From 895b8a77cf9795d86f38602ec163ea32ad215353 Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Mon, 30 Sep 2024 13:38:28 +0200 Subject: [PATCH 1/9] upsert run secret --- pkg/controller/stacks/job.go | 9 ++++-- pkg/controller/stacks/secret.go | 53 +++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 3 deletions(-) create mode 100644 pkg/controller/stacks/secret.go diff --git a/pkg/controller/stacks/job.go b/pkg/controller/stacks/job.go index 0e9a772a..aceec2cd 100644 --- a/pkg/controller/stacks/job.go +++ b/pkg/controller/stacks/job.go @@ -7,6 +7,8 @@ import ( "strings" console "github.com/pluralsh/console/go/client" + "github.com/pluralsh/deployment-operator/internal/metrics" + consoleclient "github.com/pluralsh/deployment-operator/pkg/client" "github.com/pluralsh/polly/algorithms" "github.com/samber/lo" batchv1 "k8s.io/api/batch/v1" @@ -15,9 +17,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/log" - - "github.com/pluralsh/deployment-operator/internal/metrics" - consoleclient "github.com/pluralsh/deployment-operator/pkg/client" ) const ( @@ -85,6 +84,10 @@ func (r *StackReconciler) reconcileRunJob(ctx context.Context, run *console.Stac return nil, err } + if _, err = r.upsertRunSecret(ctx); err != nil { + return nil, err + } + logger.V(2).Info("generating job", "namespace", r.namespace, "name", jobName) job := r.GenerateRunJob(run, jobName) diff --git a/pkg/controller/stacks/secret.go b/pkg/controller/stacks/secret.go new file mode 100644 index 00000000..e4d43b52 --- /dev/null +++ b/pkg/controller/stacks/secret.go @@ -0,0 +1,53 @@ +package stacks + +import ( + "context" + + corev1 "k8s.io/api/core/v1" + apierrs "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/log" +) + +const ( + secretName = "job-run-secret" + secretDeployTokenKey = "deploy-token" +) + +func (r *StackReconciler) upsertRunSecret(ctx context.Context) (*corev1.Secret, error) { + logger := log.FromContext(ctx) + secret := &corev1.Secret{} + + if err := r.k8sClient.Get(ctx, types.NamespacedName{Name: secretName, Namespace: r.namespace}, secret); err != nil { + if !apierrs.IsNotFound(err) { + return nil, err + } + + logger.V(2).Info("generating secret", "namespace", r.namespace, "name", secretName) + secret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Name: secretName, Namespace: r.namespace}, + StringData: map[string]string{secretDeployTokenKey: r.deployToken}, + } + + logger.V(2).Info("creating secret", "namespace", secret.Namespace, "name", secret.Name) + if err := r.k8sClient.Create(ctx, secret); err != nil { + logger.Error(err, "unable to create secret") + return nil, err + } + + return secret, nil + } + + if deployToken, exists := secret.Data[secretDeployTokenKey]; !exists || string(deployToken) != r.deployToken { + logger.V(2).Info("updating secret", "namespace", secret.Namespace, "name", secret.Name) + secret.StringData = map[string]string{secretDeployTokenKey: r.deployToken} + if err := r.k8sClient.Update(ctx, secret); err != nil { + logger.Error(err, "unable to update secret") + return nil, err + } + } + + return secret, nil + +} From 6d1b598075a32198fefa1cae2713905c92f24ab0 Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Mon, 30 Sep 2024 15:19:46 +0200 Subject: [PATCH 2/9] use env vars instead of args --- pkg/controller/stacks/job.go | 21 ++++++++++++++++----- pkg/controller/stacks/secret.go | 29 +++++++++++++++++++++-------- 2 files changed, 37 insertions(+), 13 