Merge pull request #407 from theobarberbany/tb/webhook-ports-4.17

[release-4.17] OCPBUGS-60211: Add Service using common resource templating

Author: openshift-merge-bot[bot]

pkg/cloud/cloud_test.go

@@ -99,97 +99,109 @@ func TestGetResources(t *testing.T) {
 	}{{
 		name:                  "AWS resources returned as expected",
 		testPlatform:          platformsMap[string(configv1.AWSPlatformType)],
-		expectedResourceCount: 2,
+		expectedResourceCount: 3,
 		expectedResourcesKindName: []string{
 			"Deployment/aws-cloud-controller-manager",
 			"PodDisruptionBudget/aws-cloud-controller-manager",
+			"Service/aws-cloud-controller-manager",
 		},
 	}, {
-		name:                      "AWS resources returned as expected with single node cluster",
-		testPlatform:              platformsMap[string(configv1.AWSPlatformType)],
-		expectedResourceCount:     1,
-		singleReplica:             true,
-		expectedResourcesKindName: []string{"Deployment/aws-cloud-controller-manager"},
+		name:                  "AWS resources returned as expected with single node cluster",
+		testPlatform:          platformsMap[string(configv1.AWSPlatformType)],
+		expectedResourceCount: 2,
+		singleReplica:         true,
+		expectedResourcesKindName: []string{
+			"Deployment/aws-cloud-controller-manager",
+			"Service/aws-cloud-controller-manager",
+		},
 	}, {
 		name:                  "OpenStack resources returned as expected",
 		testPlatform:          platformsMap[string(configv1.OpenStackPlatformType)],
-		expectedResourceCount: 2,
+		expectedResourceCount: 3,
 		expectedResourcesKindName: []string{
 			"Deployment/openstack-cloud-controller-manager",
 			"PodDisruptionBudget/openstack-cloud-controller-manager",
+			"Service/openstack-cloud-controller-manager",
 		},
 	}, {
 		name:                  "OpenStack resources returned as expected with signle node cluster",
 		testPlatform:          platformsMap[string(configv1.OpenStackPlatformType)],
-		expectedResourceCount: 1,
+		expectedResourceCount: 2,
 		singleReplica:         true,
 		expectedResourcesKindName: []string{
 			"Deployment/openstack-cloud-controller-manager",
+			"Service/openstack-cloud-controller-manager",
 		},
 	}, {
 		name:                  "GCP resources returned as expected",
 		testPlatform:          platformsMap[string(configv1.GCPPlatformType)],
-		expectedResourceCount: 4,
+		expectedResourceCount: 5,
 		expectedResourcesKindName: []string{
 			"Deployment/gcp-cloud-controller-manager",
 			"PodDisruptionBudget/gcp-cloud-controller-manager",
 			"ClusterRole/gcp-cloud-controller-manager",
 			"ClusterRoleBinding/gcp-cloud-controller-manager:cloud-provider",
+			"Service/gcp-cloud-controller-manager",
 		},
 	}, {
 		name:                  "GCP resources returned as expected with single node cluster",
 		testPlatform:          platformsMap[string(configv1.GCPPlatformType)],
-		expectedResourceCount: 3,
+		expectedResourceCount: 4,
 		singleReplica:         true,
 		expectedResourcesKindName: []string{
 			"Deployment/gcp-cloud-controller-manager",
 			"ClusterRole/gcp-cloud-controller-manager",
 			"ClusterRoleBinding/gcp-cloud-controller-manager:cloud-provider",
+			"Service/gcp-cloud-controller-manager",
 		},
 	}, {
 		name:                  "Azure resources returned as expected",
 		testPlatform:          platformsMap[string(configv1.AzurePlatformType)],
-		expectedResourceCount: 5,
+		expectedResourceCount: 6,
 		expectedResourcesKindName: []string{
 			"Deployment/azure-cloud-controller-manager",
 			"DaemonSet/azure-cloud-node-manager",
 			"ClusterRole/azure-cloud-controller-manager",
 			"ClusterRoleBinding/cloud-controller-manager:azure-cloud-controller-manager",
 			"PodDisruptionBudget/azure-cloud-controller-manager",
+			"Service/azure-cloud-controller-manager",
 		},
 	}, {
 		name:                  "Azure resources returned as expected with single node cluster",
 		testPlatform:          platformsMap[string(configv1.AzurePlatformType)],
-		expectedResourceCount: 4,
+		expectedResourceCount: 5,
 		singleReplica:         true,
 		expectedResourcesKindName: []string{
 			"Deployment/azure-cloud-controller-manager",
 			"DaemonSet/azure-cloud-node-manager",
 			"ClusterRole/azure-cloud-controller-manager",
 			"ClusterRoleBinding/cloud-controller-manager:azure-cloud-controller-manager",
+			"Service/azure-cloud-controller-manager",
 		},
 	}, {
 		name:                  "Azure Stack resources returned as expected",
 		testPlatform:          platformsMap["AzureStackHub"],
-		expectedResourceCount: 3,
