From 466e27a466bacedb821fabc57dec5442e68a0370 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Mon, 7 Oct 2024 15:26:51 +0000 Subject: [PATCH 01/33] changing create/updates to use ssa Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 59 +++++++---------------- src/pkg/cluster/state.go | 33 +++++-------- src/pkg/cluster/zarf.go | 45 +++++------------ src/pkg/packager/deploy.go | 21 +++----- src/pkg/packager/remove.go | 28 +++-------- 5 files changed, 55 insertions(+), 131 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index c316375acb..4a25a4abc0 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -7,8 +7,8 @@ package helm import ( "bytes" "context" + "encoding/json" "fmt" - "maps" "os" "path/filepath" "slices" @@ -21,6 +21,7 @@ import ( "github.com/zarf-dev/zarf/src/types" "helm.sh/helm/v3/pkg/releaseutil" corev1 "k8s.io/api/core/v1" + ktypes "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/dynamic" "k8s.io/client-go/restmapper" "sigs.k8s.io/yaml" @@ -161,47 +162,23 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { if err != nil { return err } - // TODO: Refactor as error is not checked instead of checking for not found error. - currentRegistrySecret, _ := c.Clientset.CoreV1().Secrets(name).Get(ctx, config.ZarfImagePullSecretName, metav1.GetOptions{}) - sameSecretData := maps.EqualFunc(currentRegistrySecret.Data, validRegistrySecret.Data, func(v1, v2 []byte) bool { return bytes.Equal(v1, v2) }) - if currentRegistrySecret.Name != config.ZarfImagePullSecretName || !sameSecretData { - err := func() error { - _, err := c.Clientset.CoreV1().Secrets(validRegistrySecret.Namespace).Create(ctx, validRegistrySecret, metav1.CreateOptions{}) - if err != nil && !kerrors.IsAlreadyExists(err) { - return err - } - if err == nil { - return nil - } - _, err = c.Clientset.CoreV1().Secrets(validRegistrySecret.Namespace).Update(ctx, validRegistrySecret, metav1.UpdateOptions{}) - if err != nil { - return err - } - return nil - }() - if err != nil { - message.WarnErrf(err, "Problem creating registry secret for the %s namespace", name) - } + registrySecretB, err := json.Marshal(validRegistrySecret) + if err != nil { + return err + } + _, err = c.Clientset.CoreV1().Secrets(validRegistrySecret.Namespace).Patch(ctx, validRegistrySecret.Name, ktypes.ApplyPatchType, registrySecretB, metav1.PatchOptions{}) + if err != nil { + message.WarnErrf(err, "Problem applying registry secret for the %s namespace", name) + } - // Create or update the zarf git server secret - gitServerSecret := c.GenerateGitPullCreds(name, config.ZarfGitServerSecretName, r.state.GitServer) - err = func() error { - _, err := c.Clientset.CoreV1().Secrets(gitServerSecret.Namespace).Create(ctx, gitServerSecret, metav1.CreateOptions{}) - if err != nil && !kerrors.IsAlreadyExists(err) { - return err - } - if err == nil { - return nil - } - _, err = c.Clientset.CoreV1().Secrets(gitServerSecret.Namespace).Update(ctx, gitServerSecret, metav1.UpdateOptions{}) - if err != nil { - return err - } - return nil - }() - if err != nil { - message.WarnErrf(err, "Problem creating git server secret for the %s namespace", name) - } + gitServerSecret := c.GenerateGitPullCreds(name, config.ZarfGitServerSecretName, r.state.GitServer) + gitSecretB, err := json.Marshal(gitServerSecret) + if err != nil { + return err + } + _, err = c.Clientset.CoreV1().Secrets(gitServerSecret.Namespace).Patch(ctx, gitServerSecret.Name, ktypes.ApplyPatchType, gitSecretB, metav1.PatchOptions{}) + if err != nil { + message.WarnErrf(err, "Problem creating git server secret for the %s namespace", name) } } return nil diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index f2279b0221..019b3d616b 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -15,6 +15,7 @@ import ( corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + ktypes "k8s.io/apimachinery/pkg/types" "github.com/avast/retry-go/v4" "github.com/defenseunicorns/pkg/helpers/v2" @@ -106,23 +107,14 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO // Try to create the zarf namespace. spinner.Updatef("Creating the Zarf namespace") zarfNamespace := NewZarfManagedNamespace(ZarfNamespaceName) - err = func() error { - _, err := c.Clientset.CoreV1().Namespaces().Create(ctx, zarfNamespace, metav1.CreateOptions{}) - if err != nil && !kerrors.IsAlreadyExists(err) { - return fmt.Errorf("unable to create the Zarf namespace: %w", err) - } - if err == nil { - return nil - } - _, err = c.Clientset.CoreV1().Namespaces().Update(ctx, zarfNamespace, metav1.UpdateOptions{}) - if err != nil { - return fmt.Errorf("unable to update the Zarf namespace: %w", err) - } - return nil - }() + b, err := json.Marshal(zarfNamespace) if err != nil { return err } + _, err = c.Clientset.CoreV1().Namespaces().Patch(ctx, ZarfNamespaceName, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) + if err != nil { + return fmt.Errorf("unable to apply the Zarf namespace: %w", err) + } // Wait up to 2 minutes for the default service account to be created. // Some clusters seem to take a while to create this, see https://github.com/kubernetes/kubernetes/issues/66689. @@ -271,16 +263,13 @@ func (c *Cluster) SaveZarfState(ctx context.Context, state *types.ZarfState) err } // Attempt to create or update the secret and return. - _, err = c.Clientset.CoreV1().Secrets(secret.Namespace).Create(ctx, secret, metav1.CreateOptions{}) - if err != nil && !kerrors.IsAlreadyExists(err) { - return fmt.Errorf("unable to create the zarf state secret: %w", err) - } - if err == nil { - return nil + b, err := json.Marshal(secret) + if err != nil { + return err } - _, err = c.Clientset.CoreV1().Secrets(secret.Namespace).Update(ctx, secret, metav1.UpdateOptions{}) + _, err = c.Clientset.CoreV1().Secrets(secret.Namespace).Patch(ctx, secret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) if err != nil { - return fmt.Errorf("unable to update the zarf state secret: %w", err) + return fmt.Errorf("unable to apply the zarf state secret: %w", err) } return nil } diff --git a/src/pkg/cluster/zarf.go b/src/pkg/cluster/zarf.go index b990b3de81..fc989fb327 100644 --- a/src/pkg/cluster/zarf.go +++ b/src/pkg/cluster/zarf.go @@ -16,6 +16,7 @@ import ( corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + ktypes "k8s.io/apimachinery/pkg/types" "github.com/avast/retry-go/v4" "github.com/zarf-dev/zarf/src/api/v1alpha1" @@ -99,27 +100,14 @@ func (c *Cluster) UpdateDeployedPackage(ctx context.Context, depPkg types.Deploy "data": packageSecretData, }, } - err = func() error { - _, err := c.Clientset.CoreV1().Secrets(packageSecret.Namespace).Get(ctx, packageSecret.Name, metav1.GetOptions{}) - if err != nil && !kerrors.IsNotFound(err) { - return err - } - if kerrors.IsNotFound(err) { - _, err = c.Clientset.CoreV1().Secrets(packageSecret.Namespace).Create(ctx, packageSecret, metav1.CreateOptions{}) - if err != nil { - return fmt.Errorf("unable to create the deployed package secret: %w", err) - } - return nil - } - _, err = c.Clientset.CoreV1().Secrets(packageSecret.Namespace).Update(ctx, packageSecret, metav1.UpdateOptions{}) - if err != nil { - return fmt.Errorf("unable to update the deployed package secret: %w", err) - } - return nil - }() + b, err := json.Marshal(packageSecret) if err != nil { return err } + _, err = c.Clientset.CoreV1().Secrets(packageSecret.Namespace).Patch(ctx, packageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) + if err != nil { + return fmt.Errorf("unable to apply the deployed package secret: %w", err) + } return nil } @@ -294,22 +282,13 @@ func (c *Cluster) RecordPackageDeployment(ctx context.Context, pkg v1alpha1.Zarf "data": packageData, }, } - updatedSecret, err := func() (*corev1.Secret, error) { - secret, err := c.Clientset.CoreV1().Secrets(deployedPackageSecret.Namespace).Create(ctx, deployedPackageSecret, metav1.CreateOptions{}) - if err != nil && !kerrors.IsAlreadyExists(err) { - return nil, err - } - if err == nil { - return secret, nil - } - secret, err = c.Clientset.CoreV1().Secrets(deployedPackageSecret.Namespace).Update(ctx, deployedPackageSecret, metav1.UpdateOptions{}) - if err != nil { - return nil, err - } - return secret, nil - }() + b, err := json.Marshal(deployedPackageSecret) + if err != nil { + return nil, err + } + updatedSecret, err := c.Clientset.CoreV1().Secrets(deployedPackageSecret.Namespace).Patch(ctx, deployedPackageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) if err != nil { - return nil, fmt.Errorf("failed to record package deployment in secret '%s'", deployedPackageSecret.Name) + return nil, fmt.Errorf("failed to record package deployment in secret '%s': %w", deployedPackageSecret.Name, err) } if err := json.Unmarshal(updatedSecret.Data["data"], &deployedPackage); err != nil { return nil, err diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 54b74f9727..0f6fa6fbcb 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -6,6 +6,7 @@ package packager import ( "context" + "encoding/json" "fmt" "net/url" "os" @@ -24,6 +25,7 @@ import ( kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" + ktypes "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/cli-utils/pkg/kstatus/watcher" "sigs.k8s.io/cli-utils/pkg/object" @@ -521,20 +523,11 @@ func (p *Packager) setupState(ctx context.Context) error { // Try to create the zarf namespace spinner.Updatef("Creating the Zarf namespace") zarfNamespace := cluster.NewZarfManagedNamespace(cluster.ZarfNamespaceName) - err := func() error { - _, err := p.cluster.Clientset.CoreV1().Namespaces().Create(ctx, zarfNamespace, metav1.CreateOptions{}) - if err != nil && !kerrors.IsAlreadyExists(err) { - return err - } - if err == nil { - return nil - } - _, err = p.cluster.Clientset.CoreV1().Namespaces().Update(ctx, zarfNamespace, metav1.UpdateOptions{}) - if err != nil { - return err - } - return nil - }() + b, err := json.Marshal(zarfNamespace) + if err != nil { + return err + } + _, err = p.cluster.Clientset.CoreV1().Namespaces().Patch(ctx, cluster.ZarfNamespaceName, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) if err != nil { return fmt.Errorf("unable to create the Zarf namespace: %w", err) } diff --git a/src/pkg/packager/remove.go b/src/pkg/packager/remove.go index 322db5570f..8943d6b8be 100644 --- a/src/pkg/packager/remove.go +++ b/src/pkg/packager/remove.go @@ -15,8 +15,8 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "helm.sh/helm/v3/pkg/storage/driver" corev1 "k8s.io/api/core/v1" - kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + ktypes "k8s.io/apimachinery/pkg/types" "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" @@ -135,28 +135,14 @@ func (p *Packager) updatePackageSecret(ctx context.Context, deployedPackage type "data": newPackageSecretData, }, } - - err = func() error { - _, err := p.cluster.Clientset.CoreV1().Secrets(newPackageSecret.Namespace).Get(ctx, newPackageSecret.Name, metav1.GetOptions{}) - if err != nil && !kerrors.IsNotFound(err) { - return err - } - if kerrors.IsNotFound(err) { - _, err = p.cluster.Clientset.CoreV1().Secrets(newPackageSecret.Namespace).Create(ctx, newPackageSecret, metav1.CreateOptions{}) - if err != nil { - return fmt.Errorf("unable to create the zarf state secret: %w", err) - } - return nil - } - _, err = p.cluster.Clientset.CoreV1().Secrets(newPackageSecret.Namespace).Update(ctx, newPackageSecret, metav1.UpdateOptions{}) - if err != nil { - return fmt.Errorf("unable to update the zarf state secret: %w", err) - } - return nil - }() + b, err := json.Marshal(newPackageSecret) + if err != nil { + return err + } + _, err = p.cluster.Clientset.CoreV1().Secrets(newPackageSecret.Namespace).Patch(ctx, newPackageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) // We warn and ignore errors because we may have removed the cluster that this package was inside of if err != nil { - message.Warnf("Unable to update the '%s' package secret: '%s' (this may be normal if the cluster was removed)", secretName, err.Error()) + message.Warnf("Unable to apply the '%s' package secret: '%s' (this may be normal if the cluster was removed)", secretName, err.Error()) } } return nil From 3e2fd884ce694685b1bb879ae670d024d89fa915 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Wed, 9 Oct 2024 20:13:19 +0000 Subject: [PATCH 02/33] WIP, more to do but tests passing Signed-off-by: Austin Abro --- src/internal/agent/hooks/utils_test.go | 2 +- src/internal/packager/helm/post-render.go | 39 ++++++++------------ src/internal/packager2/load_test.go | 2 +- src/pkg/cluster/cluster.go | 1 + src/pkg/cluster/injector_test.go | 2 +- src/pkg/cluster/namespace.go | 16 ++------- src/pkg/cluster/pvc_test.go | 2 +- src/pkg/cluster/secrets.go | 29 ++++++--------- src/pkg/cluster/state.go | 43 ++++++++--------------- src/pkg/cluster/state_test.go | 38 +++++++++++++++++++- src/pkg/cluster/tunnel_test.go | 2 +- src/pkg/cluster/zarf.go | 35 ++++++------------ src/pkg/cluster/zarf_test.go | 10 +++--- src/pkg/packager/common_test.go | 2 +- src/pkg/packager/deploy.go | 2 +- src/pkg/packager/remove.go | 2 +- 16 files changed, 105 insertions(+), 122 deletions(-) diff --git a/src/internal/agent/hooks/utils_test.go b/src/internal/agent/hooks/utils_test.go index 84ee8a4c47..05eed3f78e 100644 --- a/src/internal/agent/hooks/utils_test.go +++ b/src/internal/agent/hooks/utils_test.go @@ -32,7 +32,7 @@ type admissionTest struct { func createTestClientWithZarfState(ctx context.Context, t *testing.T, state *types.ZarfState) *cluster.Cluster { t.Helper() - c := &cluster.Cluster{Clientset: fake.NewSimpleClientset()} + c := &cluster.Cluster{Clientset: fake.NewClientset()} stateData, err := json.Marshal(state) require.NoError(t, err) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 4a25a4abc0..e8d326ede6 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -20,7 +20,6 @@ import ( "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/types" "helm.sh/helm/v3/pkg/releaseutil" - corev1 "k8s.io/api/core/v1" ktypes "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/dynamic" "k8s.io/client-go/restmapper" @@ -30,19 +29,20 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" + v1ac "k8s.io/client-go/applyconfigurations/core/v1" ) type renderer struct { *Helm connectStrings types.ConnectStrings - namespaces map[string]*corev1.Namespace + namespaces map[string]*v1ac.NamespaceApplyConfiguration } func (h *Helm) newRenderer(ctx context.Context) (*renderer, error) { rend := &renderer{ Helm: h, connectStrings: types.ConnectStrings{}, - namespaces: map[string]*corev1.Namespace{}, + namespaces: map[string]*v1ac.NamespaceApplyConfiguration{}, } if h.cluster == nil { return rend, nil @@ -55,8 +55,7 @@ func (h *Helm) newRenderer(ctx context.Context) (*renderer, error) { if kerrors.IsNotFound(err) { rend.namespaces[h.chart.Namespace] = cluster.NewZarfManagedNamespace(h.chart.Namespace) } else if h.cfg.DeployOpts.AdoptExistingResources { - namespace.Labels = cluster.AdoptZarfManagedLabels(namespace.Labels) - rend.namespaces[h.chart.Namespace] = namespace + namespace.Labels[cluster.ZarfManagedByLabel] = "zarf" } return rend, nil @@ -132,24 +131,17 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { } } - if !existingNamespace { - // This is a new namespace, add it - _, err := c.Clientset.CoreV1().Namespaces().Create(ctx, namespace, metav1.CreateOptions{}) - if err != nil { - return fmt.Errorf("unable to create the missing namespace %s", name) - } - } else if r.cfg.DeployOpts.AdoptExistingResources { - // Refuse to adopt namespace if it is one of four initial Kubernetes namespaces. - // https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#initial-namespaces + if !existingNamespace || r.cfg.DeployOpts.AdoptExistingResources { if slices.Contains([]string{"default", "kube-node-lease", "kube-public", "kube-system"}, name) { message.Warnf("Refusing to adopt the initial namespace: %s", name) } else { - // This is an existing namespace to adopt - _, err := c.Clientset.CoreV1().Namespaces().Update(ctx, namespace, metav1.UpdateOptions{}) + // This is a new namespace, add it + _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { - return fmt.Errorf("unable to adopt the existing namespace %s", name) + return fmt.Errorf("unable to apply namespace %s", name) } } + } // If the package is marked as YOLO and the state is empty, skip the secret creation for this namespace @@ -162,11 +154,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { if err != nil { return err } - registrySecretB, err := json.Marshal(validRegistrySecret) - if err != nil { - return err - } - _, err = c.Clientset.CoreV1().Secrets(validRegistrySecret.Namespace).Patch(ctx, validRegistrySecret.Name, ktypes.ApplyPatchType, registrySecretB, metav1.PatchOptions{}) + _, err = c.Clientset.CoreV1().Secrets(*validRegistrySecret.Namespace).Apply(ctx, validRegistrySecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { message.WarnErrf(err, "Problem applying registry secret for the %s namespace", name) } @@ -176,7 +164,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { if err != nil { return err } - _, err = c.Clientset.CoreV1().Secrets(gitServerSecret.Namespace).Patch(ctx, gitServerSecret.Name, ktypes.ApplyPatchType, gitSecretB, metav1.PatchOptions{}) + _, err = c.Clientset.CoreV1().Secrets(gitServerSecret.Namespace).Patch(ctx, gitServerSecret.Name, ktypes.ApplyPatchType, gitSecretB, metav1.PatchOptions{Force: helpers.BoolPtr(true)}) if err != nil { message.WarnErrf(err, "Problem creating git server secret for the %s namespace", name) } @@ -204,7 +192,8 @@ func (r *renderer) editHelmResources(ctx context.Context, resources []releaseuti switch rawData.GetKind() { case "Namespace": - namespace := &corev1.Namespace{} + // TODO does unstructuredConverter work with apply types + namespace := &v1ac.NamespaceApplyConfiguration{} // parse the namespace resource so it can be applied out-of-band by zarf instead of helm to avoid helm ns shenanigans if err := runtime.DefaultUnstructuredConverter.FromUnstructured(rawData.UnstructuredContent(), namespace); err != nil { message.WarnErrf(err, "could not parse namespace %s", rawData.GetName()) @@ -212,7 +201,7 @@ func (r *renderer) editHelmResources(ctx context.Context, resources []releaseuti message.Debugf("Matched helm namespace %s for zarf annotation", namespace.Name) namespace.Labels = cluster.AdoptZarfManagedLabels(namespace.Labels) // Add it to the stack - r.namespaces[namespace.Name] = namespace + r.namespaces[*namespace.Name] = namespace } // skip so we can strip namespaces from helm's brain continue diff --git a/src/internal/packager2/load_test.go b/src/internal/packager2/load_test.go index e48140c966..709a96b851 100644 --- a/src/internal/packager2/load_test.go +++ b/src/internal/packager2/load_test.go @@ -148,7 +148,7 @@ func TestPackageFromSourceOrCluster(t *testing.T) { require.Equal(t, "test", pkg.Metadata.Name) c := &cluster.Cluster{ - Clientset: fake.NewSimpleClientset(), + Clientset: fake.NewClientset(), } _, err = c.RecordPackageDeployment(ctx, pkg, nil, 1) require.NoError(t, err) diff --git a/src/pkg/cluster/cluster.go b/src/pkg/cluster/cluster.go index 5db77e0c9c..b7b0e1f89e 100644 --- a/src/pkg/cluster/cluster.go +++ b/src/pkg/cluster/cluster.go @@ -27,6 +27,7 @@ const ( DefaultTimeout = 30 * time.Second // AgentLabel is used to give instructions to the Zarf agent AgentLabel = "zarf.dev/agent" + // FieldManager is the field manager used for all Zarf apply operations ) // Cluster Zarf specific cluster management functions. diff --git a/src/pkg/cluster/injector_test.go b/src/pkg/cluster/injector_test.go index 67dff422f2..db583733f4 100644 --- a/src/pkg/cluster/injector_test.go +++ b/src/pkg/cluster/injector_test.go @@ -171,7 +171,7 @@ func TestGetInjectorImageAndNode(t *testing.T) { t.Parallel() ctx := context.Background() - cs := fake.NewSimpleClientset() + cs := fake.NewClientset() c := &Cluster{ Clientset: cs, diff --git a/src/pkg/cluster/namespace.go b/src/pkg/cluster/namespace.go index 99d50a5f5e..824cd0ffef 100644 --- a/src/pkg/cluster/namespace.go +++ b/src/pkg/cluster/namespace.go @@ -10,9 +10,9 @@ import ( "time" "github.com/avast/retry-go/v4" - corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1ac "k8s.io/client-go/applyconfigurations/core/v1" "github.com/zarf-dev/zarf/src/pkg/message" ) @@ -46,18 +46,8 @@ func (c *Cluster) DeleteZarfNamespace(ctx context.Context) error { } // NewZarfManagedNamespace returns a corev1.Namespace with Zarf-managed labels -func NewZarfManagedNamespace(name string) *corev1.Namespace { - namespace := &corev1.Namespace{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Namespace", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - }, - } - namespace.Labels = AdoptZarfManagedLabels(namespace.Labels) - return namespace +func NewZarfManagedNamespace(name string) *v1ac.NamespaceApplyConfiguration { + return v1ac.Namespace(name).WithLabels(AdoptZarfManagedLabels(nil)) } // AdoptZarfManagedLabels adds & deletes the necessary labels that signal to Zarf it should manage a namespace diff --git a/src/pkg/cluster/pvc_test.go b/src/pkg/cluster/pvc_test.go index 6c267d1500..52347466a0 100644 --- a/src/pkg/cluster/pvc_test.go +++ b/src/pkg/cluster/pvc_test.go @@ -19,7 +19,7 @@ func TestUpdateGiteaPVC(t *testing.T) { ctx := testutil.TestContext(t) c := &Cluster{ - Clientset: fake.NewSimpleClientset(), + Clientset: fake.NewClientset(), } pvc := &corev1.PersistentVolumeClaim{ ObjectMeta: metav1.ObjectMeta{ diff --git a/src/pkg/cluster/secrets.go b/src/pkg/cluster/secrets.go index aa693c6a44..3810878800 100644 --- a/src/pkg/cluster/secrets.go +++ b/src/pkg/cluster/secrets.go @@ -15,6 +15,7 @@ import ( corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1ac "k8s.io/client-go/applyconfigurations/core/v1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/message" @@ -35,7 +36,7 @@ type DockerConfigEntryWithAuth struct { } // GenerateRegistryPullCreds generates a secret containing the registry credentials. -func (c *Cluster) GenerateRegistryPullCreds(ctx context.Context, namespace, name string, registryInfo types.RegistryInfo) (*corev1.Secret, error) { +func (c *Cluster) GenerateRegistryPullCreds(ctx context.Context, namespace, name string, registryInfo types.RegistryInfo) (*v1ac.SecretApplyConfiguration, error) { // Auth field must be username:password and base64 encoded fieldValue := registryInfo.PullUsername + ":" + registryInfo.PullPassword authEncodedValue := base64.StdEncoding.EncodeToString([]byte(fieldValue)) @@ -68,23 +69,15 @@ func (c *Cluster) GenerateRegistryPullCreds(ctx context.Context, namespace, name return nil, fmt.Errorf("unable to marshal the .dockerconfigjson secret data for the image pull secret: %w", err) } - secretDockerConfig := &corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Secret", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: namespace, - Labels: map[string]string{ - ZarfManagedByLabel: "zarf", - }, - }, - Type: corev1.SecretTypeDockerConfigJson, - Data: map[string][]byte{ + secretDockerConfig := v1ac.Secret(name, namespace). + WithLabels(map[string]string{ + ZarfManagedByLabel: "zarf", + }). + WithType(corev1.SecretTypeDockerConfigJson). + WithData(map[string][]byte{ ".dockerconfigjson": dockerConfigData, - }, - } + }) + return secretDockerConfig, nil } @@ -142,7 +135,7 @@ func (c *Cluster) UpdateZarfManagedImageSecrets(ctx context.Context, state *type continue } spinner.Updatef("Updating existing Zarf-managed image secret for namespace: '%s'", namespace.Name) - _, err = c.Clientset.CoreV1().Secrets(newRegistrySecret.Namespace).Update(ctx, newRegistrySecret, metav1.UpdateOptions{}) + _, err = c.Clientset.CoreV1().Secrets(*newRegistrySecret.Namespace).Apply(ctx, newRegistrySecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return err } diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index 019b3d616b..bdb5b97985 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -15,7 +15,7 @@ import ( corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - ktypes "k8s.io/apimachinery/pkg/types" + v1ac "k8s.io/client-go/applyconfigurations/core/v1" "github.com/avast/retry-go/v4" "github.com/defenseunicorns/pkg/helpers/v2" @@ -90,6 +90,9 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO } // Mark existing namespaces as ignored for the zarf agent to prevent mutating resources we don't own. for _, namespace := range namespaceList.Items { + if namespace.Name == "zarf" { + continue + } spinner.Updatef("Marking existing namespace %s as ignored by Zarf Agent", namespace.Name) if namespace.Labels == nil { // Ensure label map exists to avoid nil panic @@ -105,13 +108,10 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO } // Try to create the zarf namespace. + // TODO is the test failing here spinner.Updatef("Creating the Zarf namespace") zarfNamespace := NewZarfManagedNamespace(ZarfNamespaceName) - b, err := json.Marshal(zarfNamespace) - if err != nil { - return err - } - _, err = c.Clientset.CoreV1().Namespaces().Patch(ctx, ZarfNamespaceName, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) + _, err = c.