wip (draft pr) - reconcile sap-btp-manager secret changes #932
Conversation
kyma-bot
added
do-not-merge/work-in-progress
|
Add one of following labels |
kyma-bot
added
the
size/L
ukff
force-pushed
the
supportsecretchanges2
branch
from
15ac9a8 to
810a601
Compare
| } | ||
|
|
||
| if labels != nil { |
There was a problem hiding this comment.
We have already assigned labels and data to the structure fields.
| @@ -498,26 +510,69 @@ func (r *BtpOperatorReconciler) reconcileResources(ctx context.Context, s *corev | |||
|
|
|||
| r.deleteCreationTimestamp(resourcesToApply...) | |||
|
|
|||
| logger.Info(fmt.Sprintf("check if deployment: %s in %s needs to be restarted.", DeploymentName, resolvedNamespace)) | |||
| clusterIdSecretChanged := r.checkIfOperatorNeedRestart(ctx, resolvedNamespace, baseSecret, &logger) | |||
There was a problem hiding this comment.
checkIfOperatorNeedRestart detects if clusterId was changed so the name is misleading.
There was a problem hiding this comment.
On the other hand the implementation check both cases, so possibly the variable name is inappropriate.
| Namespace: inNamespace, | ||
| }, | ||
| } | ||
| exists := make(chan bool) |
There was a problem hiding this comment.
Could we use more informative channel name?
exists usually is used as boolean flag.
| go r.checkResourceExistence(ctx, obj, exists, time.Second*10) | ||
| ok := <-exists | ||
| if !ok { | ||
| return fmt.Errorf("secret: %s in %s didnt appear in given time", clusterIdSecretName, inNamespace) |
There was a problem hiding this comment.
| return fmt.Errorf("secret: %s in %s didnt appear in given time", clusterIdSecretName, inNamespace) | |
| return fmt.Errorf("secret: %s in %s did not appear in given time", clusterIdSecretName, inNamespace) |
There was a problem hiding this comment.
Still appear is not the best way to describe what we are expecting.
| Namespace: ChartNamespace, | ||
| }, | ||
| } | ||
| err := r.Get(context.TODO(), client.ObjectKeyFromObject(currentConfigMap), currentConfigMap) |
There was a problem hiding this comment.
Non-existent config map is a different story. Restart would not help, since map is necessary for operator to start.
| return true | ||
| } | ||
|
|
||
| return !reflect.DeepEqual(baseSecret.Data["management_namespace"], []byte(currentConfigMap.Data["RELEASE_NAMESPACE"])) || |
There was a problem hiding this comment.
Why we compare management_namespace with release namespace?
| } | ||
|
|
||
| func (r *BtpOperatorReconciler) checkIfOperatorNeedRestart(ctx context.Context, resolvedNamespace string, baseSecret *corev1.Secret, logger *logr.Logger) bool { | ||
| detectConfigMapChanges := func() bool { |
There was a problem hiding this comment.
Functional objects seem to be overkill here.
| } | ||
| err := r.Client.Get(ctx, client.ObjectKeyFromObject(&clusterIdSecret), &clusterIdSecret) | ||
| if k8serrors.IsNotFound(err) { | ||
| logger.Info(fmt.Sprintf("secret %s in %s not found, so restart is needed", clusterIdSecretName, resolvedNamespace)) |
There was a problem hiding this comment.
How restart would help in this case?
| logger.Info(fmt.Sprintf("secret %s in %s not found, so restart is needed", clusterIdSecretName, resolvedNamespace)) | ||
| return true | ||
| } | ||
| return !reflect.DeepEqual(baseSecret.Data["cluster_id"], clusterIdSecret.Data["INITIAL_CLUSTER_ID"]) |
There was a problem hiding this comment.
Why DeepEqual?
Simple comparison is not enough?
| return unstructured.SetNestedField(u.Object, string(secret.Data["cluster_id"]), "data", "CLUSTER_ID") | ||
| func (r *BtpOperatorReconciler) setConfigMapValues(baseSecret *corev1.Secret, configMap *unstructured.Unstructured, resolvedNamespace string) error { | ||
| err := unstructured.SetNestedField(configMap.Object, resolvedNamespace, "data", "MANAGEMENT_NAMESPACE") | ||
| err = unstructured.SetNestedField(configMap.Object, resolvedNamespace, "data", "RELEASE_NAMESPACE") |
There was a problem hiding this comment.
AFAIK we should support change of management namespace not release namespace.
| func (r *BtpOperatorReconciler) setConfigMapValues(secret *corev1.Secret, u *unstructured.Unstructured) error { | ||
| return unstructured.SetNestedField(u.Object, string(secret.Data["cluster_id"]), "data", "CLUSTER_ID") | ||
| func (r *BtpOperatorReconciler) setConfigMapValues(baseSecret *corev1.Secret, configMap *unstructured.Unstructured, resolvedNamespace string) error { | ||
| err := unstructured.SetNestedField(configMap.Object, resolvedNamespace, "data", "MANAGEMENT_NAMESPACE") |
There was a problem hiding this comment.
