Merge branch 'main' into chore/upgrade-controller-runtime

kyma-project · May 6, 2024 · ea4e8a6 · ea4e8a6
2 parents 4a63741 + d1ae7a8
commit ea4e8a6
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 69 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 # Build the manager binary
 FROM golang:1.22.2-alpine as builder
 
-WORKDIR /workspace
+WORKDIR /lifecycle-manager
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
@@ -11,6 +11,9 @@ COPY cmd cmd/
 COPY api api/
 COPY internal internal/
 COPY pkg pkg/
+COPY skr-webhook skr-webhook/
+RUN chmod 755 skr-webhook/
+
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download
@@ -21,12 +24,15 @@ ARG TAG_default_tag=from_dockerfile
 
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-X 'main.buildVersion=${TAG_default_tag}'" -a -o manager cmd/main.go
 
+
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
-COPY skr-webhook skr-webhook/
-COPY --from=builder /workspace/manager .
+
+COPY --chown=65532:65532 --from=builder /lifecycle-manager/manager .
+COPY --chown=65532:65532 --from=builder /lifecycle-manager/skr-webhook skr-webhook/
+
 USER 65532:65532
 
 ENTRYPOINT ["/manager"]
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ replace github.com/kyma-project/lifecycle-manager/api => ./api
 
 require (
 	github.com/Masterminds/semver/v3 v3.2.1
-	github.com/cert-manager/cert-manager v1.14.4
+	github.com/cert-manager/cert-manager v1.14.5
 	github.com/go-logr/logr v1.4.1
 	github.com/go-logr/zapr v1.3.0
 	github.com/golang/mock v1.6.0
@@ -30,7 +30,7 @@ require (
 
 require (
 	istio.io/api v1.21.2
-	istio.io/client-go v1.21.1
+	istio.io/client-go v1.21.2
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -209,8 +209,8 @@ github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cert-manager/cert-manager v1.14.4 h1:DLXIZHx3jhkViYfobXo+N7/od/oj4YgG6AJw4ORJnYs=
-github.com/cert-manager/cert-manager v1.14.4/go.mod h1:d+CBeRu5MbpHTfXkkiiamUhnfdvhbThoOPwilU4UM98=
+github.com/cert-manager/cert-manager v1.14.5 h1:uuM1O2g2S80nxiH3eW2cZYMGiL2zmDFVdAzg8sibWuc=
+github.com/cert-manager/cert-manager v1.14.5/go.mod h1:fmr/cU5jiLxWj69CroDggSOa49RljUK+dU583TaQUXM=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4=
@@ -1181,8 +1181,8 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 istio.io/api v1.21.2 h1:rnMcWXez7JIpfQjhYQMCkSGoie9U0hCq9lFEo2jP11w=
 istio.io/api v1.21.2/go.mod h1:TFCMUCAHRjxBv1CsIsFCsYHPHi4axVI4vdIzVr8eFjY=
-istio.io/client-go v1.21.1 h1:gAZCeG4pV2o2L6WaD/MLruNB+tBxa+Y21BuRJmFYlAI=
-istio.io/client-go v1.21.1/go.mod h1:mqwsapfu4b1FG47puY9H8y4+ga1+d+hxfdosNQ1HclY=
+istio.io/client-go v1.21.2 h1:8uS4hUj7LaK2XRmflJuRGtNsPh64abzE9DjAYUSvlyM=
+istio.io/client-go v1.21.2/go.mod h1:mqwsapfu4b1FG47puY9H8y4+ga1+d+hxfdosNQ1HclY=
 k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA=
 k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE=
 k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs=

diff --git a/internal/controller/kyma_controller.go b/internal/controller/kyma_controller.go
@@ -51,18 +51,15 @@ import (
 
 type (
 	EventReasonError string
-	EventReasonInfo  string
 )
 
 var ErrManifestsStillExist = errors.New("manifests still exist")
 
 const (
 	moduleReconciliationError EventReasonError = "ModuleReconciliationError"
-	syncContextError          EventReasonError = "SyncContextError"
 	metricsError              EventReasonError = "MetricsError"
-	deletionError             EventReasonError = "DeletionError"
-	updateStatus              EventReasonInfo  = "StatusUpdate"
-	webhookChartRemoval       EventReasonInfo  = "WebhookChartRemoval"
+	updateSpecError           EventReasonError = "UpdateSpecError"
+	updateStatusError         EventReasonError = "UpdateStatusError"
 )
 
