Merge branch 'release-v1.1' into bumpChartv1.1.2

Author: shalier

.github/workflows/main.yml

@@ -49,7 +49,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: latest
+          version: v1.46.0
           skip-pkg-cache: true
 
   codegen:

charts/osm/templates/osm-bootstrap-deployment.yaml

@@ -53,18 +53,6 @@ spec:
       {{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
       {{- include "restricted.securityContext" . | nindent 6 }}
       {{- end }}
-      initContainers:
-        - name: init-osm-bootstrap
-          image: "{{ include "osmCRDs.image" . }}"
-          imagePullPolicy: {{ .Values.osm.image.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - >
-            kubectl apply -f /osm-crds;
-            {{- if .Values.osm.enableReconciler }}
-            kubectl label -f /osm-crds openservicemesh.io/reconcile=true --overwrite;
-            {{- end }}
       containers:
         - name: osm-bootstrap
           image: "{{ include "osmBootstrap.image" . }}"

cmd/osm-bootstrap/crds/config_meshconfig.yaml

@@ -30,6 +30,8 @@ spec:
       - meshconfig
     singular: meshconfig
     plural: meshconfigs
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha2
       served: true

cmd/osm-bootstrap/crds/policy_egress.yaml

@@ -30,6 +30,8 @@ spec:
       - egress
     singular: egress
     plural: egresses
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha1
       served: true

cmd/osm-bootstrap/crds/policy_ingress_backend.yaml

@@ -30,6 +30,8 @@ spec:
       - ingressbackend
     singular: ingressbackend
     plural: ingressbackends
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha1
       served: true

cmd/osm-bootstrap/crds/policy_retry.yaml

@@ -30,6 +30,8 @@ spec:
       - retry
     singular: retry
     plural: retries
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha1
       served: true

cmd/osm-bootstrap/crds/policy_upstream_traffic_setting.yaml

@@ -30,6 +30,8 @@ spec:
       - upstreamtrafficsetting
     singular: upstreamtrafficsetting
     plural: upstreamtrafficsettings
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha1
       served: true

cmd/osm-bootstrap/crds/smi_http_route_group.yaml

@@ -29,6 +29,8 @@ spec:
       - htr
     plural: httproutegroups
     singular: httproutegroup
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha4
       served: true

cmd/osm-bootstrap/crds/smi_tcp_route.yaml

@@ -29,6 +29,8 @@ spec:
       - tr
     plural: tcproutes
     singular: tcproute
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha4
       served: true

cmd/osm-bootstrap/crds/smi_traffic_access.yaml

@@ -29,6 +29,8 @@ spec:
       - tt
     plural: traffictargets
     singular: traffictarget
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha3
       served: true

cmd/osm-bootstrap/crds/smi_traffic_split.yaml

@@ -30,6 +30,8 @@ spec:
     - ts
     plural: trafficsplits
     singular: trafficsplit
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha4
       served: false

cmd/osm-bootstrap/osm-bootstrap.go

@@ -8,35 +8,37 @@ import (
 	"encoding/json"
 	"flag"
 	"fmt"
+	"net/http"
 	"os"
+	"path/filepath"
+	"strconv"
 
 	"github.com/pkg/errors"
 	"github.com/spf13/pflag"
 	admissionv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
+	apiv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	clientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	apiclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/client-go/kubernetes"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/kubectl/pkg/util"
 
 	configv1alpha2 "github.com/openservicemesh/osm/pkg/apis/config/v1alpha2"
+	configClientset "github.com/openservicemesh/osm/pkg/gen/client/config/clientset/versioned"
 
 	"github.com/openservicemesh/osm/pkg/certificate/providers"
-	"github.com/openservicemesh/osm/pkg/configurator"
 	"github.com/openservicemesh/osm/pkg/constants"
-	"github.com/openservicemesh/osm/pkg/crdconversion"
-	configClientset "github.com/openservicemesh/osm/pkg/gen/client/config/clientset/versioned"
 	"github.com/openservicemesh/osm/pkg/httpserver"
 	httpserverconstants "github.com/openservicemesh/osm/pkg/httpserver/constants"
 	"github.com/openservicemesh/osm/pkg/k8s/events"
 	"github.com/openservicemesh/osm/pkg/logger"
-	"github.com/openservicemesh/osm/pkg/messaging"
 	"github.com/openservicemesh/osm/pkg/metricsstore"
 	"github.com/openservicemesh/osm/pkg/reconciler"
 	"github.com/openservicemesh/osm/pkg/signals"
@@ -47,6 +49,8 @@ const (
 	meshConfigName          = "osm-mesh-config"
 	presetMeshConfigName    = "preset-mesh-config"
 	presetMeshConfigJSONKey = "preset-mesh-config.json"
+	webhookHealthPath       = "/healthz"
+	healthPort              = 9095
 )
 
 var (
@@ -57,11 +61,8 @@ var (
 	meshName           string
 	osmVersion         string
 
