Remove crd conversion webhook

Signed-off-by: nshankar13 <[email protected]>
openservicemesh · Sep 2, 2022 · 9f4c9ea · 9f4c9ea
1 parent ab69461
commit 9f4c9ea
Show file tree

Hide file tree

Showing 30 changed files with 50 additions and 972 deletions.
diff --git a/charts/osm/templates/osm-bootstrap-deployment.yaml b/charts/osm/templates/osm-bootstrap-deployment.yaml
@@ -37,14 +37,6 @@ spec:
         - name: init-osm-bootstrap
           image: "{{ include "osmCRDs.image" . }}"
           imagePullPolicy: {{ .Values.osm.image.pullPolicy }}
-          command:
-          - sh
-          - -c
-          - >
-            kubectl apply -f /osm-crds;
-            {{- if .Values.osm.enableReconciler }}
-            kubectl label -f /osm-crds openservicemesh.io/reconcile=true --overwrite;
-            {{- end }}
       containers:
         - name: osm-bootstrap
           image: "{{ include "osmBootstrap.image" . }}"

diff --git a/cmd/osm-bootstrap/crds/config_mesh_root_certificate.yaml b/cmd/osm-bootstrap/crds/config_mesh_root_certificate.yaml
@@ -30,6 +30,8 @@ spec:
       - mrc
     singular: meshrootcertificate
     plural: meshrootcertificates
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha2
       served: true

diff --git a/cmd/osm-bootstrap/crds/config_meshconfig.yaml b/cmd/osm-bootstrap/crds/config_meshconfig.yaml
@@ -30,6 +30,8 @@ spec:
       - meshconfig
     singular: meshconfig
     plural: meshconfigs
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha2
       served: true

diff --git a/cmd/osm-bootstrap/crds/patch_crds.sh b/cmd/osm-bootstrap/crds/patch_crds.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -x
+set -e
+
+cd bin
+
+CRD_LIST="meshconfigs.config.openservicemesh.io egresses.policy.openservicemesh.io ingressbackends.policy.openservicemesh.io httproutegroups.specs.smi-spec.io httproutegroups.specs.smi-spec.io tcproutes.specs.smi-spec.io traffictargets.access.smi-spec.io trafficsplits.split.smi-spec.io"
+
+for CRD in $CRD_LIST
+do
+    # First ensure that crd exists
+    get_crd=$(./kubectl get crd "$CRD" --ignore-not-found)
+    if [ "$get_crd" != "" ]; then
+        # Patch the crd conversion spec by setting the strategy to `None` if it isn't already set to `None`
+        conv_strategy=$(kubectl get crd "$CRD" -n osm-system -o jsonpath='{.spec.conversion.strategy}{"\n"}')
+        if [ "$conv_strategy" != "None" ]; then
+            ./kubectl patch crd "$CRD" --type='json' -p '[{"op" : "remove", "path" : "/spec/conversion/webhook"},{"op":"replace", "path":"/spec/conversion/strategy","value" : "None"}]'
+        fi
+    fi
+done
+
+./kubectl apply -f /osm-crds        
diff --git a/cmd/osm-bootstrap/crds/policy_egress.yaml b/cmd/osm-bootstrap/crds/policy_egress.yaml
@@ -30,6 +30,8 @@ spec:
       - egress
     singular: egress
     plural: egresses
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha1
       served: true

diff --git a/cmd/osm-bootstrap/crds/policy_ingress_backend.yaml b/cmd/osm-bootstrap/crds/policy_ingress_backend.yaml
@@ -30,6 +30,8 @@ spec:
       - ingressbackend
     singular: ingressbackend
     plural: ingressbackends
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha1
       served: true

diff --git a/cmd/osm-bootstrap/crds/policy_retry.yaml b/cmd/osm-bootstrap/crds/policy_retry.yaml
@@ -30,6 +30,8 @@ spec:
       - retry
     singular: retry
     plural: retries
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha1
       served: true

diff --git a/cmd/osm-bootstrap/crds/policy_upstream_traffic_setting.yaml b/cmd/osm-bootstrap/crds/policy_upstream_traffic_setting.yaml
@@ -30,6 +30,8 @@ spec:
       - upstreamtrafficsetting
     singular: upstreamtrafficsetting
     plural: upstreamtrafficsettings
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha1
       served: true

