feat(konnectivity): reconciliation performed by soot manager

internal/resources/konnectivity/agent.go

@@ -18,35 +18,34 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1"
-	"github.com/clastix/kamaji/internal/constants"
 	"github.com/clastix/kamaji/internal/utilities"
 )
 
-const (
-	agentNamespace = "kube-system"
-)
-
 type Agent struct {
 	resource     *appsv1.DaemonSet
 	Client       client.Client
 	tenantClient client.Client
 }
 
-func (r *Agent) ShouldStatusBeUpdated(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool {
-	return tenantControlPlane.Status.Addons.Konnectivity.Agent.Checksum != r.resource.GetAnnotations()[constants.Checksum]
+func (r *Agent) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool {
+	return tenantControlPlane.Spec.Addons.Konnectivity == nil && len(tenantControlPlane.Status.Addons.Konnectivity.Agent.Namespace) == 0
 }
 
 func (r *Agent) ShouldCleanup(tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool {
-	return tenantControlPlane.Spec.Addons.Konnectivity == nil
+	return tenantControlPlane.Spec.Addons.Konnectivity == nil && len(tenantControlPlane.Status.Addons.Konnectivity.Agent.Name) > 0
 }
 
-func (r *Agent) CleanUp(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) (bool, error) {
+func (r *Agent) CleanUp(ctx context.Context, _ *kamajiv1alpha1.TenantControlPlane) (bool, error) {
+	logger := log.FromContext(ctx, "resource", r.GetName())
+
 	if err := r.tenantClient.Delete(ctx, r.resource); err != nil {
-		if !k8serrors.IsNotFound(err) {
+		if k8serrors.IsNotFound(err) {
 			return false, err
 		}
 
-		return false, nil
+		logger.Error(err, "cannot delete the requested resource")
+
+		return false, err
 	}
 
 	return true, nil
@@ -58,7 +57,7 @@ func (r *Agent) Define(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T
 	r.resource = &appsv1.DaemonSet{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      AgentName,
-			Namespace: agentNamespace,
+			Namespace: AgentNamespace,
 		},
 	}
 
@@ -72,19 +71,22 @@ func (r *Agent) Define(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T
 }
 
 func (r *Agent) CreateOrUpdate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) (controllerutil.OperationResult, error) {
-	return controllerutil.CreateOrUpdate(ctx, r.tenantClient, r.resource, r.mutate(ctx, tenantControlPlane))
+	if tenantControlPlane.Spec.Addons.Konnectivity != nil {
+		return controllerutil.CreateOrUpdate(ctx, r.tenantClient, r.resource, r.mutate(ctx, tenantControlPlane))
+	}
+
+	return controllerutil.OperationResultNone, nil
 }
 
 func (r *Agent) GetName() string {
 	return "konnectivity-agent"
 }
 
-func (r *Agent) UpdateTenantControlPlaneStatus(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error {
+func (r *Agent) UpdateTenantControlPlaneStatus(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) error {
 	if tenantControlPlane.Spec.Addons.Konnectivity != nil {
 		tenantControlPlane.Status.Addons.Konnectivity.Agent = kamajiv1alpha1.ExternalKubernetesObjectStatus{
 			Name:       r.resource.GetName(),
 			Namespace:  r.resource.GetNamespace(),
-			Checksum:   r.resource.GetAnnotations()[constants.Checksum],
 			LastUpdate: metav1.Now(),
 		}
 
@@ -154,7 +156,7 @@ func (r *Agent) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T
 								},
 							},
 						},
-						DefaultMode: pointer.Int32Ptr(420),
+						DefaultMode: pointer.Int32(420),
 					},
 				},
 			},
@@ -164,7 +166,7 @@ func (r *Agent) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T
 			r.resource.Spec.Template.Spec.Containers = make([]corev1.Container, 1)
 		}
 
-		r.resource.Spec.Template.Spec.Containers[0].Image = fmt.Sprintf("%s:%s", tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityAgentSpec.AgentImage, tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityServerSpec.Version)
+		r.resource.Spec.Template.Spec.Containers[0].Image = fmt.Sprintf("%s:%s", tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityAgentSpec.Image, tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityAgentSpec.Version)
 		r.resource.Spec.Template.Spec.Containers[0].Name = AgentName
 		r.resource.Spec.Template.Spec.Containers[0].Command = []string{"/proxy-agent"}
 