deletions(-) diff --git a/pkg/controller/stacks/job.go b/pkg/controller/stacks/job.go index aceec2cd..83cc614b 100644 --- a/pkg/controller/stacks/job.go +++ b/pkg/controller/stacks/job.go @@ -211,6 +211,8 @@ func (r *StackReconciler) ensureDefaultContainer(containers []corev1.Container, containers[index].Args = r.getDefaultContainerArgs(run.ID) + containers[index].EnvFrom = r.getDefaultContainerEnvFrom() + containers[index].VolumeMounts = ensureDefaultVolumeMounts(containers[index].VolumeMounts) } return containers @@ -227,6 +229,7 @@ func (r *StackReconciler) getDefaultContainer(run *console.StackRunFragment) cor }, SecurityContext: ensureDefaultContainerSecurityContext(nil), Env: make([]corev1.EnvVar, 0), + EnvFrom: r.getDefaultContainerEnvFrom(), } } @@ -296,14 +299,22 @@ func (r *StackReconciler) getTag(run *console.StackRunFragment) string { return defaultImageTag } -func (r *StackReconciler) getDefaultContainerArgs(runID string) []string { - return []string{ - fmt.Sprintf("--console-url=%s", r.consoleURL), - fmt.Sprintf("--console-token=%s", r.deployToken), - fmt.Sprintf("--stack-run-id=%s", runID), +func (r *StackReconciler) getDefaultContainerEnvFrom() []corev1.EnvFromSource { + return []corev1.EnvFromSource{ + { + SecretRef: &corev1.SecretEnvSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: jobRunSecretName, + }, + }, + }, } } +func (r *StackReconciler) getDefaultContainerArgs(runID string) []string { + return []string{fmt.Sprintf("--stack-run-id=%s", runID)} +} + func ensureDefaultVolumeMounts(mounts []corev1.VolumeMount) []corev1.VolumeMount { return append( algorithms.Filter(mounts, func(v corev1.VolumeMount) bool { diff --git a/pkg/controller/stacks/secret.go b/pkg/controller/stacks/secret.go index e4d43b52..f752951a 100644 --- a/pkg/controller/stacks/secret.go +++ b/pkg/controller/stacks/secret.go @@ -3,6 +3,7 @@ package stacks import ( "context" + "github.com/pluralsh/deployment-operator/cmd/harness/args" corev1 "k8s.io/api/core/v1" apierrs "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -11,23 +12,35 @@ import ( ) const ( - secretName = "job-run-secret" - secretDeployTokenKey = "deploy-token" + jobRunSecretName = "job-run-secret" ) +func (r *StackReconciler) getRunSecretData() map[string]string { + return map[string]string{ + args.EnvConsoleUrl: r.consoleURL, + args.EnvConsoleToken: r.deployToken, + } +} + +func (r *StackReconciler) hasRunSecretData(data map[string][]byte) bool { + token, hasToken := data[args.EnvConsoleToken] + url, hasUrl := data[args.EnvConsoleUrl] + return hasToken && hasUrl && string(token) == r.deployToken && string(url) == r.consoleURL +} + func (r *StackReconciler) upsertRunSecret(ctx context.Context) (*corev1.Secret, error) { logger := log.FromContext(ctx) secret := &corev1.Secret{} - if err := r.k8sClient.Get(ctx, types.NamespacedName{Name: secretName, Namespace: r.namespace}, secret); err != nil { + if err := r.k8sClient.Get(ctx, types.NamespacedName{Name: jobRunSecretName, Namespace: r.namespace}, secret); err != nil { if !apierrs.IsNotFound(err) { return nil, err } - logger.V(2).Info("generating secret", "namespace", r.namespace, "name", secretName) + logger.V(2).Info("generating secret", "namespace", r.namespace, "name", jobRunSecretName) secret = &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{Name: secretName, Namespace: r.namespace}, - StringData: map[string]string{secretDeployTokenKey: r.deployToken}, + ObjectMeta: metav1.ObjectMeta{Name: jobRunSecretName, Namespace: r.namespace}, + StringData: r.getRunSecretData(), } logger.V(2).Info("creating secret", "namespace", secret.Namespace, "name", secret.Name) @@ -39,9 +52,9 @@ func (r *StackReconciler) upsertRunSecret(ctx context.Context) (*corev1.Secret, return secret, nil } - if deployToken, exists := secret.Data[secretDeployTokenKey]; !exists || string(deployToken) != r.deployToken { + if r.hasRunSecretData(secret.Data) { logger.V(2).Info("updating secret", "namespace", secret.Namespace, "name", secret.Name) - secret.StringData = map[string]string{secretDeployTokenKey: r.deployToken} + secret.StringData = r.getRunSecretData() if err := r.k8sClient.Update(ctx, secret); err != nil { logger.Error(err, "unable to update secret") return nil, err From 0d1e62d3d7c37b35bae452f521c033c8e23bb684 Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Mon, 30 Sep 2024 15:22:55 +0200 Subject: [PATCH 3/9] rename secret --- pkg/controller/stacks/secret.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/stacks/secret.go b/pkg/controller/stacks/secret.go index f752951a..700492af 100644 --- a/pkg/controller/stacks/secret.go +++ b/pkg/controller/stacks/secret.go @@ -12,7 +12,7 @@ import ( ) const ( - jobRunSecretName = "job-run-secret" + jobRunSecretName = "job-run-env" ) func (r *StackReconciler) getRunSecretData() map[string]string { From ab0b502a7d923754be1c78b750dea4ce8779446a Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Mon, 30 Sep 2024 15:38:29 +0200 Subject: [PATCH 4/9] fix typo --- cmd/agent/args/args.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/agent/args/args.go b/cmd/agent/args/args.go index 8b424e99..c33f7f86 100644 --- a/cmd/agent/args/args.go +++ b/cmd/agent/args/args.go @@ -266,6 +266,6 @@ func ResourceCacheEnabled() bool { func ensureOrDie(argName string, arg *string) { if arg == nil || len(*arg) == 0 { pflag.PrintDefaults() - panic(fmt.Sprintf("%s arg is rquired", argName)) + panic(fmt.Sprintf("%s arg is required", argName)) } } From 0799fd9c86829d26c9b2e01c08efb9ff4589eb4c Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Mon, 30 Sep 2024 15:59:14 +0200 Subject: [PATCH 5/9] go mod tidy --- go.mod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 3d2dbe4d..33235ddf 100644 --- a/go.mod +++ b/go.mod @@ -19,6 +19,7 @@ require ( github.com/gobuffalo/flect v1.0.2 github.com/gofrs/flock v0.12.1 github.com/golangci/golangci-lint v1.61.0 + github.com/google/gnostic-models v0.6.8 github.com/hashicorp/terraform-json v0.22.1 github.com/mitchellh/mapstructure v1.5.0 github.com/onsi/ginkgo/v2 v2.20.2 @@ -40,7 +41,6 @@ require ( github.com/vektra/mockery/v2 v2.45.1 github.com/vmware-tanzu/velero v1.14.1 github.com/yuin/gopher-lua v1.1.1 - go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.1 @@ -193,7 +193,6 @@ require ( github.com/golangci/unconvert v0.0.0-20240309020433-c5143eacb3ed // indirect github.com/google/btree v1.1.2 // indirect github.com/google/cel-go v0.20.1 // indirect - github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect @@ -352,6 +351,7 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/automaxprocs v1.5.3 // indirect go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.27.0 // indirect golang.org/x/arch v0.8.0 // indirect golang.org/x/crypto v0.27.0 // indirect golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f // indirect From d850c2d7a86ebc6f8fe297792340c09ecbb397c1 Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Mon, 30 Sep 2024 16:32:08 +0200 Subject: [PATCH 6/9] fix typo --- cmd/harness/args/args.