 type KymaReconciler struct {
@@ -137,12 +134,11 @@ func (r *KymaReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.
 	if apierrors.IsUnauthorized(err) {
 		r.deleteRemoteClientCache(ctx, kyma)
 		r.Metrics.RecordRequeueReason(metrics.KymaUnauthorized, queue.UnexpectedRequeue)
-		return ctrl.Result{Requeue: true}, r.updateStatusWithError(ctx, kyma, err)
+		return r.requeueWithError(ctx, kyma, err)
 	}
 
 	if err != nil {
 		r.deleteRemoteClientCache(ctx, kyma)
-		r.enqueueWarningEvent(kyma, syncContextError, err)
 		r.Metrics.RecordRequeueReason(metrics.SyncContextRetrieval, queue.UnexpectedRequeue)
 		return r.requeueWithError(ctx, kyma, err)
 	}
@@ -264,22 +260,13 @@ func (r *KymaReconciler) deleteRemoteKyma(ctx context.Context, kyma *v1beta2.Kym
 }
 
 func (r *KymaReconciler) requeueWithError(ctx context.Context, kyma *v1beta2.Kyma, err error) (ctrl.Result, error) {
-	updateErr := r.updateStatusWithError(ctx, kyma, err)
-	if updateErr == nil {
-		r.enqueueWarningEvent(kyma, moduleReconciliationError, err)
-	}
-
-	return ctrl.Result{Requeue: true}, updateErr
+	return ctrl.Result{Requeue: true}, r.updateStatusWithError(ctx, kyma, err)
 }
 
 func (r *KymaReconciler) enqueueWarningEvent(kyma *v1beta2.Kyma, reason EventReasonError, err error) {
 	r.Event(kyma, "Warning", string(reason), err.Error())
 }
 
-func (r *KymaReconciler) enqueueNormalEvent(kyma *v1beta2.Kyma, reason EventReasonInfo, message string) {
-	r.Event(kyma, "Normal", string(reason), message)
-}
-
 func (r *KymaReconciler) fetchRemoteKyma(ctx context.Context, controlPlaneKyma *v1beta2.Kyma) (*v1beta2.Kyma, error) {
 	syncContext, err := remote.SyncContextFromContext(ctx)
 	if err != nil {
@@ -350,12 +337,10 @@ func (r *KymaReconciler) processKymaState(ctx context.Context, kyma *v1beta2.Kym
 }
 
 func (r *KymaReconciler) handleInitialState(ctx context.Context, kyma *v1beta2.Kyma) (ctrl.Result, error) {
-	const msg = "started processing"
-	if err := r.updateStatus(ctx, kyma, shared.StateProcessing, msg); err != nil {
+	if err := r.updateStatus(ctx, kyma, shared.StateProcessing, "started processing"); err != nil {
 		r.Metrics.RecordRequeueReason(metrics.InitialStateHandling, queue.UnexpectedRequeue)
 		return ctrl.Result{}, err
 	}
-	r.enqueueNormalEvent(kyma, updateStatus, msg)
 	r.Metrics.RecordRequeueReason(metrics.InitialStateHandling, queue.IntendedRequeue)
 	return ctrl.Result{Requeue: true}, nil
 }
@@ -426,35 +411,28 @@ func (r *KymaReconciler) handleDeletingState(ctx context.Context, kyma *v1beta2.
 