@@ -200,18 +202,6 @@ func (r *Agent) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T
 			SuccessThreshold:    1,
 			FailureThreshold:    3,
 		}
-		// Creating a copy to remove the metadata that would be changed at every reconciliation
-		c := r.resource.DeepCopy()
-		c.SetAnnotations(nil)
-		c.SetResourceVersion("")
-
-		yaml, _ := utilities.EncodeToYaml(c)
-		annotations := r.resource.GetAnnotations()
-		if annotations == nil {
-			annotations = map[string]string{}
-		}
-		annotations[constants.Checksum] = utilities.MD5Checksum(yaml)
-		r.resource.SetAnnotations(annotations)
 
 		return nil
 	}

internal/resources/konnectivity/cluster_role_binding_resource.go

@@ -14,36 +14,35 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1"
-	"github.com/clastix/kamaji/internal/constants"
 	"github.com/clastix/kamaji/internal/utilities"
 )
 
 type ClusterRoleBindingResource struct {
+	Client client.Client
+
 	resource     *rbacv1.ClusterRoleBinding
-	Client       client.Client
 	tenantClient client.Client
 }
 
 func (r *ClusterRoleBindingResource) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool {
-	return tenantControlPlane.Status.Addons.Konnectivity.ClusterRoleBinding.Name != r.resource.GetName() ||
-		tenantControlPlane.Status.Addons.Konnectivity.ClusterRoleBinding.Checksum != r.resource.ObjectMeta.GetAnnotations()[constants.Checksum]
+	return tenantControlPlane.Status.Addons.Konnectivity.ClusterRoleBinding.Name != r.resource.GetName()
 }
 
 func (r *ClusterRoleBindingResource) ShouldCleanup(tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool {
-	return tenantControlPlane.Spec.Addons.Konnectivity == nil
+	return tenantControlPlane.Spec.Addons.Konnectivity == nil && len(tenantControlPlane.Status.Addons.Konnectivity.ClusterRoleBinding.Name) > 0
 }
 
 func (r *ClusterRoleBindingResource) CleanUp(ctx context.Context, _ *kamajiv1alpha1.TenantControlPlane) (bool, error) {
 	logger := log.FromContext(ctx, "resource", r.GetName())
 
 	if err := r.tenantClient.Delete(ctx, r.resource); err != nil {
-		if !k8serrors.IsNotFound(err) {
-			logger.Error(err, "cannot delete the requeste resource")
-
-			return false, err
+		if k8serrors.IsNotFound(err) {
+			return false, nil
 		}
 
-		return false, nil
+		logger.Error(err, "cannot delete the requested resource")
+
+		return false, err
 	}
 
 	return true, nil
@@ -67,8 +66,12 @@ func (r *ClusterRoleBindingResource) Define(ctx context.Context, tenantControlPl
 	return nil
 }
 
-func (r *ClusterRoleBindingResource) CreateOrUpdate(ctx context.Context, _ *kamajiv1alpha1.TenantControlPlane) (controllerutil.OperationResult, error) {
-	return controllerutil.CreateOrUpdate(ctx, r.tenantClient, r.resource, r.mutate())
+func (r *ClusterRoleBindingResource) CreateOrUpdate(ctx context.Context, tcp *kamajiv1alpha1.TenantControlPlane) (controllerutil.OperationResult, error) {
+	if tcp.Spec.Addons.Konnectivity != nil {
+		return controllerutil.CreateOrUpdate(ctx, r.tenantClient, r.resource, r.mutate())
+	}
+
+	return controllerutil.OperationResultNone, nil
 }
 
 func (r *ClusterRoleBindingResource) GetName() string {
@@ -79,8 +82,7 @@ func (r *ClusterRoleBindingResource) UpdateTenantControlPlaneStatus(_ context.Co
 	if tenantControlPlane.Spec.Addons.Konnectivity != nil {
 		tenantControlPlane.Status.Addons.Konnectivity.Enabled = true
 		tenantControlPlane.Status.Addons.Konnectivity.ClusterRoleBinding = kamajiv1alpha1.ExternalKubernetesObjectStatus{
-			Name:     r.resource.GetName(),
-			Checksum: r.resource.GetAnnotations()[constants.Checksum],
+			Name: r.resource.GetName(),
 		}
 
 		return nil
@@ -115,14 +117,6 @@ func (r *ClusterRoleBindingResource) mutate() controllerutil.MutateFn {
 			},
 		}
 
-		annotations := r.resource.GetAnnotations()
-		if annotations == nil {
-			annotations = map[string]string{}
-		}
-
-		yaml, _ := utilities.EncodeToYaml(r.resource)
-		annotations[constants.Checksum] = utilities.MD5Checksum(yaml)
-
 		return nil
 	}
 }

internal/resources/konnectivity/constants.go

@@ -3,9 +3,14 @@
 
 package konnectivity
 
+import (
+	"k8s.io/kubernetes/pkg/apis/core"
+)
+
 const (
 	AgentName      = "konnectivity-agent"
 	CertCommonName = "system:konnectivity-server"
+	AgentNamespace = core.NamespaceSystem
 
 	agentTokenName                  = "konnectivity-agent-token"
 	apiServerAPIVersion             = "apiserver.k8s.io/v1beta1"

internal/resources/konnectivity/deployment_resource.go

@@ -129,7 +129,7 @@ func (r *KubernetesDeploymentResource) syncContainer(tenantControlPlane *kamajiv
 	}
 
