From 36f48bb9a9f1633ae4a2c8517e75ecdd3638ce22 Mon Sep 17 00:00:00 2001 From: Pawel Palucki Date: Thu, 11 Jul 2024 18:05:57 +0200 Subject: [PATCH] Fix error of missing client in Actuator after (nil pointer exception) (#269) Fix is based on how gardener-extension-runtime-gvisor populates actuator with client instance (from mgr.GetClient()) Includes: * more granular make targets to be able to call regenerate/_build/_build_tests targets, * in code option to disable recover from panice (disabled by default) * Fixed version of shoot to be deployed as example to local-shoot cluster * Regenerate nessesary files --- Makefile | 8 +++- cmd/gardener-extension-cri-resmgr/app/app.go | 6 ++- examples/ctrldeploy-ctrlreg.yaml | 2 +- examples/shoot.yaml | 23 ++++++------ examples/shoot2.yaml | 39 ++++++++++---------- pkg/controller/lifecycle/actuator.go | 38 ++++++------------- pkg/controller/lifecycle/actuator_test.go | 4 +- pkg/controller/lifecycle/add.go | 6 +-- 8 files changed, 61 insertions(+), 65 deletions(-) diff --git a/Makefile b/Makefile index 2c19c07a..9d822149 100644 --- a/Makefile +++ b/Makefile @@ -34,16 +34,22 @@ EXTENSION_CONFIGMAP_NAMESPACE := "" COMMIT:=`git rev-parse HEAD` DIRTY:=`git diff --quiet || echo '-dirty'` VERSION:=`git tag | sort -V | tail -1` -build: + +_go_generate: rm -rf ./pkg/consts/charts go generate ./... + +_build: echo "Building ${VERSION}-${COMMIT}${DIRTY}" CGO_ENABLED=0 go build -ldflags="-X github.com/intel/gardener-extension-cri-resmgr/pkg/consts.Commit=${COMMIT}${DIRTY} -X github.com/intel/gardener-extension-cri-resmgr/pkg/consts.Version=${VERSION}" -v ./cmd/gardener-extension-cri-resmgr +_build_tests: go test -c -v ./test/e2e/cri-resmgr-extension/. -o gardener-extension-cri-resmgr.e2e-tests go test -c -v ./pkg/controller/lifecycle -o ./gardener-extension-cri-resmgr.actuator.test go test -c -v ./pkg/configs -o ./gardener-extension-cri-resmgr.configs.test +build: _go_generate _build _build_tests + test: go generate ./... # Those tests (renders charts, uses env to read files) change CWD during execution (required because rely on charts and fixtures). diff --git a/cmd/gardener-extension-cri-resmgr/app/app.go b/cmd/gardener-extension-cri-resmgr/app/app.go index 4bc87603..e1ec0889 100644 --- a/cmd/gardener-extension-cri-resmgr/app/app.go +++ b/cmd/gardener-extension-cri-resmgr/app/app.go @@ -48,8 +48,10 @@ func NewExtensionControllerCommand(ctx context.Context) *cobra.Command { if err := options.OptionAggregator.Complete(); err != nil { return fmt.Errorf("error