From a49a69c3e6f8bf315a18fad7f24d004a42f03aca Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Tue, 31 May 2022 20:58:57 +0200 Subject: [PATCH 1/2] [controller] Propagating Limitador's env vars * limitador namespace * limitador service name * limitador service grpc port * Using keyed values --- controllers/kuadrant_controller.go | 36 +++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/controllers/kuadrant_controller.go b/controllers/kuadrant_controller.go index d7faef185..138c8ae6a 100644 --- a/controllers/kuadrant_controller.go +++ b/controllers/kuadrant_controller.go @@ -21,13 +21,13 @@ import ( "encoding/json" "errors" "fmt" - "github.com/go-logr/logr" authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1" limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1" istioapiv1alpha1 "istio.io/api/operator/v1alpha1" iopv1alpha1 "istio.io/istio/operator/pkg/apis/istio/v1alpha1" appsv1 "k8s.io/api/apps/v1" + v1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -43,8 +43,14 @@ import ( ) const ( - kuadrantFinalizer = "kuadrant.kuadrant.io/finalizer" - extAuthorizerName = "kuadrant-authorization" + kuadrantFinalizer = "kuadrant.kuadrant.io/finalizer" + extAuthorizerName = "kuadrant-authorization" + envLimitadorNamespace = "LIMITADOR_NAMESPACE" + envLimitadorName = "LIMITADOR_NAME" +) + +var ( + limitadorName = common.FetchEnv(envLimitadorName, "limitador") ) // KuadrantReconciler reconciles a Kuadrant object @@ -344,7 +350,7 @@ func (r *KuadrantReconciler) reconcileLimitador(ctx context.Context, kObj *kuadr APIVersion: "limitador.kuadrant.io/v1alpha1", }, ObjectMeta: metav1.ObjectMeta{ - Name: "limitador", + Name: limitadorName, Namespace: kObj.Namespace, }, Spec: limitadorv1alpha1.LimitadorSpec{}, @@ -389,14 +395,28 @@ func (r *KuadrantReconciler) createOnlyInKuadrantNSCb(ctx context.Context, kObj return err } - k8sObjKind := k8sObj.DeepCopyObject().GetObjectKind() + var newObj client.Object + newObj = k8sObj + + switch obj := k8sObj.(type) { + case *appsv1.Deployment: // If it's a Deployment obj, it adds the required env vars + obj.Spec.Template.Spec.Containers[0].Env = append( + obj.Spec.Template.Spec.Containers[0].Env, + v1.EnvVar{Name: envLimitadorNamespace, Value: kObj.Namespace}, + v1.EnvVar{Name: envLimitadorName, Value: limitadorName}, + ) + newObj = obj + default: + } + newObjCloned := newObj.DeepCopyObject() + err = r.Client().Create(ctx, newObj) - err = r.Client().Create(ctx, k8sObj) - logger.V(1).Info("create resource", "GKV", k8sObjKind.GroupVersionKind(), "name", k8sObj.GetName(), "error", err) + k8sObjKind := newObjCloned.GetObjectKind() + logger.V(1).Info("create resource", "GKV", k8sObjKind.GroupVersionKind(), "name", newObj.GetName(), "error", err) if err != nil { if apierrors.IsAlreadyExists(err) { // Omit error - logger.Info("Already exists", "GKV", k8sObjKind.GroupVersionKind(), "name", k8sObj.GetName()) + logger.Info("Already exists", "GKV", k8sObjKind.GroupVersionKind(), "name", newObj.GetName()) } else { return err } From 52402f4f9f4966903971acd4426e6d0263e2be04 Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Thu, 28 Jul 2022 20:20:54 +0200 Subject: [PATCH 2/2] [controller] Patching the (Cluster)RoleBinding to match Kuadrant NS * It needs some DRY up * There's no easy way, since obj is type interface when multiple case types --- controllers/kuadrant_controller.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/controllers/kuadrant_controller.go b/controllers/kuadrant_controller.go index 138c8ae6a..4927ebd0b 100644 --- a/controllers/kuadrant_controller.go +++ b/controllers/kuadrant_controller.go @@ -28,6 +28,7 @@ import ( iopv1alpha1 "istio.io/istio/operator/pkg/apis/istio/v1alpha1" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -406,6 +407,25 @@ func (r *KuadrantReconciler) createOnlyInKuadrantNSCb(ctx context.Context, kObj v1.EnvVar{Name: envLimitadorName, Value: limitadorName}, ) newObj = obj + // TODO: DRY the following 2 case switches + case *rbacv1.RoleBinding: + if obj.Name == "kuadrant-leader-election-rolebinding" { + for i, subject := range obj.Subjects { + if subject.Name == "kuadrant-controller-manager" { + obj.Subjects[i].Namespace = kObj.Namespace + } + } + } + newObj = obj + case *rbacv1.ClusterRoleBinding: + if obj.Name == "kuadrant-manager-rolebinding" { + for i, subject := range obj.Subjects { + if subject.Name == "kuadrant-controller-manager" { + obj.Subjects[i].Namespace = kObj.Namespace + } + } + } + newObj = obj default: } newObjCloned := newObj.DeepCopyObject()