Ensure that created resources are update when needed

go.mod

@@ -40,6 +40,7 @@ require (
 	github.com/hokaccha/go-prettyjson v0.0.0-20210113012101-fb4e108d2519
 	github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0
 	github.com/iancoleman/strcase v0.1.2
+	github.com/jetstack/cert-manager v1.4.4
 	github.com/machinebox/graphql v0.2.2
 	github.com/matryer/is v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.13
@@ -77,6 +78,7 @@ require (
 	gotest.tools v2.2.0+incompatible
 	helm.sh/helm/v3 v3.6.3
 	k8s.io/api v0.21.5
+	k8s.io/apiextensions-apiserver v0.21.3
 	k8s.io/apimachinery v0.21.5
 	k8s.io/cli-runtime v0.21.0
 	k8s.io/client-go v0.21.5

internal/cli/capact/cert_manager.go

@@ -0,0 +1,45 @@
+package capact
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+
+	certv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+	certmanager "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/util/retry"
+)
+
+// ApplyClusterIssuer creates or, if it already exists, updates a ClusterIssuer for cert-manager.
+// TODO: ensure issuer is ready.
+func ApplyClusterIssuer(ctx context.Context, config *rest.Config, new *certv1.ClusterIssuer) error {
+	clientset, err := certmanager.NewForConfig(config)
+	if err != nil {
+		return err
+	}
+
+	cli := clientset.ClusterIssuers()
+	_, err = cli.Create(ctx, new, metav1.CreateOptions{})
+	if !apierrors.IsAlreadyExists(err) {
+		return err
+	}
+
+	retryErr := retry.RetryOnConflict(retry.DefaultRetry, func() error {
+		old, err := cli.Get(ctx, new.Name, metav1.GetOptions{})
+		if err != nil {
+			return errors.Wrapf(err, "while getting the ClusterIssuer %s", old.Name)
+		}
+
+		old.Spec = new.Spec
+		_, updateErr := cli.Update(ctx, old, metav1.UpdateOptions{})
+		return updateErr
+	})
+	if retryErr != nil {
+		return errors.Wrapf(retryErr, "while updating the ClusterIssuer %s", new.Name)
+	}
+
+	return nil
+}

internal/cli/capact/components.go

@@ -1,12 +1,9 @@
 package capact
 
 import (
-	"bytes"
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
-	"net/http"
 	"os"
 	"path"
 	"strings"
@@ -19,6 +16,7 @@ import (
 
 	util "github.com/Masterminds/goutils"
 	"github.com/avast/retry-go"
+	certv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	"github.com/pkg/errors"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/chart/loader"
@@ -27,7 +25,6 @@ import (
 	"helm.sh/helm/v3/pkg/storage/driver"
 	"helm.sh/helm/v3/pkg/strvals"
 	corev1 "k8s.io/api/core/v1"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 	"k8s.io/client-go/rest"
@@ -493,14 +490,25 @@ func (c *CertManager) InstallUpgrade(ctx context.Context, version string) (*rele
 			"tls.key": []byte(tlsKey),
 		},
 	}
-	err = CreateUpdateSecret(ctx, restConfig, secret, c.opts.Namespace)
+	err = ApplySecret(ctx, restConfig, secret, c.opts.Namespace)
 	if err != nil {
 		return nil, errors.Wrapf(err, "while creating %s Secret", certManagerSecretName)
 	}
 
-	// Not using cert-manager types as it's conflicting with argo deps
-	issuer := fmt.Sprintf(issuerTemplate, clusterIssuerName, certManagerSecretName)
-	err = createObject(c.configuration, []byte(issuer))
+	issuer := &certv1.ClusterIssuer{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: clusterIssuerName,
+		},
+		Spec: certv1.IssuerSpec{
+			IssuerConfig: certv1.IssuerConfig{
+				CA: &certv1.CAIssuer{
+					SecretName: certManagerSecretName,
+				},
+			},
+		},
+	}
+
+	err = ApplyClusterIssuer(ctx, restConfig, issuer)
 	if err != nil {
 		return nil, errors.Wrapf(err, "while creating %s ClusterIssuer", clusterIssuerName)
 	}
@@ -626,68 +634,7 @@ func (h *Helm) InstallComponents(ctx context.Context, w io.Writer, status printe
 	return nil
 }
 
-// InstallCRD installs Capact CRD
-func (h *Helm) InstallCRD() error {
-	var reader io.Reader
-	if isLocalFile(h.opts.Parameters.ActionCRDLocation) {
-		f, err := os.Open(h.opts.Parameters.ActionCRDLocation)
-		if err != nil {
-			return errors.Wrapf(err, "while opening local CRD file%s", h.opts.Parameters.ActionCRDLocation)
-		}
-		defer f.Close()
-		reader = f
-	} else {
-		resp, err := http.Get(h.opts.Parameters.ActionCRDLocation)
-		if err != nil {
-			return errors.Wrapf(err, "while getting CRD %s", h.opts.Parameters.ActionCRDLocation)
-		}
-		defer resp.Body.Close()
-		reader = resp.Body
-	}
-
-	content, err := ioutil.ReadAll(reader)
-	if err != nil {
-		return errors.Wrapf(err, "while reading CRD %s", h.opts.Parameters.ActionCRDLocation)
-	}
-	return createObject(h.configuration, content)
-}
-
-func createObject(configuration *action.Configuration, content []byte) error {
-	res, err := configuration.KubeClient.Build(bytes.NewBuffer(content), true)
-	if err != nil {
-		return errors.Wrap(err, "while validating the object")
-	}
-
-	// 4 exponential retries: ~102ms ~302ms ~700ms 1.5s
-	err = retry.Do(
-		func() error {
-			_, err = configuration.KubeClient.Create(res)
-			return ignoreAlreadyExistError(err)
-		},
-		retry.Attempts(5),
-		retry.DelayType(retry.BackOffDelay),
-	)
-	if err != nil {
-		// May be conflict if max retries were hit, or may be something unrelated like permissions error
-		return err
-	}
-
-	return nil
-}
-
-func ignoreAlreadyExistError(err error) error {
-	if apierrors.IsAlreadyExists(err) {
-		return nil
-	}
-	return err
-}
-
 func isLocalDir(in string) bool {
 	f, err := os.Stat(in)
 	return err == nil && f.IsDir()
 }
-
-func isLocalFile(in string) bool {
-	f, err := os.Stat(in)
-	return err == nil && !f.IsDir()
-}