Document exported funcs,types,interfaces and enable check. (#475)

* Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net>
2025-05-02 06:16:08 -04:00 · 2022-11-09 15:57:54 +01:00 · 2022-11-09 15:57:54 +01:00 · 0d12e37c96
commit 0d12e37c96
parent c9873f2bfb
74 changed files with 337 additions and 78 deletions
--- a/bootstrapper/internal/kubernetes/k8sapi/joinargs.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/joinargs.go
@ -14,10 +14,13 @@ import (
 	kubeadm "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3"
 )

+// ParseJoinCommand parses API server endpoint, token and CA cert hash from
+// provided kubeadm join shell command, and returns it as a BootstrapTokenDiscovery.
+//
+// Expected format:
+// kubeadm join [API_SERVER_ENDPOINT] --token [TOKEN] --discovery-token-ca-cert-hash [DISCOVERY_TOKEN_CA_CERT_HASH] --control-plane
+// .
 func ParseJoinCommand(joinCommand string) (*kubeadm.BootstrapTokenDiscovery, error) {
-	// Format:
-	// kubeadm join [API_SERVER_ENDPOINT] --token [TOKEN] --discovery-token-ca-cert-hash [DISCOVERY_TOKEN_CA_CERT_HASH] --control-plane
-
 	// split and verify that this is a kubeadm join command
 	argv, err := shlex.Split(joinCommand)
 	if err != nil {
--- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
@ -112,6 +112,7 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, version versions
 	return enableSystemdUnit(ctx, kubeletServicePath)
 }

+// InitCluster instruments kubeadm to initialize the K8s cluster.
 func (k *KubernetesUtil) InitCluster(
 	ctx context.Context, initConfig []byte, nodeName string, ips []net.IP, controlPlaneEndpoint string, conformanceMode bool, log *logger.Logger,
 ) error {
@ -242,10 +243,12 @@ func (k *KubernetesUtil) prepareControlPlaneForKonnectivity(ctx context.Context,
 	return nil
 }

+// SetupKonnectivity uses kubectl client to apply the provided konnectivity daemon set.
 func (k *KubernetesUtil) SetupKonnectivity(kubectl Client, konnectivityAgentsDaemonSet kubernetes.Marshaler) error {
 	return kubectl.Apply(konnectivityAgentsDaemonSet, true)
 }

+// SetupPodNetworkInput holds all configuration options to setup the pod network.
 type SetupPodNetworkInput struct {
 	CloudProvider        string
 	NodeName             string
@ -339,6 +342,7 @@ func (k *KubernetesUtil) SetupVerificationService(kubectl Client, verificationSe
 	return kubectl.Apply(verificationServiceConfiguration, true)
 }

+// SetupOperatorLifecycleManager deploys operator lifecycle manager.
 func (k *KubernetesUtil) SetupOperatorLifecycleManager(ctx context.Context, kubectl Client, olmCRDs, olmConfiguration kubernetes.Marshaler, crdNames []string) error {
 	if err := kubectl.Apply(olmCRDs, true); err != nil {
 		return fmt.Errorf("applying OLM CRDs: %w", err)
@ -351,10 +355,12 @@ func (k *KubernetesUtil) SetupOperatorLifecycleManager(ctx context.Context, kube
 	return kubectl.Apply(olmConfiguration, true)
 }

+// SetupNodeMaintenanceOperator deploys node maintenance operator.
 func (k *KubernetesUtil) SetupNodeMaintenanceOperator(kubectl Client, nodeMaintenanceOperatorConfiguration kubernetes.Marshaler) error {
 	return kubectl.Apply(nodeMaintenanceOperatorConfiguration, true)
 }

+// SetupNodeOperator deploys node operator.
 func (k *KubernetesUtil) SetupNodeOperator(ctx context.Context, kubectl Client, nodeOperatorConfiguration kubernetes.Marshaler) error {
 	return kubectl.Apply(nodeOperatorConfiguration, true)
 }
--- a/bootstrapper/internal/kubernetes/k8sapi/kubeadm_config.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/kubeadm_config.go
@ -29,8 +29,10 @@ const (
 	auditPolicyPath = "/etc/kubernetes/audit-policy.yaml"
 )

