cleanup

projects/gateway2/controller/controller.go

@@ -221,23 +221,27 @@ func (c *controllerBuilder) watchGw(ctx context.Context) error {
 		))
 
 	cli := c.cfg.Mgr.GetClient()
-	buildr.Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(
-		// fmt.Println("WATCHING")
-		func(ctx context.Context, obj client.Object) []reconcile.Request {
-			fmt.Println("------ RECONCILING SECRET:", obj.GetName(), obj.GetNamespace())
-			if obj.GetName() == "gloo-mtls-certs" && obj.GetNamespace() == "gloo-system" {
-				fmt.Println("------ RECONCILING ALL GWS")
-				var gwList apiv1.GatewayList
-				err := cli.List(ctx, &gwList, client.InNamespace(corev1.NamespaceAll))
-				fmt.Println("------", gwList, err)
-				var reqs []reconcile.Request
-				for _, gw := range gwList.Items {
-					reqs = append(reqs, reconcile.Request{NamespacedName: client.ObjectKey{Namespace: gw.Namespace, Name: gw.Name}})
+
+	// Only watch for secrets if mtls is enabled
+	if c.cfg.ControlPlane.GlooMtlsEnabled {
+		buildr.Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(
+			// fmt.Println("WATCHING")
+			func(ctx context.Context, obj client.Object) []reconcile.Request {
+				fmt.Println("------ RECONCILING SECRET:", obj.GetName(), obj.GetNamespace())
+				if obj.GetName() == "gloo-mtls-certs" && obj.GetNamespace() == "gloo-system" {
+					fmt.Println("------ RECONCILING ALL GWS")
+					var gwList apiv1.GatewayList
+					err := cli.List(ctx, &gwList, client.InNamespace(corev1.NamespaceAll))
+					fmt.Println("------", gwList, err)
+					var reqs []reconcile.Request
+					for _, gw := range gwList.Items {
+						reqs = append(reqs, reconcile.Request{NamespacedName: client.ObjectKey{Namespace: gw.Namespace, Name: gw.Name}})
+					}
+					return reqs
 				}
-				return reqs
-			}
-			return []reconcile.Request{{}}
-		}))
+				return []reconcile.Request{{}}
+			}))
+	}
 
 	// watch for changes in GatewayParameters
 	buildr.Watches(&v1alpha1.GatewayParameters{}, handler.EnqueueRequestsFromMapFunc(

projects/gateway2/deployer/deployer.go

@@ -14,8 +14,6 @@ import (
 	"github.com/solo-io/gloo/projects/gateway2/api/v1alpha1"
 	"github.com/solo-io/gloo/projects/gateway2/helm"
 	"github.com/solo-io/gloo/projects/gateway2/wellknown"
-	"github.com/solo-io/gloo/projects/gloo/cli/pkg/helpers"
-	"github.com/solo-io/go-utils/contextutils"
 	"golang.org/x/exp/slices"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/chart"
@@ -33,8 +31,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	api "sigs.k8s.io/gateway-api/apis/v1"
-
-	cgkubernetes "k8s.io/client-go/kubernetes" // DO_NOT_SUBMIT remove client-go code
 )
 
 var (
@@ -52,7 +48,8 @@ type Deployer struct {
 	chart *chart.Chart
 	cli   client.Client
 
-	inputs *Inputs
+	inputs          *Inputs
+	GlooMtlsEnabled bool
 }
 
 type ControlPlaneInfo struct {
@@ -61,7 +58,6 @@ type ControlPlaneInfo struct {
 	// The data in this struct is static, so is a good place to keep track of if mtls is enabled
 	// The data in this struct is static, so is a bad place to store the actual mtls secret
 	GlooMtlsEnabled bool
-	//GlooMtls *GlooMtlsInfo
 }
 
 type AwsInfo struct {
@@ -134,6 +130,8 @@ func (d *Deployer) GetGvksToWatch(ctx context.Context) ([]schema.GroupVersionKin
 				"enabled": false,
 			},
 			"image": map[string]any{},
+			// DO_NOT_SUBMIT - do we need to do something to render the secret when mtls is enabled?
+			//  we can't at the moment just set enabled to true, as we don't have the data to render the sds container
 		},
 	}
 
