Trigger adc reconciliation if credentials is updated in ADC (#310)

Signed-off-by: Lubron Zhan <[email protected]>

Author: lubronzhan

controllers/akodeploymentconfig/akodeploymentconfig_controller.go

@@ -182,9 +182,12 @@ func (r *AKODeploymentConfigReconciler) secretToAKODeploymentConfig(c client.Cli
 		}
 
 		var requests []ctrl.Request
+		// enqueue if credentials or certificate of akoo is updated
 		for _, akoDeploymentConfig := range akoDeploymentConfigs.Items {
 			if akoDeploymentConfig.Spec.CertificateAuthorityRef.Name == secret.Name &&
-				akoDeploymentConfig.Spec.CertificateAuthorityRef.Namespace == secret.Namespace {
+				akoDeploymentConfig.Spec.CertificateAuthorityRef.Namespace == secret.Namespace ||
+				akoDeploymentConfig.Spec.AdminCredentialRef.Name == secret.Name &&
+					akoDeploymentConfig.Spec.AdminCredentialRef.Namespace == secret.Namespace {
 				requests = append(requests, ctrl.Request{
 					NamespacedName: types.NamespacedName{
 						Namespace: akoDeploymentConfig.Namespace,

controllers/akodeploymentconfig/akodeploymentconfig_controller_intg_test.go

@@ -26,7 +26,6 @@ import (
 	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/ako"
 	ako_operator "github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/ako-operator"
 	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/test/builder"
-	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/test/util"
 	testutil "github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/test/util"
 )
 
@@ -352,7 +351,7 @@ func intgTestAkoDeploymentConfigController() {
 			err := os.Setenv(ako_operator.IsControlPlaneHAProvider, "False")
 			Expect(err).ShouldNot(HaveOccurred())
 		})
-		It("shouldn't wait AIS if controlplane and dataplane has the same CIDR", func() {
+		It("shouldn't wait for AIS if controlplane and dataplane has the same CIDR", func() {
 			akoDeploymentConfig.Spec.ControlPlaneNetwork.CIDR = akoDeploymentConfig.Spec.DataNetwork.CIDR
 			createObjects(akoDeploymentConfig, cluster, controllerCredentials, controllerCA)
 			aviInfraSettingName = akoDeploymentConfig.Name + "-ais"
@@ -369,7 +368,7 @@ func intgTestAkoDeploymentConfigController() {
 			Expect(service.Annotations[akoov1alpha1.HAAVIInfraSettingAnnotationsKey]).To(BeEmpty())
 
 		})
-		It("should wait AIS before adding annotation to service", func() {
+		It("should wait for AIS before adding annotation to service", func() {
 			createObjects(akoDeploymentConfig, cluster, controllerCredentials, controllerCA)
 			aviInfraSettingName = akoDeploymentConfig.Name + "-ais"
 			ensureRuntimeObjectMatchExpectation(client.ObjectKey{
@@ -756,7 +755,7 @@ func intgTestAkoDeploymentConfigController() {
 						}, &akoov1alpha1.AKODeploymentConfig{}, true)
 
 						ensureRuntimeObjectMatchExpectation(client.ObjectKey{
-							Name: util.CustomADCName,
+							Name: testutil.CustomADCName,
 						}, &akoov1alpha1.AKODeploymentConfig{}, true)
 					})
 
@@ -775,7 +774,7 @@ func intgTestAkoDeploymentConfigController() {
 						ensureClusterAviLabelValueMatchExpectation(client.ObjectKey{
 							Name:      cluster.Name,
 							Namespace: cluster.Namespace,
-						}, akoov1alpha1.AviClusterLabel, util.CustomADCName, true)
+						}, akoov1alpha1.AviClusterLabel, testutil.CustomADCName, true)
 
 						By("removing cluster's label")
 						latestCluster := &clusterv1.Cluster{
@@ -814,7 +813,7 @@ func intgTestAkoDeploymentConfigController() {
 						}, &akoov1alpha1.AKODeploymentConfig{}, true)
 
 						ensureRuntimeObjectMatchExpectation(client.ObjectKey{
-							Name: util.CustomADCName,
+							Name: testutil.CustomADCName,
 						}, &akoov1alpha1.AKODeploymentConfig{}, true)
 					})
 
@@ -833,7 +832,7 @@ func intgTestAkoDeploymentConfigController() {
 						ensureClusterAviLabelValueMatchExpectation(client.ObjectKey{
 							Name:      cluster.Name,
 							Namespace: cluster.Namespace,
-						}, akoov1alpha1.AviClusterLabel, util.CustomADCName, true)
+						}, akoov1alpha1.AviClusterLabel, testutil.CustomADCName, true)
 
