Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add kubeconfig flags #593

Merged
merged 4 commits into from
Apr 1, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .github/workflows/e2e.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,6 @@ jobs:
uses: fluxcd/pkg/actions/kubectl@main
with:
version: 1.21.2
- name: Setup SOPS
uses: fluxcd/pkg/actions/sops@main
- name: Enable integration tests
# Only run integration tests for main branch
if: github.ref == 'refs/heads/main'
Expand Down
1 change: 1 addition & 0 deletions DEVELOPMENT.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ In addition to the above, the following dependencies are also used by some of th
- `controller-gen` (v0.7.0)
- `gen-crd-api-reference-docs` (v0.3.0)
- `setup-envtest` (latest)
- `sops` (v3.7.2)

If any of the above dependencies are not present on your system, the first invocation of a `make` target that requires them will install them.

Expand Down
38 changes: 25 additions & 13 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,20 @@ IMG ?= fluxcd/kustomize-controller:latest
CRD_OPTIONS ?= crd:crdVersions=v1
SOURCE_VER ?= v0.22.3

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
# Use the same version of SOPS already referenced on go.mod
SOPS_VER := $(shell go list -m all | grep go.mozilla.org/sops | awk '{print $$2}')

# Repository root based on Git metadata
REPOSITORY_ROOT := $(shell git rev-parse --show-toplevel)
BUILD_DIR := $(REPOSITORY_ROOT)/build

# If gobin not set, create one on ./build and add to path.
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
GOBIN=$(BUILD_DIR)/gobin
else
GOBIN=$(shell go env GOBIN)
endif
export PATH:=$(GOBIN):${PATH}

# Allows for defining additional Go test args, e.g. '-tags integration'.
GO_TEST_ARGS ?=
Expand All @@ -25,20 +33,24 @@ ENVTEST_ARCH ?= amd64
all: manager

# Download the envtest binaries to testbin
ENVTEST_ASSETS_DIR=$(shell pwd)/build/testbin
ENVTEST_ASSETS_DIR=$(BUILD_DIR)/testbin
ENVTEST_KUBERNETES_VERSION?=latest
install-envtest: setup-envtest
mkdir -p ${ENVTEST_ASSETS_DIR}
$(ENVTEST) use $(ENVTEST_KUBERNETES_VERSION) --arch=$(ENVTEST_ARCH) --bin-dir=$(ENVTEST_ASSETS_DIR)

SOPS = $(GOBIN)/sops
$(SOPS): ## Download latest sops binary if none is found.
$(call go-install-tool,$(SOPS),go.mozilla.org/sops/v3/cmd/sops@$(SOPS_VER))

# Run controller tests
KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_KUBERNETES_VERSION) --bin-dir=$(ENVTEST_ASSETS_DIR) -p path)"
test: tidy generate fmt vet manifests api-docs download-crd-deps install-envtest
test: tidy generate fmt vet manifests api-docs download-crd-deps install-envtest $(SOPS)
KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) go test ./... $(GO_TEST_ARGS) -v -coverprofile cover.out

# Build manager binary
manager: generate fmt vet
go build -o bin/manager main.go
go build -o $(BUILD_DIR)/bin/manager main.go

# Run against the configured Kubernetes cluster in ~/.kube/config
run: generate fmt vet manifests
Expand Down Expand Up @@ -120,18 +132,18 @@ docker-deploy:
kubectl -n flux-system set image deployment/kustomize-controller manager=${IMG}

# Find or download controller-gen
CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
CONTROLLER_GEN = $(GOBIN)/controller-gen
.PHONY: controller-gen
controller-gen: ## Download controller-gen locally if necessary.
$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0)

# Find or download gen-crd-api-reference-docs
GEN_CRD_API_REFERENCE_DOCS = $(shell pwd)/bin/gen-crd-api-reference-docs
GEN_CRD_API_REFERENCE_DOCS = $(GOBIN)/gen-crd-api-reference-docs
.PHONY: gen-crd-api-reference-docs
gen-crd-api-reference-docs:
$(call go-install-tool,$(GEN_CRD_API_REFERENCE_DOCS),github.com/ahmetb/gen-crd-api-reference-docs@v0.3.0)