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{FieldManager: "zarf", Force: true}) if err != nil { return fmt.Errorf("unable to apply the Zarf namespace: %w", err) } @@ -244,30 +244,17 @@ func (c *Cluster) SaveZarfState(ctx context.Context, state *types.ZarfState) err if err != nil { return err } - secret := &corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Secret", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: ZarfStateSecretName, - Namespace: ZarfNamespaceName, - Labels: map[string]string{ - ZarfManagedByLabel: "zarf", - }, - }, - Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{ - ZarfStateDataKey: data, - }, + zarfStateLabels := map[string]string{ + ZarfManagedByLabel: "zarf", } + secret := v1ac.Secret(ZarfStateSecretName, ZarfNamespaceName). + WithLabels(zarfStateLabels). + WithType(corev1.SecretTypeOpaque). + WithData(map[string][]byte{ + ZarfStateDataKey: data, + }) - // Attempt to create or update the secret and return. - b, err := json.Marshal(secret) - if err != nil { - return err - } - _, err = c.Clientset.CoreV1().Secrets(secret.Namespace).Patch(ctx, secret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) + _, err = c.Clientset.CoreV1().Secrets(*secret.Namespace).Apply(ctx, secret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return fmt.Errorf("unable to apply the zarf state secret: %w", err) } diff --git a/src/pkg/cluster/state_test.go b/src/pkg/cluster/state_test.go index 1575528f4a..e49554580e 100644 --- a/src/pkg/cluster/state_test.go +++ b/src/pkg/cluster/state_test.go @@ -165,7 +165,7 @@ func TestInitZarfState(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { ctx := context.Background() - cs := fake.NewSimpleClientset() + cs := fake.NewClientset() for _, node := range tt.nodes { _, err := cs.CoreV1().Nodes().Create(ctx, &node, metav1.CreateOptions{}) require.NoError(t, err) @@ -229,6 +229,42 @@ func TestInitZarfState(t *testing.T) { } } +func TestSaveZarfState(t *testing.T) { + tests := []struct { + name string + state types.ZarfState + }{ + { + name: "first test", + state: types.ZarfState{ + GitServer: types.GitServerInfo{ + Address: "https://git-server.com", + PushUsername: "a-push-user", + }, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + ctx := context.Background() + cs := fake.NewClientset() + c := &Cluster{ + Clientset: cs, + } + ns := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: ZarfNamespaceName, + }, + } + _, err := cs.CoreV1().Namespaces().Create(ctx, ns, metav1.CreateOptions{}) + require.NoError(t, err) + err = c.SaveZarfState(ctx, &tt.state) + require.NoError(t, err) + }) + } +} + // TODO: Change password gen method to make testing possible. func TestMergeZarfStateRegistry(t *testing.T) { t.Parallel() diff --git a/src/pkg/cluster/tunnel_test.go b/src/pkg/cluster/tunnel_test.go index 9ce09770e9..c41b9312be 100644 --- a/src/pkg/cluster/tunnel_test.go +++ b/src/pkg/cluster/tunnel_test.go @@ -19,7 +19,7 @@ func TestListConnections(t *testing.T) { t.Parallel() c := &Cluster{ - Clientset: fake.NewSimpleClientset(), + Clientset: fake.NewClientset(), } svc := corev1.Service{ ObjectMeta: metav1.ObjectMeta{ diff --git a/src/pkg/cluster/zarf.go b/src/pkg/cluster/zarf.go index fc989fb327..9f51d1b2ac 100644 --- a/src/pkg/cluster/zarf.go +++ b/src/pkg/cluster/zarf.go @@ -17,8 +17,10 @@ import ( kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ktypes "k8s.io/apimachinery/pkg/types" + v1ac "k8s.io/client-go/applyconfigurations/core/v1" "github.com/avast/retry-go/v4" + "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/internal/gitea" @@ -82,29 +84,14 @@ func (c *Cluster) UpdateDeployedPackage(ctx context.Context, depPkg types.Deploy if err != nil { return err } - packageSecret := &corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Secret", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: secretName, - Namespace: ZarfNamespaceName, - Labels: map[string]string{ - ZarfManagedByLabel: "zarf", - ZarfPackageInfoLabel: depPkg.Name, - }, - }, - Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{ - "data": packageSecretData, - }, - } - b, err := json.Marshal(packageSecret) - if err != nil { - return err - } - _, err = c.Clientset.CoreV1().Secrets(packageSecret.Namespace).Patch(ctx, packageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) + packageSecret := v1ac.Secret(secretName, ZarfNamespaceName). + WithLabels(map[string]string{ + ZarfManagedByLabel: "zarf", + ZarfPackageInfoLabel: depPkg.Name, + }).WithData(map[string][]byte{ + "data": packageSecretData, + }).WithType(corev1.SecretTypeOpaque) + _, err = c.Clientset.CoreV1().Secrets(*packageSecret.Namespace).Apply(ctx, packageSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return fmt.Errorf("unable to apply the deployed package secret: %w", err) } @@ -286,7 +273,7 @@ func (c *Cluster) RecordPackageDeployment(ctx context.Context, pkg v1alpha1.Zarf if err != nil { return nil, err } - updatedSecret, err := c.Clientset.CoreV1().Secrets(deployedPackageSecret.Namespace).Patch(ctx, deployedPackageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) + updatedSecret, err := c.Clientset.CoreV1().Secrets(deployedPackageSecret.Namespace).Patch(ctx, deployedPackageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{Force: helpers.BoolPtr(true)}) if err != nil { return nil, fmt.Errorf("failed to record package deployment in secret '%s': %w", deployedPackageSecret.Name, err) } diff --git a/src/pkg/cluster/zarf_test.go b/src/pkg/cluster/zarf_test.go index d2f3aefcde..734502523f 100644 --- a/src/pkg/cluster/zarf_test.go +++ b/src/pkg/cluster/zarf_test.go @@ -206,7 +206,7 @@ func TestGetDeployedPackage(t *testing.T) { t.Parallel() ctx := context.Background() c := &Cluster{ - Clientset: fake.NewSimpleClientset(), + Clientset: fake.NewClientset(), } packages := []types.DeployedPackage{ @@ -255,7 +255,7 @@ func TestGetDeployedPackage(t *testing.T) { func TestRegistryHPA(t *testing.T) { ctx := context.Background() - cs := fake.NewSimpleClientset() + cs := fake.NewClientset() hpa := autoscalingv2.HorizontalPodAutoscaler{ ObjectMeta: metav1.ObjectMeta{ Name: "zarf-docker-registry", @@ -309,15 +309,15 @@ func TestInternalGitServerExists(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - cs := fake.NewSimpleClientset() - cluster := &Cluster{Clientset: cs} + cs := fake.NewClientset() + c := &Cluster{Clientset: cs} ctx := context.Background() if tt.svc != nil { _, err := cs.CoreV1().Services(tt.svc.Namespace).Create(ctx, tt.svc, metav1.CreateOptions{}) require.NoError(t, err) } - exists, err := cluster.InternalGitServerExists(ctx) + exists, err := c.InternalGitServerExists(ctx) require.Equal(t, tt.expectedExist, exists) require.Equal(t, tt.expectedErr, err) }) diff --git a/src/pkg/packager/common_test.go b/src/pkg/packager/common_test.go index d2f4a7aa7a..c26b51dc80 100644 --- a/src/pkg/packager/common_test.go +++ b/src/pkg/packager/common_test.go @@ -77,7 +77,7 @@ func TestValidatePackageArchitecture(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - cs := fake.NewSimpleClientset() + cs := fake.NewClientset() p := &Packager{ cluster: &cluster.Cluster{ diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 0f6fa6fbcb..ea5fa0faaa 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -527,7 +527,7 @@ func (p *Packager) setupState(ctx context.Context) error { if err != nil { return err } - _, err = p.cluster.Clientset.CoreV1().Namespaces().Patch(ctx, cluster.ZarfNamespaceName, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) + _, err = p.cluster.Clientset.CoreV1().Namespaces().Patch(ctx, cluster.ZarfNamespaceName, ktypes.ApplyPatchType, b, metav1.PatchOptions{Force: helpers.BoolPtr(true)}) if err != nil { return fmt.Errorf("unable to create the Zarf namespace: %w", err) } diff --git a/src/pkg/packager/remove.go b/src/pkg/packager/remove.go index 8943d6b8be..f631bf92f8 100644 --- a/src/pkg/packager/remove.go +++ b/src/pkg/packager/remove.go @@ -139,7 +139,7 @@ func (p *Packager) updatePackageSecret(ctx context.Context, deployedPackage type if err != nil { return err } - _, err = p.cluster.Clientset.CoreV1().Secrets(newPackageSecret.Namespace).Patch(ctx, newPackageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{}) + _, err = p.cluster.Clientset.CoreV1().Secrets(newPackageSecret.Namespace).Patch(ctx, newPackageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{Force: helpers.BoolPtr(true)}) // We warn and ignore errors because we may have removed the cluster that this package was inside of if err != nil { message.Warnf("Unable to apply the '%s' package secret: '%s' (this may be normal if the cluster was removed)", secretName, err.Error()) From bdb756df1657503664f1f411c2a4dc6ab7e0a176 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 17 Oct 2024 18:51:17 +0000 Subject: [PATCH 03/33] tests passing Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 8 +------ src/pkg/cluster/secrets.go | 28 +++++++---------------- src/pkg/cluster/secrets_test.go | 2 +- 3 files changed, 10 insertions(+), 28 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index e8d326ede6..7ef3191da2 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -7,7 +7,6 @@ package helm import ( "bytes" "context" - "encoding/json" "fmt" "os" "path/filepath" @@ -20,7 +19,6 @@ import ( "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/types" "helm.sh/helm/v3/pkg/releaseutil" - ktypes "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/dynamic" "k8s.io/client-go/restmapper" "sigs.k8s.io/yaml" @@ -160,11 +158,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { } gitServerSecret := c.GenerateGitPullCreds(name, config.ZarfGitServerSecretName, r.state.GitServer) - gitSecretB, err := json.Marshal(gitServerSecret) - if err != nil { - return err - } - _, err = c.Clientset.CoreV1().Secrets(gitServerSecret.Namespace).Patch(ctx, gitServerSecret.Name, ktypes.ApplyPatchType, gitSecretB, metav1.PatchOptions{Force: helpers.BoolPtr(true)}) + _, err = c.Clientset.CoreV1().Secrets(*gitServerSecret.Namespace).Apply(ctx, gitServerSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { message.WarnErrf(err, "Problem creating git server secret for the %s namespace", name) } diff --git a/src/pkg/cluster/secrets.go b/src/pkg/cluster/secrets.go index 3810878800..bb5a38b263 100644 --- a/src/pkg/cluster/secrets.go +++ b/src/pkg/cluster/secrets.go @@ -82,27 +82,15 @@ func (c *Cluster) GenerateRegistryPullCreds(ctx context.Context, namespace, name } // GenerateGitPullCreds generates a secret containing the git credentials. -func (c *Cluster) GenerateGitPullCreds(namespace, name string, gitServerInfo types.GitServerInfo) *corev1.Secret { - gitServerSecret := &corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Secret", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: namespace, - Labels: map[string]string{ - ZarfManagedByLabel: "zarf", - }, - }, - Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{}, - StringData: map[string]string{ +func (c *Cluster) GenerateGitPullCreds(namespace, name string, gitServerInfo types.GitServerInfo) *v1ac.SecretApplyConfiguration { + return v1ac.Secret(name, namespace). + WithLabels(map[string]string{ + ZarfManagedByLabel: "zarf", + }).WithType(corev1.SecretTypeOpaque). + WithStringData(map[string]string{ "username": gitServerInfo.PullUsername, "password": gitServerInfo.PullPassword, - }, - } - return gitServerSecret + }) } // UpdateZarfManagedImageSecrets updates all Zarf-managed image secrets in all namespaces based on state @@ -171,7 +159,7 @@ func (c *Cluster) UpdateZarfManagedGitSecrets(ctx context.Context, state *types. continue } spinner.Updatef("Updating existing Zarf-managed git secret for namespace: %s", namespace.Name) - _, err = c.Clientset.CoreV1().Secrets(newGitSecret.Namespace).Update(ctx, newGitSecret, metav1.UpdateOptions{}) + _, err = c.Clientset.CoreV1().Secrets(*newGitSecret.Namespace).Apply(ctx, newGitSecret, metav1.ApplyOptions{Force: true}) if err != nil { return err } diff --git a/src/pkg/cluster/secrets_test.go b/src/pkg/cluster/secrets_test.go index 0ee731dfe9..518a84f0c5 100644 --- a/src/pkg/cluster/secrets_test.go +++ b/src/pkg/cluster/secrets_test.go @@ -192,7 +192,7 @@ func TestUpdateZarfManagedSecrets(t *testing.T) { }, }, Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{}, + Data: nil, StringData: map[string]string{ "username": state.GitServer.PullUsername, "password": state.GitServer.PullPassword, From 9d1a35dd8ba4abf88164d44cf53856722a24be6e Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 17 Oct 2024 18:57:28 +0000 Subject: [PATCH 04/33] patch-> apply Signed-off-by: Austin Abro --- src/pkg/cluster/zarf.go | 36 ++++++++++-------------------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/src/pkg/cluster/zarf.go b/src/pkg/cluster/zarf.go index fb0b724587..b281651b91 100644 --- a/src/pkg/cluster/zarf.go +++ b/src/pkg/cluster/zarf.go @@ -15,10 +15,8 @@ import ( corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - ktypes "k8s.io/apimachinery/pkg/types" v1ac "k8s.io/client-go/applyconfigurations/core/v1" - "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/internal/gitea" @@ -172,32 +170,18 @@ func (c *Cluster) RecordPackageDeployment(ctx context.Context, pkg v1alpha1.Zarf return nil, err } - // Update the package secret - deployedPackageSecret := &corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Secret", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: config.ZarfPackagePrefix + packageName, - Namespace: ZarfNamespaceName, - Labels: map[string]string{ - ZarfManagedByLabel: "zarf", - ZarfPackageInfoLabel: packageName, - }, - }, - Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{ + packageSecretName := fmt.Sprintf("%s%s", config.ZarfPackagePrefix, packageName) + deployedPackageSecret := v1ac.Secret(packageSecretName, ZarfNamespaceName). + WithLabels(map[string]string{ + ZarfManagedByLabel: "zarf", + ZarfPackageInfoLabel: packageName, + }).WithType(corev1.SecretTypeOpaque). + WithData(map[string][]byte{ "data": packageData, - }, - } - b, err := json.Marshal(deployedPackageSecret) - if err != nil { - return nil, err - } - updatedSecret, err := c.Clientset.CoreV1().Secrets(deployedPackageSecret.Namespace).Patch(ctx, deployedPackageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{Force: helpers.BoolPtr(true)}) + }) + updatedSecret, err := c.Clientset.CoreV1().Secrets(*deployedPackageSecret.Namespace).Apply(ctx, deployedPackageSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { - return nil, fmt.Errorf("failed to record package deployment in secret '%s': %w", deployedPackageSecret.Name, err) + return nil, fmt.Errorf("failed to record package deployment in secret '%s': %w", *deployedPackageSecret.Name, err) } if err := json.Unmarshal(updatedSecret.Data["data"], &deployedPackage); err != nil { return nil, err From 9f757e9953581bc962841a465c331521d698cc72 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 17 Oct 2024 19:26:59 +0000 Subject: [PATCH 05/33] remove patches Signed-off-by: Austin Abro --- src/pkg/cluster/state.go | 1 - src/pkg/packager/deploy.go | 8 +------- src/pkg/packager/remove.go | 33 ++++++++++----------------------- 3 files changed, 11 insertions(+), 31 deletions(-) diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index bdb5b97985..65494fadd4 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -108,7 +108,6 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO } // Try to create the zarf namespace. - // TODO is the test failing here spinner.Updatef("Creating the Zarf namespace") zarfNamespace := NewZarfManagedNamespace(ZarfNamespaceName) _, err = c.