 						By("removing cluster's label")
 						latestCluster := &clusterv1.Cluster{

controllers/akodeploymentconfig/cluster/cluster_controller.go

@@ -8,24 +8,24 @@ import (
 	"fmt"
 	"time"
 
-	"k8s.io/client-go/kubernetes/scheme"
-
 	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
-	akoov1alpha1 "github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/api/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client/fake"
-	ctrlutil "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
-
-	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/ako"
-	akoo "github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/ako-operator"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/kubernetes/scheme"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/controllers/remote"
 	"sigs.k8s.io/cluster-api/util/conditions"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+	ctrlutil "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+
+	akoov1alpha1 "github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/api/v1alpha1"
+	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/ako"
+	akoo "github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/ako-operator"
+	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/utils"
 )
 
 const (
@@ -122,7 +122,7 @@ func (r *ClusterReconciler) cleanup(
 	//   - secret is <cluster-name>-load-balancer-and-ingress-service-data-values
 	secretName := r.akoAddonDataValueName()
 	if akoo.IsClusterClassBasedCluster(obj) {
-		secretName = r.akoAddonSecretNameForClusterClass(obj)
+		secretName = utils.AKOAddonSecretNameForClusterClass(obj)
 	}
 	if err := remoteClient.Get(ctx, client.ObjectKey{
 		Name:      secretName,

controllers/akodeploymentconfig/cluster/cluster_controller_addon_secret.go

@@ -87,7 +87,7 @@ func (r *ClusterReconciler) ReconcileAddonSecret(
 	}
 	secret := &corev1.Secret{}
 	if err = r.Get(ctx, client.ObjectKey{
-		Name:      r.akoAddonSecretName(cluster),
+		Name:      utils.AKOAddonSecretName(cluster),
 		Namespace: cluster.Namespace,
 	}, secret); err != nil {
 		if apierrors.IsNotFound(err) {
@@ -125,7 +125,7 @@ func (r *ClusterReconciler) ReconcileAddonSecretDelete(
 
 	secret := &corev1.Secret{}
 	if err := r.Get(ctx, client.ObjectKey{
-		Name:      r.akoAddonSecretName(cluster),
+		Name:      utils.AKOAddonSecretName(cluster),
 		Namespace: cluster.Namespace,
 	}, secret); err != nil {
 		if apierrors.IsNotFound(err) {
@@ -153,26 +153,14 @@ func (r *ClusterReconciler) ReconcileAddonSecretDelete(
 	return res, nil
 }
 
-func (r *ClusterReconciler) aviUserSecretName(cluster *clusterv1.Cluster) string {
-	return cluster.Name + "-avi-credentials"
-}
-
-func (r *ClusterReconciler) akoAddonSecretName(cluster *clusterv1.Cluster) string {
-	return cluster.Name + "-load-balancer-and-ingress-service-addon"
-}
-
-func (r *ClusterReconciler) akoAddonSecretNameForClusterClass(cluster *clusterv1.Cluster) string {
-	return cluster.Name + "-load-balancer-and-ingress-service-data-values"
-}
-
 func (r *ClusterReconciler) createAKOAddonSecret(cluster *clusterv1.Cluster, obj *akoov1alpha1.AKODeploymentConfig, aviUsersecret *corev1.Secret) (*corev1.Secret, error) {
 	secretStringData, err := AkoAddonSecretDataYaml(cluster, obj, aviUsersecret)
 	if err != nil {
 		return nil, err
 	}
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      r.akoAddonSecretName(cluster),
+			Name:      utils.AKOAddonSecretName(cluster),
 			Namespace: cluster.Namespace,
 			Annotations: map[string]string{
 				akoov1alpha1.TKGAddonAnnotationKey: "networking/load-balancer-and-ingress-service",
@@ -223,7 +211,7 @@ func AkoAddonSecretDataYaml(cluster *clusterv1.Cluster, obj *akoov1alpha1.AKODep
 func (r *ClusterReconciler) getClusterAviUserSecret(cluster *clusterv1.Cluster, ctx context.Context) (*corev1.Secret, error) {
 	secret := &corev1.Secret{}
 	if err := r.Get(ctx, client.ObjectKey{
-		Name:      r.aviUserSecretName(cluster),
+		Name:      utils.AVIUserSecretName(cluster),
 		Namespace: cluster.Namespace,
 	}, secret); err != nil {
 		return secret, err
@@ -264,7 +252,7 @@ func (r *ClusterReconciler) patchAkoPackageRefToClusterBootstrap(ctx context.Con
 	expectedAKOClusterBootstrapPackage := &runv1alpha3.ClusterBootstrapPackage{
 		RefName: akoPackageRefName,
 		ValuesFrom: &runv1alpha3.ValuesFrom{
-			SecretRef: r.akoAddonSecretName(cluster),
+			SecretRef: utils.AKOAddonSecretName(cluster),
 		},
 	}
 