-	crdConverterConfig crdconversion.Config
-
 	certProviderKind string
 
-	tresorOptions      providers.TresorOptions
 	vaultOptions       providers.VaultOptions
 	certManagerOptions providers.CertManagerOptions
 
@@ -147,6 +148,8 @@ func main() {
 		namespace:        osmNamespace,
 	}
 
+	applyOrUpdateCRDs(crdClient)
+
 	err = bootstrap.ensureMeshConfig()
 	if err != nil {
 		log.Fatal().Err(err).Msgf("Error setting up default MeshConfig %s from ConfigMap %s", meshConfigName, presetMeshConfigName)
@@ -158,37 +161,27 @@ func main() {
 		log.Fatal().Err(err).Msg("Error initializing Kubernetes events recorder")
 	}
 
-	stop := signals.RegisterExitHandlers()
 	_, cancel := context.WithCancel(context.Background())
 	defer cancel()
+	stop := signals.RegisterExitHandlers()
 
 	// Start the default metrics store
 	metricsstore.DefaultMetricsStore.Start(
 		metricsstore.DefaultMetricsStore.ErrCodeCounter,
 		metricsstore.DefaultMetricsStore.HTTPResponseTotal,
 		metricsstore.DefaultMetricsStore.HTTPResponseDuration,
-		metricsstore.DefaultMetricsStore.ConversionWebhookResourceTotal,
 	)
 
-	msgBroker := messaging.NewBroker(stop)
-
-	// Initialize Configurator to retrieve mesh specific config
-	cfg := configurator.NewConfigurator(configClient, stop, osmNamespace, osmMeshConfigName, msgBroker)
-
-	// Intitialize certificate manager/provider
-	certProviderConfig := providers.NewCertificateProviderConfig(kubeClient, kubeConfig, cfg, providers.Kind(certProviderKind), osmNamespace,
-		caBundleSecretName, tresorOptions, vaultOptions, certManagerOptions, msgBroker)
-
-	certManager, _, err := certProviderConfig.GetCertificateManager()
-	if err != nil {
-		events.GenericEventRecorder().FatalEvent(err, events.InvalidCertificateManager,
-			"Error initializing certificate manager of kind %s", certProviderKind)
-	}
-
-	// Initialize the crd conversion webhook server to support the conversion of OSM's CRDs
-	crdConverterConfig.ListenPort = constants.CRDConversionWebhookPort
-	if err := crdconversion.NewConversionWebhook(crdConverterConfig, kubeClient, crdClient, certManager, osmNamespace, enableReconciler, stop); err != nil {
-		events.GenericEventRecorder().FatalEvent(err, events.InitializationError, "Error creating crd conversion webhook")
+	/*
+	 * Initialize osm-bootstrap's HTTP server
+	 */
+	if enableReconciler {
+		log.Info().Msgf("OSM reconciler enabled for custom resource definitions")
+		err = reconciler.NewReconcilerClient(kubeClient, apiServerClient, meshName, osmVersion, stop, reconciler.CrdInformerKey)
+		if err != nil {
+			events.GenericEventRecorder().FatalEvent(err, events.InitializationError, "Error creating reconciler client for custom resource definitions")
+			log.Fatal().Err(err).Msgf("Failed to create reconcile client for custom resource definitions")
+		}
 	}
 
 	/*
@@ -199,22 +192,92 @@ func main() {
 	httpServer.AddHandler(httpserverconstants.MetricsPath, metricsstore.DefaultMetricsStore.Handler())
 	// Version
 	httpServer.AddHandler(httpserverconstants.VersionPath, version.GetVersionHandler())
-	// Start HTTP server
+	// Health
+	healthMux := http.NewServeMux()
+	healthMux.Handle(webhookHealthPath, metricsstore.AddHTTPMetrics(http.HandlerFunc(healthHandler)))
+
+	healthServer := &http.Server{
+		Addr:    fmt.Sprintf(":%d", healthPort),
+		Handler: healthMux,
+	}
+
+	go func() {
+		if err := healthServer.ListenAndServe(); err != nil {
+			log.Error().Err(err).Msg("crd-converter health server failed to start")
+			return
+		}
+	}()
+
 	err = httpServer.Start()
 	if err != nil {
 		log.Fatal().Err(err).Msgf("Failed to start OSM metrics/probes HTTP server")
 	}
 
-	if enableReconciler {
-		log.Info().Msgf("OSM reconciler enabled for custom resource definitions")
-		err = reconciler.NewReconcilerClient(kubeClient, apiServerClient, meshName, osmVersion, stop, reconciler.CrdInformerKey)
+	<-stop
+	cancel()
+	log.Info().Msgf("Stopping osm-bootstrap %s; %s; %s", version.Version, version.GitCommit, version.BuildDate)
+}
+
+func healthHandler(w http.ResponseWriter, _ *http.Request) {
+	w.WriteHeader(http.StatusOK)
+	if _, err := w.Write([]byte("Health OK")); err != nil {
+		log.Error().Err(err).Msg("Error writing bytes for webhook health check handler")
+	}
+}
+
+func applyOrUpdateCRDs(crdClient *apiclient.ApiextensionsV1Client) {
+	crdFiles, err := filepath.Glob("/osm-crds/*.yaml")
+
+	if err != nil {
+		log.Fatal().Err(err).Msgf("error reading files from /osm-crds")
+	}
+
+	scheme = runtime.NewScheme()
+	codecs := serializer.NewCodecFactory(scheme)
+	decode := codecs.UniversalDeserializer().Decode
+
+	for _, file := range crdFiles {
+		yaml, err := os.ReadFile(filepath.Clean(file))
 		if err != nil {
-			events.GenericEventRecorder().FatalEvent(err, events.InitializationError, "Error creating reconciler client for custom resource definitions")
+			log.Fatal().Err(err).Msgf("Error reading CRD file %s", file)
 		}
-	}
 