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{FieldManager: "zarf", Force: true}) diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 9e2cf4714c..c4dbb1b61f 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -6,7 +6,6 @@ package packager import ( "context" - "encoding/json" "fmt" "net/url" "os" @@ -23,7 +22,6 @@ import ( corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - ktypes "k8s.io/apimachinery/pkg/types" "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/api/v1alpha1" @@ -478,11 +476,7 @@ func (p *Packager) setupState(ctx context.Context) error { // Try to create the zarf namespace spinner.Updatef("Creating the Zarf namespace") zarfNamespace := cluster.NewZarfManagedNamespace(cluster.ZarfNamespaceName) - b, err := json.Marshal(zarfNamespace) - if err != nil { - return err - } - _, err = p.cluster.Clientset.CoreV1().Namespaces().Patch(ctx, cluster.ZarfNamespaceName, ktypes.ApplyPatchType, b, metav1.PatchOptions{Force: helpers.BoolPtr(true)}) + _, err = p.cluster.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return fmt.Errorf("unable to create the Zarf namespace: %w", err) } diff --git a/src/pkg/packager/remove.go b/src/pkg/packager/remove.go index f631bf92f8..e2d89a083a 100644 --- a/src/pkg/packager/remove.go +++ b/src/pkg/packager/remove.go @@ -16,7 +16,7 @@ import ( "helm.sh/helm/v3/pkg/storage/driver" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - ktypes "k8s.io/apimachinery/pkg/types" + v1ac "k8s.io/client-go/applyconfigurations/core/v1" "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" @@ -117,29 +117,16 @@ func (p *Packager) updatePackageSecret(ctx context.Context, deployedPackage type secretName := config.ZarfPackagePrefix + deployedPackage.Name // Save the new secret with the removed components removed from the secret - newPackageSecret := &corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Secret", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: secretName, - Namespace: cluster.ZarfNamespaceName, - Labels: map[string]string{ - cluster.ZarfManagedByLabel: "zarf", - cluster.ZarfPackageInfoLabel: deployedPackage.Name, - }, - }, - Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{ + newPackageSecret := v1ac.Secret(secretName, cluster.ZarfNamespaceName). + WithLabels(map[string]string{ + cluster.ZarfManagedByLabel: "zarf", + cluster.ZarfPackageInfoLabel: deployedPackage.Name, + }).WithType(corev1.SecretTypeOpaque). + WithData(map[string][]byte{ "data": newPackageSecretData, - }, - } - b, err := json.Marshal(newPackageSecret) - if err != nil { - return err - } - _, err = p.cluster.Clientset.CoreV1().Secrets(newPackageSecret.Namespace).Patch(ctx, newPackageSecret.Name, ktypes.ApplyPatchType, b, metav1.PatchOptions{Force: helpers.BoolPtr(true)}) + }) + + _, err = p.cluster.Clientset.CoreV1().Secrets(*newPackageSecret.Namespace).Apply(ctx, newPackageSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) // We warn and ignore errors because we may have removed the cluster that this package was inside of if err != nil { message.Warnf("Unable to apply the '%s' package secret: '%s' (this may be normal if the cluster was removed)", secretName, err.Error()) From 0219569ea316bad98d5a272d08bb0996a3694fa4 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 17 Oct 2024 20:47:48 +0000 Subject: [PATCH 06/33] tests passing Signed-off-by: Austin Abro --- src/pkg/cluster/injector.go | 240 ++++++++---------- src/pkg/cluster/injector_test.go | 40 +-- .../testdata/expected-injection-pod.json | 2 +- 3 files changed, 122 insertions(+), 160 deletions(-) diff --git a/src/pkg/cluster/injector.go b/src/pkg/cluster/injector.go index c0d36e21e7..644e2a37ad 100644 --- a/src/pkg/cluster/injector.go +++ b/src/pkg/cluster/injector.go @@ -30,6 +30,7 @@ import ( "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/pkg/utils" + v1ac "k8s.io/client-go/applyconfigurations/core/v1" ) // StartInjection initializes a Zarf injection into the cluster. @@ -43,16 +44,15 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, spinner := message.NewProgressSpinner("Attempting to bootstrap the seed image into the cluster") defer spinner.Stop() - resReq := corev1.ResourceRequirements{ - Requests: corev1.ResourceList{ + resReq := v1ac.ResourceRequirements(). + WithRequests(corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse(".5"), corev1.ResourceMemory: resource.MustParse("64Mi"), - }, - Limits: corev1.ResourceList{ + }). + WithLimits(corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse("1"), corev1.ResourceMemory: resource.MustParse("256Mi"), - }, - } + }) injectorImage, injectorNodeName, err := c.getInjectorImageAndNode(ctx, resReq) if err != nil { return err @@ -67,50 +67,32 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, if err != nil { return err } - cm := &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: ZarfNamespaceName, - Name: "rust-binary", - }, - BinaryData: map[string][]byte{ + cm := v1ac.ConfigMap("rust-binary", ZarfNamespaceName). + WithBinaryData(map[string][]byte{ "zarf-injector": b, - }, - } - _, err = c.Clientset.CoreV1().ConfigMaps(cm.Namespace).Create(ctx, cm, metav1.CreateOptions{}) + }) + _, err = c.Clientset.CoreV1().ConfigMaps(*cm.Namespace).Apply(ctx, cm, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return err } - svc := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Service", - }, - ObjectMeta: metav1.ObjectMeta{ - Namespace: ZarfNamespaceName, - Name: "zarf-injector", - }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeNodePort, - Ports: []corev1.ServicePort{ - { - Port: int32(5000), - }, - }, - Selector: map[string]string{ - "app": "zarf-injector", - }, - }, - } - svc, err = c.Clientset.CoreV1().Services(svc.Namespace).Create(ctx, svc, metav1.CreateOptions{}) + svc := v1ac.Service("zarf-injector", ZarfNamespaceName). + WithSpec(v1ac.ServiceSpec(). + WithType(corev1.ServiceTypeNodePort). + WithPorts( + v1ac.ServicePort().WithPort(int32(5000)), + ).WithSelector(map[string]string{ + "app": "zarf-injector", + })) + _, err = c.Clientset.CoreV1().Services(*svc.Namespace).Apply(ctx, svc, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return err } // TODO: Remove use of passing data through global variables. config.ZarfSeedPort = fmt.Sprintf("%d", svc.Spec.Ports[0].NodePort) - pod := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq) - _, err = c.Clientset.CoreV1().Pods(pod.Namespace).Create(ctx, pod, metav1.CreateOptions{}) + podAc := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq) + pod, err := c.Clientset.CoreV1().Pods(*podAc.Namespace).Apply(ctx, podAc, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return fmt.Errorf("error creating pod in cluster: %w", err) } @@ -236,19 +218,14 @@ func (c *Cluster) createPayloadConfigMaps(ctx context.Context, spinner *message. spinner.Updatef("Adding archive binary configmap %d of %d to the cluster", i+1, len(chunks)) - cm := &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: ZarfNamespaceName, - Name: fileName, - Labels: map[string]string{ - "zarf-injector": "payload", - }, - }, - BinaryData: map[string][]byte{ + cm := v1ac.ConfigMap(fileName, ZarfNamespaceName). + WithLabels(map[string]string{ + "zarf-injector": "payload", + }). + WithBinaryData(map[string][]byte{ fileName: data, - }, - } - _, err = c.Clientset.CoreV1().ConfigMaps(ZarfNamespaceName).Create(ctx, cm, metav1.CreateOptions{}) + }) + _, err = c.Clientset.CoreV1().ConfigMaps(ZarfNamespaceName).Apply(ctx, cm, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return nil, "", err } @@ -261,7 +238,7 @@ func (c *Cluster) createPayloadConfigMaps(ctx context.Context, spinner *message. } // getImagesAndNodesForInjection checks for images on schedulable nodes within a cluster. -func (c *Cluster) getInjectorImageAndNode(ctx context.Context, resReq corev1.ResourceRequirements) (string, string, error) { +func (c *Cluster) getInjectorImageAndNode(ctx context.Context, resReq *v1ac.ResourceRequirementsApplyConfiguration) (string, string, error) { // Regex for Zarf seed image zarfImageRegex, err := regexp.Compile(`(?m)^127\.0\.0\.1:`) if err != nil { @@ -279,8 +256,8 @@ func (c *Cluster) getInjectorImageAndNode(ctx context.Context, resReq corev1.Res if err != nil { return "", "", err } - if nodeDetails.Status.Allocatable.Cpu().Cmp(resReq.Requests[corev1.ResourceCPU]) < 0 || - nodeDetails.Status.Allocatable.Memory().Cmp(resReq.Requests[corev1.ResourceMemory]) < 0 { + if nodeDetails.Status.Allocatable.Cpu().Cmp(*resReq.Requests.Cpu()) < 0 || + nodeDetails.Status.Allocatable.Memory().Cmp(*resReq.Requests.Memory()) < 0 { continue } if hasBlockingTaints(nodeDetails.Spec.Taints) { @@ -317,99 +294,80 @@ func hasBlockingTaints(taints []corev1.Taint) bool { return false } -func buildInjectionPod(nodeName, image string, payloadCmNames []string, shasum string, resReq corev1.ResourceRequirements) *corev1.Pod { +func buildInjectionPod(nodeName, image string, payloadCmNames []string, shasum string, resReq *v1ac.ResourceRequirementsApplyConfiguration) *v1ac.PodApplyConfiguration { + // Initialize base volumes executeMode := int32(0777) + volumes := []*v1ac.VolumeApplyConfiguration{ + v1ac.Volume(). + WithName("init"). + WithConfigMap( + v1ac.ConfigMapVolumeSource(). + WithName("rust-binary"). + WithDefaultMode(executeMode), + ), + v1ac.Volume(). + WithName("seed"). + WithEmptyDir(&v1ac.EmptyDirVolumeSourceApplyConfiguration{}), + } - pod := &corev1.Pod{ - TypeMeta: metav1.TypeMeta{ - APIVersion: corev1.SchemeGroupVersion.String(), - Kind: "Pod", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "injector", - Namespace: ZarfNamespaceName, - Labels: map[string]string{ - "app": "zarf-injector", - AgentLabel: "ignore", - }, - }, - Spec: corev1.PodSpec{ - NodeName: nodeName, - // Do not try to restart the pod as it will be deleted/re-created instead. - RestartPolicy: corev1.RestartPolicyNever, - Containers: []corev1.Container{ - { - Name: "injector", - Image: image, - ImagePullPolicy: corev1.PullIfNotPresent, - WorkingDir: "/zarf-init", - Command: []string{"/zarf-init/zarf-injector", shasum}, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "init", - MountPath: "/zarf-init/zarf-injector", - SubPath: "zarf-injector", - }, - { - Name: "seed", - MountPath: "/zarf-seed", - }, - }, - ReadinessProbe: &corev1.Probe{ - PeriodSeconds: 2, - SuccessThreshold: 1, - FailureThreshold: 10, - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: "/v2/", - Port: intstr.FromInt(5000), - }, - }, - }, - Resources: resReq, - }, - }, - Volumes: []corev1.Volume{ - // Contains the rust binary and collection of configmaps from the tarball (seed image). - { - Name: "init", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "rust-binary", - }, - DefaultMode: &executeMode, - }, - }, - }, - // Empty directory to hold the seed image (new dir to avoid permission issues) - { - Name: "seed", - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }, - }, - }, + // Initialize base volume mounts + volumeMounts := []*v1ac.VolumeMountApplyConfiguration{ + v1ac.VolumeMount(). + WithName("init"). + WithMountPath("/zarf-init/zarf-injector"). + WithSubPath("zarf-injector"), + v1ac.VolumeMount(). + WithName("seed"). + WithMountPath("/zarf-seed"), } + // Add additional volumes and volume mounts from payloadCmNames for _, filename := range payloadCmNames { - pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{ - Name: filename, - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: filename, - }, - }, - }, - }) - pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, corev1.VolumeMount{ - Name: filename, - MountPath: fmt.Sprintf("/zarf-init/%s", filename), - SubPath: filename, - }) + volumes = append(volumes, v1ac.Volume(). + WithName(filename). + WithConfigMap( + v1ac.ConfigMapVolumeSource(). + WithName(filename), + )) + volumeMounts = append(volumeMounts, v1ac.VolumeMount(). + WithName(filename). + WithMountPath(fmt.Sprintf("/zarf-init/%s", filename)). + WithSubPath(filename)) } + // Construct the PodApplyConfiguration + pod := v1ac.Pod("injector", ZarfNamespaceName). + WithLabels(map[string]string{ + "app": "zarf-injector", + AgentLabel: "ignore", + }). + WithSpec( + v1ac.PodSpec(). + WithNodeName(nodeName). + WithRestartPolicy(corev1.RestartPolicyNever). + WithContainers( + v1ac.Container(). + WithName("injector"). + WithImage(image). + WithImagePullPolicy(corev1.PullIfNotPresent). + WithWorkingDir("/zarf-init"). + WithCommand("/zarf-init/zarf-injector", shasum). + WithVolumeMounts(volumeMounts...). + WithReadinessProbe( + v1ac.Probe(). + WithPeriodSeconds(2). + WithSuccessThreshold(1). + WithFailureThreshold(10). + WithHTTPGet( + v1ac.HTTPGetAction(). + WithPath("/v2/"). + WithPort(intstr.FromInt(5000)), + ), + ). + WithResources(resReq), + ). + WithVolumes(volumes...), + ) + return pod } diff --git a/src/pkg/cluster/injector_test.go b/src/pkg/cluster/injector_test.go index 1b4b1ed4af..d587235e20 100644 --- a/src/pkg/cluster/injector_test.go +++ b/src/pkg/cluster/injector_test.go @@ -20,6 +20,7 @@ import ( "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + v1ac "k8s.io/client-go/applyconfigurations/core/v1" "k8s.io/client-go/kubernetes/fake" k8stesting "k8s.io/client-go/testing" "sigs.k8s.io/cli-utils/pkg/kstatus/status" @@ -27,7 +28,7 @@ import ( func TestInjector(t *testing.T) { ctx := context.Background() - cs := fake.NewSimpleClientset() + cs := fake.NewClientset() c := &Cluster{ Clientset: cs, Watcher: healthchecks.NewImmediateWatcher(status.CurrentStatus), @@ -117,6 +118,8 @@ func TestInjector(t *testing.T) { expected, err := os.ReadFile("./testdata/expected-injection-service.json") require.NoError(t, err) svc, err := cs.CoreV1().Services(ZarfNamespaceName).Get(ctx, "zarf-injector", metav1.GetOptions{}) + // Managed fields are auto-set and contain timestamps + svc.ManagedFields = nil require.NoError(t, err) b, err := json.Marshal(svc) require.NoError(t, err) @@ -147,20 +150,21 @@ func TestInjector(t *testing.T) { func TestBuildInjectionPod(t *testing.T) { t.Parallel() - resReq := corev1.ResourceRequirements{ - Requests: corev1.ResourceList{ + resReq := v1ac.ResourceRequirements(). + WithRequests(corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse(".5"), corev1.ResourceMemory: resource.MustParse("64Mi"), - }, - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("1"), - corev1.ResourceMemory: resource.MustParse("256Mi"), - }, - } + }). + WithLimits( + corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("1"), + corev1.ResourceMemory: resource.MustParse("256Mi"), + }) pod := buildInjectionPod("injection-node", "docker.io/library/ubuntu:latest", []string{"foo", "bar"}, "shasum", resReq) - require.Equal(t, "injector", pod.Name) + require.Equal(t, "injector", *pod.Name) b, err := json.Marshal(pod) require.NoError(t, err) + expected, err := os.ReadFile("./testdata/expected-injection-pod.json") require.NoError(t, err) require.Equal(t, strings.TrimSpace(string(expected)), string(b)) @@ -270,16 +274,16 @@ func TestGetInjectorImageAndNode(t *testing.T) { require.NoError(t, err) } - resReq := corev1.ResourceRequirements{ - Requests: corev1.ResourceList{ + resReq := v1ac.ResourceRequirements(). + WithRequests(corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse(".5"), corev1.ResourceMemory: resource.MustParse("64Mi"), - }, - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("1"), - corev1.ResourceMemory: resource.MustParse("256Mi"), - }, - } + }). + WithLimits( + corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("1"), + corev1.ResourceMemory: resource.MustParse("256Mi"), + }) image, node, err := c.getInjectorImageAndNode(ctx, resReq) require.NoError(t, err) require.Equal(t, "pod-2-container", image) diff --git a/src/pkg/cluster/testdata/expected-injection-pod.json b/src/pkg/cluster/testdata/expected-injection-pod.json index 30f2e5b1f1..69b0d72562 100644 --- a/src/pkg/cluster/testdata/expected-injection-pod.json +++ b/src/pkg/cluster/testdata/expected-injection-pod.json @@ -1 +1 @@ -{"kind":"Pod","apiVersion":"v1","metadata":{"name":"injector","namespace":"zarf","creationTimestamp":null,"labels":{"app":"zarf-injector","zarf.dev/agent":"ignore"}},"spec":{"volumes":[{"name":"init","configMap":{"name":"rust-binary","defaultMode":511}},{"name":"seed","emptyDir":{}},{"name":"foo","configMap":{"name":"foo"}},{"name":"bar","configMap":{"name":"bar"}}],"containers":[{"name":"injector","image":"docker.io/library/ubuntu:latest","command":["/zarf-init/zarf-injector","shasum"],"workingDir":"/zarf-init","resources":{"limits":{"cpu":"1","memory":"256Mi"},"requests":{"cpu":"500m","memory":"64Mi"}},"volumeMounts":[{"name":"init","mountPath":"/zarf-init/zarf-injector","subPath":"zarf-injector"},{"name":"seed","mountPath":"/zarf-seed"},{"name":"foo","mountPath":"/zarf-init/foo","subPath":"foo"},{"name":"bar","mountPath":"/zarf-init/bar","subPath":"bar"}],"readinessProbe":{"httpGet":{"path":"/v2/","port":5000},"periodSeconds":2,"successThreshold":1,"failureThreshold":10},"imagePullPolicy":"IfNotPresent"}],"restartPolicy":"Never","nodeName":"injection-node"},"status":{}} +{"kind":"Pod","apiVersion":"v1","metadata":{"name":"injector","namespace":"zarf","labels":{"app":"zarf-injector","zarf.dev/agent":"ignore"}},"spec":{"volumes":[{"name":"init","configMap":{"name":"rust-binary","defaultMode":511}},{"name":"seed","emptyDir":{}},{"name":"foo","configMap":{"name":"foo"}},{"name":"bar","configMap":{"name":"bar"}}],"containers":[{"name":"injector","image":"docker.io/library/ubuntu:latest","command":["/zarf-init/zarf-injector","shasum"],"workingDir":"/zarf-init","resources":{"limits":{"cpu":"1","memory":"256Mi"},"requests":{"cpu":"500m","memory":"64Mi"}},"volumeMounts":[{"name":"init","mountPath":"/zarf-init/zarf-injector","subPath":"zarf-injector"},{"name":"seed","mountPath":"/zarf-seed"},{"name":"foo","mountPath":"/zarf-init/foo","subPath":"foo"},{"name":"bar","mountPath":"/zarf-init/bar","subPath":"bar"}],"readinessProbe":{"httpGet":{"path":"/v2/","port":5000},"periodSeconds":2,"successThreshold":1,"failureThreshold":10},"imagePullPolicy":"IfNotPresent"}],"restartPolicy":"Never","nodeName":"injection-node"}} From 21d8c04ae90441d800c00463214fa1e968847b21 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 17 Oct 2024 21:32:48 +0000 Subject: [PATCH 07/33] fix debug Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 7ef3191da2..16f1b29810 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -192,7 +192,7 @@ func (r *renderer) editHelmResources(ctx context.Context, resources []releaseuti if err := runtime.DefaultUnstructuredConverter.FromUnstructured(rawData.UnstructuredContent(), namespace); err != nil { message.WarnErrf(err, "could not parse namespace %s", rawData.GetName()) } else { - message.Debugf("Matched helm namespace %s for zarf annotation", namespace.Name) + message.Debugf("Matched helm namespace %s for zarf annotation", *namespace.Name) namespace.Labels = cluster.AdoptZarfManagedLabels(namespace.Labels) // Add it to the stack r.namespaces[*namespace.Name] = namespace From 4516b5fb31d7113ef09cfaf4464d400d0c40a69f Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 17 Oct 2024 22:24:57 +0000 Subject: [PATCH 08/33] health checks Signed-off-by: Austin Abro --- src/pkg/cluster/injector.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/pkg/cluster/injector.go b/src/pkg/cluster/injector.go index d7c1e579f6..0593021b76 100644 --- a/src/pkg/cluster/injector.go +++ b/src/pkg/cluster/injector.go @@ -19,12 +19,12 @@ import ( kerrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/internal/healthchecks" "github.com/zarf-dev/zarf/src/pkg/message" @@ -91,15 +91,21 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, // TODO: Remove use of passing data through global variables. config.ZarfSeedPort = fmt.Sprintf("%d", svc.Spec.Ports[0].NodePort) - podAc := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq) - pod, err := c.Clientset.CoreV1().Pods(*podAc.Namespace).Apply(ctx, podAc, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + pod := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq) + _, err = c.Clientset.CoreV1().Pods(*pod.Namespace).Apply(ctx, pod, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return fmt.Errorf("error creating pod in cluster: %w", err) } waitCtx, waitCancel := context.WithTimeout(ctx, 60*time.Second) defer waitCancel() - err = healthchecks.WaitForReadyRuntime(waitCtx, c.Watcher, []runtime.Object{pod}) + podRef := v1alpha1.NamespacedObjectKindReference{ + APIVersion: *pod.APIVersion, + Kind: *pod.Kind, + Namespace: *pod.Namespace, + Name: *pod.Name, + } + err = healthchecks.Run(waitCtx, c.Watcher, []v1alpha1.NamespacedObjectKindReference{podRef}) if err != nil { return err } From 905711dd7899a6ad0a34b111ad04f0fdbafdc23b Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 14:00:38 +0000 Subject: [PATCH 09/33] pointer Signed-off-by: Austin Abro --- src/pkg/cluster/injector.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pkg/cluster/injector.go b/src/pkg/cluster/injector.go index 0593021b76..c873d575ef 100644 --- a/src/pkg/cluster/injector.go +++ b/src/pkg/cluster/injector.go @@ -89,7 +89,7 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, return err } // TODO: Remove use of passing data through global variables. - config.ZarfSeedPort = fmt.Sprintf("%d", svc.Spec.Ports[0].NodePort) + config.ZarfSeedPort = fmt.Sprintf("%d", *svc.Spec.Ports[0].NodePort) pod := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq) _, err = c.Clientset.CoreV1().Pods(*pod.Namespace).Apply(ctx, pod, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) From 71eb15345f4cc8b731b612e5714aedea4913f89c Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 14:11:10 +0000 Subject: [PATCH 10/33] using correct svc again Signed-off-by: Austin Abro --- src/pkg/cluster/injector.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/pkg/cluster/injector.go b/src/pkg/cluster/injector.go index c873d575ef..9f2e3f3b42 100644 --- a/src/pkg/cluster/injector.go +++ b/src/pkg/cluster/injector.go @@ -76,7 +76,7 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, return err } - svc := v1ac.Service("zarf-injector", ZarfNamespaceName). + svcAc := v1ac.Service("zarf-injector", ZarfNamespaceName). WithSpec(v1ac.ServiceSpec(). WithType(corev1.ServiceTypeNodePort). WithPorts( @@ -84,12 +84,12 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, ).WithSelector(map[string]string{ "app": "zarf-injector", })) - _, err = c.Clientset.CoreV1().Services(*svc.Namespace).Apply(ctx, svc, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + svc, err := c.Clientset.CoreV1().Services(*svcAc.Namespace).Apply(ctx, svcAc, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return err } - // TODO: Remove use of passing data through global variables. - config.ZarfSeedPort = fmt.Sprintf("%d", *svc.Spec.Ports[0].NodePort) + + config.ZarfSeedPort = fmt.Sprintf("%d", svc.Spec.Ports[0].NodePort) pod := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq) _, err = c.Clientset.CoreV1().Pods(*pod.Namespace).Apply(ctx, pod, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) From 7c38c138d1b3f79cd9bd07932f73b5191eeb0d3d Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 19:34:23 +0000 Subject: [PATCH 11/33] ssa in zarf Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 14 +++++++++++++- src/pkg/cluster/namespace.go | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 16f1b29810..d75b2fac24 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -7,6 +7,7 @@ package helm import ( "bytes" "context" + "encoding/json" "fmt" "os" "path/filepath" @@ -53,7 +54,18 @@ func (h *Helm) newRenderer(ctx context.Context) (*renderer, error) { if kerrors.IsNotFound(err) { rend.namespaces[h.chart.Namespace] = cluster.NewZarfManagedNamespace(h.chart.Namespace) } else if h.cfg.DeployOpts.AdoptExistingResources { - namespace.Labels[cluster.ZarfManagedByLabel] = "zarf" + // Need to make sure this path is tested + b, err := json.Marshal(namespace) + if err != nil { + return nil, err + } + nsAc := &v1ac.NamespaceApplyConfiguration{} + err = json.Unmarshal(b, nsAc) + if err != nil { + return nil, err + } + nsAc.WithLabels(cluster.AdoptZarfManagedLabels(nsAc.Labels)) + rend.namespaces[h.chart.Namespace] = nsAc } return rend, nil diff --git a/src/pkg/cluster/namespace.go b/src/pkg/cluster/namespace.go index 824cd0ffef..6f125f052b 100644 --- a/src/pkg/cluster/namespace.go +++ b/src/pkg/cluster/namespace.go @@ -12,9 +12,9 @@ import ( "github.com/avast/retry-go/v4" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - v1ac "k8s.io/client-go/applyconfigurations/core/v1" "github.com/zarf-dev/zarf/src/pkg/message" + v1ac "k8s.io/client-go/applyconfigurations/core/v1" ) // DeleteZarfNamespace deletes the Zarf namespace from the connected cluster. From 00868f4719eed34553ba93dc49143b097c7c59ce Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 19:55:44 +0000 Subject: [PATCH 12/33] add field manager Signed-off-by: Austin Abro --- src/pkg/cluster/secrets.