Merge branch 'main' into unit-tests

api/v1alpha1/upgradeinsights_types.go

@@ -108,8 +108,8 @@ type AWSProviderCredentials struct {
 	Region string `json:"region"`
 
 	// AccessKeyID is your access key ID used to authenticate against AWS API.
-	// +kubebuilder:validation:Required
-	AccessKeyID string `json:"accessKeyID"`
+	// +kubebuilder:validation:Optional
+	AccessKeyID *string `json:"accessKeyID,omitempty"`
 
 	// SecretAccessKeyRef is a reference to the secret that contains secret access key.
 	// Since UpgradeInsights is a cluster-scoped resource we can't use local reference.
@@ -131,6 +131,6 @@ type AWSProviderCredentials struct {
 	//      name: eks-credentials
 	//      namespace: upgrade-insights-test
 	//
-	// +kubebuilder:validation:Required
-	SecretAccessKeyRef corev1.SecretReference `json:"secretAccessKeyRef"`
+	// +kubebuilder:validation:Optional
+	SecretAccessKeyRef *corev1.SecretReference `json:"secretAccessKeyRef,omitempty"`
 }

charts/deployment-operator/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
 name: deployment-operator
 description: creates a new instance of the plural deployment operator
-appVersion: 0.4.47
-version: 0.4.47
+appVersion: 0.4.48
+version: 0.4.48
 maintainers:
   - name: Plural
     url: https://www.plural.sh

cmd/agent/args/args.go

@@ -266,6 +266,6 @@ func ResourceCacheEnabled() bool {
 func ensureOrDie(argName string, arg *string) {
 	if arg == nil || len(*arg) == 0 {
 		pflag.PrintDefaults()
-		panic(fmt.Sprintf("%s arg is rquired", argName))
+		panic(fmt.Sprintf("%s arg is required", argName))
 	}
 }

cmd/agent/console.go

@@ -10,6 +10,7 @@ import (
 	consolectrl "github.com/pluralsh/deployment-operator/pkg/controller"
 	"github.com/pluralsh/deployment-operator/pkg/controller/stacks"
 	v1 "github.com/pluralsh/deployment-operator/pkg/controller/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 
 	"k8s.io/client-go/rest"
 	ctrclient "sigs.k8s.io/controller-runtime/pkg/client"
@@ -49,6 +50,7 @@ func registerConsoleReconcilersOrDie(
 	mgr *controller.Manager,
 	config *rest.Config,
 	k8sClient ctrclient.Client,
+	scheme *runtime.Scheme,
 	consoleClient client.Client,
 ) {
 	mgr.AddReconcilerOrDie(service.Identifier, func() (v1.Reconciler, error) {
@@ -78,7 +80,7 @@ func registerConsoleReconcilersOrDie(
 			os.Exit(1)
 		}
 
-		r := stacks.NewStackReconciler(consoleClient, k8sClient, args.ControllerCacheTTL(), stacksPollInterval, namespace, args.ConsoleUrl(), args.DeployToken())
+		r := stacks.NewStackReconciler(consoleClient, k8sClient, scheme, args.ControllerCacheTTL(), stacksPollInterval, namespace, args.ConsoleUrl(), args.DeployToken())
 		return r, nil
 	})
 }

cmd/agent/kubernetes.go

@@ -9,24 +9,24 @@ import (
 	"github.com/argoproj/argo-rollouts/pkg/apis/rollouts"
 	rolloutv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	roclientset "github.com/argoproj/argo-rollouts/pkg/client/clientset/versioned"
+	"github.com/pluralsh/deployment-operator/cmd/agent/args"
+	"github.com/pluralsh/deployment-operator/internal/controller"
+	"github.com/pluralsh/deployment-operator/pkg/cache"
+	consoleclient "github.com/pluralsh/deployment-operator/pkg/client"
+	consolectrl "github.com/pluralsh/deployment-operator/pkg/controller"
+	"github.com/pluralsh/deployment-operator/pkg/controller/service"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	velerov1 "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
+	metricsclientset "k8s.io/metrics/pkg/client/clientset/versioned"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
-
-	"github.com/pluralsh/deployment-operator/cmd/agent/args"
-	"github.com/pluralsh/deployment-operator/internal/controller"
-	"github.com/pluralsh/deployment-operator/pkg/cache"
-	consoleclient "github.com/pluralsh/deployment-operator/pkg/client"
-	consolectrl "github.com/pluralsh/deployment-operator/pkg/controller"
-	"github.com/pluralsh/deployment-operator/pkg/controller/service"
 )
 
 func initKubeManagerOrDie(config *rest.Config) manager.Manager {
@@ -64,7 +64,7 @@ func initKubeManagerOrDie(config *rest.Config) manager.Manager {
 	return mgr
 }
 