-	<-stop
-	log.Info().Msgf("Stopping osm-bootstrap %s; %s; %s", version.Version, version.GitCommit, version.BuildDate)
+		crd := &apiv1.CustomResourceDefinition{}
+		_, _, err = decode(yaml, nil, crd)
+		if err != nil {
+			log.Fatal().Err(err).Msgf("Error decoding CRD file %s", file)
+		}
+
+		crd.Labels[constants.ReconcileLabel] = strconv.FormatBool(enableReconciler)
+
+		crdExisting, err := crdClient.CustomResourceDefinitions().Get(context.Background(), crd.Name, metav1.GetOptions{})
+		if err != nil && !apierrors.IsNotFound(err) {
+			log.Fatal().Err(err).Msgf("error getting CRD %s", crd.Name)
+		}
+
+		if apierrors.IsNotFound(err) {
+			log.Info().Msgf("crds %s not found, creating CRD", crd.Name)
+			if err := util.CreateApplyAnnotation(crd, unstructured.UnstructuredJSONScheme); err != nil {
+				log.Fatal().Err(err).Msgf("Error applying annotation to CRD %s", crd.Name)
+			}
+			if _, err = crdClient.CustomResourceDefinitions().Create(context.Background(), crd, metav1.CreateOptions{}); err != nil {
+				log.Fatal().Err(err).Msgf("Error creating crd : %s", crd.Name)
+			}
+			log.Info().Msgf("Successfully created crd: %s", crd.Name)
+		} else {
+			log.Info().Msgf("Patching conversion webhook configuration for crd: %s, setting to \"None\"", crd.Name)
+
+			crdExisting.Labels[constants.ReconcileLabel] = strconv.FormatBool(enableReconciler)
+			crdExisting.Spec = crd.Spec
+			crdExisting.Spec.Conversion = &apiv1.CustomResourceConversion{
+				Strategy: apiv1.NoneConverter,
+			}
+			if _, err = crdClient.CustomResourceDefinitions().Update(context.Background(), crdExisting, metav1.UpdateOptions{}); err != nil {
+				log.Fatal().Err(err).Msgf("Error updating conversion webhook configuration for crd : %s", crd.Name)
+			}
+			log.Info().Msgf("successfully set conversion webhook configuration for crd : %s to \"None\"", crd.Name)
+		}
+	}
 }
 
 func (b *bootstrap) createDefaultMeshConfig() error {
@@ -267,8 +330,9 @@ func (b *bootstrap) ensureMeshConfig() error {
 }
 
 // initiatilizeKubernetesEventsRecorder initializes the generic Kubernetes event recorder and associates it with
+//
 //	the osm-bootstrap pod resource. The events recorder allows the osm-bootstap to publish Kubernets events to
-// 	report fatal errors with initializing this application. These events will show up in the output of `kubectl get events`
+//	report fatal errors with initializing this application. These events will show up in the output of `kubectl get events`
 func (b *bootstrap) initiatilizeKubernetesEventsRecorder() error {
 	bootstrapPod, err := b.getBootstrapPod()
 	if err != nil {

dockerfiles/Dockerfile.osm-bootstrap

@@ -12,3 +12,4 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
 
 FROM gcr.io/distroless/static
 COPY --from=builder /osm/osm-bootstrap /
+COPY ./cmd/osm-bootstrap/crds /osm-crds/

go.mod

@@ -30,15 +30,14 @@ require (
 	github.com/mholt/archiver/v3 v3.5.0
 	github.com/mitchellh/gox v1.0.1
 	github.com/mitchellh/hashstructure/v2 v2.0.1
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
 	github.com/norwoodj/helm-docs v1.4.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.17.0
 	github.com/opencontainers/runc v1.1.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.11.0
+	github.com/prometheus/client_golang v1.11.1
 	github.com/prometheus/common v0.28.0
 	github.com/rs/zerolog v1.18.0
 	github.com/servicemeshinterface/smi-sdk-go v0.5.0
@@ -75,7 +74,7 @@ require (
 	github.com/moby/sys/mountinfo v0.6.0 // indirect
 	github.com/stretchr/objx v0.3.0 // indirect
 	golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
-	golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect
+	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 	google.golang.org/genproto v0.0.0-20220303160752-862486edd9cc // indirect
 	honnef.co/go/tools v0.1.1 // indirect
 )