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pkg/cluster/secrets.go b/src/pkg/cluster/secrets.go index bb5a38b263..2e1a0c1234 100644 --- a/src/pkg/cluster/secrets.go +++ b/src/pkg/cluster/secrets.go @@ -159,7 +159,7 @@ func (c *Cluster) UpdateZarfManagedGitSecrets(ctx context.Context, state *types. continue } spinner.Updatef("Updating existing Zarf-managed git secret for namespace: %s", namespace.Name) - _, err = c.Clientset.CoreV1().Secrets(*newGitSecret.Namespace).Apply(ctx, newGitSecret, metav1.ApplyOptions{Force: true}) + _, err = c.Clientset.CoreV1().Secrets(*newGitSecret.Namespace).Apply(ctx, newGitSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return err } From b121deda4e04c9f2215023b82bcbe23a60610f82 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 20:07:22 +0000 Subject: [PATCH 13/33] adopt existing resources Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index d75b2fac24..8fcd974cdf 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -141,11 +141,10 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { } } - if !existingNamespace || r.cfg.DeployOpts.AdoptExistingResources { + if !existingNamespace || !r.cfg.DeployOpts.AdoptExistingResources { if slices.Contains([]string{"default", "kube-node-lease", "kube-public", "kube-system"}, name) { message.Warnf("Refusing to adopt the initial namespace: %s", name) } else { - // This is a new namespace, add it _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return fmt.Errorf("unable to apply namespace %s", name) From e83f6e664b99bb41c536320e7605f6b20e1b066d Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 20:08:10 +0000 Subject: [PATCH 14/33] comment Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 1 - 1 file changed, 1 deletion(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 8fcd974cdf..516d084ed1 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -54,7 +54,6 @@ func (h *Helm) newRenderer(ctx context.Context) (*renderer, error) { if kerrors.IsNotFound(err) { rend.namespaces[h.chart.Namespace] = cluster.NewZarfManagedNamespace(h.chart.Namespace) } else if h.cfg.DeployOpts.AdoptExistingResources { - // Need to make sure this path is tested b, err := json.Marshal(namespace) if err != nil { return nil, err From 570b24456f5538b590b3fd97adbe30b037c2b81e Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 20:09:31 +0000 Subject: [PATCH 15/33] delete comment Signed-off-by: Austin Abro --- src/pkg/cluster/cluster.go | 1 - 1 file changed, 1 deletion(-) diff --git a/src/pkg/cluster/cluster.go b/src/pkg/cluster/cluster.go index ca8fb89e6f..a97b3066bc 100644 --- a/src/pkg/cluster/cluster.go +++ b/src/pkg/cluster/cluster.go @@ -29,7 +29,6 @@ const ( DefaultTimeout = 30 * time.Second // AgentLabel is used to give instructions to the Zarf agent AgentLabel = "zarf.dev/agent" - // FieldManager is the field manager used for all Zarf apply operations ) // Cluster Zarf specific cluster management functions. From 5736f56681ae52fae1db7e73fba1053cdc517ddf Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 20:12:27 +0000 Subject: [PATCH 16/33] add comment Signed-off-by: Austin Abro --- src/pkg/cluster/injector.go | 1 + 1 file changed, 1 insertion(+) diff --git a/src/pkg/cluster/injector.go b/src/pkg/cluster/injector.go index 9f2e3f3b42..7221ee6963 100644 --- a/src/pkg/cluster/injector.go +++ b/src/pkg/cluster/injector.go @@ -89,6 +89,7 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, return err } + // TODO: Remove use of passing data through global variables. config.ZarfSeedPort = fmt.Sprintf("%d", svc.Spec.Ports[0].NodePort) pod := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq) From ca48559f018dc16641444a4a5cc20e1c7322122b Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 20:16:22 +0000 Subject: [PATCH 17/33] make injection pod and service easier to read Signed-off-by: Austin Abro --- src/pkg/cluster/injector_test.go | 4 +- .../testdata/expected-injection-pod.json | 112 +++++++++++++++++- .../testdata/expected-injection-service.json | 25 +++- 3 files changed, 137 insertions(+), 4 deletions(-) diff --git a/src/pkg/cluster/injector_test.go b/src/pkg/cluster/injector_test.go index d587235e20..dde50f5bab 100644 --- a/src/pkg/cluster/injector_test.go +++ b/src/pkg/cluster/injector_test.go @@ -121,7 +121,7 @@ func TestInjector(t *testing.T) { // Managed fields are auto-set and contain timestamps svc.ManagedFields = nil require.NoError(t, err) - b, err := json.Marshal(svc) + b, err := json.MarshalIndent(svc, "", " ") require.NoError(t, err) require.Equal(t, strings.TrimSpace(string(expected)), string(b)) @@ -162,7 +162,7 @@ func TestBuildInjectionPod(t *testing.T) { }) pod := buildInjectionPod("injection-node", "docker.io/library/ubuntu:latest", []string{"foo", "bar"}, "shasum", resReq) require.Equal(t, "injector", *pod.Name) - b, err := json.Marshal(pod) + b, err := json.MarshalIndent(pod, "", " ") require.NoError(t, err) expected, err := os.ReadFile("./testdata/expected-injection-pod.json") diff --git a/src/pkg/cluster/testdata/expected-injection-pod.json b/src/pkg/cluster/testdata/expected-injection-pod.json index bac5d41f86..05577add4e 100644 --- a/src/pkg/cluster/testdata/expected-injection-pod.json +++ b/src/pkg/cluster/testdata/expected-injection-pod.json @@ -1 +1,111 @@ -{"kind":"Pod","apiVersion":"v1","metadata":{"name":"injector","namespace":"zarf","labels":{"app":"zarf-injector","zarf.dev/agent":"ignore"}},"spec":{"volumes":[{"name":"init","configMap":{"name":"rust-binary","defaultMode":511}},{"name":"seed","emptyDir":{}},{"name":"foo","configMap":{"name":"foo"}},{"name":"bar","configMap":{"name":"bar"}}],"containers":[{"name":"injector","image":"docker.io/library/ubuntu:latest","command":["/zarf-init/zarf-injector","shasum"],"workingDir":"/zarf-init","resources":{"limits":{"cpu":"1","memory":"256Mi"},"requests":{"cpu":"500m","memory":"64Mi"}},"volumeMounts":[{"name":"init","mountPath":"/zarf-init/zarf-injector","subPath":"zarf-injector"},{"name":"seed","mountPath":"/zarf-seed"},{"name":"foo","mountPath":"/zarf-init/foo","subPath":"foo"},{"name":"bar","mountPath":"/zarf-init/bar","subPath":"bar"}],"readinessProbe":{"httpGet":{"path":"/v2/","port":5000},"periodSeconds":2,"successThreshold":1,"failureThreshold":10},"imagePullPolicy":"IfNotPresent","securityContext":{"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"readOnlyRootFilesystem":true,"allowPrivilegeEscalation":false}}],"restartPolicy":"Never","nodeName":"injection-node","securityContext":{"runAsUser":1000,"runAsGroup":2000,"fsGroup":2000,"seccompProfile":{"type":"RuntimeDefault"}}}} +{ + "kind": "Pod", + "apiVersion": "v1", + "metadata": { + "name": "injector", + "namespace": "zarf", + "labels": { + "app": "zarf-injector", + "zarf.dev/agent": "ignore" + } + }, + "spec": { + "volumes": [ + { + "name": "init", + "configMap": { + "name": "rust-binary", + "defaultMode": 511 + } + }, + { + "name": "seed", + "emptyDir": {} + }, + { + "name": "foo", + "configMap": { + "name": "foo" + } + }, + { + "name": "bar", + "configMap": { + "name": "bar" + } + } + ], + "containers": [ + { + "name": "injector", + "image": "docker.io/library/ubuntu:latest", + "command": [ + "/zarf-init/zarf-injector", + "shasum" + ], + "workingDir": "/zarf-init", + "resources": { + "limits": { + "cpu": "1", + "memory": "256Mi" + }, + "requests": { + "cpu": "500m", + "memory": "64Mi" + } + }, + "volumeMounts": [ + { + "name": "init", + "mountPath": "/zarf-init/zarf-injector", + "subPath": "zarf-injector" + }, + { + "name": "seed", + "mountPath": "/zarf-seed" + }, + { + "name": "foo", + "mountPath": "/zarf-init/foo", + "subPath": "foo" + }, + { + "name": "bar", + "mountPath": "/zarf-init/bar", + "subPath": "bar" + } + ], + "readinessProbe": { + "httpGet": { + "path": "/v2/", + "port": 5000 + }, + "periodSeconds": 2, + "successThreshold": 1, + "failureThreshold": 10 + }, + "imagePullPolicy": "IfNotPresent", + "securityContext": { + "capabilities": { + "drop": [ + "ALL" + ] + }, + "runAsNonRoot": true, + "readOnlyRootFilesystem": true, + "allowPrivilegeEscalation": false + } + } + ], + "restartPolicy": "Never", + "nodeName": "injection-node", + "securityContext": { + "runAsUser": 1000, + "runAsGroup": 2000, + "fsGroup": 2000, + "seccompProfile": { + "type": "RuntimeDefault" + } + } + } +} diff --git a/src/pkg/cluster/testdata/expected-injection-service.json b/src/pkg/cluster/testdata/expected-injection-service.json index dd826cbb4c..8e0eeecf9f 100644 --- a/src/pkg/cluster/testdata/expected-injection-service.json +++ b/src/pkg/cluster/testdata/expected-injection-service.json @@ -1 +1,24 @@ -{"kind":"Service","apiVersion":"v1","metadata":{"name":"zarf-injector","namespace":"zarf","creationTimestamp":null},"spec":{"ports":[{"port":5000,"targetPort":0}],"selector":{"app":"zarf-injector"},"type":"NodePort"},"status":{"loadBalancer":{}}} +{ + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "zarf-injector", + "namespace": "zarf", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "port": 5000, + "targetPort": 0 + } + ], + "selector": { + "app": "zarf-injector" + }, + "type": "NodePort" + }, + "status": { + "loadBalancer": {} + } +} From 52643f7740e437d318b44fa5ec4bef064aab0dd5 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 20:17:31 +0000 Subject: [PATCH 18/33] injector Signed-off-by: Austin Abro --- src/pkg/cluster/injector.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/pkg/cluster/injector.go b/src/pkg/cluster/injector.go index 7221ee6963..021110c586 100644 --- a/src/pkg/cluster/injector.go +++ b/src/pkg/cluster/injector.go @@ -302,7 +302,6 @@ func hasBlockingTaints(taints []corev1.Taint) bool { } func buildInjectionPod(nodeName, image string, payloadCmNames []string, shasum string, resReq *v1ac.ResourceRequirementsApplyConfiguration) *v1ac.PodApplyConfiguration { - // Initialize base volumes executeMode := int32(0777) userID := int64(1000) groupID := int64(2000) @@ -319,7 +318,6 @@ func buildInjectionPod(nodeName, image string, payloadCmNames []string, shasum s WithName("seed"). WithEmptyDir(&v1ac.EmptyDirVolumeSourceApplyConfiguration{})} - // Initialize base volume mounts volumeMounts := []*v1ac.VolumeMountApplyConfiguration{ v1ac.VolumeMount(). WithName("init"). @@ -330,7 +328,6 @@ func buildInjectionPod(nodeName, image string, payloadCmNames []string, shasum s WithMountPath("/zarf-seed"), } - // Add additional volumes and volume mounts from payloadCmNames for _, filename := range payloadCmNames { volumes = append(volumes, v1ac.Volume(). WithName(filename). @@ -344,7 +341,6 @@ func buildInjectionPod(nodeName, image string, payloadCmNames []string, shasum s WithSubPath(filename)) } - // Construct the PodApplyConfiguration pod := v1ac.Pod("injector", ZarfNamespaceName). WithLabels(map[string]string{ "app": "zarf-injector", From 72f07c9a2af587ce1576fe681ec87506b7e14d94 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 18 Oct 2024 20:20:46 +0000 Subject: [PATCH 19/33] remove redundant test Signed-off-by: Austin Abro --- src/pkg/cluster/state_test.go | 36 ----------------------------------- 1 file changed, 36 deletions(-) diff --git a/src/pkg/cluster/state_test.go b/src/pkg/cluster/state_test.go index e49554580e..6d00cf7d28 100644 --- a/src/pkg/cluster/state_test.go +++ b/src/pkg/cluster/state_test.go @@ -229,42 +229,6 @@ func TestInitZarfState(t *testing.T) { } } -func TestSaveZarfState(t *testing.T) { - tests := []struct { - name string - state types.ZarfState - }{ - { - name: "first test", - state: types.ZarfState{ - GitServer: types.GitServerInfo{ - Address: "https://git-server.com", - PushUsername: "a-push-user", - }, - }, - }, - } - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - ctx := context.Background() - cs := fake.NewClientset() - c := &Cluster{ - Clientset: cs, - } - ns := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: ZarfNamespaceName, - }, - } - _, err := cs.CoreV1().Namespaces().Create(ctx, ns, metav1.CreateOptions{}) - require.NoError(t, err) - err = c.SaveZarfState(ctx, &tt.state) - require.NoError(t, err) - }) - } -} - // TODO: Change password gen method to make testing possible. func TestMergeZarfStateRegistry(t *testing.T) { t.Parallel() From 5cae3e53ec4a25476503b07d3e7d0155b4600528 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Mon, 21 Oct 2024 14:13:20 -0400 Subject: [PATCH 20/33] fix post render logic Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 516d084ed1..6ee10b46b3 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -140,16 +140,16 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { } } - if !existingNamespace || !r.cfg.DeployOpts.AdoptExistingResources { + if existingNamespace && r.cfg.DeployOpts.AdoptExistingResources { if slices.Contains([]string{"default", "kube-node-lease", "kube-public", "kube-system"}, name) { message.Warnf("Refusing to adopt the initial namespace: %s", name) - } else { - _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) - if err != nil { - return fmt.Errorf("unable to apply namespace %s", name) - } } - + } + if !existingNamespace || r.cfg.DeployOpts.AdoptExistingResources { + _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + if err != nil { + return fmt.Errorf("unable to apply namespace %s", name) + } } // If the package is marked as YOLO and the state is empty, skip the secret creation for this namespace From 16ed156c0e1eb1e853a7bf2d678d90bb9c679791 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Mon, 21 Oct 2024 14:18:35 -0400 Subject: [PATCH 21/33] fix post render logic Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 6ee10b46b3..3a024c0005 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -140,15 +140,20 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { } } - if existingNamespace && r.cfg.DeployOpts.AdoptExistingResources { - if slices.Contains([]string{"default", "kube-node-lease", "kube-public", "kube-system"}, name) { - message.Warnf("Refusing to adopt the initial namespace: %s", name) - } - } - if !existingNamespace || r.cfg.DeployOpts.AdoptExistingResources { + if !existingNamespace { _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { - return fmt.Errorf("unable to apply namespace %s", name) + return fmt.Errorf("unable to apply the namespace %s", name) + } + } else if r.cfg.DeployOpts.AdoptExistingResources { + // Refuse to adopt namespace if it is one of four initial Kubernetes namespaces. + if slices.Contains([]string{"default", "kube-node-lease", "kube-public", "kube-system"}, name) { + message.Warnf("Refusing to adopt the initial namespace: %s", name) + } else { + _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + if err != nil { + return fmt.Errorf("unable to apply the existing namespace %s", name) + } } } From f1d1886ebda4fa027fbcb785d4c6f4dae199be5b Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Wed, 23 Oct 2024 09:19:00 -0400 