 	r.resource.Spec.Template.Spec.Containers[index].Name = konnectivityServerName
-	r.resource.Spec.Template.Spec.Containers[index].Image = fmt.Sprintf("%s:%s", tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityServerSpec.Image, tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityAgentSpec.Version)
+	r.resource.Spec.Template.Spec.Containers[index].Image = fmt.Sprintf("%s:%s", tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityServerSpec.Image, tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityServerSpec.Version)
 	r.resource.Spec.Template.Spec.Containers[index].Command = []string{"/proxy-server"}
 
 	args := utilities.ArgsFromSliceToMap(tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityServerSpec.ExtraArgs)

internal/resources/konnectivity/service_account_resource.go

@@ -14,35 +14,35 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1"
-	"github.com/clastix/kamaji/internal/constants"
 	"github.com/clastix/kamaji/internal/utilities"
 )
 
 type ServiceAccountResource struct {
+	Client client.Client
+
 	resource     *corev1.ServiceAccount
-	Client       client.Client
 	tenantClient client.Client
 }
 
 func (r *ServiceAccountResource) ShouldStatusBeUpdated(_ context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool {
-	return tenantControlPlane.Status.Addons.Konnectivity.ServiceAccount.Checksum != r.resource.GetAnnotations()[constants.Checksum]
+	return len(tenantControlPlane.Status.Addons.Konnectivity.ServiceAccount.Name) == 0 && len(tenantControlPlane.Status.Addons.Konnectivity.ServiceAccount.Namespace) == 0
 }
 
 func (r *ServiceAccountResource) ShouldCleanup(tenantControlPlane *kamajiv1alpha1.TenantControlPlane) bool {
-	return tenantControlPlane.Spec.Addons.Konnectivity == nil
+	return tenantControlPlane.Spec.Addons.Konnectivity == nil && len(tenantControlPlane.Status.Addons.Konnectivity.ServiceAccount.Name) > 0
 }
 
 func (r *ServiceAccountResource) CleanUp(ctx context.Context, _ *kamajiv1alpha1.TenantControlPlane) (bool, error) {
 	logger := log.FromContext(ctx, "resource", r.GetName())
 
 	if err := r.tenantClient.Delete(ctx, r.resource); err != nil {
-		if !k8serrors.IsNotFound(err) {
-			logger.Error(err, "cannot delete the requested resource")
-
-			return false, err
+		if k8serrors.IsNotFound(err) {
+			return false, nil
 		}
 
-		return false, nil
+		logger.Error(err, "cannot delete the requested resource")
+
+		return false, err
 	}
 
 	return true, nil
@@ -54,7 +54,7 @@ func (r *ServiceAccountResource) Define(ctx context.Context, tenantControlPlane
 	r.resource = &corev1.ServiceAccount{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      AgentName,
-			Namespace: agentNamespace,
+			Namespace: AgentNamespace,
 		},
 	}
 
@@ -67,8 +67,12 @@ func (r *ServiceAccountResource) Define(ctx context.Context, tenantControlPlane
 	return nil
 }
 
-func (r *ServiceAccountResource) CreateOrUpdate(ctx context.Context, _ *kamajiv1alpha1.TenantControlPlane) (controllerutil.OperationResult, error) {
-	return controllerutil.CreateOrUpdate(ctx, r.tenantClient, r.resource, r.mutate())
+func (r *ServiceAccountResource) CreateOrUpdate(ctx context.Context, tcp *kamajiv1alpha1.TenantControlPlane) (controllerutil.OperationResult, error) {
+	if tcp.Spec.Addons.Konnectivity != nil {
+		return controllerutil.CreateOrUpdate(ctx, r.tenantClient, r.resource, r.mutate())
+	}
+
+	return controllerutil.OperationResultNone, nil
 }
 
 func (r *ServiceAccountResource) GetName() string {
@@ -80,7 +84,6 @@ func (r *ServiceAccountResource) UpdateTenantControlPlaneStatus(_ context.Contex
 		tenantControlPlane.Status.Addons.Konnectivity.ServiceAccount = kamajiv1alpha1.ExternalKubernetesObjectStatus{
 			Name:      r.resource.GetName(),
 			Namespace: r.resource.GetNamespace(),
-			Checksum:  r.resource.GetAnnotations()[constants.Checksum],
 		}
 
 		return nil
@@ -101,19 +104,6 @@ func (r *ServiceAccountResource) mutate() controllerutil.MutateFn {
 			},
 		))
 
-		c := r.resource.DeepCopy()
-		c.SetAnnotations(nil)
-		c.SetResourceVersion("")
-
-		yaml, _ := utilities.EncodeToYaml(c)
-
-		annotations := r.resource.GetAnnotations()
-		if annotations == nil {
-			annotations = map[string]string{}
-		}
-		annotations[constants.Checksum] = utilities.MD5Checksum(yaml)
-		r.resource.SetAnnotations(annotations)
-
 		return nil
 	}
 }