@@ -372,7 +370,7 @@ func (d *Deployer) getValues(gw *api.Gateway, gwParam *v1alpha1.GatewayParameter
 	gateway.Stats = getStatsValues(statsConfig)
 
 	// mtls values
-	gateway.GlooMtls, err = getHelmMtlsConfig(d.inputs.ControlPlane.GlooMtlsEnabled)
+	gateway.GlooMtls, err = d.getHelmMtlsConfig()
 	if err != nil {
 		return nil, err
 	}
@@ -381,16 +379,16 @@ func (d *Deployer) getValues(gw *api.Gateway, gwParam *v1alpha1.GatewayParameter
 	return vals, nil
 }
 
-func getHelmMtlsConfig(enabled bool) (*helmMtlsConfig, error) {
+func (d *Deployer) getHelmMtlsConfig() (*helmMtlsConfig, error) {
 
-	if !enabled {
+	if !d.inputs.ControlPlane.GlooMtlsEnabled {
 		return &helmMtlsConfig{
 			Enabled: ptr.To(false),
 		}, nil
 	}
 
-	helmTls, err := getHelmTlsSecretData(
-		context.TODO(),
+	helmTls, err := d.getHelmTlsSecretData(
+		context.TODO(), // DO_NOT_SUBMIT - real context
 		types.NamespacedName{
 			Name:      "gloo-mtls-certs",
 			Namespace: "gloo-system",
@@ -407,15 +405,13 @@ func getHelmMtlsConfig(enabled bool) (*helmMtlsConfig, error) {
 	}, nil
 }
 
-// DO_NOT_SUBMIT - move code that interacts with k8s to a separate package?
 // getHelmTlsSecretData builds a helmTls object built from the gloo-mtls-certs secret data, which it fetches
 // This function does not check if mtls is enabled, and a missing secret will return an error via getGlooMtlsCertsSecret
-func getHelmTlsSecretData(ctx context.Context, secretNns types.NamespacedName) (*helmTlsSecretData, error) {
+func (d *Deployer) getHelmTlsSecretData(ctx context.Context, secretNns types.NamespacedName) (*helmTlsSecretData, error) {
 
-	kubeClient := helpers.MustKubeClient()
 	helmTls := &helmTlsSecretData{}
 
-	glooMtlsCertsSecret, err := getGlooMtlsCertsSecret(ctx, kubeClient, secretNns)
+	glooMtlsCertsSecret, err := d.getGlooMtlsCertsSecret(ctx, secretNns)
 
 	if err != nil {
 		return nil, eris.Wrap(err, "generating helmTls")
@@ -429,10 +425,10 @@ func getHelmTlsSecretData(ctx context.Context, secretNns types.NamespacedName) (
 }
 
 // DO_NOT_SUBMIT - off client go, (err := d.cli...?)
-func getGlooMtlsCertsSecret(ctx context.Context, kubeClient cgkubernetes.Interface, nns types.NamespacedName) (*corev1.Secret, error) {
+func (d *Deployer) getGlooMtlsCertsSecret(ctx context.Context, mtlsSecretNns types.NamespacedName) (*corev1.Secret, error) {
 
-	secretClient := kubeClient.CoreV1().Secrets(nns.Namespace)
-	mtlsSecret, err := secretClient.Get(ctx, nns.Name, metav1.GetOptions{})
+	mtlsSecret := &corev1.Secret{}
+	err := d.cli.Get(ctx, mtlsSecretNns, mtlsSecret)
 
 	if err != nil {
 		return nil, eris.Wrap(err, "failed to get gloo mtls secret")
@@ -446,28 +442,6 @@ func getGlooMtlsCertsSecret(ctx context.Context, kubeClient cgkubernetes.Interfa
 
 }
 
-// checkGlooMtlsEnabled checks if gloo mtls is enabled by looking at the gloo deployment and checking if the sds container is present
-// DO_NOT_SUBMIT - get off of client-go (err := d.cli...?)
-func checkGlooMtlsEnabled(ctx context.Context, kubeClient cgkubernetes.Interface, namespace string) bool {
-	logger := contextutils.LoggerFrom(ctx)
-	deploymentClient := kubeClient.AppsV1().Deployments(namespace)
-	deployment, err := deploymentClient.Get(ctx, "gloo", metav1.GetOptions{})
-	if err != nil {
-		logger.Error("checkGlooMtlsEnabled - failed to get gloo deployment", "err", err)
-		return false
-	}
-
-	for _, container := range deployment.Spec.Template.Spec.Containers {
-		if container.Name == "sds" {
-			logger.Info("Found SDS container in gloo pod")
-			return true
-		}
-	}
-
-	logger.Info("Did not find SDS container in gloo pod")
-	return false
-}
-
 // Render relies on a `helm install` to render the Chart with the injected values
 // It returns the list of Objects that are rendered, and an optional error if rendering failed,
 // or converting the rendered manifests to objects failed.