@@ -390,7 +378,7 @@ func ValidateClusterIpFamily(cluster *clusterv1.Cluster, adc *akoov1alpha1.AKODe
 	// When enable avi as control plane ha, backend server shouldn't use secondary ip type
 	// TODO:(chenlin) Remove validation after AKO supports configurable ip pool
 	if isVIPProvider && adcIpFamily == IPv6IpFamily && clusterIpFamily == DualStackIPv4Primary {
-		return errors.New("When enabling avi as control plane HA, AKO with IP family V6 can not work together with ipv4 primary dual-stack cluster")
+		return errors.New("when enabling avi as control plane HA, AKO with IP family V6 can not work together with ipv4 primary dual-stack cluster")
 	}
 	return nil
 }

controllers/akodeploymentconfig/user/user_controller.go

@@ -8,9 +8,6 @@ import (
 
 	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
-	akoov1alpha1 "github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/api/v1alpha1"
-	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/aviclient"
-	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/utils"
 	"github.com/vmware/alb-sdk/go/models"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -22,6 +19,10 @@ import (
 	"sigs.k8s.io/cluster-api/util/conditions"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	akoov1alpha1 "github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/api/v1alpha1"
+	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/aviclient"
+	"github.com/vmware-tanzu/load-balancer-operator-for-kubernetes/pkg/utils"
 )
 
 // AkoUserReconciler reconcile avi user related resources
@@ -431,12 +432,12 @@ func (r *AkoUserReconciler) deployManagementClusterSecret(
 		Name:      obj.Spec.AdminCredentialRef.Name,
 		Namespace: obj.Spec.AdminCredentialRef.Namespace,
 	}, adminCredential); err != nil {
-		log.Error(err, "Failed to find referenced AdminCredential Secret")
+		log.Error(err, "Failed to find referenced AdminCredential Secret", "secret namespace", obj.Spec.AdminCredentialRef.Namespace, "secret name", obj.Spec.AdminCredentialRef.Name)
 		return err
 	}
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      cluster.Name + "-avi-credentials",
+			Name:      utils.AVIUserSecretName(cluster),
 			Namespace: cluster.Namespace,
 		},
 		Type: akoov1alpha1.AviClusterSecretType,
@@ -448,7 +449,7 @@ func (r *AkoUserReconciler) deployManagementClusterSecret(
 	}
 	err := r.Client.Create(ctx, secret)
 	if apierrors.IsAlreadyExists(err) {
-		log.Info("avi secret already exists, update avi-secret")
+		log.Info("avi secret already exists, update avi-secret", "secret namespace", secret.Namespace, "secret name", secret.Name)
 		return r.Client.Update(ctx, secret)
 	}
 	return err

pkg/haprovider/haprovider.go

@@ -67,7 +67,7 @@ func (r *HAProvider) CreateOrUpdateHAService(ctx context.Context, cluster *clust
 		Namespace: cluster.Namespace,
 	}, service); err != nil {
 		if apierrors.IsNotFound(err) {
-			r.log.Info(serviceName + "service doesn't exist, start creating it...")
+			r.log.Info(serviceName + " service doesn't exist, start creating it...")
 			service, err = r.createService(ctx, cluster)
 			if err != nil {
 				return err

pkg/utils/get_objects.go

@@ -0,0 +1,20 @@
+// Copyright 2024 VMware, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+package utils
+
+import (
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+)
+
+func AVIUserSecretName(cluster *clusterv1.Cluster) string {
+	return cluster.Name + "-avi-credentials"
+}
+
+func AKOAddonSecretName(cluster *clusterv1.Cluster) string {
+	return cluster.Name + "-load-balancer-and-ingress-service-addon"
+}
+
+func AKOAddonSecretNameForClusterClass(cluster *clusterv1.Cluster) string {
+	return cluster.Name + "-load-balancer-and-ingress-service-data-values"
+}