From 28e208d2c16a7dea94e8dacfb08267aaa2155e50 Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Thu, 31 Mar 2022 14:51:29 +0100 Subject: [PATCH 1/2] Align Makefile with other repositories Signed-off-by: Paulo Gomes --- Makefile | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index 658ffeb09..a0c96f8f8 100644 --- a/Makefile +++ b/Makefile @@ -3,12 +3,17 @@ IMG ?= fluxcd/helm-controller:latest # Produce CRDs that work back to Kubernetes 1.16 CRD_OPTIONS ?= crd:crdVersions=v1 -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +# Repository root based on Git metadata +REPOSITORY_ROOT := $(shell git rev-parse --show-toplevel) +BUILD_DIR := $(REPOSITORY_ROOT)/build + +# If gobin not set, create one on ./build and add to path. ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin +GOBIN=$(BUILD_DIR)/gobin else GOBIN=$(shell go env GOBIN) endif +export PATH:=$(GOBIN):${PATH} # Allows for defining additional Docker buildx arguments, e.g. '--push'. BUILD_ARGS ?= --load @@ -28,7 +33,7 @@ test: tidy generate fmt vet manifests api-docs install-envtest # Build manager binary manager: generate fmt vet - go build -o bin/manager main.go + go build -o $(BUILD_DIR)/bin/manager main.go # Run against the configured Kubernetes cluster in ~/.kube/config run: generate fmt vet manifests @@ -101,24 +106,24 @@ docker-push: docker push ${IMG} # Find or download controller-gen -CONTROLLER_GEN = $(shell pwd)/bin/controller-gen +CONTROLLER_GEN = $(GOBIN)/controller-gen .PHONY: controller-gen controller-gen: ## Download controller-gen locally if necessary. $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0) # Find or download gen-crd-api-reference-docs -GEN_CRD_API_REFERENCE_DOCS = $(shell pwd)/bin/gen-crd-api-reference-docs +GEN_CRD_API_REFERENCE_DOCS = $(GOBIN)/gen-crd-api-reference-docs .PHONY: gen-crd-api-reference-docs gen-crd-api-reference-docs: $(call go-install-tool,$(GEN_CRD_API_REFERENCE_DOCS),github.com/ahmetb/gen-crd-api-reference-docs@v0.3.0) -ENVTEST_ASSETS_DIR=$(shell pwd)/build/testbin +ENVTEST_ASSETS_DIR=$(BUILD_DIR)/testbin ENVTEST_KUBERNETES_VERSION?=latest install-envtest: setup-envtest mkdir -p ${ENVTEST_ASSETS_DIR} $(ENVTEST) use $(ENVTEST_KUBERNETES_VERSION) --arch=$(ENVTEST_ARCH) --bin-dir=$(ENVTEST_ASSETS_DIR) -ENVTEST = $(shell pwd)/bin/setup-envtest +ENVTEST = $(GOBIN)/setup-envtest .PHONY: envtest setup-envtest: ## Download envtest-setup locally if necessary. $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest) @@ -132,27 +137,27 @@ TMP_DIR=$$(mktemp -d) ;\ cd $$TMP_DIR ;\ go mod init tmp ;\ echo "Downloading $(2)" ;\ -GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\ +GOBIN=$(GOBIN) go install $(2) ;\ rm -rf $$TMP_DIR ;\ } endef # Build fuzzers fuzz-build: - rm -rf $(shell pwd)/build/fuzz/ - mkdir -p $(shell pwd)/build/fuzz/out/ + rm -rf $(BUILD_DIR)/fuzz/ + mkdir -p $(BUILD_DIR)/fuzz/out/ docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder docker run --rm \ -e FUZZING_LANGUAGE=go -e SANITIZER=address \ -e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \ - -v "$(shell pwd)/build/fuzz/out":/out \ + -v "$(BUILD_DIR)/fuzz/out":/out \ local-fuzzing:latest # Run each fuzzer once to ensure they are working fuzz-smoketest: fuzz-build docker run --rm \ - -v "$(shell pwd)/build/fuzz/out":/out \ - -v "$(shell pwd)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \ + -v "$(BUILD_DIR)/fuzz/out":/out \ + -v "$(REPOSITORY_ROOT)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \ local-fuzzing:latest \ bash -c "/runner.sh" From 6f4ca28c9a05ed0c13a9d76a356738eca395b7f4 Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Thu, 31 Mar 2022 14:50:51 +0100 Subject: [PATCH 2/2] Add flags to control kubeconfig support Two new flags were added to allow users to enable the use of user.Exec and InsecureTLS in the kubeconfigs provided remote apply reconciliations. Breaking change: both functionalities are no longer enabled by default. Signed-off-by: Paulo Gomes --- controllers/helmrelease_controller.go | 4 +++- go.mod | 2 +- go.sum | 4 ++-- internal/kube/client.go | 13 ++++++++++++- main.go | 3 +++ 5 files changed, 21 insertions(+), 5 deletions(-) diff --git a/controllers/helmrelease_controller.go b/controllers/helmrelease_controller.go index 72f9cc641..c6804dcaa 100644 --- a/controllers/helmrelease_controller.go +++ b/controllers/helmrelease_controller.go @@ -51,6 +51,7 @@ import ( apiacl "github.com/fluxcd/pkg/apis/acl" "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/acl" + fluxClient "github.com/fluxcd/pkg/runtime/client" "github.com/fluxcd/pkg/runtime/events" "github.com/fluxcd/pkg/runtime/metrics" "github.com/fluxcd/pkg/runtime/predicates" @@ -81,6 +82,7 @@ type HelmReleaseReconciler struct { MetricsRecorder *metrics.Recorder DefaultServiceAccount string NoCrossNamespaceRef bool + KubeConfigOpts fluxClient.KubeConfigOptions } func (r *HelmReleaseReconciler) SetupWithManager(mgr ctrl.Manager, opts HelmReleaseReconcilerOptions) error { @@ -503,7 +505,7 @@ func (r *HelmReleaseReconciler) getRESTClientGetter(ctx context.Context, hr v2.H if len(kubeConfig) == 0 { return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a 'value' key", secretName) } - return kube.NewMemoryRESTClientGetter(kubeConfig, hr.GetReleaseNamespace(), impersonateAccount, r.Config.QPS, r.Config.Burst), nil + return kube.NewMemoryRESTClientGetter(kubeConfig, hr.GetReleaseNamespace(), impersonateAccount, r.Config.QPS, r.Config.Burst, r.KubeConfigOpts), nil } if r.DefaultServiceAccount != "" || hr.Spec.ServiceAccountName != "" { diff --git a/go.mod b/go.mod index dfced7d2a..bdb1abe4c 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/fluxcd/pkg/apis/acl v0.0.3 github.com/fluxcd/pkg/apis/kustomize v0.3.2 github.com/fluxcd/pkg/apis/meta v0.12.1 - github.com/fluxcd/pkg/runtime v0.13.2 + github.com/fluxcd/pkg/runtime v0.13.3 github.com/fluxcd/source-controller/api v0.22.3 github.com/go-logr/logr v1.2.3 github.com/hashicorp/go-retryablehttp v0.7.0 diff --git a/go.sum b/go.sum index 20b101efa..66a77d5ed 100644 --- a/go.sum +++ b/go.sum @@ -317,8 +317,8 @@ github.com/fluxcd/pkg/apis/kustomize v0.3.2 h1:ULoAwOOekHf5cy6mYIwL+K6v8/cfcNVVb github.com/fluxcd/pkg/apis/kustomize v0.3.2/go.mod h1:p8iAH5TeqMBnnxkkpCNNDvWYfKlNRx89a6WKOo+hJHA= github.com/fluxcd/pkg/apis/meta