From 87615a7c2c0d0b87995bcd61a29fb846ecabb02e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20=C5=A0alata?= Date: Thu, 9 Jun 2022 13:17:22 +0200 Subject: [PATCH] Make fleet use the new kubeconfig secrets (fetched via token requestor flow) to access shoot clusters --- VERSION | 2 +- .../Chart.yaml | 2 +- example/controller-registration.yaml | 4 +- pkg/controller/actuator.go | 105 ++++++++++++------ pkg/controller/fleetmanager.go | 10 ++ 5 files changed, 88 insertions(+), 35 deletions(-) diff --git a/VERSION b/VERSION index ea00f77..086f0ea 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v1.0.4-DEV +v1.0.6-DEV diff --git a/charts/gardener-extension-shoot-fleet-agent/Chart.yaml b/charts/gardener-extension-shoot-fleet-agent/Chart.yaml index 5b2a0d2..97e430a 100644 --- a/charts/gardener-extension-shoot-fleet-agent/Chart.yaml +++ b/charts/gardener-extension-shoot-fleet-agent/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for the Gardener Shoot Fleet Agent extension. name: gardener-extension-shoot-fleet-agent -version: 0.3.3 +version: 0.3.5 diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml index 3bb14c9..6246101 100644 --- a/example/controller-registration.yaml +++ b/example/controller-registration.yaml @@ -5,10 +5,10 @@ metadata: name: extension-shoot-fleet-agent type: helm providerConfig: - chart: H4sIAAAAAAAAA+0caW/bRjafBfg/zMpbJClC6rAkt1pksaqspkbjA5brolgsghE5ktiQHO4MKUdNur993xy8JOq0Iye7fGhjco43b97Mu2YeNcHMJj5hBvkQEp871Df4lNLQGLuEhAaeED+sPXsY1AFO2235F2Dxr3xunLQazXaz0xHljU7n9PQZaj9w3K0g4iFmCD1jMOl17TbVf6Uw2Wb9zSlxPWfiU0b2GUMscKfVWrn+7XYrv/7NRv2k/QzVH3uyRfB/vv7H6BqHIWE+RyFFao3R/ZT4aBQ5ru34ExRg6z3sA24eVY7R7dThiEdBQFkID7AxXDRx6Qh5OLSm0PwVYsTFoTMj0DGcZsqxbwsMPplANfXRi4CRsfOB2OjegYZ/eWmiK9+dI+rLroIoFBCGXMcnMLZ5Nnw3DIE8gaRPPQ9Q3PWHyHYYh9qJE9bUHzUJeB79wWrqT1I0ndTkv0kBn/m1DMIRzDUK0NhxCSD91uT3gfgzwu/Fn9ATb/8R7e8wc2jE0fnZQIweMPo7sUJ4cmyCa7oxFELJjFvUJlD21GtdBFvJf3+KWWjOsefuNcYm+W+2Txbkv95ptkr5PwTgwLkjTKx7F80aFRwEyevzWcOsmy3jbHCHnldswi3mBKGs6qGfwCIgS+wLNKYMhVOC3uithIZiA6EfxQZCPbGBULK5zIqPPdJF22y7yiympG6emCdfpPh89bCV/NvUMid07zE2yH9TGPu8/3d6enpSyv8hoFYD0xfMwUJOQ/TCeoma9cb3aNi7RsMBAsHGvnzBYzCJDg4JsqgXYH9uoh5YftmNg8XnhM2IbSr3QFhPBH9dx4ItBfY98m2idEQPnAn4M6Tj8B6Dp/FWNXmFZiZqgpqwSBAizJFPQ+hHoQu7dzhg82X3t+f9wSUQJkY4qtRq4v8YR8EwCXat01DTrKMXokFVV1Vf/k3imNMIPJW5GBdFMF6YzEPTBASImQMPfIsohyVMRzAlkt80EjoKMbTH0COAt3G2JcJhQriEaRgG3Vrt/v7exJJqk7JJTbOO1/SMDaA86feLD96J4Pq/I4fBvEdzBHobuuAREOzie7lwE0agTjh1Prpn4BYJH4xrxks8tsND5oyiMMe7mFBgQLYBcA/2QrU3ROfDKvqhNzwfvpJYfj2//enql1v0