-func initKubeClientsOrDie(config *rest.Config) (rolloutsClient *roclientset.Clientset, dynamicClient *dynamic.DynamicClient, kubeClient *kubernetes.Clientset) {
+func initKubeClientsOrDie(config *rest.Config) (rolloutsClient *roclientset.Clientset, dynamicClient *dynamic.DynamicClient, kubeClient *kubernetes.Clientset, metricsClient metricsclientset.Interface) {
 	rolloutsClient, err := roclientset.NewForConfig(config)
 	if err != nil {
 		setupLog.Error(err, "unable to create rollouts client")
@@ -83,7 +83,13 @@ func initKubeClientsOrDie(config *rest.Config) (rolloutsClient *roclientset.Clie
 		os.Exit(1)
 	}
 
-	return rolloutsClient, dynamicClient, kubeClient
+	metricsClient, err = metricsclientset.NewForConfig(config)
+	if err != nil {
+		setupLog.Error(err, "unable to create metrics client")
+		os.Exit(1)
+	}
+
+	return rolloutsClient, dynamicClient, kubeClient, metricsClient
 }
 
 func registerKubeReconcilersOrDie(
@@ -94,7 +100,8 @@ func registerKubeReconcilersOrDie(
 	extConsoleClient consoleclient.Client,
 	discoveryClient discovery.DiscoveryInterface,
 ) {
-	rolloutsClient, dynamicClient, kubeClient := initKubeClientsOrDie(config)
+
+	rolloutsClient, dynamicClient, kubeClient, metricsClient := initKubeClientsOrDie(config)
 
 	backupController := &controller.BackupReconciler{
 		Client:        manager.GetClient(),
@@ -217,6 +224,7 @@ func registerKubeReconcilersOrDie(
 		Client:          manager.GetClient(),
 		Scheme:          manager.GetScheme(),
 		DiscoveryClient: discoveryClient,
+		MetricsClient:   metricsClient,
 	}).SetupWithManager(ctx, manager); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "MetricsAggregate")
 	}

cmd/agent/main.go

@@ -13,16 +13,14 @@ import (
 	"github.com/pluralsh/deployment-operator/pkg/cache"
 	"github.com/pluralsh/deployment-operator/pkg/client"
 	consolectrl "github.com/pluralsh/deployment-operator/pkg/controller"
-	"k8s.io/client-go/discovery"
-	"k8s.io/client-go/rest"
-	"k8s.io/klog/v2"
-	metricsv1beta1 "k8s.io/metrics/pkg/apis/metrics/v1beta1"
-
 	velerov1 "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/client-go/discovery"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
 )
 
@@ -39,7 +37,6 @@ func init() {
 	utilruntime.Must(constraintstatusv1beta1.AddToScheme(scheme))
 	utilruntime.Must(templatesv1.AddToScheme(scheme))
 	utilruntime.Must(rolloutv1alpha1.AddToScheme(scheme))
-	utilruntime.Must(metricsv1beta1.AddToScheme(scheme))
 	//+kubebuilder:scaffold:scheme
 }
 
@@ -60,7 +57,7 @@ func main() {
 	// Initialize Pipeline Gate Cache
 	cache.InitGateCache(args.ControllerCacheTTL(), extConsoleClient)
 
-	registerConsoleReconcilersOrDie(consoleManager, config, kubeManager.GetClient(), extConsoleClient)
+	registerConsoleReconcilersOrDie(consoleManager, config, kubeManager.GetClient(), kubeManager.GetScheme(), extConsoleClient)
 	registerKubeReconcilersOrDie(ctx, kubeManager, consoleManager, config, extConsoleClient, discoveryClient)
 
 	//+kubebuilder:scaffold:builder

cmd/harness/args/args.go

@@ -122,6 +122,6 @@ func LogFlushBufferSize() int {
 func ensureOrDie(argName string, arg *string) {
 	if arg == nil || len(*arg) == 0 {
 		pflag.PrintDefaults()
-		panic(fmt.Sprintf("%s arg is rquired", argName))
+		panic(fmt.Sprintf("%s arg is required", argName))
 	}
 }

