From 0157f414f3f21bc87db107c5322639da77bf4f34 Mon Sep 17 00:00:00 2001 From: Yuan Tang Date: Mon, 24 Jul 2023 17:25:48 -0400 Subject: [PATCH] chore: Print in-cluster svr addr disabled warning when server starts (#14685) * chore: Update log level to warn when in-cluster svr addr is disabled but internal addr is used (#14520) Signed-off-by: Yuan Tang * chore: Print in-cluster svr addr disabled warning during ArgoDB initialization (#14539) * chore: Print in-cluster svr addr disabled warning during ArgoDB initialization Signed-off-by: Yuan Tang * fix: undo a change Signed-off-by: Yuan Tang * chore: move to a function Signed-off-by: Yuan Tang * chore: rename Signed-off-by: Yuan Tang --------- Signed-off-by: Yuan Tang * chore: Print in-cluster svr addr disabled warning when server starts (#14553) * chore: Print in-cluster svr addr disabled warning when server starts Signed-off-by: Yuan Tang * fix: mock Signed-off-by: Yuan Tang * no interface change Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Yuan Tang Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Yuan Tang Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- server/server.go | 57 +++++++++++++++++++++++++++++++++++++++-- util/db/cluster.go | 22 ++++++++-------- util/db/cluster_test.go | 6 ++--- 3 files changed, 68 insertions(+), 17 deletions(-) diff --git a/server/server.go b/server/server.go index 4f70e415e4d13..57ccf910e672a 100644 --- a/server/server.go +++ b/server/server.go @@ -25,6 +25,8 @@ import ( // nolint:staticcheck golang_proto "github.com/golang/protobuf/proto" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/selection" "github.com/argoproj/notifications-engine/pkg/api" "github.com/argoproj/pkg/sync" @@ -290,7 +292,9 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer { apiFactory := api.NewFactory(settings_notif.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm"), opts.Namespace, secretInformer, configMapInformer) - return &ArgoCDServer{ + dbInstance := db.NewDB(opts.Namespace, settingsMgr, opts.KubeClientset) + + a := &ArgoCDServer{ ArgoCDServerOpts: opts, log: log.NewEntry(log.StandardLogger()), settings: settings, @@ -306,11 +310,19 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer { policyEnforcer: policyEnf, userStateStorage: userStateStorage, staticAssets: http.FS(staticFS), - db: db.NewDB(opts.Namespace, settingsMgr, opts.KubeClientset), + db: dbInstance, apiFactory: apiFactory, secretInformer: secretInformer, configMapInformer: configMapInformer, } + + err = a.logInClusterWarnings() + if err != nil { + // Just log. It's not critical. + log.Warnf("Failed to log in-cluster warnings: %v", err) + } + + return a } const ( @@ -357,6 +369,47 @@ func (l *Listeners) Close() error { return nil } +// logInClusterWarnings checks the in-cluster configuration and prints out any warnings. +func (a *ArgoCDServer) logInClusterWarnings() error { + labelSelector := labels.NewSelector() + req, err := labels.NewRequirement(common.LabelKeySecretType, selection.Equals, []string{common.LabelValueSecretTypeCluster}) + if err != nil { + return fmt.Errorf("failed to construct cluster-type label selector: %w", err) + } + labelSelector = labelSelector.Add(*req) + secretsLister, err := a.settingsMgr.GetSecretsLister() + if err != nil { + return fmt.Errorf("failed to get secrets lister: %w", err) + } + clusterSecrets, err := secretsLister.Secrets(a.ArgoCDServerOpts.Namespace).List(labelSelector) + if err != nil { + return fmt.Errorf("failed to list cluster secrets: %w", err) + } + var inClusterSecrets []string + for _, clusterSecret := range clusterSecrets { + cluster, err := db.SecretToCluster(clusterSecret) + if err != nil { + return fmt.Errorf("could not unmarshal cluster secret %q: %w", clusterSecret.Name, err) + } + if cluster.Server == v1alpha1.KubernetesInternalAPIServerAddr { + inClusterSecrets = append(inClusterSecrets, clusterSecret.Name) + } + } + if len(inClusterSecrets) > 0 { + // Don't make this call unless we actually have in-cluster secrets, to save time. + dbSettings, err := a.settingsMgr.GetSettings() + if err != nil { + return fmt.Errorf("could not get DB settings: %w", err) + } + if !dbSettings.InClusterEnabled { + for _, clusterName := range inClusterSecrets { + log.Warnf("cluster %q uses in-cluster server address but it's disabled in Argo CD settings", clusterName) + } + } + } + return nil +} + func startListener(host string, port int) (net.Listener, error) { var conn net.Listener var realErr error diff --git a/util/db/cluster.go