Skip to content

Commit

Permalink
Fix API and Gateway controllers
Browse files Browse the repository at this point in the history
  • Loading branch information
fra98 committed Oct 18, 2023
1 parent 6861dad commit 280ca94
Show file tree
Hide file tree
Showing 10 changed files with 150 additions and 130 deletions.
2 changes: 1 addition & 1 deletion apis/networking/v1alpha1/gatewayclient_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ type GatewayClientSpec struct {
// GatewayClientStatus defines the observed state of GatewayClient.
type GatewayClientStatus struct {
// ClientRef specifies the reference to the client.
ClientRef corev1.ObjectReference `json:"clientRef,omitempty"`
ClientRef *corev1.ObjectReference `json:"clientRef,omitempty"`
// SecretRef specifies the reference to the secret.
SecretRef *corev1.ObjectReference `json:"secretRef,omitempty"`
}
Expand Down
2 changes: 1 addition & 1 deletion apis/networking/v1alpha1/gatewayserver_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ type EndpointStatus struct {
// GatewayServerStatus defines the observed state of GatewayServer.
type GatewayServerStatus struct {
// ServerRef specifies the reference to the server.
ServerRef corev1.ObjectReference `json:"serverRef,omitempty"`
ServerRef *corev1.ObjectReference `json:"serverRef,omitempty"`
// Endpoint specifies the endpoint of the tunnel.
Endpoint *EndpointStatus `json:"endpoint,omitempty"`
// SecretRef specifies the reference to the secret.
Expand Down
12 changes: 10 additions & 2 deletions apis/networking/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 13 additions & 4 deletions pkg/consts/externalnetwork.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,21 @@
package consts

const (
// WgServerNameLabel is the label used to indicate the name of the WireGuard server.
WgServerNameLabel = "liqo.io/wg-server-name"
// WgClientNameLabel is the label used to indicate the name of the WireGuard client.
WgClientNameLabel = "liqo.io/wg-client-name"
// ExternalNetworkLabel is the label added to all components that belong to the external network.
ExternalNetworkLabel = "liqo.io/external-network"
// ExternalNetworkLabelValue is the value of the label added to components that belong to the external network.
ExternalNetworkLabelValue = "true"

// GatewayResourceLabel is the label added to a gateway resource.
GatewayResourceLabel = "networking.liqo.io/gateway-resource"
// GatewayResourceLabelValue is the value of the label added to a gateway resource.
GatewayResourceLabelValue = "true"

// GatewayTypeServer indicates a Gateway of type server.
GatewayTypeServer = "server"
// GatewayTypeClient indicates a Gateway of type client.
GatewayTypeClient = "client"

// PublicKeyField is the data field of the secrets containing public keys.
PublicKeyField = "publicKey"
)
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/dynamic"
Expand All @@ -47,6 +48,8 @@ type ClientReconciler struct {

type templateData struct {
Spec networkingv1alpha1.GatewayClientSpec
Name string
Namespace string
GatewayUID string
ClusterID string
}
Expand Down Expand Up @@ -166,7 +169,7 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne
obj.SetGroupVersionKind(objectKind.GroupVersionKind())
obj.SetName(gwClient.Name)
obj.SetNamespace(gwClient.Namespace)
obj.SetLabels(objectTemplateMetadata.Labels)
obj.SetLabels(labels.Merge(objectTemplateMetadata.Labels, labels.Set{consts.RemoteClusterID: remoteClusterID}))
obj.SetAnnotations(objectTemplateMetadata.Annotations)
obj.SetOwnerReferences([]metav1.OwnerReference{
{
Expand All @@ -179,6 +182,8 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne
})
spec, err := enutils.RenderTemplate(objectTemplateSpec, templateData{
Spec: gwClient.Spec,
Name: gwClient.Name,
Namespace: gwClient.Namespace,
GatewayUID: string(gwClient.UID),
ClusterID: remoteClusterID,
})
Expand All @@ -192,7 +197,7 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne
return fmt.Errorf("unable to update the client: %w", err)
}