ENVTEST = $(shell pwd)/bin/setup-envtest
ENVTEST = $(GOBIN)/setup-envtest
.PHONY: envtest
setup-envtest: ## Download envtest-setup locally if necessary.
$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
Expand All @@ -145,26 +157,26 @@ TMP_DIR=$$(mktemp -d) ;\
cd $$TMP_DIR ;\
go mod init tmp ;\
echo "Downloading $(2)" ;\
GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
GOBIN=$(GOBIN) go install $(2) ;\
rm -rf $$TMP_DIR ;\
}
endef

# Build fuzzers
fuzz-build:
rm -rf $(shell pwd)/build/fuzz/
mkdir -p $(shell pwd)/build/fuzz/out/
rm -rf $(BUILD_DIR)/fuzz/
mkdir -p $(BUILD_DIR)/fuzz/out/

docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
docker run --rm \
-e FUZZING_LANGUAGE=go -e SANITIZER=address \
-e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \
-v "$(shell pwd)/build/fuzz/out":/out \
-v "$(BUILD_DIR)/fuzz/out":/out \
local-fuzzing:latest

fuzz-smoketest: fuzz-build
docker run --rm \
-v "$(shell pwd)/build/fuzz/out":/out \
-v "$(BUILD_DIR)/fuzz/out":/out \
-v "$(shell pwd)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \
local-fuzzing:latest \
bash -c "/runner.sh"
6 changes: 4 additions & 2 deletions controllers/kustomization_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ import (
apiacl "github.com/fluxcd/pkg/apis/acl"
"github.com/fluxcd/pkg/apis/meta"
"github.com/fluxcd/pkg/runtime/acl"
runtimeClient "github.com/fluxcd/pkg/runtime/client"
"github.com/fluxcd/pkg/runtime/events"
"github.com/fluxcd/pkg/runtime/metrics"
"github.com/fluxcd/pkg/runtime/predicates"
Expand Down Expand Up @@ -88,6 +89,7 @@ type KustomizationReconciler struct {
statusManager string
NoCrossNamespaceRefs bool
DefaultServiceAccount string
KubeConfigOpts runtimeClient.KubeConfigOptions
}

// KustomizationReconcilerOptions contains options for the KustomizationReconciler.
Expand Down Expand Up @@ -343,7 +345,7 @@ func (r *KustomizationReconciler) reconcile(
}

// setup the Kubernetes client for impersonation
impersonation := NewKustomizeImpersonation(kustomization, r.Client, r.StatusPoller, r.DefaultServiceAccount)
impersonation := NewKustomizeImpersonation(kustomization, r.Client, r.StatusPoller, r.DefaultServiceAccount, r.KubeConfigOpts)
kubeClient, statusPoller, err := impersonation.GetClient(ctx)
if err != nil {
return kustomizev1.KustomizationNotReady(
Expand Down Expand Up @@ -926,7 +928,7 @@ func (r *KustomizationReconciler) finalize(ctx context.Context, kustomization ku
kustomization.Status.Inventory.Entries != nil {
objects, _ := ListObjectsInInventory(kustomization.Status.Inventory)

impersonation := NewKustomizeImpersonation(kustomization, r.Client, r.StatusPoller, r.DefaultServiceAccount)
impersonation := NewKustomizeImpersonation(kustomization, r.Client, r.StatusPoller, r.DefaultServiceAccount, r.KubeConfigOpts)
if impersonation.CanFinalize(ctx) {
kubeClient, _, err := impersonation.GetClient(ctx)
if err != nil {
Expand Down
9 changes: 8 additions & 1 deletion controllers/kustomization_impersonation.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client/config"

kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"

runtimeClient "github.com/fluxcd/pkg/runtime/client"
)

// KustomizeImpersonation holds the state for impersonating a service account.
Expand All @@ -39,19 +41,22 @@ type KustomizeImpersonation struct {
kustomization kustomizev1.Kustomization
statusPoller *polling.StatusPoller
defaultServiceAccount string
kubeConfigOpts runtimeClient.KubeConfigOptions
}

// NewKustomizeImpersonation creates a new KustomizeImpersonation.
func NewKustomizeImpersonation(
kustomization kustomizev1.Kustomization,
kubeClient client.Client,
statusPoller *polling.StatusPoller,
defaultServiceAccount string) *KustomizeImpersonation {
defaultServiceAccount string,
kubeConfigOpts runtimeClient.KubeConfigOptions) *KustomizeImpersonation {
return &KustomizeImpersonation{
defaultServiceAccount: defaultServiceAccount,
kustomization: kustomization,
statusPoller: statusPoller,
Client: kubeClient,
kubeConfigOpts: kubeConfigOpts,
}
}