+// KubdeadmConfiguration is used to generate kubeadm configurations.
 type KubdeadmConfiguration struct{}

+// InitConfiguration returns a new init configuration.
 func (c *KubdeadmConfiguration) InitConfiguration(externalCloudProvider bool, k8sVersion versions.ValidK8sVersion) KubeadmInitYAML {
 	var cloudProvider string
 	if externalCloudProvider {
@ -171,6 +173,7 @@ func (c *KubdeadmConfiguration) InitConfiguration(externalCloudProvider bool, k8
 	}
 }

+// JoinConfiguration returns a new kubeadm join configuration.
 func (c *KubdeadmConfiguration) JoinConfiguration(externalCloudProvider bool) KubeadmJoinYAML {
 	var cloudProvider string
 	if externalCloudProvider {
@ -201,27 +204,33 @@ func (c *KubdeadmConfiguration) JoinConfiguration(externalCloudProvider bool) Ku
 	}
 }

+// KubeadmJoinYAML holds configuration for kubeadm join workflow.
 type KubeadmJoinYAML struct {
 	JoinConfiguration    kubeadm.JoinConfiguration
 	KubeletConfiguration kubeletconf.KubeletConfiguration
 }

+// SetNodeName sets the node name.
 func (k *KubeadmJoinYAML) SetNodeName(nodeName string) {
 	k.JoinConfiguration.NodeRegistration.Name = nodeName
 }

+// SetAPIServerEndpoint sets the api server endpoint.
 func (k *KubeadmJoinYAML) SetAPIServerEndpoint(apiServerEndpoint string) {
 	k.JoinConfiguration.Discovery.BootstrapToken.APIServerEndpoint = apiServerEndpoint
 }

+// SetToken sets the boostrap token.
 func (k *KubeadmJoinYAML) SetToken(token string) {
 	k.JoinConfiguration.Discovery.BootstrapToken.Token = token
 }

+// AppendDiscoveryTokenCaCertHash appends another trusted discovery token CA hash.
 func (k *KubeadmJoinYAML) AppendDiscoveryTokenCaCertHash(discoveryTokenCaCertHash string) {
 	k.JoinConfiguration.Discovery.BootstrapToken.CACertHashes = append(k.JoinConfiguration.Discovery.BootstrapToken.CACertHashes, discoveryTokenCaCertHash)
 }

+// SetNodeIP sets the node IP.
 func (k *KubeadmJoinYAML) SetNodeIP(nodeIP string) {
 	if k.JoinConfiguration.NodeRegistration.KubeletExtraArgs == nil {
 		k.JoinConfiguration.NodeRegistration.KubeletExtraArgs = map[string]string{"node-ip": nodeIP}
@ -230,10 +239,12 @@ func (k *KubeadmJoinYAML) SetNodeIP(nodeIP string) {
 	}
 }

+// SetProviderID sets the provider ID.
 func (k *KubeadmJoinYAML) SetProviderID(providerID string) {
 	k.KubeletConfiguration.ProviderID = providerID
 }

+// SetControlPlane sets the control plane with the advertised address.
 func (k *KubeadmJoinYAML) SetControlPlane(advertiseAddress string) {
 	k.JoinConfiguration.ControlPlane = &kubeadm.JoinControlPlane{
 		LocalAPIEndpoint: kubeadm.APIEndpoint{
@ -244,21 +255,25 @@ func (k *KubeadmJoinYAML) SetControlPlane(advertiseAddress string) {
 	k.JoinConfiguration.SkipPhases = []string{"control-plane-prepare/download-certs"}
 }

+// Marshal into a k8s resource YAML.
 func (k *KubeadmJoinYAML) Marshal() ([]byte, error) {
 	return kubernetes.MarshalK8SResources(k)
 }

+// Unmarshal from a k8s resource YAML.
 func (k *KubeadmJoinYAML) Unmarshal(yamlData []byte) (KubeadmJoinYAML, error) {
 	var tmp KubeadmJoinYAML
 	return tmp, kubernetes.UnmarshalK8SResources(yamlData, &tmp)
 }