b/util/db/cluster.go index b505c693ee0fe..9b405a9cacd60 100644 --- a/util/db/cluster.go +++ b/util/db/cluster.go @@ -68,7 +68,7 @@ func (db *db) ListClusters(ctx context.Context) (*appv1.ClusterList, error) { inClusterEnabled := settings.InClusterEnabled hasInClusterCredentials := false for _, clusterSecret := range clusterSecrets { - cluster, err := secretToCluster(clusterSecret) + cluster, err := SecretToCluster(clusterSecret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", clusterSecret.Name) continue @@ -77,8 +77,6 @@ func (db *db) ListClusters(ctx context.Context) (*appv1.ClusterList, error) { if inClusterEnabled { hasInClusterCredentials = true clusterList.Items = append(clusterList.Items, *cluster) - } else { - log.Errorf("failed to add cluster %q to cluster list: in-cluster server address is disabled in Argo CD settings", cluster.Name) } } else { clusterList.Items = append(clusterList.Items, *cluster) @@ -122,7 +120,7 @@ func (db *db) CreateCluster(ctx context.Context, c *appv1.Cluster) (*appv1.Clust return nil, err } - cluster, err := secretToCluster(clusterSecret) + cluster, err := SecretToCluster(clusterSecret) if err != nil { return nil, status.Errorf(codes.InvalidArgument, "could not unmarshal cluster secret %s", clusterSecret.Name) } @@ -150,7 +148,7 @@ func (db *db) WatchClusters(ctx context.Context, common.LabelValueSecretTypeCluster, func(secret *apiv1.Secret) { - cluster, err := secretToCluster(secret) + cluster, err := SecretToCluster(secret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", secret.Name) return @@ -165,12 +163,12 @@ func (db *db) WatchClusters(ctx context.Context, }, func(oldSecret *apiv1.Secret, newSecret *apiv1.Secret) { - oldCluster, err := secretToCluster(oldSecret) + oldCluster, err := SecretToCluster(oldSecret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", oldSecret.Name) return } - newCluster, err := secretToCluster(newSecret) + newCluster, err := SecretToCluster(newSecret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", newSecret.Name) return @@ -220,7 +218,7 @@ func (db *db) GetCluster(_ context.Context, server string) (*appv1.Cluster, erro return nil, err } if len(res) > 0 { - return secretToCluster(res[0].(*apiv1.Secret)) + return SecretToCluster(res[0].(*apiv1.Secret)) } if server == appv1.KubernetesInternalAPIServerAddr { return db.getLocalCluster(), nil @@ -241,7 +239,7 @@ func (db *db) GetProjectClusters(ctx context.Context, project string) ([]*appv1. } var res []*appv1.Cluster for i := range secrets { - cluster, err := secretToCluster(secrets[i].(*apiv1.Secret)) + cluster, err := SecretToCluster(secrets[i].(*apiv1.Secret)) if err != nil { return nil, fmt.Errorf("failed to convert secret to cluster: %w", err) } @@ -295,7 +293,7 @@ func (db *db) UpdateCluster(ctx context.Context, c *appv1.Cluster) (*appv1.Clust if err != nil { return nil, err } - cluster, err := secretToCluster(clusterSecret) + cluster, err := SecretToCluster(clusterSecret) if err != nil { log.Errorf("could not unmarshal cluster secret %s", clusterSecret.Name) return nil, err @@ -362,8 +360,8 @@ func clusterToSecret(c *appv1.Cluster, secret *apiv1.Secret) error { return nil } -// secretToCluster converts a secret into a Cluster object -func secretToCluster(s *apiv1.Secret) (*appv1.Cluster, error) { +// SecretToCluster converts a secret into a Cluster object +func SecretToCluster(s *apiv1.Secret) (*appv1.Cluster, error) { var config appv1.ClusterConfig if len(s.Data["config"]) > 0 { err := json.Unmarshal(s.Data["config"], &config) diff --git a/util/db/cluster_test.go b/util/db/cluster_test.go index c3b273b4fe5ef..9d60a3073c3c2 100644 --- a/util/db/cluster_test.go +++ b/util/db/cluster_test.go @@ -43,7 +43,7 @@ func Test_secretToCluster(t *testing.T) { "config": []byte("{\"username\":\"foo\"}"), }, } - cluster, err := secretToCluster(secret) + cluster, err := SecretToCluster(secret) require.NoError(t, err) assert.Equal(t, *cluster, v1alpha1.Cluster{ Name: "test", @@ -89,7 +89,7 @@ func Test_secretToCluster_NoConfig(t *testing.T) { "server": []byte("http://mycluster"), }, } - cluster, err := secretToCluster(secret) + cluster, err := SecretToCluster(secret) assert.NoError(t, err) assert.Equal(t, *cluster, v1alpha1.Cluster{ Name: "test", @@ -111,7 +111,7 @@ func Test_secretToCluster_InvalidConfig(t *testing.T) { "config": []byte("{'tlsClientConfig':{'insecure':false}}"), }, } - cluster, err := secretToCluster(secret) + cluster, err := SecretToCluster(secret) require.Error(t, err) assert.Nil(t, cluster) }