 	if r.WatcherEnabled(kyma) {
 		if err := r.SKRWebhookManager.Remove(ctx, kyma); err != nil {
-			// error is expected, try again
-			r.enqueueNormalEvent(kyma, webhookChartRemoval, err.Error())
-			return ctrl.Result{RequeueAfter: r.RequeueIntervals.Busy}, nil
+			return ctrl.Result{}, err
 		}
 		r.SKRWebhookManager.WatcherMetrics.CleanupMetrics(kyma.Name)
 	}
 
 	if r.SyncKymaEnabled(kyma) {
 		if err := remote.NewRemoteCatalogFromKyma(r.RemoteSyncNamespace).Delete(ctx); err != nil {
 			err = fmt.Errorf("could not delete remote module catalog: %w", err)
-			r.enqueueWarningEvent(kyma, deletionError, err)
 			r.Metrics.RecordRequeueReason(metrics.RemoteModuleCatalogDeletion, queue.UnexpectedRequeue)
-			return ctrl.Result{}, err
+			return r.requeueWithError(ctx, kyma, err)
 		}
 
 		r.RemoteClientCache.Delete(client.ObjectKeyFromObject(kyma))
 		if err := remote.RemoveFinalizersFromRemoteKyma(ctx, r.RemoteSyncNamespace); client.IgnoreNotFound(err) != nil {
-			err = fmt.Errorf("error while trying to remove finalizer from remote: %w", err)
-			r.enqueueWarningEvent(kyma, deletionError, err)
 			r.Metrics.RecordRequeueReason(metrics.FinalizersRemovalFromRemoteKyma, queue.UnexpectedRequeue)
-			return ctrl.Result{}, err
+			return r.requeueWithError(ctx, kyma, err)
 		}
 
 		logger.Info("removed remote finalizers")
 	}
 
-	err := r.cleanupManifestCRs(ctx, kyma)
-	if err != nil {
-		r.enqueueWarningEvent(kyma, deletionError, err)
+	if err := r.cleanupManifestCRs(ctx, kyma); err != nil {
 		r.Metrics.RecordRequeueReason(metrics.CleanupManifestCrs, queue.UnexpectedRequeue)
 		return ctrl.Result{}, err
 	}
@@ -520,7 +498,7 @@ func (r *KymaReconciler) removeAllFinalizers(kyma *v1beta2.Kyma) {
 func (r *KymaReconciler) updateKyma(ctx context.Context, kyma *v1beta2.Kyma) error {
 	if err := r.Update(ctx, kyma); err != nil {
 		err = fmt.Errorf("error while updating kyma during deletion: %w", err)
-		r.enqueueWarningEvent(kyma, deletionError, err)
+		r.enqueueWarningEvent(kyma, updateSpecError, err)
 		return err
 	}
 
@@ -571,16 +549,17 @@ func (r *KymaReconciler) updateStatus(ctx context.Context, kyma *v1beta2.Kyma,
 	state shared.State, message string,
 ) error {
 	if err := status.Helper(r).UpdateStatusForExistingModules(ctx, kyma, state, message); err != nil {
+		r.Event(kyma, "Warning", "PatchStatus", err.Error())
 		return fmt.Errorf("error while updating status to %s because of %s: %w", state, message, err)
 	}
 	return nil
 }
 
 func (r *KymaReconciler) updateStatusWithError(ctx context.Context, kyma *v1beta2.Kyma, err error) error {
 	if err := status.Helper(r).UpdateStatusForExistingModules(ctx, kyma, shared.StateError, err.Error()); err != nil {
+		r.enqueueWarningEvent(kyma, updateStatusError, err)
 		return fmt.Errorf("error while updating status to %s: %w", shared.StateError, err)
 	}
-
 	return nil
 }
 

diff --git a/internal/declarative/v2/reconciler.go b/internal/declarative/v2/reconciler.go
@@ -161,7 +161,6 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 			return r.removeFinalizers(ctx, obj, obj.GetFinalizers(), metrics.ManifestRemoveFinalizerWhenSecretGone, err)
 		}
 
-		r.Event(obj, "Warning", "ClientInitialization", err.Error())
 		obj.SetStatus(obj.GetStatus().WithState(shared.StateError).WithErr(err))
 		return r.ssaStatusIfDiffExist(ctx, obj, metrics.ManifestClientInit, currentObjStatus, err)
 	}
@@ -247,11 +246,10 @@ func (r *Reconciler) removeFinalizers(ctx context.Context, obj Object, finalizer
 	if finalizerRemoved {
 		return r.updateObject(ctx, obj, requeueReason, queue.IntendedRequeue)
 	}
-	msg := fmt.Sprintf("waiting as other finalizers are present: %s", obj.GetFinalizers())
-	r.Event(obj, "Normal", "FinalizerRemoval", msg)
 
