-
Notifications
You must be signed in to change notification settings - Fork 35
/
apiservice_controller.go
90 lines (78 loc) · 3.25 KB
/
apiservice_controller.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package cainjection
import (
"context"
"strings"
"github.com/go-logr/logr"
"github.com/redhat-cop/cert-utils-operator/controllers/util"
outils "github.com/redhat-cop/operator-utils/pkg/util"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
"sigs.k8s.io/controller-runtime/pkg/reconcile"
"sigs.k8s.io/controller-runtime/pkg/source"
)
// APIServiceReconciler reconciles a Namespace object
type APIServiceReconciler struct {
outils.ReconcilerBase
Log logr.Logger
controllerName string
}
// SetupWithManager sets up the controller with the Manager.
func (r *APIServiceReconciler) SetupWithManager(mgr ctrl.Manager) error {
r.controllerName = "apiservice_ca_injection_controller"
return ctrl.NewControllerManagedBy(mgr).
For(&apiregistrationv1.APIService{
TypeMeta: v1.TypeMeta{
Kind: "APIService",
},
}, builder.WithPredicates(util.IsAnnotatedForSecretCAInjection)).
Watches(&source.Kind{Type: &corev1.Secret{
TypeMeta: v1.TypeMeta{
Kind: "Secret",
},
}}, util.NewEnqueueRequestForReferecingObject(r.GetRestConfig(), schema.FromAPIVersionAndKind("apiregistration.k8s.io/v1", "APIService")), builder.WithPredicates(util.IsCAContentChanged)).
Complete(r)
}
// +kubebuilder:rbac:groups="apiregistration.k8s.io",resources=apiservices,verbs=get;list;watch;update;patch
// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
// +kubebuilder:rbac:groups="",resources=events,verbs=get;list;watch;create;patch
func (r *APIServiceReconciler) Reconcile(context context.Context, req ctrl.Request) (reconcile.Result, error) {
log := r.Log.WithValues("apiservice", req.NamespacedName)
// Fetch the apiservice instance
instance := &apiregistrationv1.APIService{}
err := r.GetClient().Get(context, req.NamespacedName, instance)
if err != nil {
if errors.IsNotFound(err) {
// Request object not found, could have been deleted after reconcile request.
// Owned objects are automatically garbage collected. For additional cleanup logic use finalizers.
// Return and don't requeue
return reconcile.Result{}, nil
}
// Error reading the object - requeue the request.
return reconcile.Result{}, err
}
caBundle := []byte{}
if secretNamespacedName, ok := instance.GetAnnotations()[util.CertAnnotationSecret]; ok {
err = util.ValidateSecretName(secretNamespacedName)
if err != nil {
log.Error(err, "invalid ca secret name", "secret", secretNamespacedName)
return r.ManageError(context, instance, err)
}
//we need to inject the secret ca
caBundle, err = util.GetSecretCA(r.GetClient(), secretNamespacedName[strings.Index(secretNamespacedName, "/")+1:], secretNamespacedName[:strings.Index(secretNamespacedName, "/")])
if err != nil {
log.Error(err, "unable to retrive ca from secret", "secret", secretNamespacedName)
return r.ManageError(context, instance, err)
}
}
instance.Spec.CABundle = caBundle
err = r.GetClient().Update(context, instance)
if err != nil {
return r.ManageError(context, instance, err)
}
return r.ManageSuccess(context, instance)
}