constellation/bootstrapper/internal/kubernetes/k8sapi/kubectl/kubectl.go

/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

package kubectl

import (
	"context"
	"errors"
	"fmt"

	"github.com/edgelesssys/constellation/v2/internal/kubernetes"
	corev1 "k8s.io/api/core/v1"
	"k8s.io/cli-runtime/pkg/resource"
)

// ErrKubeconfigNotSet is the error value returned by Kubectl.Apply when SetKubeconfig was not called first.
var ErrKubeconfigNotSet = errors.New("kubeconfig not set")

// Client wraps marshable k8s resources into resource.Info fields and applies them in a cluster.
type Client interface {
	// ApplyOneObject applies a k8s resource similar to kubectl apply.
	ApplyOneObject(info *resource.Info, forceConflicts bool) error
	// GetObjects converts resources into prepared info fields for use in ApplyOneObject.
	GetObjects(resources kubernetes.Marshaler) ([]*resource.Info, error)
	CreateConfigMap(ctx context.Context, configMap corev1.ConfigMap) error
	AddTolerationsToDeployment(ctx context.Context, tolerations []corev1.Toleration, name string, namespace string) error
	AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error
	// WaitForCRD waits for the given CRD to be established.
	WaitForCRD(ctx context.Context, crd string) error
	ListAllNamespaces(ctx context.Context) (*corev1.NamespaceList, error)
}

// clientGenerator can generate new clients from a kubeconfig.
type clientGenerator interface {
	NewClient(kubeconfig []byte) (Client, error)
}

// Kubectl implements kubernetes.Apply interface and acts like the Kubernetes "kubectl" tool.
type Kubectl struct {
	clientGenerator
	kubeconfig []byte
}

// New creates a new kubectl using the real clientGenerator.
func New() *Kubectl {
	return &Kubectl{
		clientGenerator: &generator{},
	}
}

// Apply will apply the given resources using server-side-apply.
func (k *Kubectl) Apply(resources kubernetes.Marshaler, forceConflicts bool) error {
	if k.kubeconfig == nil {
		return ErrKubeconfigNotSet
	}
	client, err := k.clientGenerator.NewClient(k.kubeconfig)
	if err != nil {
		return err
	}
	// convert marshaler object into []*resource.info
	infos, err := client.GetObjects(resources)
	if err != nil {
		return err
	}

	// apply each object, one by one
	for i, resource := range infos {
		if err := client.ApplyOneObject(resource, forceConflicts); err != nil {
			return fmt.Errorf("kubectl apply of object %v/%v: %w", i+1, len(infos), err)
		}
	}

	return nil
}

// SetKubeconfig will store the kubeconfig to generate Clients using the clientGenerator later.
func (k *Kubectl) SetKubeconfig(kubeconfig []byte) {
	k.kubeconfig = kubeconfig
}

// CreateConfigMap creates the provided configmap.
func (k *Kubectl) CreateConfigMap(ctx context.Context, configMap corev1.ConfigMap) error {
	client, err := k.clientGenerator.NewClient(k.kubeconfig)
	if err != nil {
		return err
	}

	return client.CreateConfigMap(ctx, configMap)
}

// ListAllNamespaces returns all namespaces in the cluster.
func (k *Kubectl) ListAllNamespaces(ctx context.Context) (*corev1.NamespaceList, error) {
	client, err := k.clientGenerator.NewClient(k.kubeconfig)
	if err != nil {
		return nil, err
	}

	return client.ListAllNamespaces(ctx)
}

// AddTolerationsToDeployment adds [K8s tolerations] to the deployment, identified
// by name and namespace.
//
// [K8s tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
func (k *Kubectl) AddTolerationsToDeployment(ctx context.Context, tolerations []corev1.Toleration, name string, namespace string) error {
	client, err := k.clientGenerator.NewClient(k.kubeconfig)
	if err != nil {
		return err
	}

	if err = client.AddTolerationsToDeployment(ctx, tolerations, name, namespace); err != nil {
		return err
	}

	return nil
}

// AddNodeSelectorsToDeployment adds [K8s selectors] to the deployment, identified
// by name and namespace.
//
// [K8s selectors]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
func (k *Kubectl) AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error {
	client, err := k.clientGenerator.NewClient(k.kubeconfig)
	if err != nil {
		return err
	}

	if err = client.AddNodeSelectorsToDeployment(ctx, selectors, name, namespace); err != nil {
		return err
	}

	return nil
}

// WaitForCRDs waits for a list of CRDs to be established.
func (k *Kubectl) WaitForCRDs(ctx context.Context, crds []string) error {
	client, err := k.clientGenerator.NewClient(k.kubeconfig)
	if err != nil {
		return err
	}

	for _, crd := range crds {
		err = client.WaitForCRD(ctx, crd)
		if err != nil {
			return err
		}
	}
	return nil
}
add license headers sed -i '1i/\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w . 2022-09-05 03:06:08 -04:00			`/*`
			`Copyright (c) Edgeless Systems GmbH`

