namespaceoffloadings,verbs=get;list;watch;patch;update
+// +kubebuilder:rbac:groups=virtualKubelet.liqo.io,resources=namespacemaps,verbs=get;list;watch;delete
 
 // Controller Ownership:
 // --> NamespaceOffloading.Status.RemoteConditions

diff --git a/pkg/liqo-controller-manager/virtualNode-controller/namespaceMap_creation.go b/pkg/liqo-controller-manager/virtualNode-controller/namespaceMap_creation.go
@@ -17,12 +17,13 @@ import (
 
 // createNamespaceMap creates a new NamespaceMap with OwnerReference.
 func (r *VirtualNodeReconciler) createNamespaceMap(ctx context.Context, n *corev1.Node) error {
+	virtualNodeClusterID := n.Annotations[liqoconst.RemoteClusterID]
 	nm := &mapsv1alpha1.NamespaceMap{
 		ObjectMeta: metav1.ObjectMeta{
-			GenerateName: fmt.Sprintf("%s-", n.Annotations[liqoconst.RemoteClusterID]),
-			Namespace:    r.getLocalTenantNamespaceName(n.Annotations[liqoconst.RemoteClusterID]),
+			GenerateName: fmt.Sprintf("%s-", virtualNodeClusterID),
+			Namespace:    r.getLocalTenantNamespaceName(virtualNodeClusterID),
 			Labels: map[string]string{
-				liqoconst.RemoteClusterID: n.Annotations[liqoconst.RemoteClusterID],
+				liqoconst.RemoteClusterID: virtualNodeClusterID,
 			},
 		},
 	}

diff --git a/pkg/liqo-controller-manager/virtualNode-controller/virtualnode_controller.go b/pkg/liqo-controller-manager/virtualNode-controller/virtualnode_controller.go
@@ -46,8 +46,8 @@ type VirtualNodeReconciler struct {
 }
 
 // cluster-role
-// +kubebuilder:rbac:groups=core,resources=nodes,verbs=get;watch;patch
-// +kubebuilder:rbac:groups=virtualKubelet.liqo.io,resources=namespacemaps,verbs=list;watch;delete;create
+// +kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;watch;patch;update
+// +kubebuilder:rbac:groups=virtualKubelet.liqo.io,resources=namespacemaps,verbs=get;list;watch;delete;create
 // +kubebuilder:rbac:groups=discovery.liqo.io,resources=foreignclusters,verbs=get;list;watch
 
 // Reconcile manage NamespaceMaps associated with the virtual-node.
@@ -105,7 +105,7 @@ func filterVirtualNodes() predicate.Predicate {
 			// This controller watches the deletion of two kind of resources: virtual-nodes and
 			// NamespaceMaps associated with corresponding virtual-nodes.
 			// If the object has the label 'liqoconst.TypeLabel' with value 'liqoconst.TypeNode' it is a virtual-node,
-			// while if the object has no namespace it is a NamespaceMap.
+			// while if the object has a non-empty namespace it is a NamespaceMap.
 			return (ok && value == liqoconst.TypeNode) || e.Object.GetNamespace() != ""
 		},
 	}

diff --git a/pkg/liqo-controller-manager/virtualNode-controller/virtualnode_deletion_logic.go b/pkg/liqo-controller-manager/virtualNode-controller/virtualnode_deletion_logic.go
@@ -19,15 +19,16 @@ func (r *VirtualNodeReconciler) removeAssociatedNamespaceMaps(ctx context.Contex
 	// The deletion timestamp is automatically set on the NamespaceMaps associated with the virtual-node,
 	// it's only necessary to wait until the NamespaceMaps are deleted.
 	namespaceMapList := &mapsv1alpha1.NamespaceMapList{}
-	if err := r.List(context.TODO(), namespaceMapList,
-		client.InNamespace(r.LocalTenantNamespacesNames[n.GetAnnotations()[liqoconst.RemoteClusterID]]),
-		client.MatchingLabels{liqoconst.RemoteClusterID: n.GetAnnotations()[liqoconst.RemoteClusterID]}); err != nil {
+	virtualNodeClusterID := n.Annotations[liqoconst.RemoteClusterID]
+	if err := r.List(ctx, namespaceMapList,
+		client.InNamespace(r.getLocalTenantNamespaceName(virtualNodeClusterID)),
+		client.MatchingLabels{liqoconst.RemoteClusterID: virtualNodeClusterID}); err != nil {
 		klog.Errorf("%s --> Unable to List NamespaceMaps of virtual virtualNode '%s'", err, n.GetName())
 		return err
 	}
 
