Refactors PR to focus on http/https/no proxy reconciliation

Author: danehans

Gopkg.lock

@@ -8,18 +8,15 @@ import (
 	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/cluster-network-operator/pkg/controller/statusmanager"
 	"github.com/openshift/cluster-network-operator/pkg/names"
-	"github.com/openshift/cluster-network-operator/pkg/util/validation"
 
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
-	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
-	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 )
@@ -51,33 +48,6 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
 		return err
 	}
 
-	// We only care about a configmap source with a specific name/namespace,
-	// so filter events before they are provided to the controller event handlers.
-	pred := predicate.Funcs{
-		UpdateFunc: func(e event.UpdateEvent) bool {
-			return e.MetaOld.GetName() == names.TRUST_BUNDLE_CONFIGMAP &&
-				e.MetaOld.GetNamespace() == names.TRUST_BUNDLE_CONFIGMAP_NS
-		},
-		DeleteFunc: func(e event.DeleteEvent) bool {
-			return e.Meta.GetName() == names.TRUST_BUNDLE_CONFIGMAP &&
-				e.Meta.GetNamespace() == names.TRUST_BUNDLE_CONFIGMAP_NS
-		},
-		CreateFunc: func(e event.CreateEvent) bool {
-			return e.Meta.GetName() == names.TRUST_BUNDLE_CONFIGMAP &&
-				e.Meta.GetNamespace() == names.TRUST_BUNDLE_CONFIGMAP_NS
-		},
-		GenericFunc: func(e event.GenericEvent) bool {
-			return e.Meta.GetName() == names.TRUST_BUNDLE_CONFIGMAP &&
-				e.Meta.GetNamespace() == names.TRUST_BUNDLE_CONFIGMAP_NS
-		},
-	}
-
-	// Watch for changes to the trust bundle configmap.
-	err = c.Watch(&source.Kind{Type: &corev1.ConfigMap{}}, &handler.EnqueueRequestForObject{}, pred)
-	if err != nil {
-		return err
-	}
-
 	// Watch for changes to the proxy resource.
 	err = c.Watch(&source.Kind{Type: &configv1.Proxy{}}, &handler.EnqueueRequestForObject{})
 	if err != nil {
@@ -97,94 +67,72 @@ type ReconcileProxyConfig struct {
 }
 
 // Reconcile expects request to refer to a proxy object named "cluster"
-// in the default namespace or to a configmap object named
-// "trusted-ca-bundle" in namespace "openshift-config-managed", and will
-// ensure the proxy object is in the desired state.
+// in the default namespace and will ensure the proxy object is in the
+// desired state.
 func (r *ReconcileProxyConfig) Reconcile(request reconcile.Request) (reconcile.Result, error) {
-	switch {
-	case request.NamespacedName == names.Proxy():
-		// Collect required config objects for proxy reconciliation.
-		proxyConfig := &configv1.Proxy{}
-		infraConfig := &configv1.Infrastructure{}
-		netConfig := &configv1.Network{}
-		clusterConfig := &corev1.ConfigMap{}
-
-		log.Printf("Reconciling proxy: %s\n", request.Name)
-		err := r.client.Get(context.TODO(), request.NamespacedName, proxyConfig)
-		if err != nil {
-			if apierrors.IsNotFound(err) {
-				// Request object not found, could have been deleted after reconcile request.
-				// Return and don't requeue
-				log.Println("proxy not found; reconciliation will be skipped", "request", request)
-				return reconcile.Result{}, nil
-			}
-			// Error reading the object - requeue the request.
-			return reconcile.Result{}, fmt.Errorf("failed to get proxy %q: %v", request, err)
+	log.Printf("Reconciling proxy '%s'", request.Name)
+	proxyConfig := &configv1.Proxy{}
+	err := r.client.Get(context.TODO(), request.NamespacedName, proxyConfig)
+	if err != nil {
+		if apierrors.IsNotFound(err) {
+			// Request object not found, could have been deleted after reconcile request.
+			// Return and don't requeue
+			log.Printf("proxy '%s' not found; reconciliation will be skipped", request.Name)
+			return reconcile.Result{}, nil
 		}
+		// Error reading the object - requeue the request.
+		return reconcile.Result{}, fmt.Errorf("failed to get proxy '%s': %v", request.Name, err)
+	}
 