+		expectedResourceCount: 4,
 		expectedResourcesKindName: []string{
 			"Deployment/azure-cloud-controller-manager",
 			"DaemonSet/azure-cloud-node-manager",
 			"PodDisruptionBudget/azure-cloud-controller-manager",
+			"Service/azure-cloud-controller-manager",
 		},
 	}, {
 		name:                  "Azure Stack resources returned as expected with single node",
 		testPlatform:          platformsMap["AzureStackHub"],
-		expectedResourceCount: 2,
+		expectedResourceCount: 3,
 		singleReplica:         true,
 		expectedResourcesKindName: []string{
 			"Deployment/azure-cloud-controller-manager",
 			"DaemonSet/azure-cloud-node-manager",
+			"Service/azure-cloud-controller-manager",
 		},
 	}, {
 		name:                  "VSphere resources returned as expected",
 		testPlatform:          platformsMap[string(configv1.VSpherePlatformType)],
-		expectedResourceCount: 8,
+		expectedResourceCount: 9,
 		expectedResourcesKindName: []string{
 			"Deployment/vsphere-cloud-controller-manager",
 			"PodDisruptionBudget/vsphere-cloud-controller-manager",
@@ -199,11 +211,12 @@ func TestGetResources(t *testing.T) {
 			"ClusterRole/vsphere-cloud-controller-manager",
 			"ClusterRoleBinding/vsphere-cloud-controller-manager:vsphere-cloud-controller-manager",
 			"ClusterRoleBinding/vsphere-cloud-controller-manager:cloud-controller-manager",
+			"Service/vsphere-cloud-controller-manager",
 		},
 	}, {
 		name:                  "VSphere resources returned as expected with single node",
 		testPlatform:          platformsMap[string(configv1.VSpherePlatformType)],
-		expectedResourceCount: 7,
+		expectedResourceCount: 8,
 		singleReplica:         true,
 		expectedResourcesKindName: []string{
 			"Deployment/vsphere-cloud-controller-manager",
@@ -213,39 +226,48 @@ func TestGetResources(t *testing.T) {
 			"ClusterRole/vsphere-cloud-controller-manager",
 			"ClusterRoleBinding/vsphere-cloud-controller-manager:vsphere-cloud-controller-manager",
 			"ClusterRoleBinding/vsphere-cloud-controller-manager:cloud-controller-manager",
+			"Service/vsphere-cloud-controller-manager",
 		},
 	}, {
 		name:         "OVirt resources are empty, as the platform is not yet supported",
 		testPlatform: platformsMap[string(configv1.OvirtPlatformType)],
 	}, {
 		name:                  "IBMCloud resources",
 		testPlatform:          platformsMap[string(configv1.IBMCloudPlatformType)],
-		expectedResourceCount: 2,
+		expectedResourceCount: 3,
 		expectedResourcesKindName: []string{
 			"Deployment/ibm-cloud-controller-manager",
 			"PodDisruptionBudget/ibmcloud-cloud-controller-manager",
+			"Service/ibmcloud-cloud-controller-manager",
 		},
 	}, {
-		name:                      "IBMCloud resources with single node cluster",
-		testPlatform:              platformsMap[string(configv1.IBMCloudPlatformType)],
-		expectedResourceCount:     1,
-		singleReplica:             true,
-		expectedResourcesKindName: []string{"Deployment/ibm-cloud-controller-manager"},
+		name:                  "IBMCloud resources with single node cluster",
+		testPlatform:          platformsMap[string(configv1.IBMCloudPlatformType)],
+		expectedResourceCount: 2,
+		singleReplica:         true,
+		expectedResourcesKindName: []string{
+			"Deployment/ibm-cloud-controller-manager",
+			"Service/ibmcloud-cloud-controller-manager",
+		},
 	}, {
 		name:                  "PowerVS resources",
 		testPlatform:          platformsMap[string(configv1.PowerVSPlatformType)],
-		expectedResourceCount: 2,
+		expectedResourceCount: 3,
 		singleReplica:         false,
 		expectedResourcesKindName: []string{
 			"Deployment/powervs-cloud-controller-manager",
 			"PodDisruptionBudget/powervs-cloud-controller-manager",
+			"Service/powervs-cloud-controller-manager",
 		},
 	}, {
-		name:                      "PowerVS resources with single node cluster",
-		testPlatform:              platformsMap[string(configv1.PowerVSPlatformType)],
-		expectedResourceCount:     1,
-		singleReplica:             true,
-		expectedResourcesKindName: []string{"Deployment/powervs-cloud-controller-manager"},
+		name:                  "PowerVS resources with single node cluster",
+		testPlatform:          platformsMap[string(configv1.PowerVSPlatformType)],
+		expectedResourceCount: 2,
+		singleReplica:         true,
+		expectedResourcesKindName: []string{
+			"Deployment/powervs-cloud-controller-manager",
+			"Service/powervs-cloud-controller-manager",
+		},
 	}, {
 		name:         "Libvirt resources are empty",
 		testPlatform: platformsMap[string(configv1.LibvirtPlatformType)],