 	if obj.GetStatus().State != shared.StateWarning {
-		obj.SetStatus(obj.GetStatus().WithState(shared.StateDeleting).WithOperation(msg))
+		obj.SetStatus(obj.GetStatus().WithState(shared.StateDeleting).
+			WithOperation(fmt.Sprintf("waiting as other finalizers are present: %s", obj.GetFinalizers())))
 	}
 
 	return r.ssaStatusIfDiffExist(ctx, obj, requeueReason, currentObjStatus, err)
@@ -295,7 +293,6 @@ func (r *Reconciler) initialize(obj Object) error {
 func (r *Reconciler) Spec(ctx context.Context, obj Object) (*Spec, error) {
 	spec, err := r.SpecResolver.Spec(ctx, obj)
 	if err != nil {
-		r.Event(obj, "Warning", "Spec", err.Error())
 		obj.SetStatus(obj.GetStatus().WithState(shared.StateError).WithErr(err))
 	}
 	return spec, err
@@ -322,13 +319,11 @@ func (r *Reconciler) renderResources(
 
 	current, err = converter.ResourcesToInfos(status.Synced)
 	if err != nil {
-		r.Event(obj, "Warning", "CurrentResourceParsing", err.Error())
 		obj.SetStatus(status.WithState(shared.StateError).WithErr(err))
 		return nil, nil, err
 	}
 
 	if !meta.IsStatusConditionTrue(status.Conditions, resourceCondition.Type) {
-		r.Event(obj, "Normal", resourceCondition.Reason, resourceCondition.Message)
 		resourceCondition.Status = apimetav1.ConditionTrue
 		meta.SetStatusCondition(&status.Conditions, resourceCondition)
 		obj.SetStatus(status.WithOperation(resourceCondition.Message))
@@ -343,7 +338,6 @@ func (r *Reconciler) syncResources(ctx context.Context, clnt Client, obj Object,
 	status := obj.GetStatus()
 
 	if err := ConcurrentSSA(clnt, r.FieldOwner).Run(ctx, target); err != nil {
-		r.Event(obj, "Warning", "ServerSideApply", err.Error())
 		obj.SetStatus(status.WithState(shared.StateError).WithErr(err))
 		return err
 	}
@@ -363,7 +357,6 @@ func (r *Reconciler) syncResources(ctx context.Context, clnt Client, obj Object,
 
 	for i := range r.PostRuns {
 		if err := r.PostRuns[i](ctx, clnt, r.Client, obj); err != nil {
-			r.Event(obj, "Warning", "PostRun", err.Error())
 			obj.SetStatus(status.WithState(shared.StateError).WithErr(err))
 			return err
 		}
@@ -402,21 +395,18 @@ func (r *Reconciler) checkTargetReadiness(
 
 	crStateInfo, err := resourceReadyCheck.Run(ctx, clnt, manifest, target)
 	if err != nil {
-		r.Event(manifest, "Warning", "ResourceReadyCheck", err.Error())
 		manifest.SetStatus(status.WithState(shared.StateError).WithErr(err))
 		return err
 	}
 
 	if crStateInfo.State == shared.StateProcessing {
 		waitingMsg := "waiting for resources to become ready: " + crStateInfo.Info
-		r.Event(manifest, "Normal", "ResourceReadyCheck", waitingMsg)
 		manifest.SetStatus(status.WithState(shared.StateProcessing).WithOperation(waitingMsg))
 		return ErrInstallationConditionRequiresUpdate
 	}
 
 	installationCondition := newInstallationCondition(manifest)
 	if !meta.IsStatusConditionTrue(status.Conditions, installationCondition.Type) || status.State != crStateInfo.State {
-		r.Event(manifest, "Normal", installationCondition.Reason, installationCondition.Message)
 		installationCondition.Status = apimetav1.ConditionTrue
 		meta.SetStatusCondition(&status.Conditions, installationCondition)
 		manifest.SetStatus(status.WithState(crStateInfo.State).
@@ -438,7 +428,6 @@ func (r *Reconciler) removeModuleCR(ctx context.Context, clnt Client, obj Object
 	if !obj.GetDeletionTimestamp().IsZero() {
 		for _, preDelete := range r.PreDeletes {
 			if err := preDelete(ctx, clnt, r.Client, obj); err != nil {
-				r.Event(obj, "Warning", "PreDelete", err.Error())
 				// we do not set a status here since it will be deleting if timestamp is set.
 				obj.SetStatus(obj.GetStatus().WithErr(err))
 				return err
@@ -469,26 +458,19 @@ func (r *Reconciler) renderTargetResources(
 