-		// A nil proxy is generated by upgrades and installs not requiring a proxy.
-		validate := true
-		if !isSpecHTTPProxySet(&proxyConfig.Spec) && !isSpecHTTPSProxySet(&proxyConfig.Spec) {
-			log.Printf("httpProxy and httpsProxy not defined; validation will be skipped for proxy: %s\n",
-				request.Name)
-			validate = false
-		}
+	// A nil proxy is generated by upgrades and installs not requiring a proxy.
+	if !isSpecHTTPProxySet(&proxyConfig.Spec) &&
+		!isSpecHTTPSProxySet(&proxyConfig.Spec) &&
+		!isSpecNoProxySet(&proxyConfig.Spec) {
+		log.Printf("httpProxy, httpsProxy and noProxy not defined for proxy '%s'; validation will be skipped",
+			request.Name)
+	}
 
-		// Only proceed if the required config objects can be collected.
-		if validate {
-			if err := r.client.Get(context.TODO(), types.NamespacedName{Name: "cluster"}, infraConfig); err != nil {
-				return reconcile.Result{}, fmt.Errorf("failed to get infrastructure config 'cluster': %v", err)
-			}
-			if err := r.client.Get(context.TODO(), types.NamespacedName{Name: "cluster"}, netConfig); err != nil {
-				log.Printf("failed to get network config 'cluster': %v", err)
-				return reconcile.Result{}, err
-			}
-			if err := r.client.Get(context.TODO(), types.NamespacedName{Name: "cluster-config-v1", Namespace: "kube-system"}, clusterConfig); err != nil {
-				log.Printf("failed to get configmap 'cluster': %v", err)
-				return reconcile.Result{}, err
-			}
-			if err := r.ValidateProxyConfig(&proxyConfig.Spec); err != nil {
-				log.Printf("Failed to validate Proxy.Spec: %v", err)
-				r.status.SetDegraded(statusmanager.ProxyConfig, "InvalidProxyConfig",
-					fmt.Sprintf("The proxy configuration is invalid (%v). Use 'oc edit proxy.config.openshift.io cluster' to fix.", err))
-				return reconcile.Result{}, nil
-			}
-		}
+	// Only proceed if the required config objects can be collected.
+	infraConfig := &configv1.Infrastructure{}
+	netConfig := &configv1.Network{}
+	clusterCfgMap := &corev1.ConfigMap{}
+	if err := r.client.Get(context.TODO(), types.NamespacedName{Name: names.CLUSTER_CONFIG}, infraConfig); err != nil {
+		log.Printf("failed to get infrastructure config '%s': %v", names.CLUSTER_CONFIG, err)
+		r.status.SetDegraded(statusmanager.ProxyConfig, "InfraConfigError",
+			fmt.Sprintf("Error getting infrastructure config %s: %v.", names.CLUSTER_CONFIG, err))
+		return reconcile.Result{}, nil
+	}
+	if err := r.client.Get(context.TODO(), types.NamespacedName{Name: names.CLUSTER_CONFIG}, netConfig); err != nil {
+		log.Printf("failed to get network config '%s': %v", names.CLUSTER_CONFIG, err)
+		r.status.SetDegraded(statusmanager.ProxyConfig, "NetworkConfigError",
+			fmt.Sprintf("Error getting network config '%s': %v.", names.CLUSTER_CONFIG, err))
+		return reconcile.Result{}, nil
+	}
+	if err := r.client.Get(context.TODO(), types.NamespacedName{Name: "cluster-config-v1", Namespace: "kube-system"},
+		clusterCfgMap); err != nil {
+		log.Printf("failed to get configmap '%s/%s': %v", clusterCfgMap.Namespace, clusterCfgMap.Name, err)
+		r.status.SetDegraded(statusmanager.ProxyConfig, "ClusterConfigError",
+			fmt.Sprintf("Error getting cluster config configmap '%s/%s': %v.", clusterCfgMap.Namespace,
+				clusterCfgMap.Name, err))
+		return reconcile.Result{}, nil
+	}
+	if err := r.ValidateProxyConfig(&proxyConfig.Spec); err != nil {
+		log.Printf("Failed to validate proxy '%s': %v", proxyConfig.Name, err)
+		r.status.SetDegraded(statusmanager.ProxyConfig, "InvalidProxyConfig",
+			fmt.Sprintf("The configuration is invalid for proxy '%s' (%v). "+
+				"Use 'oc edit proxy.config.openshift.io %s' to fix.", proxyConfig.Name, proxyConfig.Name, err))
+		return reconcile.Result{}, nil
+	}
 