+// KubeadmInitYAML holds configuration for kubeadm init workflow.
 type KubeadmInitYAML struct {
 	InitConfiguration    kubeadm.InitConfiguration
 	ClusterConfiguration kubeadm.ClusterConfiguration
 	KubeletConfiguration kubeletconf.KubeletConfiguration
 }

+// SetNodeName sets name of node.
 func (k *KubeadmInitYAML) SetNodeName(nodeName string) {
 	k.InitConfiguration.NodeRegistration.Name = nodeName
 }
@ -273,6 +288,7 @@ func (k *KubeadmInitYAML) SetCertSANs(certSANs []string) {
 	}
 }

+// SetAPIServerAdvertiseAddress sets the advertised API server address.
 func (k *KubeadmInitYAML) SetAPIServerAdvertiseAddress(apiServerAdvertiseAddress string) {
 	k.InitConfiguration.LocalAPIEndpoint.AdvertiseAddress = apiServerAdvertiseAddress
 }
@ -284,18 +300,22 @@ func (k *KubeadmInitYAML) SetControlPlaneEndpoint(controlPlaneEndpoint string) {
 	}
 }

+// SetServiceCIDR sets the CIDR of service subnet.
 func (k *KubeadmInitYAML) SetServiceCIDR(serviceCIDR string) {
 	k.ClusterConfiguration.Networking.ServiceSubnet = serviceCIDR
 }

+// SetPodNetworkCIDR sets the CIDR of pod subnet.
 func (k *KubeadmInitYAML) SetPodNetworkCIDR(podNetworkCIDR string) {
 	k.ClusterConfiguration.Networking.PodSubnet = podNetworkCIDR
 }

+// SetServiceDNSDomain sets the dns domain.
 func (k *KubeadmInitYAML) SetServiceDNSDomain(serviceDNSDomain string) {
 	k.ClusterConfiguration.Networking.DNSDomain = serviceDNSDomain
 }

+// SetNodeIP sets the node IP.
 func (k *KubeadmInitYAML) SetNodeIP(nodeIP string) {
 	if k.InitConfiguration.NodeRegistration.KubeletExtraArgs == nil {
 		k.InitConfiguration.NodeRegistration.KubeletExtraArgs = map[string]string{"node-ip": nodeIP}
@ -304,6 +324,7 @@ func (k *KubeadmInitYAML) SetNodeIP(nodeIP string) {
 	}
 }

+// SetProviderID sets the provider ID.
 func (k *KubeadmInitYAML) SetProviderID(providerID string) {
 	if k.InitConfiguration.NodeRegistration.KubeletExtraArgs == nil {
 		k.InitConfiguration.NodeRegistration.KubeletExtraArgs = map[string]string{"provider-id": providerID}
@ -312,10 +333,12 @@ func (k *KubeadmInitYAML) SetProviderID(providerID string) {
 	}
 }

+// Marshal into a k8s resource YAML.
 func (k *KubeadmInitYAML) Marshal() ([]byte, error) {
 	return kubernetes.MarshalK8SResources(k)
 }

+// Unmarshal from a k8s resource YAML.
 func (k *KubeadmInitYAML) Unmarshal(yamlData []byte) (KubeadmInitYAML, error) {
 	var tmp KubeadmInitYAML
 	return tmp, kubernetes.UnmarshalK8SResources(yamlData, &tmp)
--- a/bootstrapper/internal/kubernetes/k8sapi/kubectl/client/client.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/kubectl/client/client.go
@ -121,6 +121,10 @@ func (c *Client) ListAllNamespaces(ctx context.Context) (*corev1.NamespaceList,
 	return c.clientset.CoreV1().Namespaces().List(ctx, metav1.ListOptions{})
 }

+// AddTolerationsToDeployment adds [K8s tolerations] to the deployment, identified
+// by name and namespace.
+//
+// [K8s tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
 func (c *Client) AddTolerationsToDeployment(ctx context.Context, tolerations []corev1.Toleration, name string, namespace string) error {
 	deployments := c.clientset.AppsV1().Deployments(namespace)

@ -143,6 +147,10 @@ func (c *Client) AddTolerationsToDeployment(ctx context.Context, tolerations []c
 	return nil
 }