			`SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`package kubectl`

			`import (`
AB#2074: Choosable K8S Version (#277) AB#2074: Add configurable k8s version Configurable version flow: * cli config holds/validates k8sVersion * InitCluster receive a k8sVersion arg * InitCluster creates CM "k8s-version" * kubeadm's InitConfiguration receives k8sVersion * joinservice spec mounts/reads k8s-version CM * joinservice supplies k8sVersion via JoinTicketResponse Other changes: * Remove unused test code (FakeK8SClient) * move VersionConfig map to /internal/versions * installk8sComponents is now a function instead of a method 2022-07-18 06:28:02 -04:00			`"context"`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`"errors"`
			`"fmt"`

Upgrade go module to v2 2022-09-21 07:47:57 -04:00			`"github.com/edgelesssys/constellation/v2/internal/kubernetes"`
AB#2074: Choosable K8S Version (#277) AB#2074: Add configurable k8s version Configurable version flow: * cli config holds/validates k8sVersion * InitCluster receive a k8sVersion arg * InitCluster creates CM "k8s-version" * kubeadm's InitConfiguration receives k8sVersion * joinservice spec mounts/reads k8s-version CM * joinservice supplies k8sVersion via JoinTicketResponse Other changes: * Remove unused test code (FakeK8SClient) * move VersionConfig map to /internal/versions * installk8sComponents is now a function instead of a method 2022-07-18 06:28:02 -04:00			`corev1 "k8s.io/api/core/v1"`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`"k8s.io/cli-runtime/pkg/resource"`
			`)`

			`// ErrKubeconfigNotSet is the error value returned by Kubectl.Apply when SetKubeconfig was not called first.`
			`var ErrKubeconfigNotSet = errors.New("kubeconfig not set")`

			`// Client wraps marshable k8s resources into resource.Info fields and applies them in a cluster.`
			`type Client interface {`
			`// ApplyOneObject applies a k8s resource similar to kubectl apply.`
			`ApplyOneObject(info *resource.Info, forceConflicts bool) error`
			`// GetObjects converts resources into prepared info fields for use in ApplyOneObject.`
Move cloud metadata packages and kubernetes resources marshaling to internal Decouples cloud provider metadata packages from kubernetes related code Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-08-29 08:30:20 -04:00			`GetObjects(resources kubernetes.Marshaler) ([]*resource.Info, error)`
AB#2074: Choosable K8S Version (#277) AB#2074: Add configurable k8s version Configurable version flow: * cli config holds/validates k8sVersion * InitCluster receive a k8sVersion arg * InitCluster creates CM "k8s-version" * kubeadm's InitConfiguration receives k8sVersion * joinservice spec mounts/reads k8s-version CM * joinservice supplies k8sVersion via JoinTicketResponse Other changes: * Remove unused test code (FakeK8SClient) * move VersionConfig map to /internal/versions * installk8sComponents is now a function instead of a method 2022-07-18 06:28:02 -04:00			`CreateConfigMap(ctx context.Context, configMap corev1.ConfigMap) error`
add namespace to kubectl requests (#315) * add namespace to kubectl requests * Add tests for missing/wrong namespace Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-07-28 10:07:29 -04:00			`AddTolerationsToDeployment(ctx context.Context, tolerations []corev1.Toleration, name string, namespace string) error`
			`AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error`
Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-08-04 10:15:52 -04:00			`// WaitForCRD waits for the given CRD to be established.`
			`WaitForCRD(ctx context.Context, crd string) error`
Wait for kube api during init (#440) * kubernetes: wait for KubeAPI to be reachable 2022-11-04 07:36:26 -04:00			`ListAllNamespaces(ctx context.Context) (*corev1.NamespaceList, error)`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`}`

			`// clientGenerator can generate new clients from a kubeconfig.`
			`type clientGenerator interface {`
			`NewClient(kubeconfig []byte) (Client, error)`
			`}`

Capitalize Kubernetes 2022-04-26 05:22:21 -04:00			`// Kubectl implements kubernetes.Apply interface and acts like the Kubernetes "kubectl" tool.`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`type Kubectl struct {`
			`clientGenerator`
			`kubeconfig []byte`
			`}`