a+/mpnd5ez4Yoqsb1L+6PDu/Pb+6hLcfUe/yN/Tz+eXZK0QcsabAVXD+YA5AqCO4CntHIhsSkiMiti08IJYzdiyYnT+JQCuhCQXz4Ev/lDDP4WJ9ufIxAY/reE4o3Uy+PDUYSjSa0O5EqD6xq02zBv9NwfurxWWGRf2QUdcF5cjIRLBCIjT5FK1RlsjUyO4GN0OYv34jHzDMk9RWIRXOFRrEaLtLaBXJ4KxLX1xbXuKLFecoOxPtm0vO6ULBJDF9izIGTipKaUA5Go4qQRb9l+mwlvCosJX9DwnsXdhcfL+ToJ3Pf8D/P22X5z+HgB3X/x0E/KBvuRkG28eCm/y/Vmvx/Oek2Sz9v4PAx48GssnY8cEnEqFZFRl//nlU2WZbHFVEZ+Lbqot6jXHJFmBoxs5EozQM46iSDTeXEBrCiwQTbSaDclOhMGN6TMulkV2bNbAbTHHjqPLe8e2uijVlqNmX7Y8gXB3jyNWv3aMKQu+jEVHYuujjR2TeYTci3JTjX2AfKGBm2gYJksWEnHFxUxePiMtlM4TUy2q8uvEncMd+E4b+EwLPxRbeQisZSDBy06BihTgYaaLHTd5XD53vsu1A+jyrn/IiV7J6uHzHggk3C+mIn9VbsoscD5Dq/YOQJniK+bU8OURVPsXNdqdbTWiRHcwQT1DaJWCOH45R9Rv+j2/4YlNGAsqdkLL5WhyweqQQZXd/lCunH88eRqHguM8tF3OuD0M0MzQrOPGgvC9CMgimqn9/jRpmo2XUgaQ+RBMjiNlCB8b/Gfa1ljvzjRPG4ZBExSHmsCMXnETz/XdAKgXp0lSJSa8apfHwUUYkxNmhVjaMhT2nb9YoH5dgcPmJCxsRCHBszbQ1usxQXYy4Tw79U+vozwk72n+lHD0cGHJLz4BblBkiFBMhJik+I950/tupN/L2/6Reb9dL+38IWDACclXv5KpexYsqNVP+nDi2u0rNX+DgqOKBMNs4xN3YLkkb4fiWG9mJb2ECruKdU2DNbkAYMUTrlwtGTxtb8YjEwYe02swnIZHqYt3Yq/o4PuwCv2hg2SmZlySdv8vv9y76JNTFeh5+QisM/hOv/47yb5PApXMPCne4Dtog/+3TenvR/z8t5f8wsOSVg3DwWirhZ8mCF4r4dnHC44r2tmMiJNIWTD6tyeOsXTrurCHE+aQkm5GZIzD/5HDhAb4V55BdVFdV8ow2Hybowj6NQDcoJnDphFCm2SAv0N9mGfMYrNljjgjFeiCmLLsfJErfp/rUNSlDCBw66z2PvBonFiMxLTrWMzIhWaKwc8GjCbpT+fmAI9HhAra1XUuEpF5MyqdCq5Qj64X0+tFfzVvNBvMH4M+1SHKobuUYVV9umEwcBqgSN7/mj7Pqe607Qsn+FhDHJX0Rl1zuTIJe+Z5liU2/e39xfI3Bz2cpb4wd1ZECuVL5nacDTjO3NLLwOnLdawqyOs/Jr4rsgqQyv+Go52HQommJgWq70WggQ4vI6xoJrVpOePSuk5sr38XDH0Q3K2JMRDdMnGpYIqnldYb29B5APuvGw7lv8dw0BMIpwW44lRK0O/JM540D2Q4XlxqZ25ccWl3dT2tBon6njo+qr6pLyFSaj0EDoq44jFRDraJVdbmKe/SSDkvIF0JGw7FfZ7fSchCa31XEn+U2htrBbwe9s8HNu8HbQV/cnr277F0Mhte9/iBtitBMkP0jo143W4rQ2CGufUPGC8W6QmiqbqK004Oh/RVqTPT5Re/N4A4ovrp5d3U3uPn15vx2meAuUoY44z/XCh3qdUpxiUhGOI2YRfI7KSntStdcn0It9/mEQuZ4qXfeqG9QyjAX6kYeuRC6ixcsYJF1y7LCEx3VUiwLdLYhg/0j8uG6QGL0CIu0wdStonFpybalMc83xbVljb2eXcpjyG1nVXS5MKXVZ8l5lLsxb2fWWXE8nCN5ZUS6LhiOQR9kX1AbcLSa9exMYhY/wP/fMf5TpRmzs80Ym85/TuqnC/EfPJf3PweB4nOdoRSywohvN5nbKu5LRsjsqw0BwajTIr4Vq+8nP0X5emFH+c9dSWyrADbKf6ezKP+t0zL//yCQlf+sxBXfPSkPVumI62wU+IDDIe0bNpJckKOK+KAAu2fK8sW+RS4BuRqPjiSByznIyZAF98xm9am5/uXAjvLPRtjSDSzCUo2/VhNsvP9pLsp/p9k4LeX/ELB0/itW2MRROAXx+kPlBWauhfW1jwtcI+yGiizcdT4CX0jc6G4483jk89+9jrqWO3kyt8E2RvN8t6Ha/LIni1wZ3RjQ33nDaBSoaRioWlWHv2lAKktVHMNlJejXUVLxbfWQiZd7yP/OHwJtkP8WyP2C/DdbZf7/YeCzyP+2EvrVXveslvaVqq9ICViKj1y92T4XR6nM5os6YUJC9eA6XD/di1uhIgKSMbYYXyu2pLhQFz1wjmnjxfcasDiMdpiseAzSxyiAbUe2V7lJLPog/sJ7Zv5KNArXFpaWenGpzExywpgNhYODPcDq7CedW2bKBUu9SlTX7DVGXcKXSkYg1o4/0RWZNouV+xAu9zZI0C5rVU3u05SFXDCY8EpmIL6ZSmmKk/eA2ot1WN03rbC4BYSJm/Bi4tIsiGVsj8MVi4IecPxNiyrV0tLCxCM/Atq4Rh7Y6NrtLjmyBGWnn/AnlrAHGqAf1O78P7VDwID4vide6zUcFM0KLPhu7OLRSGT4KvMXHxdmb3R35/9Wp4RP7Sn9b8KO/n9el24ZCWyK/9v1pfO/9mkZ/x8EltRv9hIgL9Vl+tdKPfzUq7g/7Cj/swDv/jsgG+S/0eosfv/XPCnzPw8DCxfiYn3VV8X2YtZ3FTwKyi28/A1HsxqrDGgcOtDkmto93ZqwvTWHAdRsrT2SDLWCGcVebC5FK1+olU6SWyZLnVzCQlKnkg+ef/s8vaf3HL/nuvSeZJO9AF0QSZqTT/Wrq8kyUxwm9BPf38fdqmtms9gtm/ohUjQ9yuZ70aC67kOG7rn8qRNCIGsQAKQpSoWZx6JiOfs4zaTYVpGrsCO3vqpIJVNkEsDEfLKtzbTdl5Wu/+iwlf6fKS7t+wNQG/T/iUj2WPz9t06j1P+HAJUDq/Rh/NliF83F74SoW1gT/xExYjGh7rcVvBBPukg6DPI1yKTO9tx7POfig738oYPQMdBc61upN6vtuiePVxItVu20LhxZJH/fY0PjRvM72fqoAuItm2rLlmarHRdZgeNlfX6cavNGve6lRfFgcqwtdE5VmEVJUybnNM59yebFAkpRujIbtYvG2OVyEpns2tSKLeE6qmS/01Wz0rllOu9GZWnKY5/st9LHIzC2Mt0GZmBnqsQv20ic+hyZxSeKIu+ZcKCLkYxXDxyj8vYeu7pbP27ObN1owdrH5+PQNf2M+V7g1b8uljQQH1vAkDHG/s0ZouqYQk5Uf5Wc/oxMPNVjkc2e/bBZFsG6znVxXPBgnogMhQRrjkMa/w5syiNLMDwy5wpH8ebyR5k+D3eyqB+HRVmMn5lP+aGOKsuZ6l30z3+JmmNUlHcqPyMUFKqcaM3afJ6sYpvyh9RklPa6yejuiRNOo5EJ7Ev0dW1V76zOJ5E5WVDzejZp1mf800V6+WI0Ut9X62bT/P6gl9cllFBCCSWUUEIJJZRQQgkllFBCCSWUUEIJJZRQQgkllFBCCSWUUIKE/wKJB60LAHgAAA== + chart: H4sIAAAAAAAAA+0caW/bRjafBfg/zMpbJClC6rAkt1pksaqspkbjA5brolgsghE5ktiQHO4MKUdNur993xy8JOq0Iye7fGhjco43b97Mu2YeNcHMJj5hBvkQEp871Df4lNLQGLuEhAaeED+sPXsY1AFO2235F2Dxr3xunLQazXaz0xHljU7n9PQZaj9w3K0g4iFmCD1jMOl17TbVf6Uw2Wb9zSlxPWfiU0b2GUMscKfVWrn+7XYrv/7NRv2k/QzVH3uyRfB/vv7H6BqHIWE+RyFFao3R/ZT4aBQ5ru34ExRg6z3sA24eVY7R7dThiEdBQFkID7AxXDRx6Qh5OLSm0PwVYsTFoTMj0DGcZsqxbwsMPplANfXRi4CRsfOB2OjegYZ/eWmiK9+dI+rLroIoFBCGXMcnMLZ5Nnw3DIE8gaRPPQ9Q3PWHyHYYh9qJE9bUHzUJeB79wWrqT1I0ndTkv0kBn/m1DMIRzDUK0NhxCSD91uT3gfgzwu/Fn9ATb/8R7e8wc2jE0fnZQIweMPo7sUJ4cmyCa7oxFELJjFvUJlD21GtdBFvJf3+KWWjOsefuNcYm+W+2Txbkv95ptkr5PwTgwLkjTKx7F80aFRwEyevzWcOsmx3jbHCHnldswi3mBKGs6qGfwCIgS+wLNKYMhVOC3uithIZiA6EfxQZCPbGBULK5zIqPPdJF22y7yiympG6emO0vUny+ethK/m1qmRO69xgb5L8pjH3e/zs9PT0p5f8QUKuB6QvmYCGnIXphvUTNeuN7NOxdo+EAgWBjX77gMZhEB4cEWdQLsD83UQ8sv+zGweJzwmbENpV7IKwngr+uY8GWAvse+TZROqIHzgT8GdJxeI/B03irmrxCMxM1QU1YJAgR5sinIfSj0IXdOxyw+bL72/P+4BIIEyMcVWo18X+Mo2CYBLvWaahp1tEL0aCqq6ov/yZxzGkEnspcjIsiGC9M5qFpAgLEzIEHvkWUwxKmI5gSyW8aCR2FGNpj6BHA2zjbEuEwIVzCNAyDbq12f39vYkm1SdmkplnHa3rGBlCe9PvFB+9EcP3fkcNg3qM5Ar0NXfAICHbxvVy4CSNQJ5w6H90zcIuED8Y14yUe2+Ehc0ZRmONdTCgwINsAuAd7odobovNhFf3QG54PX0ksv57f/nT1yy36tXdz07u8PR8M0dUN6l9dnp3fnl9dwtuPqHf5G/r5/PLsFSKOWFPgKjh/MAcg1BFchb0jkQ0JyRER2xYeEMsZOxbMzp9EoJXQhIJ58KV/SpjncLG+XPmYgMd1PCeUbiZfnhoMJRpNaHciVJ/Y