Subject: [PATCH 22/33] better error Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 3a024c0005..f50d5f3ed6 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -143,7 +143,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { if !existingNamespace { _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { - return fmt.Errorf("unable to apply the namespace %s", name) + return fmt.Errorf("unable to apply the namespace %s: %w", name, err) } } else if r.cfg.DeployOpts.AdoptExistingResources { // Refuse to adopt namespace if it is one of four initial Kubernetes namespaces. @@ -152,7 +152,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { } else { _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { - return fmt.Errorf("unable to apply the existing namespace %s", name) + return fmt.Errorf("unable to apply the existing namespace %s: %w", name, err) } } } From 9f1d13de7f4a59d1369660173e7fb95160ca1041 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Wed, 23 Oct 2024 11:12:05 -0400 Subject: [PATCH 23/33] add namespace and api version Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index f50d5f3ed6..7b703004d3 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -63,6 +63,8 @@ func (h *Helm) newRenderer(ctx context.Context) (*renderer, error) { if err != nil { return nil, err } + // The get objects don't have kind and api version set + nsAc.WithKind("Namespace").WithAPIVersion("v1") nsAc.WithLabels(cluster.AdoptZarfManagedLabels(nsAc.Labels)) rend.namespaces[h.chart.Namespace] = nsAc } From 593c317063c5f4d968ecb41e53967d7e2c13d044 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 24 Oct 2024 16:46:22 +0000 Subject: [PATCH 24/33] move namespaces back to create / update Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 40 +++++++++-------------- src/pkg/cluster/namespace.go | 20 ++++++++++-- src/pkg/cluster/state.go | 2 +- src/pkg/packager/deploy.go | 2 +- 4 files changed, 35 insertions(+), 29 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 7b703004d3..142be6b581 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -7,7 +7,6 @@ package helm import ( "bytes" "context" - "encoding/json" "fmt" "os" "path/filepath" @@ -24,24 +23,24 @@ import ( "k8s.io/client-go/restmapper" "sigs.k8s.io/yaml" + corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" - v1ac "k8s.io/client-go/applyconfigurations/core/v1" ) type renderer struct { *Helm connectStrings types.ConnectStrings - namespaces map[string]*v1ac.NamespaceApplyConfiguration + namespaces map[string]*corev1.Namespace } func (h *Helm) newRenderer(ctx context.Context) (*renderer, error) { rend := &renderer{ Helm: h, connectStrings: types.ConnectStrings{}, - namespaces: map[string]*v1ac.NamespaceApplyConfiguration{}, + namespaces: map[string]*corev1.Namespace{}, } if h.cluster == nil { return rend, nil @@ -54,19 +53,8 @@ func (h *Helm) newRenderer(ctx context.Context) (*renderer, error) { if kerrors.IsNotFound(err) { rend.namespaces[h.chart.Namespace] = cluster.NewZarfManagedNamespace(h.chart.Namespace) } else if h.cfg.DeployOpts.AdoptExistingResources { - b, err := json.Marshal(namespace) - if err != nil { - return nil, err - } - nsAc := &v1ac.NamespaceApplyConfiguration{} - err = json.Unmarshal(b, nsAc) - if err != nil { - return nil, err - } - // The get objects don't have kind and api version set - nsAc.WithKind("Namespace").WithAPIVersion("v1") - nsAc.WithLabels(cluster.AdoptZarfManagedLabels(nsAc.Labels)) - rend.namespaces[h.chart.Namespace] = nsAc + namespace.Labels = cluster.AdoptZarfManagedLabels(namespace.Labels) + rend.namespaces[h.chart.Namespace] = namespace } return rend, nil @@ -143,18 +131,21 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { } if !existingNamespace { - _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + // This is a new namespace, add it + _, err := c.Clientset.CoreV1().Namespaces().Create(ctx, namespace, metav1.CreateOptions{}) if err != nil { - return fmt.Errorf("unable to apply the namespace %s: %w", name, err) + return fmt.Errorf("unable to create the missing namespace %s", name) } } else if r.cfg.DeployOpts.AdoptExistingResources { // Refuse to adopt namespace if it is one of four initial Kubernetes namespaces. + // https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#initial-namespaces if slices.Contains([]string{"default", "kube-node-lease", "kube-public", "kube-system"}, name) { message.Warnf("Refusing to adopt the initial namespace: %s", name) } else { - _, err := c.Clientset.CoreV1().Namespaces().Apply(ctx, namespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + // This is an existing namespace to adopt + _, err := c.Clientset.CoreV1().Namespaces().Update(ctx, namespace, metav1.UpdateOptions{}) if err != nil { - return fmt.Errorf("unable to apply the existing namespace %s: %w", name, err) + return fmt.Errorf("unable to adopt the existing namespace %s", name) } } } @@ -203,16 +194,15 @@ func (r *renderer) editHelmResources(ctx context.Context, resources []releaseuti switch rawData.GetKind() { case "Namespace": - // TODO does unstructuredConverter work with apply types - namespace := &v1ac.NamespaceApplyConfiguration{} + namespace := &corev1.Namespace{} // parse the namespace resource so it can be applied out-of-band by zarf instead of helm to avoid helm ns shenanigans if err := runtime.DefaultUnstructuredConverter.FromUnstructured(rawData.UnstructuredContent(), namespace); err != nil { message.WarnErrf(err, "could not parse namespace %s", rawData.GetName()) } else { - message.Debugf("Matched helm namespace %s for zarf annotation", *namespace.Name) + message.Debugf("Matched helm namespace %s for zarf annotation", namespace.Name) namespace.Labels = cluster.AdoptZarfManagedLabels(namespace.Labels) // Add it to the stack - r.namespaces[*namespace.Name] = namespace + r.namespaces[namespace.Name] = namespace } // skip so we can strip namespaces from helm's brain continue diff --git a/src/pkg/cluster/namespace.go b/src/pkg/cluster/namespace.go index 6f125f052b..2c8c5f3de4 100644 --- a/src/pkg/cluster/namespace.go +++ b/src/pkg/cluster/namespace.go @@ -14,6 +14,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/zarf-dev/zarf/src/pkg/message" + corev1 "k8s.io/api/core/v1" v1ac "k8s.io/client-go/applyconfigurations/core/v1" ) @@ -45,11 +46,26 @@ func (c *Cluster) DeleteZarfNamespace(ctx context.Context) error { return nil } -// NewZarfManagedNamespace returns a corev1.Namespace with Zarf-managed labels -func NewZarfManagedNamespace(name string) *v1ac.NamespaceApplyConfiguration { +// NewZarfManagedApplyNamespace returns a v1ac.NamespaceApplyConfiguration with Zarf-managed labels +func NewZarfManagedApplyNamespace(name string) *v1ac.NamespaceApplyConfiguration { return v1ac.Namespace(name).WithLabels(AdoptZarfManagedLabels(nil)) } +// NewZarfManagedNamespace returns a corev1.Namespace with Zarf-managed labels +func NewZarfManagedNamespace(name string) *corev1.Namespace { + namespace := &corev1.Namespace{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1.SchemeGroupVersion.String(), + Kind: "Namespace", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + } + namespace.Labels = AdoptZarfManagedLabels(namespace.Labels) + return namespace +} + // AdoptZarfManagedLabels adds & deletes the necessary labels that signal to Zarf it should manage a namespace func AdoptZarfManagedLabels(labels map[string]string) map[string]string { if labels == nil { diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index 65494fadd4..d3c3da1e25 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -109,7 +109,7 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO // Try to create the zarf namespace. spinner.Updatef("Creating the Zarf namespace") - zarfNamespace := NewZarfManagedNamespace(ZarfNamespaceName) + zarfNamespace := NewZarfManagedApplyNamespace(ZarfNamespaceName) _, err = c.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{FieldManager: "zarf", Force: true}) if err != nil { return fmt.Errorf("unable to apply the Zarf namespace: %w", err) diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index c4dbb1b61f..da2aa133cb 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -475,7 +475,7 @@ func (p *Packager) setupState(ctx context.Context) error { // Try to create the zarf namespace spinner.Updatef("Creating the Zarf namespace") - zarfNamespace := cluster.NewZarfManagedNamespace(cluster.ZarfNamespaceName) + zarfNamespace := cluster.NewZarfManagedApplyNamespace(cluster.ZarfNamespaceName) _, err = p.cluster.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { return fmt.Errorf("unable to create the Zarf namespace: %w", err) From 75438332af7185e4e5c5573eda87ccd226674de4 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 24 Oct 2024 16:52:30 +0000 Subject: [PATCH 25/33] create->apply Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 142be6b581..b02d648ca6 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -168,7 +168,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { gitServerSecret := c.GenerateGitPullCreds(name, config.ZarfGitServerSecretName, r.state.GitServer) _, err = c.Clientset.CoreV1().Secrets(*gitServerSecret.Namespace).Apply(ctx, gitServerSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { - message.WarnErrf(err, "Problem creating git server secret for the %s namespace", name) + message.WarnErrf(err, "Problem applying git server secret for the %s namespace", name) } } return nil From e8254320bb0f6be4d7f34c9d087d020f18d299a5 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 24 Oct 2024 17:00:40 +0000 Subject: [PATCH 26/33] newline Signed-off-by: Austin Abro --- src/pkg/cluster/injector.go | 1 - 1 file changed, 1 deletion(-) diff --git a/src/pkg/cluster/injector.go b/src/pkg/cluster/injector.go index 021110c586..54fe419e6c 100644 --- a/src/pkg/cluster/injector.go +++ b/src/pkg/cluster/injector.go @@ -88,7 +88,6 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, if err != nil { return err } - // TODO: Remove use of passing data through global variables. config.ZarfSeedPort = fmt.Sprintf("%d", svc.Spec.Ports[0].NodePort) From aa8c22bfb53cf22b28f404daec85477f5978d882 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 24 Oct 2024 17:02:20 +0000 Subject: [PATCH 27/33] consistent creation Signed-off-by: Austin Abro --- src/pkg/cluster/state.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index d3c3da1e25..15f517c1d5 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -243,11 +243,10 @@ func (c *Cluster) SaveZarfState(ctx context.Context, state *types.ZarfState) err if err != nil { return err } - zarfStateLabels := map[string]string{ - ZarfManagedByLabel: "zarf", - } secret := v1ac.Secret(ZarfStateSecretName, ZarfNamespaceName). - WithLabels(zarfStateLabels). + WithLabels(map[string]string{ + ZarfManagedByLabel: "zarf", + }). WithType(corev1.SecretTypeOpaque). WithData(map[string][]byte{ ZarfStateDataKey: data, From dc8bc71b87656bee9e96b4998c9704b391d417fe Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Thu, 24 Oct 2024 17:05:40 +0000 Subject: [PATCH 28/33] verbiage Signed-off-by: Austin Abro --- src/pkg/packager/deploy.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index da2aa133cb..7ee8aba0ba 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -473,12 +473,11 @@ func (p *Packager) setupState(ctx context.Context) error { // YOLO mode, so minimal state needed state.Distro = "YOLO" - // Try to create the zarf namespace spinner.Updatef("Creating the Zarf namespace") zarfNamespace := cluster.NewZarfManagedApplyNamespace(cluster.ZarfNamespaceName) _, err = p.cluster.