diff --git a/cmd/osm-bootstrap/crds/smi_http_route_group.yaml b/cmd/osm-bootstrap/crds/smi_http_route_group.yaml
@@ -29,6 +29,8 @@ spec:
       - htr
     plural: httproutegroups
     singular: httproutegroup
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha4
       served: true

diff --git a/cmd/osm-bootstrap/crds/smi_tcp_route.yaml b/cmd/osm-bootstrap/crds/smi_tcp_route.yaml
@@ -29,6 +29,8 @@ spec:
       - tr
     plural: tcproutes
     singular: tcproute
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha4
       served: true

diff --git a/cmd/osm-bootstrap/crds/smi_traffic_access.yaml b/cmd/osm-bootstrap/crds/smi_traffic_access.yaml
@@ -29,6 +29,8 @@ spec:
       - tt
     plural: traffictargets
     singular: traffictarget
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha3
       served: true

diff --git a/cmd/osm-bootstrap/crds/smi_traffic_split.yaml b/cmd/osm-bootstrap/crds/smi_traffic_split.yaml
@@ -30,6 +30,8 @@ spec:
     - ts
     plural: trafficsplits
     singular: trafficsplit
+  conversion:
+    strategy: None
   versions:
     - name: v1alpha4
       served: false

diff --git a/cmd/osm-bootstrap/osm-bootstrap.go b/cmd/osm-bootstrap/osm-bootstrap.go
@@ -11,13 +11,11 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"time"
 
 	"github.com/spf13/pflag"
 	admissionv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	clientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
-	apiclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -28,19 +26,14 @@ import (
 	"k8s.io/kubectl/pkg/util"
 
 	configv1alpha2 "github.com/openservicemesh/osm/pkg/apis/config/v1alpha2"
-	"github.com/openservicemesh/osm/pkg/certificate"
 	configClientset "github.com/openservicemesh/osm/pkg/gen/client/config/clientset/versioned"
 	"github.com/openservicemesh/osm/pkg/health"
-	"github.com/openservicemesh/osm/pkg/k8s"
 
 	"github.com/openservicemesh/osm/pkg/certificate/providers"
 	"github.com/openservicemesh/osm/pkg/constants"
-	"github.com/openservicemesh/osm/pkg/crdconversion"
 	"github.com/openservicemesh/osm/pkg/httpserver"
 	"github.com/openservicemesh/osm/pkg/k8s/events"
-	"github.com/openservicemesh/osm/pkg/k8s/informers"
 	"github.com/openservicemesh/osm/pkg/logger"
-	"github.com/openservicemesh/osm/pkg/messaging"
 	"github.com/openservicemesh/osm/pkg/metricsstore"
 	"github.com/openservicemesh/osm/pkg/reconciler"
 	"github.com/openservicemesh/osm/pkg/signals"
@@ -68,7 +61,6 @@ var (
 	certProviderKind          string
 	enableMeshRootCertificate bool
 
-	tresorOptions      providers.TresorOptions
 	vaultOptions       providers.VaultOptions
 	certManagerOptions providers.CertManagerOptions
 
@@ -124,21 +116,6 @@ func init() {
 	_ = admissionv1.AddToScheme(scheme)
 }
 
-// TODO(#4502): This function can be deleted once we get rid of cert options.
-func getCertOptions() (providers.Options, error) {
-	switch providers.Kind(certProviderKind) {
-	case providers.TresorKind:
-		tresorOptions.SecretName = caBundleSecretName
-		return tresorOptions, nil
-	case providers.VaultKind:
-		vaultOptions.VaultTokenSecretNamespace = osmNamespace
-		return vaultOptions, nil
-	case providers.CertManagerKind:
-		return certManagerOptions, nil
-	}
-	return nil, fmt.Errorf("unknown certificate provider kind: %s", certProviderKind)
-}
-
 func main() {
 	log.Info().Msgf("Starting osm-bootstrap %s; %s; %s", version.Version, version.GitCommit, version.BuildDate)
 	if err := parseFlags(); err != nil {
@@ -161,7 +138,6 @@ func main() {
 	}
 	kubeClient := kubernetes.NewForConfigOrDie(kubeConfig)
 
-	crdClient := apiclient.NewForConfigOrDie(kubeConfig)
 	apiServerClient := clientset.NewForConfigOrDie(kubeConfig)
 	configClient, err := configClientset.NewForConfig(kubeConfig)
 	if err != nil {
@@ -194,7 +170,7 @@ func main() {
 		log.Fatal().Err(err).Msg("Error initializing Kubernetes events recorder")
 	}
 