+// AddNodeSelectorsToDeployment adds [K8s selectors] to the deployment, identified
+// by name and namespace.
+//
+// [K8s selectors]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 func (c *Client) AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error {
 	deployments := c.clientset.AppsV1().Deployments(namespace)

--- a/bootstrapper/internal/kubernetes/k8sapi/kubectl/kubectl.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/kubectl/kubectl.go
@ -81,6 +81,7 @@ func (k *Kubectl) SetKubeconfig(kubeconfig []byte) {
 	k.kubeconfig = kubeconfig
 }

+// CreateConfigMap creates the provided configmap.
 func (k *Kubectl) CreateConfigMap(ctx context.Context, configMap corev1.ConfigMap) error {
 	client, err := k.clientGenerator.NewClient(k.kubeconfig)
 	if err != nil {
@ -100,6 +101,10 @@ func (k *Kubectl) ListAllNamespaces(ctx context.Context) (*corev1.NamespaceList,
 	return client.ListAllNamespaces(ctx)
 }

+// AddTolerationsToDeployment adds [K8s tolerations] to the deployment, identified
+// by name and namespace.
+//
+// [K8s tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
 func (k *Kubectl) AddTolerationsToDeployment(ctx context.Context, tolerations []corev1.Toleration, name string, namespace string) error {
 	client, err := k.clientGenerator.NewClient(k.kubeconfig)
 	if err != nil {
@ -113,6 +118,10 @@ func (k *Kubectl) AddTolerationsToDeployment(ctx context.Context, tolerations []
 	return nil
 }

+// AddNodeSelectorsToDeployment adds [K8s selectors] to the deployment, identified
+// by name and namespace.
+//
+// [K8s selectors]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 func (k *Kubectl) AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error {
 	client, err := k.clientGenerator.NewClient(k.kubeconfig)
 	if err != nil {
@ -126,7 +135,7 @@ func (k *Kubectl) AddNodeSelectorsToDeployment(ctx context.Context, selectors ma
 	return nil
 }

-// WaitForCRD waits for a list of CRDs to be established.
+// WaitForCRDs waits for a list of CRDs to be established.
 func (k *Kubectl) WaitForCRDs(ctx context.Context, crds []string) error {
 	client, err := k.clientGenerator.NewClient(k.kubeconfig)
 	if err != nil {
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/auditpolicy.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/auditpolicy.go
@ -18,6 +18,7 @@ type AuditPolicy struct {
 	Policy auditv1.Policy
 }

+// NewDefaultAuditPolicy create a new default Constellation audit policty.
 func NewDefaultAuditPolicy() *AuditPolicy {
 	return &AuditPolicy{
 		Policy: auditv1.Policy{
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/gcp_guest_agent.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/gcp_guest_agent.go
@ -14,6 +14,7 @@ import (
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

+// GCPGuestAgentDaemonset is a GCP Guest Agent Daemonset.
 type GCPGuestAgentDaemonset struct {
 	DaemonSet apps.DaemonSet
 }
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/konnectivity.go
@ -28,20 +28,24 @@ const (
 	KonnectivityKeyFilename = "/etc/kubernetes/konnectivity.key"
 )

+// KonnectivityAgents bundles all necessary agent deployments.
 type KonnectivityAgents struct {
 	DaemonSet          appsv1.DaemonSet
 	ClusterRoleBinding rbacv1.ClusterRoleBinding
 	ServiceAccount     corev1.ServiceAccount
 }

+// KonnectivityServerStaticPod deployment.
 type KonnectivityServerStaticPod struct {
 	StaticPod corev1.Pod
 }

+// EgressSelectorConfiguration deployment.
 type EgressSelectorConfiguration struct {
 	EgressSelectorConfiguration apiserver.EgressSelectorConfiguration
 }

+// NewKonnectivityAgents create new KonnectivityAgents.
 func NewKonnectivityAgents(konnectivityServerAddress string) *KonnectivityAgents {
 	return &KonnectivityAgents{
 		DaemonSet: appsv1.DaemonSet{
@ -213,6 +217,7 @@ func NewKonnectivityAgents(konnectivityServerAddress string) *KonnectivityAgents
 	}
 }