-		// Update proxy status.
-		if err := r.syncProxyStatus(proxyConfig, infraConfig, netConfig, clusterConfig); err != nil {
-			log.Printf("Could not sync proxy status: %v", err)
-			r.status.SetDegraded(statusmanager.ProxyConfig, "StatusError",
-				fmt.Sprintf("Could not update proxy configuration status: %v", err))
-			return reconcile.Result{}, err
-		}
-		log.Printf("Reconciling proxy: %s complete\n", request.Name)
-	case request.NamespacedName == names.TrustBundleConfigMap():
-		cfgMap := &corev1.ConfigMap{}
-		log.Printf("Reconciling configmap: %s/%s\n", request.Namespace, request.Name)
-		err := r.client.Get(context.TODO(), request.NamespacedName, cfgMap)
-		if err != nil {
-			if apierrors.IsNotFound(err) {
-				// Request object not found, could have been deleted after reconcile request.
-				// Return and don't requeue
-				log.Println("configmap not found; reconciliation will be skipped", "request", request)
-				return reconcile.Result{}, nil
-			}
-			// Error reading the object - requeue the request.
-			return reconcile.Result{}, fmt.Errorf("failed to get configmap %q: %v", request, err)
-		}
-		if _, _, err := validation.TrustBundleConfigMap(cfgMap); err != nil {
-			log.Printf("Failed to validate configmap: %v", err)
-			r.status.SetDegraded(statusmanager.ProxyConfig, "InvalidTrustedCAConfigMap",
-				fmt.Sprintf("The configmap is invalid (%v). Use 'oc edit configmap %s -n %s' to fix.", err,
-					request.Name, request.Namespace))
-			return reconcile.Result{}, nil
-		}
-		log.Printf("Reconciling configmap: %s/%s complete\n", request.Namespace, request.Name)
-	default:
-		// unknown object
-		log.Println("Ignoring unknown object, reconciliation will be skipped", "request", request)
+	// Update proxy status.
+	if err := r.syncProxyStatus(proxyConfig, infraConfig, netConfig, clusterCfgMap); err != nil {
+		log.Printf("Could not sync proxy '%s' status: %v", proxyConfig.Name, err)
+		r.status.SetDegraded(statusmanager.ProxyConfig, "StatusError",
+			fmt.Sprintf("Could not update proxy '%s' status: %v", proxyConfig.Name, err))
+		return reconcile.Result{}, err
 	}
+	log.Printf("Reconciling proxy '%s' complete", request.Name)
+
 	r.status.SetNotDegraded(statusmanager.ProxyConfig)
 
 	return reconcile.Result{}, nil
@@ -206,20 +154,3 @@ func isSpecHTTPSProxySet(proxyConfig *configv1.ProxySpec) bool {
 func isSpecNoProxySet(proxyConfig *configv1.ProxySpec) bool {
 	return len(proxyConfig.NoProxy) > 0
 }
-
-// isSpecTrustedCASet returns true if spec.trustedCA of proxyConfig is set.
-func isSpecTrustedCASet(proxyConfig *configv1.ProxySpec) bool {
-	return len(proxyConfig.TrustedCA.Name) > 0
-}
-
-// isTrustedCAConfigMap returns true if the ConfigMap name in
-// spec.trustedCA is "proxy-ca-bundle".
-func isTrustedCAConfigMap(proxyConfig *configv1.ProxySpec) bool {
-	return proxyConfig.TrustedCA.Name == names.TRUST_BUNDLE_CONFIGMAP
-}
-
-// isSpecReadinessEndpoints returns true if spec.readinessEndpoints of
-// proxyConfig is set.
-func isSpecReadinessEndpoints(proxyConfig *configv1.ProxySpec) bool {
-	return len(proxyConfig.ReadinessEndpoints) > 0
-}

pkg/controller/proxyconfig/controller.go

@@ -16,7 +16,7 @@ import (
 )
 
 // syncProxyStatus computes the current status of proxy and
-// updates status if any changes since last sync.
+// updates status of any changes since last sync.
 func (r *ReconcileProxyConfig) syncProxyStatus(proxy *configv1.Proxy, infra *configv1.Infrastructure, network *configv1.Network, cluster *corev1.ConfigMap) error {
 	var err error
 	var noProxy string
@@ -87,10 +87,8 @@ func mergeUserSystemNoProxy(proxy *configv1.Proxy, infra *configv1.Infrastructur
 	}
 
 	switch infra.Status.PlatformStatus.Type {
-	case configv1.AWSPlatformType:
+	case configv1.AWSPlatformType, configv1.GCPPlatformType, configv1.AzurePlatformType, configv1.OpenStackPlatformType:
 		set.Insert("169.254.169.254", ic.Networking.MachineCIDR)
-	default:
-		return "", fmt.Errorf("unsupported infrastructure provider: %s", infra.Status.PlatformStatus.Type)
 	}
 
 	replicas, err := strconv.Atoi(ic.ControlPlane.Replicas)