Watching for Kyma Custom Resource

Dockerfile

@@ -27,7 +27,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o ma
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
-COPY --from=builder /workspace/manager .
+COPY --chown=65532:65532 --from=builder /workspace/manager .
 USER 65532:65532
 
 ENTRYPOINT ["/manager"]

Makefile

@@ -65,9 +65,9 @@ vet: ## Run go vet against code.
 .PHONY: test
 test: manifests generate fmt vet envtest ## Run tests.
 ifdef COVERFILE
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -v -coverprofile cover.out
 else
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -cover
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -v -cover
 endif
 
 ##@ Build

PROJECT

@@ -2,9 +2,19 @@
 # This file is used to track the info used to scaffold your project
 # and allow the plugins properly work.
 # More info: https://book.kubebuilder.io/reference/project-config.html
-domain: compass-manager.kyma-project.io
+domain: kyma-project.io
 layout:
 - go.kubebuilder.io/v3
 projectName: compass-manager
 repo: github.com/kyma-project/compass-manager
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: kyma-project.io
+  group: operator
+  kind: CompassManager
+  path: github.com/kyma-project/compass-manager/api/v1beta1
+  version: v1beta1
 version: "3"

config/default/kustomization.yaml

@@ -13,7 +13,6 @@ commonLabels:
   app.kubernetes.io/component: compass-manager.kyma-project.io
 
 bases:
-- ../crd
 - ../rbac
 - ../manager
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in

config/manager/kustomization.yaml

@@ -1,2 +1,8 @@
 resources:
 - manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: mvshao/compass-manager
+  newTag: latest

config/rbac/compassmanager_editor_role.yaml

@@ -0,0 +1,31 @@
+# permissions for end users to edit compassmanagers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: compassmanager-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: compass-manager
+    app.kubernetes.io/part-of: compass-manager
+    app.kubernetes.io/managed-by: kustomize
+  name: compassmanager-editor-role
+rules:
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - compassmanagers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - compassmanagers/status
+  verbs:
+  - get

config/rbac/compassmanager_viewer_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to view compassmanagers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: compassmanager-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: compass-manager
+    app.kubernetes.io/part-of: compass-manager
+    app.kubernetes.io/managed-by: kustomize
+  name: compassmanager-viewer-role
+rules:
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - compassmanagers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - compassmanagers/status
+  verbs:
+  - get

config/rbac/role.yaml

@@ -0,0 +1,38 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: manager-role
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - kymas
+  verbs:
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - kymas/status
+  verbs:
+  - get

config/samples/operator_v1beta1_compassmanager.yaml

@@ -0,0 +1,12 @@
+apiVersion: operator.kyma-project.io/v1beta1
+kind: CompassManager
+metadata:
+  labels:
+    app.kubernetes.io/name: compassmanager
+    app.kubernetes.io/instance: compassmanager-sample
+    app.kubernetes.io/part-of: compass-manager
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: compass-manager
+  name: compassmanager-sample
+spec:
+  # TODO(user): Add fields here