Expand Down Expand Up @@ -141,6 +146,8 @@ func (ki *KustomizeImpersonation) clientForKubeConfig(ctx context.Context) (clie
if err != nil {
return nil, nil, err
}

restConfig = runtimeClient.KubeConfig(restConfig, ki.kubeConfigOpts)
ki.setImpersonationConfig(restConfig)

restMapper, err := apiutil.NewDynamicRESTMapper(restConfig)
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ require (
github.com/fluxcd/pkg/apis/acl v0.0.3
github.com/fluxcd/pkg/apis/kustomize v0.3.2
github.com/fluxcd/pkg/apis/meta v0.12.1
github.com/fluxcd/pkg/runtime v0.13.2
github.com/fluxcd/pkg/runtime v0.13.3
github.com/fluxcd/pkg/ssa v0.15.1
github.com/fluxcd/pkg/testserver v0.2.0
github.com/fluxcd/pkg/untar v0.1.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -278,8 +278,8 @@ github.com/fluxcd/pkg/apis/kustomize v0.3.2 h1:ULoAwOOekHf5cy6mYIwL+K6v8/cfcNVVb
github.com/fluxcd/pkg/apis/kustomize v0.3.2/go.mod h1:p8iAH5TeqMBnnxkkpCNNDvWYfKlNRx89a6WKOo+hJHA=
github.com/fluxcd/pkg/apis/meta v0.12.1 h1:m5PfKAqbqWBvGp9+JRj1sv+xNkGsHwUVf+3rJ8wm6SE=
github.com/fluxcd/pkg/apis/meta v0.12.1/go.mod h1:f8YVt70/KAhqzZ7xxhjvqyzKubOYx2pAbakb/FfCEg8=
github.com/fluxcd/pkg/runtime v0.13.2 h1:6jkQQUbp17WxHsbozlJFCvHmOS4JIB+yB20CdCd8duE=
github.com/fluxcd/pkg/runtime v0.13.2/go.mod h1:dzWNKqFzFXeittbpFcJzR3cdC9CWlbzw+pNOgaVvF/0=
github.com/fluxcd/pkg/runtime v0.13.3 h1:k0Xun+RoEC/F6iuAPTA6rQb+I4B4oecBx6pOcodX11A=
github.com/fluxcd/pkg/runtime v0.13.3/go.mod h1:dzWNKqFzFXeittbpFcJzR3cdC9CWlbzw+pNOgaVvF/0=
github.com/fluxcd/pkg/ssa v0.15.1 h1:HXAT+K6c9Yy8Evxdyk3DU0KTk3yZ+fwgTEEzU1W/1V8=
github.com/fluxcd/pkg/ssa v0.15.1/go.mod h1:OSXVu/uKPbhzBRljA359+WYxbXtMUNbkADlrS3Rm+gE=
github.com/fluxcd/pkg/testserver v0.2.0 h1:Mj0TapmKaywI6Fi5wvt1LAZpakUHmtzWQpJNKQ0Krt4=
Expand Down
3 changes: 2 additions & 1 deletion internal/sops/azkv/keysource_integration_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
// +tag integration
//go:build integration
// +build integration

/*
Copyright 2022 The Flux authors
Expand Down
3 changes: 3 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ func main() {
concurrent int
requeueDependency time.Duration
clientOptions client.Options
kubeConfigOpts client.KubeConfigOptions
logOptions logger.Options
leaderElectionOptions leaderelection.Options
aclOptions acl.Options
Expand All @@ -89,6 +90,7 @@ func main() {
logOptions.BindFlags(flag.CommandLine)
leaderElectionOptions.BindFlags(flag.CommandLine)
aclOptions.BindFlags(flag.CommandLine)
kubeConfigOpts.BindFlags(flag.CommandLine)
flag.Parse()

ctrl.SetLogger(logger.NewLogger(logOptions))
Expand Down Expand Up @@ -139,6 +141,7 @@ func main() {
MetricsRecorder: metricsRecorder,
StatusPoller: polling.NewStatusPoller(mgr.GetClient(), mgr.GetRESTMapper(), polling.Options{}),
NoCrossNamespaceRefs: aclOptions.NoCrossNamespaceRefs,
KubeConfigOpts: kubeConfigOpts,
}).SetupWithManager(mgr, controllers.KustomizationReconcilerOptions{
MaxConcurrentReconciles: concurrent,
DependencyRequeueInterval: requeueDependency,
Expand Down