v0.12.1 h1:m5PfKAqbqWBvGp9+JRj1sv+xNkGsHwUVf+3rJ8wm6SE= github.com/fluxcd/pkg/apis/meta v0.12.1/go.mod h1:f8YVt70/KAhqzZ7xxhjvqyzKubOYx2pAbakb/FfCEg8= -github.com/fluxcd/pkg/runtime v0.13.2 h1:6jkQQUbp17WxHsbozlJFCvHmOS4JIB+yB20CdCd8duE= -github.com/fluxcd/pkg/runtime v0.13.2/go.mod h1:dzWNKqFzFXeittbpFcJzR3cdC9CWlbzw+pNOgaVvF/0= +github.com/fluxcd/pkg/runtime v0.13.3 h1:k0Xun+RoEC/F6iuAPTA6rQb+I4B4oecBx6pOcodX11A= +github.com/fluxcd/pkg/runtime v0.13.3/go.mod h1:dzWNKqFzFXeittbpFcJzR3cdC9CWlbzw+pNOgaVvF/0= github.com/fluxcd/source-controller/api v0.22.3 h1:HnpSnCtIytwSGSz2qu+GJwyZRmD5UXZL5oOQapiQOtk= github.com/fluxcd/source-controller/api v0.22.3/go.mod h1:Vb13q9Pq+1IW/sJUZn/RSb7IU5WT86Er6uCFPCFm9L4= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= diff --git a/internal/kube/client.go b/internal/kube/client.go index 39a9a3494..b8f35ecdf 100644 --- a/internal/kube/client.go +++ b/internal/kube/client.go @@ -24,6 +24,8 @@ import ( "k8s.io/client-go/rest" "k8s.io/client-go/restmapper" "k8s.io/client-go/tools/clientcmd" + + "github.com/fluxcd/pkg/runtime/client" ) func NewInClusterRESTClientGetter(cfg *rest.Config, namespace string) genericclioptions.RESTClientGetter { @@ -49,15 +51,23 @@ type MemoryRESTClientGetter struct { impersonateAccount string qps float32 burst int + kubeConfigOpts client.KubeConfigOptions } -func NewMemoryRESTClientGetter(kubeConfig []byte, namespace string, impersonateAccount string, qps float32, burst int) genericclioptions.RESTClientGetter { +func NewMemoryRESTClientGetter( + kubeConfig []byte, + namespace string, + impersonateAccount string, + qps float32, + burst int, + kubeConfigOpts client.KubeConfigOptions) genericclioptions.RESTClientGetter { return &MemoryRESTClientGetter{ kubeConfig: kubeConfig, namespace: namespace, impersonateAccount: impersonateAccount, qps: qps, burst: burst, + kubeConfigOpts: kubeConfigOpts, } } @@ -66,6 +76,7 @@ func (c *MemoryRESTClientGetter) ToRESTConfig() (*rest.Config, error) { if err != nil { return nil, err } + cfg = client.KubeConfig(cfg, c.kubeConfigOpts) if c.impersonateAccount != "" { cfg.Impersonate = rest.ImpersonationConfig{UserName: c.impersonateAccount} } diff --git a/main.go b/main.go index ff20a5600..55ccd4a0e 100644 --- a/main.go +++ b/main.go @@ -70,6 +70,7 @@ func main() { watchAllNamespaces bool httpRetry int clientOptions client.Options + kubeConfigOpts client.KubeConfigOptions logOptions logger.Options aclOptions acl.Options leaderElectionOptions leaderelection.Options @@ -89,6 +90,7 @@ func main() { logOptions.BindFlags(flag.CommandLine) aclOptions.BindFlags(flag.CommandLine) leaderElectionOptions.BindFlags(flag.CommandLine) + kubeConfigOpts.BindFlags(flag.CommandLine) flag.Parse() ctrl.SetLogger(logger.NewLogger(logOptions)) @@ -141,6 +143,7 @@ func main() { MetricsRecorder: metricsRecorder, NoCrossNamespaceRef: aclOptions.NoCrossNamespaceRefs, DefaultServiceAccount: defaultServiceAccount, + KubeConfigOpts: kubeConfigOpts, }).SetupWithManager(mgr, controllers.HelmReleaseReconcilerOptions{ MaxConcurrentReconciles: concurrent, DependencyRequeueInterval: requeueDependency,