 	targetResources, err := r.ManifestParser.Parse(spec)
 	if err != nil {
-		r.Event(obj, "Warning", "ManifestParsing", err.Error())
 		obj.SetStatus(status.WithState(shared.StateError).WithErr(err))
 		return nil, err
 	}
 
 	for _, transform := range r.PostRenderTransforms {
 		if err := transform(ctx, obj, targetResources.Items); err != nil {
-			r.Event(obj, "Warning", "PostRenderTransform", err.Error())
 			obj.SetStatus(status.WithState(shared.StateError).WithErr(err))
 			return nil, err
 		}
 	}
 
 	target, err := converter.UnstructuredToInfos(targetResources.Items)
 	if err != nil {
-		// Prevent ETCD load bursts during secret rotation
-		if !util.IsConnectionRelatedError(err) {
-			r.Event(obj, "Warning", "TargetResourceParsing", err.Error())
-		}
-
 		obj.SetStatus(status.WithState(shared.StateError).WithErr(err))
 		return nil, err
 	}
@@ -515,7 +497,6 @@ func (r *Reconciler) pruneDiff(
 		// This case should not happen normally, but if happens, it means the resources read from cache is incomplete,
 		// and we should prevent diff resources to be deleted.
 		// Meanwhile, evict cache to hope newly created resources back to normal.
-		r.Event(obj, "Warning", "PruneDiff", ErrResourceSyncDiffInSameOCILayer.Error())
 		obj.SetStatus(obj.GetStatus().WithState(shared.StateWarning).WithOperation(ErrResourceSyncDiffInSameOCILayer.Error()))
 		r.ManifestParser.EvictCache(spec)
 		return ErrResourceSyncDiffInSameOCILayer
@@ -657,7 +638,6 @@ func (r *Reconciler) handleStatusPatch(ctx context.Context, obj Object, previous
 	if hasStatusDiff(obj.GetStatus(), previousStatus) {
 		resetNonPatchableField(obj)
 		if err := r.Status().Patch(ctx, obj, client.Apply, client.ForceOwnership, r.FieldOwner); err != nil {
-			r.Event(obj, "Warning", "PatchStatus", err.Error())
 			return fmt.Errorf("failed to patch status: %w", err)
 		}
 	}

diff --git a/pkg/remote/kyma_synchronization_context.go b/pkg/remote/kyma_synchronization_context.go
@@ -189,12 +189,9 @@ func (c *KymaSynchronizationContext) CreateOrFetchRemoteKyma(
 
 	remoteKyma, err := c.GetRemotelySyncedKyma(ctx, remoteSyncNamespace)
 	if meta.IsNoMatchError(err) || CRDNotFoundErr(err) {
-		recorder.Event(kyma, "Normal", err.Error(), "CRDs are missing in SKR and will be installed")
-
 		if err := c.CreateOrUpdateCRD(ctx, shared.KymaKind.Plural()); err != nil {
 			return nil, err
 		}
-
 		recorder.Event(kyma, "Normal", "CRDInstallation", "CRDs were installed to SKR")
 	}
 
@@ -206,11 +203,10 @@ func (c *KymaSynchronizationContext) CreateOrFetchRemoteKyma(
 
 		err = c.RuntimeClient.Create(ctx, remoteKyma)
 		if err != nil {
-			recorder.Event(kyma, "Normal", "RemoteInstallation", "Kyma was installed to SKR")
 			return nil, fmt.Errorf("failed to create remote kyma: %w", err)
 		}
+		recorder.Event(kyma, "Normal", "RemoteInstallation", "Kyma was installed to SKR")
 	} else if err != nil {
-		recorder.Event(kyma, "Warning", err.Error(), "Client could not fetch remote Kyma")
 		return nil, fmt.Errorf("failed to fetch remote kyma: %w", err)
 	}