pkg/cloud/common/resources.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"
 
+	corev1 "k8s.io/api/core/v1"
 	policyv1 "k8s.io/api/policy/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
@@ -18,14 +19,17 @@ const (
 )
 
 func GetCommonResources(config config.OperatorConfig) ([]client.Object, error) {
-	commonResources := make([]client.Object, 0, 1)
+	commonResources := []client.Object{}
 	if !config.IsSingleReplica {
 		pdb, err := getPDB(config)
 		if err != nil {
 			return nil, err
 		}
 		commonResources = append(commonResources, pdb)
 	}
+
+	commonResources = append(commonResources, getService(config))
+
 	return commonResources, nil
 }
 
@@ -53,3 +57,42 @@ func getPDB(config config.OperatorConfig) (*policyv1.PodDisruptionBudget, error)
 		},
 	}, nil
 }
+
+// getService returns a common service for the cloud-controller-manager on port 10258,
+// for a given platform.
+func getService(config config.OperatorConfig) *corev1.Service {
+	matchLabels := map[string]string{
+		CloudControllerManagerProviderLabel: config.GetPlatformNameString(),
+	}
+	name := fmt.Sprintf("%s-cloud-controller-manager", strings.ToLower(config.GetPlatformNameString()))
+
+	return &corev1.Service{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Service",
+			APIVersion: "core/v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: config.ManagedNamespace,
+			Labels: map[string]string{
+				"k8s-app": name,
+			},
+		},
+		Spec: corev1.ServiceSpec{
+			Type: corev1.ServiceTypeClusterIP,
+			Ports: []corev1.ServicePort{
+				{
+					Name: "https",
+					Port: 10258,
+				},
+				{
+					Name:       "webhooks",
+					Port:       10260,
+					TargetPort: intstr.FromInt(10260),
+				},
+			},
+			Selector:        matchLabels,
+			SessionAffinity: corev1.ServiceAffinityNone,
+		},
+	}
+}