gwClient.Status.ClientRef = corev1.ObjectReference{
gwClient.Status.ClientRef = &corev1.ObjectReference{
APIVersion: unstructuredObject.GetAPIVersion(),
Kind: unstructuredObject.GetKind(),
Name: unstructuredObject.GetName(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/dynamic"
Expand All @@ -47,6 +48,8 @@ type ServerReconciler struct {

type templateData struct {
Spec networkingv1alpha1.GatewayServerSpec
Name string
Namespace string
GatewayUID string
ClusterID string
}
Expand Down Expand Up @@ -166,7 +169,7 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw
obj.SetGroupVersionKind(objectKind.GroupVersionKind())
obj.SetName(server.Name)
obj.SetNamespace(server.Namespace)
obj.SetLabels(objectTemplateMetadata.Labels)
obj.SetLabels(labels.Merge(objectTemplateMetadata.Labels, labels.Set{consts.RemoteClusterID: remoteClusterID}))
obj.SetAnnotations(objectTemplateMetadata.Annotations)
obj.SetOwnerReferences([]metav1.OwnerReference{
{
Expand All @@ -179,6 +182,8 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw
})
spec, err := enutils.RenderTemplate(objectTemplateSpec, templateData{
Spec: server.Spec,
Name: server.Name,
Namespace: server.Namespace,
GatewayUID: string(server.UID),
ClusterID: remoteClusterID,
})
Expand All @@ -192,7 +197,7 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw
return fmt.Errorf("unable to update the server: %w", err)
}

server.Status.ServerRef = corev1.ObjectReference{
server.Status.ServerRef = &corev1.ObjectReference{
APIVersion: unstructuredObject.GetAPIVersion(),
Kind: unstructuredObject.GetKind(),
Name: unstructuredObject.GetName(),
Expand Down
95 changes: 95 additions & 0 deletions pkg/liqo-controller-manager/external-network/wireguard/utils.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
// Copyright 2019-2023 The Liqo Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package wireguard

import (
"context"
"fmt"

corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/klog/v2"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/predicate"

"github.com/liqotech/liqo/pkg/consts"
liqolabels "github.com/liqotech/liqo/pkg/utils/labels"
)

func filterWireGuardSecretsPredicate() predicate.Predicate {
filterGatewayResources, err := predicate.LabelSelectorPredicate(liqolabels.GatewayResourceLabelSelector)
utilruntime.Must(err)

filterResourcesForRemote, err := predicate.LabelSelectorPredicate(liqolabels.ResourceForRemoteClusterLabelSelector)
utilruntime.Must(err)

return predicate.And(filterGatewayResources, filterResourcesForRemote)
}

func wireGuardSecretEnquerer(_ context.Context, obj client.Object) []ctrl.Request {
secret, ok := obj.(*corev1.Secret)
if !ok {
return nil
}

return []ctrl.Request{
{
NamespacedName: types.NamespacedName{
Namespace: secret.Namespace,
Name: mapSecretToWireGuardResource(secret.Name),
},
},
}
}

// TODO:: use generic map function after merge.
func mapSecretToWireGuardResource(secretName string) string {
return secretName
}

func getWireGuardSecret(ctx context.Context, cl client.Client, wgObj metav1.Object) (*corev1.Secret, error) {
wgObjNsName := types.NamespacedName{Name: wgObj.GetName(), Namespace: wgObj.GetNamespace()}

remoteClusterID, exists := wgObj.GetLabels()[consts.RemoteClusterID]
if !exists {
err := fmt.Errorf("missing %q label in WireGuard gateway %q", consts.RemoteClusterID, wgObjNsName)
klog.Error(err)
return nil, err
}
wgSecretSelector := client.MatchingLabels{
consts.GatewayResourceLabel: consts.GatewayResourceLabelValue,
consts.RemoteClusterID: remoteClusterID,
}

var secrets corev1.SecretList
err := cl.List(ctx, &secrets, client.InNamespace(wgObj.GetNamespace()), wgSecretSelector)
if err != nil {
klog.Errorf("Unable to list secrets associated to WireGuard gateway %q: %v", wgObjNsName, err)
return nil, err
}