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/harness/args/args.go b/cmd/harness/args/args.go index 180f5a4d..0ccbe87f 100644 --- a/cmd/harness/args/args.go +++ b/cmd/harness/args/args.go @@ -122,6 +122,6 @@ func LogFlushBufferSize() int { func ensureOrDie(argName string, arg *string) { if arg == nil || len(*arg) == 0 { pflag.PrintDefaults() - panic(fmt.Sprintf("%s arg is rquired", argName)) + panic(fmt.Sprintf("%s arg is required", argName)) } } From 02610bafe225bbc67ade0dd8ec9cb05947cfa588 Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Mon, 30 Sep 2024 16:40:15 +0200 Subject: [PATCH 7/9] fix build issue --- pkg/controller/stacks/secret.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pkg/controller/stacks/secret.go b/pkg/controller/stacks/secret.go index 700492af..7ed13f1c 100644 --- a/pkg/controller/stacks/secret.go +++ b/pkg/controller/stacks/secret.go @@ -3,7 +3,6 @@ package stacks import ( "context" - "github.com/pluralsh/deployment-operator/cmd/harness/args" corev1 "k8s.io/api/core/v1" apierrs "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -13,18 +12,20 @@ import ( const ( jobRunSecretName = "job-run-env" + envConsoleUrl = "CONSOLE_URL" + envConsoleToken = "CONSOLE_TOKEN" ) func (r *StackReconciler) getRunSecretData() map[string]string { return map[string]string{ - args.EnvConsoleUrl: r.consoleURL, - args.EnvConsoleToken: r.deployToken, + envConsoleUrl: r.consoleURL, + envConsoleToken: r.deployToken, } } func (r *StackReconciler) hasRunSecretData(data map[string][]byte) bool { - token, hasToken := data[args.EnvConsoleToken] - url, hasUrl := data[args.EnvConsoleUrl] + token, hasToken := data[envConsoleToken] + url, hasUrl := data[envConsoleUrl] return hasToken && hasUrl && string(token) == r.deployToken && string(url) == r.consoleURL } From b1a53c0ff56f95fa613bb3092749b362aa7d4ad5 Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Tue, 1 Oct 2024 10:27:23 +0200 Subject: [PATCH 8/9] add env var prefix --- pkg/controller/stacks/secret.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/controller/stacks/secret.go b/pkg/controller/stacks/secret.go index 7ed13f1c..369acc83 100644 --- a/pkg/controller/stacks/secret.go +++ b/pkg/controller/stacks/secret.go @@ -12,8 +12,8 @@ import ( const ( jobRunSecretName = "job-run-env" - envConsoleUrl = "CONSOLE_URL" - envConsoleToken = "CONSOLE_TOKEN" + envConsoleUrl = "PLRL_CONSOLE_URL" + envConsoleToken = "PLRL_CONSOLE_TOKEN" ) func (r *StackReconciler) getRunSecretData() map[string]string { From c33b9cc947c1670005ad551dcc88115fc39c51fa Mon Sep 17 00:00:00 2001 From: Marcin Maciaszczyk Date: Tue, 1 Oct 2024 10:29:32 +0200 Subject: [PATCH 9/9] flip condition --- pkg/controller/stacks/secret.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/stacks/secret.go b/pkg/controller/stacks/secret.go index 369acc83..70199f13 100644 --- a/pkg/controller/stacks/secret.go +++ b/pkg/controller/stacks/secret.go @@ -53,7 +53,7 @@ func (r *StackReconciler) upsertRunSecret(ctx context.Context) (*corev1.Secret, return secret, nil } - if r.hasRunSecretData(secret.Data) { + if !r.hasRunSecretData(secret.Data) { logger.V(2).Info("updating secret", "namespace", secret.Namespace, "name", secret.Name) secret.StringData = r.getRunSecretData() if err := r.k8sClient.Update(ctx, secret); err != nil {