+// NewKonnectivityServerStaticPod create a new KonnectivityServerStaticPod.
 func NewKonnectivityServerStaticPod() *KonnectivityServerStaticPod {
 	udsHostPathType := corev1.HostPathDirectoryOrCreate
 	return &KonnectivityServerStaticPod{
@ -333,6 +338,7 @@ func NewKonnectivityServerStaticPod() *KonnectivityServerStaticPod {
 	}
 }

+// NewEgressSelectorConfiguration creates a new EgressSelectorConfiguration.
 func NewEgressSelectorConfiguration() *EgressSelectorConfiguration {
 	return &EgressSelectorConfiguration{
 		EgressSelectorConfiguration: apiserver.EgressSelectorConfiguration{
@ -357,19 +363,22 @@ func NewEgressSelectorConfiguration() *EgressSelectorConfiguration {
 	}
 }

+// Marshal to Kubernetes YAML.
 func (v *KonnectivityAgents) Marshal() ([]byte, error) {
 	return kubernetes.MarshalK8SResources(v)
 }

+// Marshal to Kubernetes YAML.
 func (v *KonnectivityServerStaticPod) Marshal() ([]byte, error) {
 	return kubernetes.MarshalK8SResources(v)
 }

+// Marshal to Kubernetes YAML.
 func (v *EgressSelectorConfiguration) Marshal() ([]byte, error) {
 	return kubernetes.MarshalK8SResources(v)
 }

-// GetCertificateRequest returns a certificate request and matching private key for the konnectivity server.
+// GetKonnectivityCertificateRequest returns a certificate request and matching private key for the konnectivity server.
 func GetKonnectivityCertificateRequest() (certificateRequest []byte, privateKey []byte, err error) {
 	csrTemplate := &x509.CertificateRequest{
 		Subject: pkix.Name{
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_maintenance_operator.go
@ -21,6 +21,7 @@ const (
 	nodeMaintenanceOperatorCatalogNamespace = "olm"
 )

+// NodeMaintenanceOperatorDeployment groups all deployments for node maintenance operator.
 type NodeMaintenanceOperatorDeployment struct {
 	CatalogSource operatorsv1alpha1.CatalogSource
 	OperatorGroup operatorsv1.OperatorGroup
@ -80,6 +81,7 @@ func NewNodeMaintenanceOperatorDeployment() *NodeMaintenanceOperatorDeployment {
 	}
 }

+// Marshal to Kubernetes YAML.
 func (c *NodeMaintenanceOperatorDeployment) Marshal() ([]byte, error) {
 	return kubernetes.MarshalK8SResources(c)
 }
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/node_operator.go
@ -30,6 +30,7 @@ var NodeOperatorCRDNames = []string{
 	"scalinggroups.update.edgeless.systems",
 }

+// NodeOperatorDeployment groups all deployments for node operator.
 type NodeOperatorDeployment struct {
 	CatalogSource operatorsv1alpha1.CatalogSource
 	OperatorGroup operatorsv1.OperatorGroup
@ -93,6 +94,7 @@ func NewNodeOperatorDeployment(cloudProvider string, uid string) *NodeOperatorDe
 	}
 }

+// Marshal to Kubernetes YAML.
 func (c *NodeOperatorDeployment) Marshal() ([]byte, error) {
 	return kubernetes.MarshalK8SResources(c)
 }
--- a/bootstrapper/internal/kubernetes/k8sapi/resources/verification.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/verification.go
@ -21,12 +21,14 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 )

+// VerificationDaemonset groups all k8s resources for the verification service deployment.
 type VerificationDaemonset struct {
 	DaemonSet    apps.DaemonSet
 	Service      k8s.Service
 	LoadBalancer k8s.Service
 }

+// NewVerificationDaemonSet creates a new VerificationDaemonset.
 func NewVerificationDaemonSet(csp, loadBalancerIP string) *VerificationDaemonset {
 	var err error
 	if strings.Contains(loadBalancerIP, ":") {
@ -188,6 +190,7 @@ func NewVerificationDaemonSet(csp, loadBalancerIP string) *VerificationDaemonset
 	}
 }

+// Marshal to Kubernetes YAML.
 func (v *VerificationDaemonset) Marshal() ([]byte, error) {
 	return kubernetes.MarshalK8SResources(v)
 }