switch len(secrets.Items) {
case 0:
klog.Warningf("Secret associated to WireGuard gateway %q not found", wgObjNsName)
return nil, nil
case 1:
return &secrets.Items[0], nil
default:
return nil, fmt.Errorf("found multiple secrets associated to WireGuard gateway %q", wgObjNsName)
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ package wireguard

import (
"context"
"fmt"

appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
Expand All @@ -25,19 +24,16 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/klog/v2"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/handler"
"sigs.k8s.io/controller-runtime/pkg/predicate"

networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
"github.com/liqotech/liqo/pkg/consts"
enutils "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/utils"
liqolabels "github.com/liqotech/liqo/pkg/utils/labels"
mapsutil "github.com/liqotech/liqo/pkg/utils/maps"
)

Expand Down Expand Up @@ -130,37 +126,12 @@ func (r *WgGatewayClientReconciler) SetupWithManager(mgr ctrl.Manager) error {
Owns(&appsv1.Deployment{}).
Owns(&corev1.ServiceAccount{}).
Owns(&rbacv1.RoleBinding{}).
Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(r.secretEnquerer), builder.WithPredicates(r.filterSecretsPredicate())).
Watches(&corev1.Secret{},
handler.EnqueueRequestsFromMapFunc(wireGuardSecretEnquerer),
builder.WithPredicates(filterWireGuardSecretsPredicate())).
Complete(r)
}

func (r *WgGatewayClientReconciler) filterSecretsPredicate() predicate.Predicate {
filterWgClientSecrets, err := predicate.LabelSelectorPredicate(liqolabels.WgClientNameLabelSelector)
utilruntime.Must(err)
return filterWgClientSecrets
}

func (r *WgGatewayClientReconciler) secretEnquerer(_ context.Context, obj client.Object) []ctrl.Request {
secret, ok := obj.(*corev1.Secret)
if !ok {
return nil
}

wgClientName, found := secret.GetLabels()[consts.WgClientNameLabel]
if !found {
return nil
}

return []ctrl.Request{
{
NamespacedName: types.NamespacedName{
Namespace: secret.Namespace,
Name: wgClientName,
},
},
}
}

func (r *WgGatewayClientReconciler) ensureDeployment(ctx context.Context, wgClient *networkingv1alpha1.WgGatewayClient,
depNsName types.NamespacedName) (*appsv1.Deployment, error) {
dep := appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -198,7 +169,7 @@ func (r *WgGatewayClientReconciler) mutateFnWgClientDeployment(deployment *appsv
}

func (r *WgGatewayClientReconciler) handleSecretRefStatus(ctx context.Context, wgClient *networkingv1alpha1.WgGatewayClient) error {
secret, err := r.getWgClientKeysSecret(ctx, wgClient)
secret, err := getWireGuardSecret(ctx, r.Client, wgClient)
if err != nil {
return err
}
Expand All @@ -216,26 +187,3 @@ func (r *WgGatewayClientReconciler) handleSecretRefStatus(ctx context.Context, w

return nil
}

func (r *WgGatewayClientReconciler) getWgClientKeysSecret(ctx context.Context, wgClient *networkingv1alpha1.WgGatewayClient) (*corev1.Secret, error) {
wgClientSelector := client.MatchingLabels{
consts.WgClientNameLabel: wgClient.Name, // secret created by the WireGuard client with the given name
}

var secrets corev1.SecretList
err := r.List(ctx, &secrets, client.InNamespace(wgClient.Namespace), wgClientSelector)
if err != nil {
klog.Errorf("Unable to list secrets associated to WireGuard client %s/%s: %v", wgClient.Namespace, wgClient.Name, err)
return nil, err
}

switch len(secrets.Items) {
case 0:
klog.Warningf("Secret associated to WireGuard client %s/%s not found", wgClient.Namespace, wgClient.Name)
return nil, nil
case 1:
return &secrets.Items[0], nil
default:
return nil, fmt.Errorf("found multiple secrets associated to WireGuard client %s/%s", wgClient.Namespace, wgClient.Name)
}
}
Loading

0 comments on commit 280ca94

Please sign in to comment.