 	if len(namespaceMapList.Items) == 0 {
-		delete(r.LocalTenantNamespacesNames, n.GetAnnotations()[liqoconst.RemoteClusterID])
+		delete(r.LocalTenantNamespacesNames, virtualNodeClusterID)
 		return r.removeVirtualNodeFinalizer(ctx, n)
 	}
 
@@ -39,7 +40,7 @@ func (r *VirtualNodeReconciler) removeAssociatedNamespaceMaps(ctx context.Contex
 		}
 	}
 
-	log := fmt.Errorf("waiting for deletion of NamespaceMaps associated with the virtual-node '%s'", n.Name)
-	klog.Info(log)
-	return log
+	err := fmt.Errorf("waiting for deletion of NamespaceMaps associated with the virtual-node '%s'", n.Name)
+	klog.Error(err)
+	return err
 }
diff --git a/pkg/mutate/server.go b/pkg/mutate/server.go
@@ -39,7 +39,7 @@ func NewMutationServer(ctx context.Context, c *MutationConfig) (*MutationServer,
 	_ = offv1alpha1.AddToScheme(scheme)
 
 	var err error
-	if s.webhookClient, err = cachedclient.GetCachedClient(ctx, scheme, nil); err != nil {
+	if s.webhookClient, err = cachedclient.GetCachedClient(ctx, scheme); err != nil {
 		return nil, err
 	}
 

diff --git a/pkg/utils/cachedClient/get_cached_client.go b/pkg/utils/cachedClient/get_cached_client.go
@@ -17,15 +17,49 @@ import (
 )
 
 // GetCachedClient returns a controller runtime client with the cache initialized only for the resources added to
-// the scheme.
-func GetCachedClient(ctx context.Context, scheme *runtime.Scheme, conf *rest.Config) (client.Client, error) {
+// the scheme. The necessary rest.Config is generated inside this function.
+func GetCachedClient(ctx context.Context, scheme *runtime.Scheme) (client.Client, error) {
+
+	conf := ctrl.GetConfigOrDie()
 	if conf == nil {
-		conf = ctrl.GetConfigOrDie()
-		if conf == nil {
-			err := fmt.Errorf("unable to get the config file")
-			klog.Error(err)
-			return nil, err
+		err := fmt.Errorf("unable to get the config file")
+		klog.Error(err)
+		return nil, err
+	}
+
+	mapper, err := (mapperUtils.LiqoMapperProvider(scheme))(conf)
+	if err != nil {
+		klog.Errorf("mapper: %s", err)
+		return nil, err
+	}
+
+	clientCache, err := cache.New(conf, cache.Options{Scheme: scheme, Mapper: mapper})
+	if err != nil {
+		klog.Errorf("cache: %s", err)
+		return nil, err
+	}
+
+	go func() {
+		if err = clientCache.Start(ctx); err != nil {
+			klog.Errorf("unable to start cache: %s", err)
 		}
+	}()
+
+	newClient, err := cluster.DefaultNewClient(clientCache, conf, client.Options{Scheme: scheme, Mapper: mapper})
+	if err != nil {
+		klog.Errorf("unable to create the client: %s", err)
+		return nil, err
+	}
+	return newClient, nil
+}
+
+// GetCachedClientWithConfig returns a controller runtime client with the cache initialized only for the resources added to
+// the scheme. The necessary rest.Config is passed as third parameter, it must not be nil.
+func GetCachedClientWithConfig(ctx context.Context, scheme *runtime.Scheme, conf *rest.Config) (client.Client, error) {
+	if conf == nil {
+		err := fmt.Errorf("the rest.Config parameter is nil")
+		klog.Error(err)
+		return nil, err
 	}
 
 	mapper, err := (mapperUtils.LiqoMapperProvider(scheme))(conf)