1aZZg/+m4P3V4jLDon7IqOuCcmRkIlghEZp8itYoS2RqZHeDmyHMX7+RDxjmSWqrkArnCg1itN0ltIpkcNalL64tL/HFinOUnYn2zSXndKFgkpi+RRkDJxWlNKAcDUeVIIv+y3RYS3hU2Mr+hwT2Lmwuvt9J0M7nP+D/n7bL859DwI7r/w4CftC33AyD7WPBTf5fq7V4/nPSbJb+30Hg40cD2WTs+OATidCsiow//zyqbLMtjiqiM/Ft1UW9xrhkCzA0Y2eiURqGcVTJhptLCA3hRYKJNpNBualQmDE9puXSyK7NGtgNprhxVHnv+HZXxZoy1OzL9kcQro5x5OrX7lEFoffRiChsXfTxIzLvsBsRbsrxL7APFDAzbYMEyWJCzri4qYtHxOWyGULqZTVe3fgTuGO/CUP/CYHnYgtvoZUMJBi5aVCxQhyMNNHjJu+rh8532XYgfZ7VT3mRK1k9XL5jwYSbhXTEz+ot2UWOB0j1/kFIEzzF/FqeHKIqn+Jmu9OtJrTIDmaIJyjtEjDHD8eo+g3/xzd8sSkjAeVOSNl8LQ5YPVKIsrs/ypXTj2cPo1Bw3OeWiznXhyGaGZoVnHhQ3hchGQRT1b+/Rg2z0TLqQFIfookRxGyhA+P/DPtay535xgnjcEii4hBz2JELTqL5/jsglYJ0aarEpFeN0nj4KCMS4uxQKxvGwp7TN2uUj0swuPzEhY0IBDi2ZtoaXWaoLkbcJ4f+qXX054Qd7b9Sjh4ODLmlZ8AtygwRiokQkxSfEW86/+3UG3n7f1Kvt+ul/T8ELBgBuap3clWv4kWVmil/ThzbXaXmL3BwVPFAmG0c4m5sl6SNcHzLjezEtzABV/HOKbBmNyCMGKL1ywWjp42teETi4ENabeaTkEh1sW7sVX0cH3aBXzSw7JTMS5LO3+X3exd9EupiPQ8/oRUG/4nXf0f5t0ng0rkHhTtcB22Q//Zpvb3o/5+W8n8YWPLKQTh4LZXws2TBC0V8uzjhcUV72zEREmkLJp/W5HHWLh131hDifFKSzcjMEZh/crjwAN+Kc8guqqsqeUabDxN0YZ9GoBsUE7h0QijTbJAX6G+zjHkM1uwxR4RiPRBTlt0PEqXvU33qmpQhBA6d9Z5HXo0Ti5GYFh3rGZmQLFHYueDRBN2p/HzAkehwAdvariVCUi8m5VOhVcqR9UJ6/eiv5q1mg/kD8OdaJDlUt3KMqi83TCYOA1SJm1/zx1n1vdYdoWR/C4jjkr6ISy53JkGvfM+yxKbfvb84vsbg57OUN8aO6kiBXKn8ztMBp5lbGll4HbnuNQVZnefkV0V2QVKZ33DU8zBo0bTEQLXdaDSQoUXkdY2EVi0nPHrXyc2V7+LhD6KbFTEmohsmTjUskdTyOkN7eg8gn3Xj4dy3eG4aAuGUYDecSgnaHXmm88aBbIeLS43M7UsOra7up7UgUb9Tx0fVV9UlZCrNx6ABUVccRqqhVtGqulzFPXpJhyXkCyGj4divs1tpOQjN7yriz3IbQ+3gt4Pe2eDm3eDtoC9uz95d9i4Gw+tef5A2RWgmyP6RUa+bLUVo7BDXviHjhWJdITRVN1Ha6cHQ/go1Jvr8ovdmcAcUX928u7ob3Px6c367THAXKUOc8Z9rhQ71OqW4RCQjnEbMIvmdlJR2pWuuT6GW+3xCIXO81Dtv1DcoZZgLdSOPXAjdxQsWsMi6ZVnhiY5qKZYFOtuQwf4R+XBdIDF6hEXaYOpW0bi0ZNvSmOeb4tqyxl7PLuUx5LazKrpcmNLqs+Q8yt2YtzPrrDgezpG8MiJdFwzHoA+yL6gNOFrNenYmMYsf4P/vGP+p0ozZ2WaMTec/J/XThfgPnsv7n4NA8bnOUApZYcS3m8xtFfclI2T21YaAYNRpEd+K1feTn6J8vbCj/OeuJLZVABvlv9NZlP/WaZn/fxDIyn9W4orvnpQHq3TEdTYKfMDhkPYNG0kuyFFFfFCA3TNl+WLfIpeAXI1HR5LA5RzkZMiCe2az+tRc/3JgR/lnI2zpBhZhqcZfqwk23v80F+W/02yclvJ/CFg6/xUrbOIonIJ4/aHyAjPXwvraxwWuEXZDRRbuOh+BLyRudDeceTzy+e9eR13LnTyZ22Abo3m+21BtftmTRa6Mbgzo77xhNArUNAxUrarD3zQglaUqjuGyEvTrKKn4tnrIxMs95H/nD4E2yH8L5H5B/putMv//MPBZ5H9bCf1qr3tWS/tK1VekBCzFR67ebJ+Lo1Rm80WdMCGhenAdrp/uxa1QEQHJGFuMrxVbUlyoix44x7Tx4nsNWBxGO0xWPAbpYxTAtiPbq9wkFn0Qf+E9M38lGoVrC0tLvbhUZiY5YcyGwsHBHmB19pPOLTPlgqVeJapr9hqjLuFLJSMQa8ef6IpMm8XKfQiXexskaJe1qib3acpCLhhMeCUzEN9MpTTFyXtA7cU6rO6bVljcAsLETXgxcWkWxDK2x+GKRUEPOP6mRZVqaWlh4pEfAW1cIw9sdO12