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) if err != nil { - return fmt.Errorf("unable to create the Zarf namespace: %w", err) + return fmt.Errorf("unable to apply the Zarf namespace: %w", err) } } From a00784d67210be9752485749d5d63dbf0729bee6 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 1 Nov 2024 16:40:15 +0000 Subject: [PATCH 29/33] field manager name Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 4 ++-- src/pkg/cluster/cluster.go | 2 ++ src/pkg/cluster/injector.go | 8 ++++---- src/pkg/cluster/secrets.go | 4 ++-- src/pkg/cluster/state.go | 4 ++-- src/pkg/cluster/zarf.go | 4 ++-- src/pkg/packager/deploy.go | 4 ++-- src/pkg/packager/remove.go | 2 +- 8 files changed, 17 insertions(+), 15 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 0fb3e19fd9..c18a3d4fe4 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -163,14 +163,14 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { if err != nil { return err } - _, err = c.Clientset.CoreV1().Secrets(*validRegistrySecret.Namespace).Apply(ctx, validRegistrySecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = c.Clientset.CoreV1().Secrets(*validRegistrySecret.Namespace).Apply(ctx, validRegistrySecret, metav1.ApplyOptions{Force: true, FieldManager: cluster.FieldManagerName}) if err != nil { message.WarnErrf(err, "Problem creating registry secret for the %s namespace", name) l.Warn("problem creating registry secret", "namespace", name, "error", err.Error()) } gitServerSecret := c.GenerateGitPullCreds(name, config.ZarfGitServerSecretName, r.state.GitServer) - _, err = c.Clientset.CoreV1().Secrets(*gitServerSecret.Namespace).Apply(ctx, gitServerSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = c.Clientset.CoreV1().Secrets(*gitServerSecret.Namespace).Apply(ctx, gitServerSecret, metav1.ApplyOptions{Force: true, FieldManager: cluster.FieldManagerName}) if err != nil { message.WarnErrf(err, "Problem creating git server secret for the %s namespace", name) l.Warn("problem creating git server secret", "namespace", name, "error", err.Error()) diff --git a/src/pkg/cluster/cluster.go b/src/pkg/cluster/cluster.go index 4686deed76..463a97d7e2 100644 --- a/src/pkg/cluster/cluster.go +++ b/src/pkg/cluster/cluster.go @@ -30,6 +30,8 @@ const ( DefaultTimeout = 30 * time.Second // AgentLabel is used to give instructions to the Zarf agent AgentLabel = "zarf.dev/agent" + // FieldManagerName is the field manager used during server side apply + FieldManagerName = "zarf" ) // Cluster Zarf specific cluster management functions. diff --git a/src/pkg/cluster/injector.go b/src/pkg/cluster/injector.go index 54fe419e6c..03d49615d8 100644 --- a/src/pkg/cluster/injector.go +++ b/src/pkg/cluster/injector.go @@ -71,7 +71,7 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, WithBinaryData(map[string][]byte{ "zarf-injector": b, }) - _, err = c.Clientset.CoreV1().ConfigMaps(*cm.Namespace).Apply(ctx, cm, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = c.Clientset.CoreV1().ConfigMaps(*cm.Namespace).Apply(ctx, cm, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { return err } @@ -84,7 +84,7 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, ).WithSelector(map[string]string{ "app": "zarf-injector", })) - svc, err := c.Clientset.CoreV1().Services(*svcAc.Namespace).Apply(ctx, svcAc, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + svc, err := c.Clientset.CoreV1().Services(*svcAc.Namespace).Apply(ctx, svcAc, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { return err } @@ -92,7 +92,7 @@ func (c *Cluster) StartInjection(ctx context.Context, tmpDir, imagesDir string, config.ZarfSeedPort = fmt.Sprintf("%d", svc.Spec.Ports[0].NodePort) pod := buildInjectionPod(injectorNodeName, injectorImage, payloadCmNames, shasum, resReq) - _, err = c.Clientset.CoreV1().Pods(*pod.Namespace).Apply(ctx, pod, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = c.Clientset.CoreV1().Pods(*pod.Namespace).Apply(ctx, pod, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { return fmt.Errorf("error creating pod in cluster: %w", err) } @@ -231,7 +231,7 @@ func (c *Cluster) createPayloadConfigMaps(ctx context.Context, spinner *message. WithBinaryData(map[string][]byte{ fileName: data, }) - _, err = c.Clientset.CoreV1().ConfigMaps(ZarfNamespaceName).Apply(ctx, cm, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = c.Clientset.CoreV1().ConfigMaps(ZarfNamespaceName).Apply(ctx, cm, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { return nil, "", err } diff --git a/src/pkg/cluster/secrets.go b/src/pkg/cluster/secrets.go index 2e1a0c1234..05747f5aef 100644 --- a/src/pkg/cluster/secrets.go +++ b/src/pkg/cluster/secrets.go @@ -123,7 +123,7 @@ func (c *Cluster) UpdateZarfManagedImageSecrets(ctx context.Context, state *type continue } spinner.Updatef("Updating existing Zarf-managed image secret for namespace: '%s'", namespace.Name) - _, err = c.Clientset.CoreV1().Secrets(*newRegistrySecret.Namespace).Apply(ctx, newRegistrySecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = c.Clientset.CoreV1().Secrets(*newRegistrySecret.Namespace).Apply(ctx, newRegistrySecret, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { return err } @@ -159,7 +159,7 @@ func (c *Cluster) UpdateZarfManagedGitSecrets(ctx context.Context, state *types. continue } spinner.Updatef("Updating existing Zarf-managed git secret for namespace: %s", namespace.Name) - _, err = c.Clientset.CoreV1().Secrets(*newGitSecret.Namespace).Apply(ctx, newGitSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = c.Clientset.CoreV1().Secrets(*newGitSecret.Namespace).Apply(ctx, newGitSecret, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { return err } diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index 248b0aa177..1c16734e81 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -111,7 +111,7 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO // Try to create the zarf namespace. spinner.Updatef("Creating the Zarf namespace") zarfNamespace := NewZarfManagedApplyNamespace(ZarfNamespaceName) - _, err = c.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{FieldManager: "zarf", Force: true}) + _, err = c.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{FieldManager: FieldManagerName, Force: true}) if err != nil { return fmt.Errorf("unable to apply the Zarf namespace: %w", err) } @@ -254,7 +254,7 @@ func (c *Cluster) SaveZarfState(ctx context.Context, state *types.ZarfState) err ZarfStateDataKey: data, }) - _, err = c.Clientset.CoreV1().Secrets(*secret.Namespace).Apply(ctx, secret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = c.Clientset.CoreV1().Secrets(*secret.Namespace).Apply(ctx, secret, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { return fmt.Errorf("unable to apply the zarf state secret: %w", err) } diff --git a/src/pkg/cluster/zarf.go b/src/pkg/cluster/zarf.go index a9d371c0ce..29e818b140 100644 --- a/src/pkg/cluster/zarf.go +++ b/src/pkg/cluster/zarf.go @@ -89,7 +89,7 @@ func (c *Cluster) UpdateDeployedPackage(ctx context.Context, depPkg types.Deploy }).WithData(map[string][]byte{ "data": packageSecretData, }).WithType(corev1.SecretTypeOpaque) - _, err = c.Clientset.CoreV1().Secrets(*packageSecret.Namespace).Apply(ctx, packageSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = c.Clientset.CoreV1().Secrets(*packageSecret.Namespace).Apply(ctx, packageSecret, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { return fmt.Errorf("unable to apply the deployed package secret: %w", err) } @@ -191,7 +191,7 @@ func (c *Cluster) RecordPackageDeployment(ctx context.Context, pkg v1alpha1.Zarf WithData(map[string][]byte{ "data": packageData, }) - updatedSecret, err := c.Clientset.CoreV1().Secrets(*deployedPackageSecret.Namespace).Apply(ctx, deployedPackageSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + updatedSecret, err := c.Clientset.CoreV1().Secrets(*deployedPackageSecret.Namespace).Apply(ctx, deployedPackageSecret, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { return nil, fmt.Errorf("failed to record package deployment in secret '%s': %w", *deployedPackageSecret.Name, err) } diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 77ea7b4e63..576926d617 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -509,7 +509,7 @@ func (p *Packager) setupState(ctx context.Context) error { spinner.Updatef("Creating the Zarf namespace") l.Info("creating the Zarf namespace") zarfNamespace := cluster.NewZarfManagedApplyNamespace(cluster.ZarfNamespaceName) - _, err = p.cluster.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = p.cluster.Clientset.CoreV1().Namespaces().Apply(ctx, zarfNamespace, metav1.ApplyOptions{Force: true, FieldManager: cluster.FieldManagerName}) if err != nil { return fmt.Errorf("unable to apply the Zarf namespace: %w", err) } @@ -753,7 +753,7 @@ func (p *Packager) installChartAndManifests(ctx context.Context, componentPaths connectStrings, installedChartName, err := helmCfg.InstallOrUpgradeChart(ctx) if err != nil { return nil, err - } + } installedCharts = append(installedCharts, types.InstalledChart{Namespace: manifest.Namespace, ChartName: installedChartName, ConnectStrings: connectStrings}) } diff --git a/src/pkg/packager/remove.go b/src/pkg/packager/remove.go index 7387a84316..68e72df76d 100644 --- a/src/pkg/packager/remove.go +++ b/src/pkg/packager/remove.go @@ -126,7 +126,7 @@ func (p *Packager) updatePackageSecret(ctx context.Context, deployedPackage type "data": newPackageSecretData, }) - _, err = p.cluster.Clientset.CoreV1().Secrets(*newPackageSecret.Namespace).Apply(ctx, newPackageSecret, metav1.ApplyOptions{Force: true, FieldManager: "zarf"}) + _, err = p.cluster.Clientset.CoreV1().Secrets(*newPackageSecret.Namespace).Apply(ctx, newPackageSecret, metav1.ApplyOptions{Force: true, FieldManager: cluster.FieldManagerName}) // We warn and ignore errors because we may have removed the cluster that this package was inside of if err != nil { message.Warnf("Unable to apply the '%s' package secret: '%s' (this may be normal if the cluster was removed)", secretName, err.Error()) From c15887e40a676a573bfb47b83de7518d0648e586 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 1 Nov 2024 16:43:36 +0000 Subject: [PATCH 30/33] no nil needed Signed-off-by: Austin Abro --- src/pkg/cluster/secrets_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/src/pkg/cluster/secrets_test.go b/src/pkg/cluster/secrets_test.go index 518a84f0c5..40ecce94fa 100644 --- a/src/pkg/cluster/secrets_test.go +++ b/src/pkg/cluster/secrets_test.go @@ -192,7 +192,6 @@ func TestUpdateZarfManagedSecrets(t *testing.T) { }, }, Type: corev1.SecretTypeOpaque, - Data: nil, StringData: map[string]string{ "username": state.GitServer.PullUsername, "password": state.GitServer.PullPassword, From e1ff23f6d5ec68a26bae95acbe27307c714c49d6 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 1 Nov 2024 17:37:59 +0000 Subject: [PATCH 31/33] remove maps equal logic Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 6 ++---- src/pkg/cluster/secrets.go | 8 -------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index c18a3d4fe4..a87f7a5ca1 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -165,15 +165,13 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { } _, err = c.Clientset.CoreV1().Secrets(*validRegistrySecret.Namespace).Apply(ctx, validRegistrySecret, metav1.ApplyOptions{Force: true, FieldManager: cluster.FieldManagerName}) if err != nil { - message.WarnErrf(err, "Problem creating registry secret for the %s namespace", name) - l.Warn("problem creating registry secret", "namespace", name, "error", err.Error()) + return fmt.Errorf("problem applying registry secret for the %s namespace: %w", name, err) } gitServerSecret := c.GenerateGitPullCreds(name, config.ZarfGitServerSecretName, r.state.GitServer) _, err = c.Clientset.CoreV1().Secrets(*gitServerSecret.Namespace).Apply(ctx, gitServerSecret, metav1.ApplyOptions{Force: true, FieldManager: cluster.FieldManagerName}) if err != nil { - message.WarnErrf(err, "Problem creating git server secret for the %s namespace", name) - l.Warn("problem creating git server secret", "namespace", name, "error", err.Error()) + return fmt.Errorf("problem applying git server secret for the %s namespace: %w", name, err) } } return nil diff --git a/src/pkg/cluster/secrets.go b/src/pkg/cluster/secrets.go index 05747f5aef..aa49d00c9e 100644 --- a/src/pkg/cluster/secrets.go +++ b/src/pkg/cluster/secrets.go @@ -5,12 +5,10 @@ package cluster import ( - "bytes" "context" "encoding/base64" "encoding/json" "fmt" - "maps" corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" @@ -119,9 +117,6 @@ func (c *Cluster) UpdateZarfManagedImageSecrets(ctx context.Context, state *type if err != nil { return err } - if maps.EqualFunc(currentRegistrySecret.Data, newRegistrySecret.Data, func(v1, v2 []byte) bool { return bytes.Equal(v1, v2) }) { - continue - } spinner.Updatef("Updating existing Zarf-managed image secret for namespace: '%s'", namespace.Name) _, err = c.Clientset.CoreV1().Secrets(*newRegistrySecret.Namespace).Apply(ctx, newRegistrySecret, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { @@ -155,9 +150,6 @@ func (c *Cluster) UpdateZarfManagedGitSecrets(ctx context.Context, state *types. continue } newGitSecret := c.GenerateGitPullCreds(namespace.Name, config.ZarfGitServerSecretName, state.GitServer) - if maps.Equal(currentGitSecret.StringData, newGitSecret.StringData) { - continue - } spinner.Updatef("Updating existing Zarf-managed git secret for namespace: %s", namespace.Name) _, err = c.Clientset.CoreV1().Secrets(*newGitSecret.Namespace).Apply(ctx, newGitSecret, metav1.ApplyOptions{Force: true, FieldManager: FieldManagerName}) if err != nil { From ac86e82f2f12f4b963dab940516a97404a2a05cc Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Fri, 1 Nov 2024 17:43:55 +0000 Subject: [PATCH 32/33] newline Signed-off-by: Austin Abro --- src/internal/packager/helm/post-render.go | 1 - 1 file changed, 1 deletion(-) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index a87f7a5ca1..fc5c93cb75 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -167,7 +167,6 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { if err != nil { return fmt.Errorf("problem applying registry secret for the %s namespace: %w", name, err) } - gitServerSecret := c.GenerateGitPullCreds(name, config.ZarfGitServerSecretName, r.state.GitServer) _, err = c.Clientset.CoreV1().Secrets(*gitServerSecret.Namespace).Apply(ctx, gitServerSecret, metav1.ApplyOptions{Force: true, FieldManager: cluster.FieldManagerName}) if err != nil { From 20f106970837e6dac89a7b81c857a956a85511a0 Mon Sep 17 00:00:00 2001 From: Austin Abro Date: Tue, 5 Nov 2024 18:00:14 +0000 Subject: [PATCH 33/33] spinner Signed-off-by: Austin Abro --- src/pkg/cluster/state.go | 1 - 1 file changed, 1 deletion(-) diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index 5990ef66a9..551856db25 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -97,7 +97,6 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO if namespace.Name == "zarf" { continue } - spinner.Updatef("Marking existing namespace %s as ignored by Zarf Agent", namespace.Name) l.Debug("marking namespace as ignored by Zarf Agent", "name", namespace.Name) if namespace.Labels == nil {