Skip to content

Commit

Permalink
chore: refactor code with embedded struct configs
Browse files Browse the repository at this point in the history
  • Loading branch information
clementnuss committed Jul 25, 2022
1 parent 61a05a1 commit fcf5ead
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 47 deletions.
63 changes: 24 additions & 39 deletions internal/cmd/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"go.uber.org/zap/zapcore"
"inet.af/netaddr"
clientset "k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"

"github.com/go-logr/zapr"
"github.com/peterbourgon/ff/v3"
Expand All @@ -29,20 +28,6 @@ var (
ref = "refs/refname"
)

// Config stores all parameters needed to configure a controller-manager
type Config struct {
logLevel int
metricsAddr string
probeAddr string
RegexStr string
IPPrefixesStr string
MaxSec int
K8sConfig *rest.Config
DNSResolver controller.HostResolver
BypassDNSResolution bool
IgnoreNonSystemNodeCsr bool
}

// Run will start the controller with the default settings
func Run() int {
config := prepareCmdlineConfig()
Expand All @@ -64,19 +49,23 @@ func Run() int {
}

// CreateControllerManager permits creation/customization of the controller-manager
func CreateControllerManager(config *Config) (
func CreateControllerManager(config *controller.Config) (
csrController *controller.CertificateSigningRequestReconciler,
mgr ctrl.Manager,
code int,
) {
// logger initialization
flashLogger := flash.New()
if config.logLevel < -5 || config.logLevel > 10 {
if config.LogLevel < -5 || config.LogLevel > 10 {
flashLogger.Fatal(fmt.Errorf("log level should be between -5 and 10 (included)"))
}

config.logLevel *= -1 // we inverse the level for the logging behavior between zap and logr.Logger to match
flashLogger.SetLevel(zapcore.Level(config.logLevel))
csrController = &controller.CertificateSigningRequestReconciler{
Config: *config,
}

config.LogLevel *= -1 // we inverse the level for the logging behavior between zap and logr.Logger to match
flashLogger.SetLevel(zapcore.Level(config.LogLevel))
z := zapr.NewLogger(flashLogger.Desugar())

z.V(0).Info("Kubelet-CSR-Approver controller starting.", "commit", commit, "ref", ref)
Expand All @@ -87,7 +76,7 @@ func CreateControllerManager(config *Config) (
return nil, nil, 10
}

providerRegexp := regexp.MustCompile(config.RegexStr)
csrController.ProviderRegexp = regexp.MustCompile(config.RegexStr).MatchString

// IP Prefixes parsing and IPSet construction
var setBuilder netaddr.IPSetBuilder
Expand All @@ -103,7 +92,9 @@ func CreateControllerManager(config *Config) (
setBuilder.AddPrefix(ipPref)
}

providerIPSet, err := setBuilder.IPSet()
var err error
csrController.ProviderIPSet, err = setBuilder.IPSet()

if err != nil {
z.V(-5).Info("Unable to build the Set of valid IP addresses, exiting")

Expand All @@ -117,10 +108,12 @@ func CreateControllerManager(config *Config) (
return nil, nil, 10
}

csrController.MaxExpirationSeconds = int32(config.MaxSec)

ctrl.SetLogger(z)
mgr, err = ctrl.NewManager(config.K8sConfig, ctrl.Options{
MetricsBindAddress: config.metricsAddr,
HealthProbeBindAddress: config.probeAddr,
MetricsBindAddress: config.MetricsAddr,
HealthProbeBindAddress: config.ProbeAddr,
})

if err != nil {
Expand All @@ -129,17 +122,9 @@ func CreateControllerManager(config *Config) (
return nil, nil, 10
}

csrController = &controller.CertificateSigningRequestReconciler{
ClientSet: clientset.NewForConfigOrDie(config.K8sConfig),
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
ProviderRegexp: providerRegexp.MatchString,
ProviderIPSet: providerIPSet,
MaxExpirationSeconds: int32(config.MaxSec),
Resolver: config.DNSResolver,
BypassDNSResolution: config.BypassDNSResolution,
IgnoreNonSystemNodeCsr: config.IgnoreNonSystemNodeCsr,
}
csrController.ClientSet = clientset.NewForConfigOrDie(config.K8sConfig)
csrController.Client = mgr.GetClient()
csrController.Scheme = mgr.GetScheme()

if err = csrController.SetupWithManager(mgr); err != nil {
z.Error(err, "unable to create controller", "controller", "CertificateSigningRequest")
Expand All @@ -156,7 +141,7 @@ func CreateControllerManager(config *Config) (
return csrController, mgr, 0
}

func prepareCmdlineConfig() *Config {
func prepareCmdlineConfig() *controller.Config {
fs := flag.NewFlagSet("kubelet-csr-approver", flag.ExitOnError)

var (
Expand All @@ -181,10 +166,10 @@ func prepareCmdlineConfig() *Config {
os.Exit(2)
}

config := Config{
logLevel: *logLevel,
metricsAddr: *metricsAddr,
probeAddr: *probeAddr,
config := controller.Config{
LogLevel: *logLevel,
MetricsAddr: *metricsAddr,
ProbeAddr: *probeAddr,
RegexStr: *regexStr,
IPPrefixesStr: *ipPrefixesStr,
BypassDNSResolution: *bypassDNSResolution,
Expand Down
25 changes: 19 additions & 6 deletions internal/controller/csr_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
clientset "k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"

"k8s.io/apimachinery/pkg/runtime"
ctrl "sigs.k8s.io/controller-runtime"
Expand All @@ -40,17 +41,29 @@ type HostResolver interface {
LookupHost(context.Context, string) ([]string, error)
}

// CertificateSigningRequestReconciler reconciles a CertificateSigningRequest object
type CertificateSigningRequestReconciler struct {
ClientSet *clientset.Clientset
client.Client
Scheme *runtime.Scheme
// Config holds all variables needed to configure the controller
type Config struct {
LogLevel int
MetricsAddr string
ProbeAddr string
RegexStr string
ProviderRegexp func(string) bool
IPPrefixesStr string
ProviderIPSet *netaddr.IPSet
MaxExpirationSeconds int32
MaxSec int
K8sConfig *rest.Config
DNSResolver HostResolver
BypassDNSResolution bool
IgnoreNonSystemNodeCsr bool
Resolver HostResolver
}

// CertificateSigningRequestReconciler reconciles a CertificateSigningRequest object
type CertificateSigningRequestReconciler struct {
ClientSet *clientset.Clientset
client.Client
Scheme *runtime.Scheme
Config
}

//+kubebuilder:rbac:groups=certificates.k8s.io,resources=certificatesigningrequests,verbs=get;watch;list
Expand Down
2 changes: 1 addition & 1 deletion internal/controller/regex_ip_checks.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func (r *CertificateSigningRequestReconciler) DNSCheck(ctx context.Context, csr
defer dnsCtxCancel()

var resolvedAddrs []string
resolvedAddrs, err = r.Resolver.LookupHost(dnsCtx, sanDNSName)
resolvedAddrs, err = r.DNSResolver.LookupHost(dnsCtx, sanDNSName)

if err != nil || len(resolvedAddrs) == 0 {
return false, "The SAN DNS Name could not be resolved, denying the CSR", nil
Expand Down
2 changes: 1 addition & 1 deletion internal/controller/testenv_setup_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ func packageSetup() {
},
}

testingConfig := cmd.Config{
testingConfig := controller.Config{
RegexStr: `^[\w-]*\.test\.ch$`,
MaxSec: 367 * 24 * 3600,
K8sConfig: cfg,
Expand Down

0 comments on commit fcf5ead

Please sign in to comment.