lxxZgrLTT/gTS9gDDdAPanf+n9ohYEB83xOv9RoOimYFFnw3dvFoJDJ8lfmLjwuzN7q783+rU8Kn9pT+N2FH/z+vS7eMBDbF/+360vlf+7SM/w8CS+o3ewmQl+oy/WulHn7qVdwfdpT/WYB3/x2QDfLfaHUWv/9rnpT5n4eBhQtxsb7qq2J7Meu7Ch4F5RZe/oajWY1VBjQOHWhyTe2ebk3Y3prDAGq21h5JhlrBjGIvNpeilS/USifJLZOlTi5hIalTyQfPv32e3tN7jt9zXXpPsslegC6IJM3Jp/rV1WSZKQ4T+onv7+Nu1TWzWeyWTf0QKZoeZfO9aFBd9yFD91z+1AkhkDUIANIUpcLMY1GxnH2cZlJsq8hV2JFbX1WkkikyCWBiPtnWZtruy0rXf3TYSv/PFJf2/QGoDfr/RCR7LP7+W6dR6v9DgMqBVfow/myxi+bid0LULayJ/4gYsZhQ99sKXognXSQdBvkaZFJne+49nnPxwV7+0EHoGGiu9a3Um9V23ZPHK4kWq3ZaF44skr/vsaFxo/mdbH1UAfGWTbVlS7PVjouswPGyPj9OtXmjXvfSongwOdYWOqcqzKKkKZNzGue+ZPNiAaUoXZmN2kVj7HI5iUx2bWrFlnAdVbLf6apZ6dwynXejsjTlsU/2W+njERhbmW4DM7AzVeKXbSROfY7M4hNFkfdMONDFSMarB45ReXuPXd2tHzdntm60YO3j83Homn7GfC/w6l8XSxqIjy1gyBhj/+YMUXVMISeqv0pOf0YmnuqxyGbPftgsi2Bd57o4LngwT0SGQoI1xyGNfwc25ZElGB6Zc4WjeHP5o0yfhztZ1I/DoizGz8yn/FBHleVM9S76579EzTEqyjuVnxEKClVOtGZtPk9WsU35Q2oySnvdZHT3xAmn0cgE9iX6uraqd1bnk8icLKh5PZs06zP+6SK9fDEaqe+rdbNpfn/Qy+sSSiihhBJKKKGEEkoooYQSSiihhBJKKKGEEkoooYQSSiihhBJKKEHCfwFUL/C7AHgAAA== values: image: - tag: v1.0.4-DEV + tag: v1.0.6-DEV fleetManager: kubeconfig: #base64 encoded kubeconfig of Fleet manager cluster with user that has write access to Cluster and Secret namespace: clusters diff --git a/pkg/controller/actuator.go b/pkg/controller/actuator.go index 38ae604..018f395 100644 --- a/pkg/controller/actuator.go +++ b/pkg/controller/actuator.go @@ -15,6 +15,7 @@ package controller import ( + "bytes" "context" "fmt" managed_resource_handler "github.com/ysoftdevs/gardener-extension-shoot-fleet-agent/pkg/controller/managed-resource-handler" @@ -52,14 +53,17 @@ import ( const ActuatorName = "shoot-fleet-agent-actuator" // KubeconfigSecretName name of secret that holds kubeconfig for Shoot -const KubeconfigSecretName = "kubecfg" +const KubeconfigSecretName = token_requestor_handler.TokenRequestorSecretName // KubeconfigKey key in KubeconfigSecretName secret that holds kubeconfig for Shoot -const KubeconfigKey = "kubeconfig" +const KubeconfigKey = token_requestor_handler.TokenRequestorSecretKey // DefaultConfigKey is the name of default config key. const DefaultConfigKey = "default" +// FleetClusterSecretDataKey is the key of the data item that holds the kubeconfig for the cluster in fleet +const FleetClusterSecretDataKey = "value" + // NewActuator returns an actuator responsible for Extension resources. func NewActuator(config config.Config) extension.Actuator { logger := log.Log.WithName(ActuatorName) @@ -202,9 +206,22 @@ func (a *actuator) InjectScheme(scheme *runtime.Scheme) error { // ReconcileClusterInFleetManager reconciles cluster registration in remote fleet manager func (a *actuator) ReconcileClusterInFleetManager(ctx context.Context, namespace string, cluster *extensions.Cluster, override *config.Config) error { - a.logger.Info("Starting with already registered check") labels := prepareLabels(cluster, getProjectConfig(cluster, &a.serviceConfig), getProjectConfig(cluster, override)) - registered, err := a.getFleetManager(cluster).GetCluster(ctx, buildCrdName(cluster)) + + a.logger.Info("Looking up Secret with KubeConfig for given Shoot.", "namespace", namespace, "secretName", KubeconfigSecretName) + kubeconfigSecret := &corev1.Secret{} + if err := a.client.Get(ctx, kutil.Key(namespace, KubeconfigSecretName), kubeconfigSecret); err != nil { + a.logger.Error(err, "Failed to find Secret with kubeconfig for Fleet registration.") + return err + } + + a.logger.Info("Checking if the fleet cluster already exists") + // Check whether we already have an existing cluster + _, err := a.getFleetManager(cluster).GetCluster(ctx, buildCrdName(cluster)) + if err != nil { + a.logger.Error(err, "Could not fetch fleet cluster") + return err + } // We cannot find the cluster because of an unknown error if err != nil && !errors.IsNotFound(err) { @@ -213,46 +230,67 @@ func (a *actuator) ReconcileClusterInFleetManager(ctx context.Context, namespace } // We cannot find the cluster because we haven't registered it yet - if err != nil && errors.IsNotFound(err) { + if errors.IsNotFound(err) { a.logger.Info("Creating fleet cluster", "shoot", cluster.Shoot.Name) - return a.registerNewClusterInFleet(ctx, namespace, cluster, labels) + return a.registerNewClusterInFleet(ctx, namespace, cluster, labels, kubeconfigSecret.Data[KubeconfigKey]) } - // The cluster we have in fleet is already in the correct state - if reflect.DeepEqual(registered.Labels, labels) { - a.logger.Info("Cluster already registered - skipping registration", "clientId", registered.Spec.ClientID) - return nil - } - - a.logger.Info("Updating labels of already registered cluster.", "clientId", registered.Spec.ClientID) - return a.updateClusterLabelsInFleet(ctx, registered, cluster, labels) + a.logger.Info("Updating existing fleet cluster") + return a.updateClusterInFleet(ctx, cluster, labels, kubeconfigSecret.Data[KubeconfigKey]) } -func (a *actuator) updateClusterLabelsInFleet(ctx context.Context, clusterRegistration *fleetv1alpha1.Cluster, cluster *extensions.Cluster, labels map[string]string) error { - clusterRegistration.Labels = labels - _, err := a.getFleetManager(cluster).UpdateCluster(ctx, clusterRegistration) +func (a *actuator) updateClusterInFleet(ctx context.Context, cluster *extensions.Cluster, labels map[string]string, kubeconfig []byte) error { + updated := false + clusterRegistration, err := a.getFleetManager(cluster).GetCluster(ctx, buildCrdName(cluster)) if err != nil { - a.logger.Error(err, "Failed to update cluster labels in Fleet registration.", "clusterName", clusterRegistration.Name) - } - return err -} - -func (a *actuator) registerNewClusterInFleet(ctx context.Context, namespace string, cluster *extensions.Cluster, labels map[string]string) error { - a.logger.Info("Looking up Secret with KubeConfig for given Shoot.", "namespace", namespace, "secretName", KubeconfigSecretName) - secret := &corev1.Secret{} - if err := a.client.Get(ctx, kutil.Key(namespace, KubeconfigSecretName), secret); err != nil { - a.logger.Error(err, "Failed to find Secret with kubeconfig for Fleet registration.") + a.logger.Error(err, "Could not fetch fleet cluster") return err } + fleetKubeconfigSecret, err := a.getFleetManager(cluster).GetKubeconfigSecret(ctx, buildKubecfgName(cluster)) + if err != nil { + a.logger.Error(err, "Could not fetch fleet kubeconfig secret") + return err + } + + if !reflect.DeepEqual(clusterRegistration.Labels, labels) { + a.logger.Info("Cluster labels changed, updating") + clusterRegistration.Labels = labels + _, err := a.getFleetManager(cluster).UpdateCluster(ctx, clusterRegistration) + if err != nil { + a.logger.Error(err, "Failed to update cluster labels in Fleet registration.", "clusterName", clusterRegistration.Name) + return err + } + updated = true + } + + if bytes.Compare(fleetKubeconfigSecret.Data[FleetClusterSecretDataKey], kubeconfig) != 0 { + a.logger.Info("Shoot kubeconfig changed, updating") + fleetKubeconfigSecret.Data[FleetClusterSecretDataKey] = kubeconfig + _, err := a.getFleetManager(cluster).UpdateKubeconfigSecret(ctx, fleetKubeconfigSecret) + if err != nil { + a.logger.Error(err, "Failed to update kuebconfig secret in Fleet registration.", "clusterName", clusterRegistration.Name) + return err + } + updated = true + } + + if updated { + a.logger.Info("Cluster successfully updated.") + } else { + a.logger.Info("Cluster is already up to date.") + } + return nil +} + +func (a *actuator) registerNewClusterInFleet(ctx context.Context, namespace string, cluster *extensions.Cluster, labels map[string]string, kubeconfig []byte) error { secretData := make(map[string][]byte) - secretData["value"] = secret.Data[KubeconfigKey] - a.logger.Info("Loaded kubeconfig from secret", "kubeconfig", secret, "namespace", namespace) + secretData[FleetClusterSecretDataKey] = kubeconfig const fleetRegisterNamespace = "clusters" kubeconfigSecret := corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: "kubecfg-" + buildCrdName(cluster), + Name: buildKubecfgName(cluster), Namespace: fleetRegisterNamespace, }, Data: secretData, @@ -330,9 +368,14 @@ func getProjectConfig(cluster *extensions.Cluster, serviceConfig *config.Config) return projectConfig } +// buildCrdName creates a unique name for cluster registration resources in Fleet manager cluster +func buildKubecfgName(cluster *extensions.Cluster) string { + return fmt.Sprintf("kubecfg-%s", buildCrdName(cluster)) +} + // buildCrdName creates a unique name for cluster registration resources in Fleet manager cluster func buildCrdName(cluster *extensions.Cluster) string { - return cluster.Seed.Name + "" + cluster.Shoot.Name + return fmt.Sprintf("%s%s", cluster.Seed.Name, cluster.Shoot.Name) } // isShootedSeedCluster checks if clusters purpose is Infrastructure diff --git a/pkg/controller/fleetmanager.go b/pkg/controller/fleetmanager.go index 7caefc5..fcb352f 100644 --- a/pkg/controller/fleetmanager.go +++ b/pkg/controller/fleetmanager.go @@ -63,6 +63,16 @@ func (f *FleetManager) GetCluster(ctx context.Context, clusterName string) (*v1a return f.fleetClient.FleetV1alpha1().Clusters(f.namespace).Get(ctx, clusterName, metav1.GetOptions{}) } +// GetKubeconfigSecret registers a clusters kubeconfig secret in remote fleet +func (f *FleetManager) GetKubeconfigSecret(ctx context.Context, secretName string) (*corev1.Secret, error) { + return f.secretClient.CoreV1().Secrets(f.namespace).Get(ctx, secretName, metav1.GetOptions{}) +} + +// UpdateKubeconfigSecret updates kubeconfig secret in remote fleet +func (f *FleetManager) UpdateKubeconfigSecret(ctx context.Context, secret *corev1.Secret) (*corev1.Secret, error) { + return f.secretClient.CoreV1().Secrets(f.namespace).Update(ctx, secret, metav1.UpdateOptions{}) +} + // CreateKubeconfigSecret registers a clusters kubeconfig secret in remote fleet func (f *FleetManager) CreateKubeconfigSecret(ctx context.Context, secret *corev1.Secret) (*corev1.Secret, error) { return f.secretClient.CoreV1().Secrets(f.namespace).Create(ctx, secret, metav1.CreateOptions{})