We overwrite error in the next line. So named variable is not needed.
| } | ||
|
|
||
| func (r *BtpOperatorReconciler) setSecretValues(secret *corev1.Secret, u *unstructured.Unstructured) error { | ||
| for k := range secret.Data { | ||
| if err := unstructured.SetNestedField(u.Object, base64.StdEncoding.EncodeToString(secret.Data[k]), "data", k); err != nil { | ||
| return err | ||
| for _, r := range requiredSecretKeys { |
There was a problem hiding this comment.
This is over-engineered.
We just need to change one value of the map.
I think no loop is needed, at least not two nested loops.
There was a problem hiding this comment.
why it is over engineered? we want only fields from requiresSecretsKeys. We dont want add any more keys to base secret than are required (for example namespace)
There was a problem hiding this comment.
We will discuss it later on.
| @@ -2026,3 +2139,84 @@ func (r *BtpOperatorReconciler) reconcileResourcesWithoutChangingCrState(ctx con | |||
| logger.Error(err, "resources reconciliation failed") | |||
| } | |||
| } | |||
|
|
|||
| func (r *BtpOperatorReconciler) restartOperator(ctx context.Context, inNamespace string, logger *logr.Logger) error { | |||
| logger.Info(fmt.Sprintf("restarting of deployment: %s in %s started", DeploymentName, inNamespace)) | |||
There was a problem hiding this comment.
| logger.Info(fmt.Sprintf("restarting of deployment: %s in %s started", DeploymentName, inNamespace)) | |
| logger.Info(fmt.Sprintf("restarting deployment: %s in %s restarted", DeploymentName, inNamespace)) |
| @@ -2026,3 +2139,84 @@ func (r *BtpOperatorReconciler) reconcileResourcesWithoutChangingCrState(ctx con | |||
| logger.Error(err, "resources reconciliation failed") | |||
| } | |||
| } | |||
|
|
|||
| func (r *BtpOperatorReconciler) restartOperator(ctx context.Context, inNamespace string, logger *logr.Logger) error { | |||
There was a problem hiding this comment.
This secret with cluster_id is always located in release namespace.
| func (r *BtpOperatorReconciler) restartOperator(ctx context.Context, inNamespace string, logger *logr.Logger) error { | ||
| logger.Info(fmt.Sprintf("restarting of deployment: %s in %s started", DeploymentName, inNamespace)) | ||
|
|
||
| clusterIdSecret := &corev1.Secret{ |
There was a problem hiding this comment.
Should be extracted to function with the proper responsibility - deletion of the secret.
| if !k8serrors.IsNotFound(err) { | ||
| return "", "", false, fmt.Errorf("failed to get configmap %s in %s, %w", ConfigName, ChartNamespace, err) | ||
| } | ||
| currentNamespace := currentConfigMap.Data["management_namespace"] |
There was a problem hiding this comment.
The key in the map is in uppercase: MANAGEMENT_NAMESPACE
| return nil | ||
| } | ||
|
|
||
| func (r *BtpOperatorReconciler) resolveNamespace(ctx context.Context, secret *corev1.Secret, logger *logr.Logger) (string, string, bool, error) { |
There was a problem hiding this comment.
It is not clear what is the responsibility here.
| @@ -486,8 +491,15 @@ func (r *BtpOperatorReconciler) reconcileResources(ctx context.Context, s *corev | |||
| } | |||
| logger.Info(fmt.Sprintf("got %d module resources to apply based on %s directory", len(resourcesToApply), r.getResourcesToApplyPath())) | |||
|
|
|||
| resolvedNamespace, _, namespaceChanged, err := r.resolveNamespace(ctx, baseSecret, &logger) | |||
There was a problem hiding this comment.
Too many responsibilities for this function.
And why to return value which is ignored (always).
| err := unstructured.SetNestedField(configMap.Object, resolvedNamespace, "data", "MANAGEMENT_NAMESPACE") | ||
| err = unstructured.SetNestedField(configMap.Object, resolvedNamespace, "data", "RELEASE_NAMESPACE") | ||
|
|
||
| err = unstructured.SetNestedField(configMap.Object, string(baseSecret.Data["cluster_id"]), "data", "CLUSTER_ID") |
There was a problem hiding this comment.
Shouldn't we extract literals, so commonly used: CLUSTER_ID et al.
| @@ -475,7 +480,7 @@ func (r *BtpOperatorReconciler) deleteResources(ctx context.Context, us []*unstr | |||
| return nil | |||
| } | |||
|
|
|||
| func (r *BtpOperatorReconciler) reconcileResources(ctx context.Context, s *corev1.Secret) error { | |||
| func (r *BtpOperatorReconciler) reconcileResources(ctx context.Context, baseSecret *corev1.Secret) error { | |||
There was a problem hiding this comment.
How about State of the resource?
Is it in line with what is happening?
Restart could take some time, operator is not operational and we enter reconcileResources either from Ready state or from Processing state.
|
@jaroslaw-pieszka this pr is draft and wip. it was not to be supposed to review now :D but i will takie into considerations |
ukff
changed the title
No description provided.