			`// New creates a new kubectl using the real clientGenerator.`
			`func New() *Kubectl {`
			`return &Kubectl{`
			`clientGenerator: &generator{},`
			`}`
			`}`

			`// Apply will apply the given resources using server-side-apply.`
Move cloud metadata packages and kubernetes resources marshaling to internal Decouples cloud provider metadata packages from kubernetes related code Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-08-29 08:30:20 -04:00			`func (k *Kubectl) Apply(resources kubernetes.Marshaler, forceConflicts bool) error {`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`if k.kubeconfig == nil {`
			`return ErrKubeconfigNotSet`
			`}`
			`client, err := k.clientGenerator.NewClient(k.kubeconfig)`
			`if err != nil {`
			`return err`
			`}`
			`// convert marshaler object into []*resource.info`
			`infos, err := client.GetObjects(resources)`
			`if err != nil {`
			`return err`
			`}`

			`// apply each object, one by one`
			`for i, resource := range infos {`
			`if err := client.ApplyOneObject(resource, forceConflicts); err != nil {`
kubernetes server side apply: start counting resources at 1 (#74) 2022-09-05 10:50:22 -04:00			`return fmt.Errorf("kubectl apply of object %v/%v: %w", i+1, len(infos), err)`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`}`
			`}`

			`return nil`
			`}`

			`// SetKubeconfig will store the kubeconfig to generate Clients using the clientGenerator later.`
			`func (k *Kubectl) SetKubeconfig(kubeconfig []byte) {`
			`k.kubeconfig = kubeconfig`
			`}`
AB#2074: Choosable K8S Version (#277) AB#2074: Add configurable k8s version Configurable version flow: * cli config holds/validates k8sVersion * InitCluster receive a k8sVersion arg * InitCluster creates CM "k8s-version" * kubeadm's InitConfiguration receives k8sVersion * joinservice spec mounts/reads k8s-version CM * joinservice supplies k8sVersion via JoinTicketResponse Other changes: * Remove unused test code (FakeK8SClient) * move VersionConfig map to /internal/versions * installk8sComponents is now a function instead of a method 2022-07-18 06:28:02 -04:00
Document exported funcs,types,interfaces and enable check. (#475) * Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-11-09 09:57:54 -05:00			`// CreateConfigMap creates the provided configmap.`
AB#2074: Choosable K8S Version (#277) AB#2074: Add configurable k8s version Configurable version flow: * cli config holds/validates k8sVersion * InitCluster receive a k8sVersion arg * InitCluster creates CM "k8s-version" * kubeadm's InitConfiguration receives k8sVersion * joinservice spec mounts/reads k8s-version CM * joinservice supplies k8sVersion via JoinTicketResponse Other changes: * Remove unused test code (FakeK8SClient) * move VersionConfig map to /internal/versions * installk8sComponents is now a function instead of a method 2022-07-18 06:28:02 -04:00			`func (k *Kubectl) CreateConfigMap(ctx context.Context, configMap corev1.ConfigMap) error {`
			`client, err := k.clientGenerator.NewClient(k.kubeconfig)`
			`if err != nil {`
			`return err`
			`}`

Wait for kube api during init (#440) * kubernetes: wait for KubeAPI to be reachable 2022-11-04 07:36:26 -04:00			`return client.CreateConfigMap(ctx, configMap)`
			`}`

			`// ListAllNamespaces returns all namespaces in the cluster.`
			`func (k Kubectl) ListAllNamespaces(ctx context.Context) (corev1.NamespaceList, error) {`
			`client, err := k.clientGenerator.NewClient(k.kubeconfig)`
AB#2074: Choosable K8S Version (#277) AB#2074: Add configurable k8s version Configurable version flow: * cli config holds/validates k8sVersion * InitCluster receive a k8sVersion arg * InitCluster creates CM "k8s-version" * kubeadm's InitConfiguration receives k8sVersion * joinservice spec mounts/reads k8s-version CM * joinservice supplies k8sVersion via JoinTicketResponse Other changes: * Remove unused test code (FakeK8SClient) * move VersionConfig map to /internal/versions * installk8sComponents is now a function instead of a method 2022-07-18 06:28:02 -04:00			`if err != nil {`
Wait for kube api during init (#440) * kubernetes: wait for KubeAPI to be reachable 2022-11-04 07:36:26 -04:00			`return nil, err`
AB#2074: Choosable K8S Version (#277) AB#2074: Add configurable k8s version Configurable version flow: * cli config holds/validates k8sVersion * InitCluster receive a k8sVersion arg * InitCluster creates CM "k8s-version" * kubeadm's InitConfiguration receives k8sVersion * joinservice spec mounts/reads k8s-version CM * joinservice supplies k8sVersion via JoinTicketResponse Other changes: * Remove unused test code (FakeK8SClient) * move VersionConfig map to /internal/versions * installk8sComponents is now a function instead of a method 2022-07-18 06:28:02 -04:00			`}`