-	ctx, cancel := context.WithCancel(context.Background())
+	_, cancel := context.WithCancel(context.Background())
 	defer cancel()
 	stop := signals.RegisterExitHandlers(cancel)
 
@@ -203,48 +179,9 @@ func main() {
 		metricsstore.DefaultMetricsStore.ErrCodeCounter,
 		metricsstore.DefaultMetricsStore.HTTPResponseTotal,
 		metricsstore.DefaultMetricsStore.HTTPResponseDuration,
-		metricsstore.DefaultMetricsStore.ConversionWebhookResourceTotal,
 		metricsstore.DefaultMetricsStore.ReconciliationTotal,
 	)
 
-	msgBroker := messaging.NewBroker(stop)
-
-	informerCollection, err := informers.NewInformerCollection(meshName, stop,
-		informers.WithKubeClient(kubeClient),
-		informers.WithConfigClient(configClient, osmMeshConfigName, osmNamespace),
-	)
-
-	if err != nil {
-		events.GenericEventRecorder().FatalEvent(err, events.InitializationError, "Error creating informer collection")
-	}
-
-	certOpts, err := getCertOptions()
-	if err != nil {
-		log.Fatal().Err(err).Msg("Error getting certificate options")
-	}
-
-	k8sClient := k8s.NewClient(osmNamespace, osmMeshConfigName, informerCollection, nil, msgBroker)
-
-	var certManager *certificate.Manager
-	if enableMeshRootCertificate {
-		certManager, err = providers.NewCertificateManagerFromMRC(ctx, kubeClient, kubeConfig, osmNamespace, certOpts, k8sClient, informerCollection, 5*time.Second)
-		if err != nil {
-			events.GenericEventRecorder().FatalEvent(err, events.InvalidCertificateManager,
-				"Error initializing certificate manager of kind %s from MRC", certProviderKind)
-		}
-	} else {
-		certManager, err = providers.NewCertificateManager(ctx, kubeClient, kubeConfig, osmNamespace, certOpts, k8sClient, 5*time.Second, trustDomain)
-		if err != nil {
-			events.GenericEventRecorder().FatalEvent(err, events.InvalidCertificateManager,
-				"Error initializing certificate manager of kind %s", certProviderKind)
-		}
-	}
-
-	// Initialize the crd conversion webhook server to support the conversion of OSM's CRDs
-	if err := crdconversion.NewConversionWebhook(ctx, crdClient, certManager, osmNamespace); err != nil {
-		events.GenericEventRecorder().FatalEvent(err, events.InitializationError, fmt.Sprintf("Error creating crd conversion webhook: %s", err))
-	}
-
 	version.SetMetric()
 	/*
 	 * Initialize osm-bootstrap's HTTP server

diff --git a/dockerfiles/Dockerfile.osm-crds b/dockerfiles/Dockerfile.osm-crds
@@ -2,9 +2,13 @@ FROM --platform=$BUILDPLATFORM busybox:1.33 AS builder
 ARG TARGETPLATFORM
 # Talking to the internet in an arm64 container doesn't seem to work from a
 # amd64 Mac, so download the kubectl binary in a stage running the native arch.
-RUN wget https://dl.k8s.io/release/v1.23.5/bin/$TARGETPLATFORM/kubectl -O /bin/kubectl && \
+RUN wget https://dl.k8s.io/release/v1.22.2/bin/$TARGETPLATFORM/kubectl -O /bin/kubectl && \
     chmod +x /bin/kubectl
 FROM busybox:1.33
 COPY --from=builder /bin/kubectl /bin
+COPY --from=builder /bin/sh /bin/sh
 COPY * /osm-crds/
-ENTRYPOINT ["/bin/kubectl"]
+COPY ./patch_crds.sh /
+
+RUN ["chmod", "+x", "/patch_crds.sh"]
+ENTRYPOINT ["bin/sh", "/patch_crds.sh"]
diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go
@@ -147,9 +147,6 @@ const (
 
 	// OSMMeshConfig is the name of the OSM MeshConfig
 	OSMMeshConfig = "osm-mesh-config"
-
-	// CRDConversionWebhookPort is the port of the CRD conversion webhook service
-	CRDConversionWebhookPort = 9443
 )
 
 // HealthProbe constants

diff --git a/pkg/crdconversion/config_meshconfig_conversion.go b/pkg/crdconversion/config_meshconfig_conversion.go