Add missing TypeMeta in --dry-run while syncing CRDs and bugfixes

- Avoid globals and read the conversion CA bundle from secret - Add `TypeMeta` while syncing CRDs during upgrade - Add missing cleanups during uninstall
minio · May 20, 2021 · a0a0ba2 · a0a0ba2
1 parent 151ed62
commit a0a0ba2
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 10 deletions.
diff --git a/cmd/kubectl-direct_csi/register.go b/cmd/kubectl-direct_csi/register.go
@@ -67,7 +67,7 @@ func registerCRDs(ctx context.Context, identity string) error {
 			if !errors.IsNotFound(err) {
 				return err
 			}
-			if err := setConversionWebhook(&crdObj, identity); err != nil {
+			if err := setConversionWebhook(ctx, &crdObj, identity); err != nil {
 				return err
 			}
 			if dryRun {
@@ -112,11 +112,12 @@ func syncCRD(ctx context.Context, existingCRD *apiextensions.CustomResourceDefin
 
 	existingCRD.Spec.Versions = append(existingCRD.Spec.Versions, latestVersionObject)
 
-	if err := setConversionWebhook(existingCRD, identity); err != nil {
+	if err := setConversionWebhook(ctx, existingCRD, identity); err != nil {
 		return err
 	}
 
 	if dryRun {
+		existingCRD.TypeMeta = newCRD.TypeMeta
 		if err := utils.LogYAML(existingCRD); err != nil {
 			return err
 		}
@@ -133,7 +134,7 @@ func syncCRD(ctx context.Context, existingCRD *apiextensions.CustomResourceDefin
 	return nil
 }
 
-func setConversionWebhook(crdObj *apiextensions.CustomResourceDefinition, identity string) error {
+func setConversionWebhook(ctx context.Context, crdObj *apiextensions.CustomResourceDefinition, identity string) error {
 
 	name := installer.SanitizeName(identity)
 	getServiceRef := func() *apiextensions.ServiceReference {
@@ -156,7 +157,7 @@ func setConversionWebhook(crdObj *apiextensions.CustomResourceDefinition, identi
 	}
 
 	getWebhookClientConfig := func() (*apiextensions.WebhookClientConfig, error) {
-		caBundle, err := installer.GetConversionCABundle()
+		caBundle, err := installer.GetConversionCABundle(ctx, identity)
 		if err != nil {
 			return nil, err
 		}

diff --git a/cmd/kubectl-direct_csi/uninstall.go b/cmd/kubectl-direct_csi/uninstall.go
@@ -195,6 +195,11 @@ func uninstall(ctx context.Context, args []string) error {
 				return err
 			}
 		}
+		if err := installer.DeleteConversionWebhookCertsSecret(ctx, identity); err != nil {
+			if !errors.IsNotFound(err) {
+				return err
+			}
+		}
 		glog.Infof("'%s' conversion deployment deleted", utils.Bold(identity))
 	}
 

diff --git a/pkg/utils/installer/install.go b/pkg/utils/installer/install.go
@@ -119,7 +119,6 @@ const (
 
 var (
 	validationWebhookCaBundle  []byte
-	conversionWebhookCaBundle  []byte
 	ErrKubeVersionNotSupported = errors.New(
 		fmt.Sprintf("%s: This version of kubernetes is not supported by direct-csi. Please upgrade your kubernetes installation and try again", utils.Red("ERR")))
 	ErrEmptyCABundle = errors.New("CA bundle is empty")
@@ -1036,7 +1035,6 @@ func CreateConversionDeployment(ctx context.Context, identity string, directCSIC
 	if certErr != nil {
 		return certErr
 	}
-	conversionWebhookCaBundle = caCertBytes
 
 	if err := CreateConversionSecret(ctx, identity, publicCertBytes, privateKeyBytes, dryRun); err != nil {
 		if !kerr.IsAlreadyExists(err) {
@@ -1107,11 +1105,20 @@ func CreateConversionDeployment(ctx context.Context, identity string, directCSIC
 	return nil
 }
 
-func GetConversionCABundle() ([]byte, error) {
-	if len(conversionWebhookCaBundle) == 0 {
-		return []byte{}, ErrEmptyCABundle
+func GetConversionCABundle(ctx context.Context, identity string) ([]byte, error) {
+
+	secret, err := utils.GetKubeClient().CoreV1().Secrets(sanitizeName(identity)).Get(ctx, conversionWebhookCertsSecret, metav1.GetOptions{})
+	if err != nil {
+		return []byte{}, err
 	}
-	return conversionWebhookCaBundle, nil
+
+	for key, value := range secret.Data {
+		if key == caCertFileName {
+			return value, nil
+		}
+	}
+
+	return []byte{}, ErrEmptyCABundle
 }
 
 func GetConversionServiceName() string {

diff --git a/pkg/utils/installer/uninstall.go b/pkg/utils/installer/uninstall.go
@@ -172,3 +172,10 @@ func DeleteConversionSecret(ctx context.Context, identity string) error {
 	}
 	return nil
 }
+
+func DeleteConversionWebhookCertsSecret(ctx context.Context, identity string) error {
+	if err := utils.GetKubeClient().CoreV1().Secrets(sanitizeName(identity)).Delete(ctx, conversionWebhookCertsSecret, metav1.DeleteOptions{}); err != nil {
+		return err
+	}
+	return nil
+}