Wait for kube api during init (#440) * kubernetes: wait for KubeAPI to be reachable 2022-11-04 07:36:26 -04:00			`return client.ListAllNamespaces(ctx)`
AB#2074: Choosable K8S Version (#277) AB#2074: Add configurable k8s version Configurable version flow: * cli config holds/validates k8sVersion * InitCluster receive a k8sVersion arg * InitCluster creates CM "k8s-version" * kubeadm's InitConfiguration receives k8sVersion * joinservice spec mounts/reads k8s-version CM * joinservice supplies k8sVersion via JoinTicketResponse Other changes: * Remove unused test code (FakeK8SClient) * move VersionConfig map to /internal/versions * installk8sComponents is now a function instead of a method 2022-07-18 06:28:02 -04:00			`}`
AB#2234: Introduce AddTolerationsToDeployment Add the above function to the different client interfaces. Update adjacent functions to provided needed ctx and client objects. 2022-07-14 15:15:31 -04:00
Document exported funcs,types,interfaces and enable check. (#475) * Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-11-09 09:57:54 -05:00			`// AddTolerationsToDeployment adds [K8s tolerations] to the deployment, identified`
			`// by name and namespace.`
			`//`
			`// [K8s tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/`
add namespace to kubectl requests (#315) * add namespace to kubectl requests * Add tests for missing/wrong namespace Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-07-28 10:07:29 -04:00			`func (k *Kubectl) AddTolerationsToDeployment(ctx context.Context, tolerations []corev1.Toleration, name string, namespace string) error {`
AB#2234: Introduce AddTolerationsToDeployment Add the above function to the different client interfaces. Update adjacent functions to provided needed ctx and client objects. 2022-07-14 15:15:31 -04:00			`client, err := k.clientGenerator.NewClient(k.kubeconfig)`
			`if err != nil {`
			`return err`
			`}`

add namespace to kubectl requests (#315) * add namespace to kubectl requests * Add tests for missing/wrong namespace Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-07-28 10:07:29 -04:00			`if err = client.AddTolerationsToDeployment(ctx, tolerations, name, namespace); err != nil {`
AB#2234: Introduce AddTolerationsToDeployment Add the above function to the different client interfaces. Update adjacent functions to provided needed ctx and client objects. 2022-07-14 15:15:31 -04:00			`return err`
			`}`

			`return nil`
			`}`

Document exported funcs,types,interfaces and enable check. (#475) * Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-11-09 09:57:54 -05:00			`// AddNodeSelectorsToDeployment adds [K8s selectors] to the deployment, identified`
			`// by name and namespace.`
			`//`
			`// [K8s selectors]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/`
add namespace to kubectl requests (#315) * add namespace to kubectl requests * Add tests for missing/wrong namespace Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-07-28 10:07:29 -04:00			`func (k *Kubectl) AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error {`
AB#2234: Introduce AddNodeSelectorsToDeployment Add the above function to the different client interfaces. Remove previously used Command.Exec call. 2022-07-26 04:10:34 -04:00			`client, err := k.clientGenerator.NewClient(k.kubeconfig)`
			`if err != nil {`
			`return err`
			`}`

add namespace to kubectl requests (#315) * add namespace to kubectl requests * Add tests for missing/wrong namespace Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-07-28 10:07:29 -04:00			`if err = client.AddNodeSelectorsToDeployment(ctx, selectors, name, namespace); err != nil {`
AB#2234: Introduce AddNodeSelectorsToDeployment Add the above function to the different client interfaces. Remove previously used Command.Exec call. 2022-07-26 04:10:34 -04:00			`return err`
			`}`

			`return nil`
			`}`
Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-08-04 10:15:52 -04:00
Document exported funcs,types,interfaces and enable check. (#475) * Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net> 2022-11-09 09:57:54 -05:00			`// WaitForCRDs waits for a list of CRDs to be established.`
Deploy operator-lifecycle-manager (OLM), node-maintenance-operator (NMO) and constellation-node-operator Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-08-04 10:15:52 -04:00			`func (k *Kubectl) WaitForCRDs(ctx context.Context, crds []string) error {`
			`client, err := k.clientGenerator.NewClient(k.kubeconfig)`
			`if err != nil {`
			`return err`
			`}`

			`for _, crd := range crds {`
			`err = client.WaitForCRD(ctx, crd)`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`