controllers/compassmanager_controller.go

@@ -0,0 +1,182 @@
+package controllers
+
+import (
+	"context"
+	"time"
+
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/labels"
+
+	kyma "github.com/kyma-project/lifecycle-manager/api/v1beta1"
+	log "github.com/sirupsen/logrus"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+)
+
+const (
+	KymaNameLabel  = "operator.kyma-project.io/kyma-name"
+	CompassIDLabel = "operator.kyma-project.io/compass-id"
+	// KubeconfigKey is the name of the key in the secret storing cluster credentials.
+	// The secret is created by KEB: https://github.com/kyma-project/control-plane/blob/main/components/kyma-environment-broker/internal/process/steps/lifecycle_manager_kubeconfig.go
+	KubeconfigKey = "config"
+)
+
+//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch
+//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas,verbs=get;list;watch;update
+//+kubebuilder:rbac:groups=operator.kyma-project.io,resources=kymas/status,verbs=get
+//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch
+
+//go:generate mockery --name=Registrator
+type Registrator interface {
+	// Register creates Runtime in the Compass system. It must be idempotent.
+	Register(name string) (string, error)
+	// ConfigureRuntimeAgent creates a config map in the Runtime that is used by the Compass Runtime Agent. It must be idempotent.
+	ConfigureRuntimeAgent(kubeconfig string, runtimeID string) error
+}
+
+type Client interface {
+	Get(ctx context.Context, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error
+	Update(ctx context.Context, obj client.Object, opts ...client.UpdateOption) error
+	List(ctx context.Context, obj client.ObjectList, opts ...client.ListOption) error
+}
+
+// CompassManagerReconciler reconciles a CompassManager object
+type CompassManagerReconciler struct {
+	Client      Client
+	Scheme      *runtime.Scheme
+	Log         *log.Logger
+	Registrator Registrator
+}
+
+func NewCompassManagerReconciler(mgr manager.Manager, log *log.Logger, r Registrator) *CompassManagerReconciler {
+	return &CompassManagerReconciler{
+		Client:      mgr.GetClient(),
+		Scheme:      mgr.GetScheme(),
+		Log:         log,
+		Registrator: r,
+	}
+}
+
+var requeueTime = time.Minute * 5
+
+func (cm *CompassManagerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+
+	cm.Log.Infof("Reconciliation triggered for Kyma Resource %s", req.Name)
+	kubeconfig, err := cm.getKubeconfig(req.Name)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
+	if kubeconfig == "" {
+		cm.Log.Infof("Kubeconfig for Kyma resource %s not available.", req.Name)
+		return ctrl.Result{RequeueAfter: requeueTime}, nil
+	}
+
+	compassRuntimeID, err := cm.Registrator.Register(req.Name)
+	if err != nil {
+		cm.Log.Warnf("Failed to register Runtime for Kyma resource %s: %v.", req.Name, err)
+		return ctrl.Result{RequeueAfter: requeueTime}, err
+	}
+	cm.Log.Infof("Runtime %s registered for Kyma resource %s.", compassRuntimeID, req.Name)
+
+	err = cm.Registrator.ConfigureRuntimeAgent(kubeconfig, compassRuntimeID)
+	if err != nil {
+		cm.Log.Warnf("Failed to configure Compass Runtime Agent for Kyma resource %s: %v.", req.Name, err)
+		return ctrl.Result{RequeueAfter: requeueTime}, err
+	}
+	cm.Log.Infof("Compass Runtime Agent for Runtime %s configured.", compassRuntimeID)
+
+	return ctrl.Result{}, cm.markRuntimeRegistered(req.NamespacedName, compassRuntimeID)
+}
+
+func (cm *CompassManagerReconciler) getKubeconfig(kymaName string) (string, error) {
+	secretList := &corev1.SecretList{}
+	labelSelector := labels.SelectorFromSet(map[string]string{
+		KymaNameLabel: kymaName,
+	})
+
+	err := cm.Client.List(context.Background(), secretList, &client.ListOptions{
+		LabelSelector: labelSelector,
+	})
+
+	if err != nil {
+		return "", err
+	}
+
+	if len(secretList.Items) == 0 {
+		return "", nil
+	}
+	secret := &secretList.Items[0]
+
+	return string(secret.Data[KubeconfigKey]), nil
+}
+
+func (cm *CompassManagerReconciler) markRuntimeRegistered(objKey types.NamespacedName, compassID string) error {
+
+	instance := &kyma.Kyma{}
+	err := cm.Client.Get(context.Background(), objKey, instance)
+	if err != nil {
+		return err
+	}
+
+	l := instance.GetLabels()
+	if l == nil {
+		l = make(map[string]string)
+	}
+
+	l[CompassIDLabel] = compassID
+
+	instance.SetLabels(l)
+
+	return cm.Client.Update(context.Background(), instance)
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (cm *CompassManagerReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	fieldSelectorPredicate := predicate.Funcs{
+		CreateFunc: func(e event.CreateEvent) bool {
+			return cm.needsToBeReconciled(e.Object)
+		},
+		UpdateFunc: func(e event.UpdateEvent) bool {
+			return cm.needsToBeReconciled(e.ObjectNew)
+		},
+	}
+
+	omitStatusChanged := predicate.Or(
+		predicate.GenerationChangedPredicate{},
+		predicate.LabelChangedPredicate{},
+		predicate.AnnotationChangedPredicate{},
+	)
+
+	// We can simplify passing the predicate filters to controller
+	// The predicates passed in For(builder.WithPredicates()) function is merged with runner.WithEventFilter() predicates to single slice with predicates.
+	// Proposal: delete the predicates from For() functions, and return runner.WithEventFilter(fieldSelectorPredicate).WithEventFilter(predicates).Complete(cm)
+
+	runner := ctrl.NewControllerManagedBy(mgr).
+		For(&kyma.Kyma{}, builder.WithPredicates(
+			predicate.And(
+				predicate.ResourceVersionChangedPredicate{},
+				omitStatusChanged,
+			)))
+
+	return runner.WithEventFilter(fieldSelectorPredicate).Complete(cm)
+}
+
+func (cm *CompassManagerReconciler) needsToBeReconciled(obj runtime.Object) bool {
+
+	kymaObj, ok := obj.(*kyma.Kyma)
+
+	if !ok {
+		cm.Log.Error("Unexpected type detected. Object type is supposed to be of Kyma type.")
+		return false
+	}
+	_, labelFound := kymaObj.GetLabels()[CompassIDLabel]
+
+	return !labelFound
+}