go.mod

@@ -19,6 +19,7 @@ require (
 	github.com/gobuffalo/flect v1.0.2
 	github.com/gofrs/flock v0.12.1
 	github.com/golangci/golangci-lint v1.61.0
+	github.com/google/gnostic-models v0.6.8
 	github.com/hashicorp/terraform-json v0.22.1
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/onsi/ginkgo/v2 v2.20.2
@@ -40,7 +41,6 @@ require (
 	github.com/vektra/mockery/v2 v2.45.1
 	github.com/vmware-tanzu/velero v1.14.1
 	github.com/yuin/gopher-lua v1.1.1
-	go.uber.org/zap v1.27.0
 	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.16.1
@@ -193,7 +193,6 @@ require (
 	github.com/golangci/unconvert v0.0.0-20240309020433-c5143eacb3ed // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/cel-go v0.20.1 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect
@@ -352,6 +351,7 @@ require (
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/automaxprocs v1.5.3 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/arch v0.8.0 // indirect
 	golang.org/x/crypto v0.27.0 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f // indirect

internal/controller/metricsaggregate.go

@@ -14,6 +14,7 @@ import (
 	"k8s.io/client-go/discovery"
 	metricsapi "k8s.io/metrics/pkg/apis/metrics"
 	"k8s.io/metrics/pkg/apis/metrics/v1beta1"
+	metricsclientset "k8s.io/metrics/pkg/client/clientset/versioned"
 	ctrl "sigs.k8s.io/controller-runtime"
 	k8sClient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
@@ -34,6 +35,7 @@ type MetricsAggregateReconciler struct {
 	k8sClient.Client
 	Scheme          *runtime.Scheme
 	DiscoveryClient discovery.DiscoveryInterface
+	MetricsClient   metricsclientset.Interface
 }
 
 // Reconcile IngressReplica ensure that stays in sync with Kubernetes cluster.
@@ -94,8 +96,8 @@ func (r *MetricsAggregateReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	}
 
 	nodeDeploymentNodesMetrics := make([]v1beta1.NodeMetrics, 0)
-	allNodeMetricsList := &v1beta1.NodeMetricsList{}
-	if err := r.List(ctx, allNodeMetricsList); err != nil {
+	allNodeMetricsList, err := r.MetricsClient.MetricsV1beta1().NodeMetricses().List(ctx, metav1.ListOptions{})
+	if err != nil {
 		return reconcile.Result{}, err
 	}
 
@@ -126,12 +128,12 @@ func (r *MetricsAggregateReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	utils.MarkCondition(metrics.SetCondition, v1alpha1.ReadyConditionType, metav1.ConditionTrue, v1alpha1.ReadyConditionReason, "")
 
-	return requeue(requeueAfter, jitter), reterr
+	return requeue(time.Second*5, jitter), reterr
 }
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *MetricsAggregateReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error {
-	debounceReconciler := NewDebounceReconciler(mgr.GetClient(), debounceDuration, r)
+	debounceReconciler := NewDebounceReconciler(mgr.GetClient(), time.Second*10, r)
 	debounceReconciler.Start(ctx)
 
 	return ctrl.NewControllerManagedBy(mgr).

internal/controller/upgradeinsights_cloudprovider.go

@@ -125,6 +125,17 @@ func (in *EKSCloudProvider) fromInsightStatus(status *types.InsightStatus) *cons
 	return nil
 }
 
+func (in *EKSCloudProvider) fromClientStats(stats []types.ClientStat) *console.UpgradeInsightStatus {
+	const failedBeforeDuration = 24.0 // in hours
+	for _, stat := range stats {
+		if stat.LastRequestTime != nil && time.Since(*stat.LastRequestTime).Hours() < failedBeforeDuration {
+			return lo.ToPtr(console.UpgradeInsightStatusFailed)
+		}
+	}
+
+	return lo.ToPtr(console.UpgradeInsightStatusPassing)
+}
+
 func (in *EKSCloudProvider) toInsightDetails(insight *types.Insight) []*console.UpgradeInsightDetailAttributes {
 	if insight.CategorySpecificSummary == nil {
 		return nil
@@ -137,35 +148,63 @@ func (in *EKSCloudProvider) toInsightDetails(insight *types.Insight) []*console.
 			Replacement: r.ReplacedWith,
 			ReplacedIn:  r.StartServingReplacementVersion,
 			RemovedIn:   r.StopServingVersion,
+			Status:      in.fromClientStats(r.ClientStats),
 		})
 	}
 
 	return result
 }
 
 func (in *EKSCloudProvider) config(ctx context.Context, ui v1alpha1.UpgradeInsights) (aws.Config, error) {
-	// If credentials are not provided in the request, then use default credentials.
-	if ui.Spec.Credentials == nil || ui.Spec.Credentials.AWS == nil {
-		return awsconfig.LoadDefaultConfig(ctx, awsconfig.WithEC2IMDSRegion())
-	}
+	options := []func(*awsconfig.LoadOptions) error{awsconfig.WithEC2IMDSRegion()}
 