projects/gateway2/setup/ggv2setup.go

@@ -33,6 +33,7 @@ import (
 	istiokube "istio.io/istio/pkg/kube"
 	"istio.io/istio/pkg/kube/kclient"
 	"istio.io/istio/pkg/kube/krt"
+	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -41,12 +42,10 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/rest"
 	ctrl "sigs.k8s.io/controller-runtime"
-
-	"github.com/solo-io/gloo/projects/gloo/cli/pkg/helpers"
 )
 
 var settingsGVR = glookubev1.SchemeGroupVersion.WithResource("settings")
-var secretsGVR = schema.GroupVersion{Group: "", Version: "v1"}.WithResource("secrets")
+var deploymentGVR = schema.GroupVersion{Group: "apps", Version: "v1"}.WithResource("deployments")
 
 func createKubeClient(restConfig *rest.Config) (istiokube.Client, error) {
 	restCfg := istiokube.NewClientConfigForRestConfig(restConfig)
@@ -81,25 +80,30 @@ func getInitialSettings(ctx context.Context, c istiokube.Client, nns types.Names
 }
 
 // checkGlooMtlsEnabled checks if gloo mtls is enabled by looking at the gloo deployment and checking if the sds container is present
-// DO_NOT_SUBMIT - get off of client-go
-func checkGlooMtlsEnabled(ctx context.Context, namespace string) bool {
-	kubeClient := helpers.MustKubeClient()
+func checkGlooMtlsEnabled(ctx context.Context, c istiokube.Client, namespace string) bool {
 
 	logger := contextutils.LoggerFrom(ctx)
-	deploymentClient := kubeClient.AppsV1().Deployments(namespace)
-	deployment, err := deploymentClient.Get(ctx, "gloo", metav1.GetOptions{})
+
+	i, err := c.Dynamic().Resource(deploymentGVR).Namespace(namespace).Get(ctx, "gloo", metav1.GetOptions{})
 	if err != nil {
-		logger.Error("checkGlooMtlsEnabled - failed to get gloo deployment", "err", err)
+		logger.Panicf("failed to get gloo deployment: %v", err)
 		return false
 	}
 
-	for _, container := range deployment.Spec.Template.Spec.Containers {
+	var empty appsv1.Deployment
+	glooDeployment := &empty
+	err = runtime.DefaultUnstructuredConverter.FromUnstructured(i.UnstructuredContent(), glooDeployment)
+	if err != nil {
+		logger.Panicf("failed converting unstructured into deployment: %v", i)
+		return false
+	}
+
+	for _, container := range glooDeployment.Spec.Template.Spec.Containers {
 		if container.Name == "sds" {
 			logger.Info("Found SDS container in gloo pod")
 			return true
 		}
 	}
-
 	logger.Info("Did not find SDS container in gloo pod")
 	return false
 }
@@ -162,8 +166,7 @@ func StartGGv2WithConfig(ctx context.Context,
 		return nil
 	}, krt.WithName("GlooSettingsSingleton"))
 
-	secretNns := types.NamespacedName{Name: "gloo-mtls-certs", Namespace: "gloo-system"}
-	glooMtls := checkGlooMtlsEnabled(ctx, secretNns.Namespace)
+	glooMtls := checkGlooMtlsEnabled(ctx, kubeClient, "gloo-system")
 	logger.Info("Got glooMtls", "glooMtls", glooMtls)
 
 	serviceClient := kclient.New[*corev1.Service](kubeClient)

test/kubernetes/e2e/features/upgrade/testdata/route-with-service.yaml

@@ -21,7 +21,6 @@ spec:
     - name: gw
   hostnames:
     - "example.com"
-    - "example.org"
   rules:
     - backendRefs:
         - name: example-svc