pkg/controllers/clusteroperator_controller_test.go

@@ -351,7 +351,8 @@ var _ = Describe("Apply resources should", func() {
 		updated, err := reconciler.applyResources(context.TODO(), resources)
 		Expect(err).ShouldNot(HaveOccurred())
 		Expect(updated).To(BeTrue())
-		// two resources should report successful update, deployment and pdb
+		// three resources should report successful update, deployment, pdb and service
+		Eventually(recorder.Events).Should(Receive(ContainSubstring("Resource was successfully created")))
 		Eventually(recorder.Events).Should(Receive(ContainSubstring("Resource was successfully created")))
 		Eventually(recorder.Events).Should(Receive(ContainSubstring("Resource was successfully created")))
 

pkg/controllers/resourceapply/resourceapply.go

@@ -22,6 +22,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	coreclientv1 "sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/openshift/library-go/pkg/operator/resource/resourceapply"
 	"github.com/openshift/library-go/pkg/operator/resource/resourcemerge"
 )
 
@@ -83,6 +84,8 @@ func ApplyResource(ctx context.Context, client coreclientv1.Client, recorder rec
 		return applyRoleBinding(ctx, client, recorder, t)
 	case *rbacv1.ClusterRoleBinding:
 		return applyClusterRoleBinding(ctx, client, recorder, t)
+	case *corev1.Service:
+		return applyService(ctx, client, recorder, t)
 	default:
 		return false, fmt.Errorf("unhandled type %T", resource)
 	}
@@ -560,3 +563,56 @@ func applyClusterRoleBinding(ctx context.Context, client coreclientv1.Client, re
 	recorder.Event(required, corev1.EventTypeNormal, ResourceUpdateSuccessEvent, "Resource was successfully updated")
 	return true, nil
 }
+
+func applyService(ctx context.Context, client coreclientv1.Client, recorder record.EventRecorder,
+	requiredOriginal *corev1.Service) (bool, error) {
+	required := requiredOriginal.DeepCopy()
+
+	existing := &corev1.Service{}
+	err := client.Get(ctx, coreclientv1.ObjectKeyFromObject(requiredOriginal), existing)
+	if apierrors.IsNotFound(err) {
+		required := requiredOriginal.DeepCopy()
+		if err := client.Create(ctx, required); err != nil {
+			recorder.Event(required, corev1.EventTypeWarning, ResourceCreateFailedEvent, err.Error())
+			return false, fmt.Errorf("service creation failed: %v", err)
+		}
+		recorder.Event(required, corev1.EventTypeNormal, ResourceCreateSuccessEvent, "Resource was successfully created")
+		return true, nil
+	} else if err != nil {
+		recorder.Event(required, corev1.EventTypeWarning, ResourceUpdateFailedEvent, err.Error())
+		return false, fmt.Errorf("failed to get service for update: %v", err)
+	}
+
+	modified := false
+	existingCopy := existing.DeepCopy()
+
+	// This will catch also changes between old `required.spec` and current `required.spec`, because
+	// the annotation from SetSpecHashAnnotation will be different.
+	resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta)
+	selectorSame := equality.Semantic.DeepEqual(existingCopy.Spec.Selector, required.Spec.Selector)
+
+	typeSame := false
+	requiredIsEmpty := len(required.Spec.Type) == 0
+	existingCopyIsCluster := existingCopy.Spec.Type == corev1.ServiceTypeClusterIP
+	if (requiredIsEmpty && existingCopyIsCluster) || equality.Semantic.DeepEqual(existingCopy.Spec.Type, required.Spec.Type) {
+		typeSame = true
+	}
+
+	if selectorSame && typeSame && !modified {
+		return false, nil
+	}
+
+	// at this point we know that we're going to perform a write.  We're just trying to get the object correct
+	toWrite := existingCopy // shallow copy so the code reads easier
+	toWrite.Spec = required.Spec
+
+	klog.V(2).Infof("Service %q changes: %v", required.GetNamespace()+"/"+required.GetName(), resourceapply.JSONPatchNoError(existing, toWrite))
+
+	if err := client.Update(ctx, existingCopy); err != nil {
+		recorder.Event(required, corev1.EventTypeWarning, ResourceUpdateFailedEvent, err.Error())
+		return false, err
+	}
+	recorder.Event(required, corev1.EventTypeNormal, ResourceUpdateSuccessEvent, "Resource was successfully updated")
+
+	return true, nil
+}