-	// Otherwise use provided credentials.
-	credentials := ui.Spec.Credentials.AWS
-	secretAccessKey, err := in.handleSecretAccessKeyRef(ctx, ui.Spec.Credentials.AWS.SecretAccessKeyRef, ui.Namespace)
-	if err != nil {
-		return aws.Config{}, err
+	if in.hasAccessKeys(ui) {
+		options = append(options, in.withCredentials(ctx, ui))
 	}
 
-	config, err := awsconfig.LoadDefaultConfig(ctx)
-	if err != nil {
-		return aws.Config{}, err
+	if in.hasRegion(ui) {
+		options = append(options, in.withRegion(ui))
 	}
 
-	config.Region = credentials.Region
-	config.Credentials = awscredentials.NewStaticCredentialsProvider(
-		credentials.AccessKeyID, secretAccessKey, "")
+	return awsconfig.LoadDefaultConfig(ctx, options...)
+}
+
+func (in *EKSCloudProvider) hasCredentials(ui v1alpha1.UpgradeInsights) bool {
+	return ui.Spec.Credentials != nil && ui.Spec.Credentials.AWS != nil
+}
+
+func (in *EKSCloudProvider) hasAccessKeys(ui v1alpha1.UpgradeInsights) bool {
+	return in.hasCredentials(ui) &&
+		ui.Spec.Credentials.AWS.SecretAccessKeyRef != nil &&
+		ui.Spec.Credentials.AWS.AccessKeyID != nil
+}
+
+func (in *EKSCloudProvider) hasRegion(ui v1alpha1.UpgradeInsights) bool {
+	return in.hasCredentials(ui) && len(ui.Spec.Credentials.AWS.Region) > 0
+}
+
+func (in *EKSCloudProvider) withCredentials(ctx context.Context, ui v1alpha1.UpgradeInsights) awsconfig.LoadOptionsFunc {
+	credentials := ui.Spec.Credentials.AWS
+	return func(options *awsconfig.LoadOptions) error {
+		secretAccessKey, err := in.handleSecretAccessKeyRef(ctx, *credentials.SecretAccessKeyRef, ui.Namespace)
+		if err != nil {
+			return err
+		}
 
-	return config, nil
+		options.Credentials = awscredentials.NewStaticCredentialsProvider(
+			*credentials.AccessKeyID,
+			secretAccessKey,
+			"",
+		)
+		return nil
+	}
+}
+
+func (in *EKSCloudProvider) withRegion(ui v1alpha1.UpgradeInsights) awsconfig.LoadOptionsFunc {
+	return func(options *awsconfig.LoadOptions) error {
+		options.Region = ui.Spec.Credentials.AWS.Region
+		return nil
+	}
 }
 
 func (in *EKSCloudProvider) handleSecretAccessKeyRef(ctx context.Context, ref corev1.SecretReference, namespace string) (string, error) {

internal/utils/kubernetes.go

@@ -52,6 +52,33 @@ func TryAddControllerRef(ctx context.Context, client ctrlruntimeclient.Client, o
 	})
 }
 
+func TryAddOwnerRef(ctx context.Context, client ctrlruntimeclient.Client, owner ctrlruntimeclient.Object, object ctrlruntimeclient.Object, scheme *runtime.Scheme) error {
+	key := ctrlruntimeclient.ObjectKeyFromObject(object)
+
+	return retry.RetryOnConflict(retry.DefaultRetry, func() error {
+		if err := client.Get(ctx, key, object); err != nil {
+			return err
+		}
+
+		if owner.GetDeletionTimestamp() != nil || object.GetDeletionTimestamp() != nil {
+			return nil
+		}
+
+		original := object.DeepCopyObject().(ctrlruntimeclient.Object)
+
+		err := controllerutil.SetOwnerReference(owner, object, scheme)
+		if err != nil {
+			return err
+		}
+
+		if reflect.DeepEqual(original.GetOwnerReferences(), object.GetOwnerReferences()) {
+			return nil
+		}
+
+		return client.Patch(ctx, object, ctrlruntimeclient.MergeFromWithOptions(original, ctrlruntimeclient.MergeFromWithOptimisticLock{}))
+	})
+}
+
 func AsName(val string) string {
 	return strings.ReplaceAll(val, " ", "-")
 }