completing options: %s", err) } - - mgr, err := manager.New(options.RestOptions.Completed().Config, options.MgrOpts.Completed().Options()) + mgroptions := options.MgrOpts.Completed().Options() + // For debugging purposes, do not recover from panics from Reconciller + //mgroptions.Controller = controllerconfig.Controller{RecoverPanic: ptr.To(false)} + mgr, err := manager.New(options.RestOptions.Completed().Config, mgroptions) if err != nil { return fmt.Errorf("could not instantiate controller-manager: %s", err) } diff --git a/examples/ctrldeploy-ctrlreg.yaml b/examples/ctrldeploy-ctrlreg.yaml index 2a215eb8..bddb7202 100644 --- a/examples/ctrldeploy-ctrlreg.yaml +++ b/examples/ctrldeploy-ctrlreg.yaml @@ -6,7 +6,7 @@ metadata: name: cri-resmgr-extension type: helm providerConfig: - chart: H4sIAAAAAAAAA+1c63PiOBKfz/wVKue29lHBvMmV78sxCTNDXUJSJJu5+ZQStgBvbMsryzDczP7v15JsYwzhlQnzWHXVDGBJrZa69etuSc4YM4cEhJXJR06CyKVB2WZumZHIH7PKqy9CVaCzVkt81s5a1fxnSq9qzVa12ag3G6Je7azWaL9CrS/T/WaKI44ZQq/CEHux/eg+VW9b+XdK443658QPPcxJ9CxL2Fv/9Vqt0dT6Pwbtqv+HCfFCwiKTh96+fQgFt5vNp/Rfa9VbBf03mu3aK1R9iQEX6W+u/5PSCTqn4Zy54wlH9Wq9jnoBJx48ZCFlmINFmKjjeWggakRoQCLCpsQxS6LppWuD1RAHxYFDGOITgjohtuEjKTlF92A1wATVzSr6RVQwkiLj138BhzmNkY/nKKAcxREBFm6ERq5HEPlok5AjN0A2BTN0cWATNHP5RHaTMAEx0IeEBR1yDLUx1A/h1yhfD2EuBRY04Ty0KpXZbGZiKaxJ2bjiqYpR5bJ33u3fdssgsGzye+CRKEKM/Bm7DIY6nCMcgjw2HoKUHp4hyhAeMwJlnAp5Z8zlbjA+RREd8RlmBLg4bsSZO4z50mSl0sGY8xVgunCAjM4t6t0a6HXntnd7Cjze9+7eXf9+h953BoNO/67XvUXXA3R+3b/o3fWu+/DrDer0P6D/9PoXp4jAVEE35GPIhPwgpCumUaoO3RKyJMCIKoGikNjuyLVhXME4xmOCxnRKWADDQbD+fTcSyoxAPAe4eK7vcmkj0eqghIV8+lRGyCEjNwC9uz7wM1D5r79KCIkSd4QmOLphUP4RGdEE11tty0DmPSw1EpmyvsnxGGUtQuYGfISMn6J//xQVazIS0sjllM03sSAeDHcNQ+tghoEjfuS+fu1FvQftiv82DUbu2MdhWX2LzDn2d/QEW/H/rFbA/1az1tL4fwzS+K/x/4XxH1A+Rc8EOwRG4tBNLMNC01rp0Q0cC4xOlF/hsOQTjh3MsQUgG2CfWGgjUqWolNSOQK3Q5NMnZA6IRzAI008fK+D28BAcgeCOhDbNx3gIoyRcQDyt7NBjKZVODLE4vs9gCB8AH+ELzBwwgaX1bfqIXfEf/CQFq57bHo72wX5B2/C/2WoX8L951tD4fxTS6K/R/4XQfwniI5hoJ/aAkfn4T4mxGejfJNByLqBlX+AvTQXyWqiWbSWVxh4dYu+CjHDscQuNMAT8JYdE0CjkUhgj7RJJOMuG/zbpCWU9WWjRlWl8K6D9BWlX/BfLHhSLbZvGAd/PAWzF/0a9GP9XNf4fhzT+a/w/Bv5naH+rgKSjgGRvuD9efP+1V+ZxaFf8Z0Ns7xn2Z7QF/1v1ehH/62eNqsb/Y5DGf43/L4X/5XJ5yQdIDMExn0Ds/T9lW8Vc4NyD9UjYgHpkjWvIMCoyU9wybY/GjrXNaTzfHaxv6QYAH8E6XyTcEIvBdqxSGRq6bxmNQymB+BmKnSrgTGNmk+SpQ0KPzn0S8Hyh9Guqgui6DKzkEhQSwf/DpGxMuPz0wI7klxnm9kR+C+W3g4TY3sEK2yd1tNqXrZT98h05QcSITZlzYFcZu609+TiAVeNkT5f7M34zVpkbxiqbLMZ5+blZVC38rIBl83g3ARZmJr7FISxbsiqVTUEFbpBf+avyyBVU6NVmRDDcZeT79bFmka1BgQnBjA9BBLR+MpLxblhr63ScnaipiY8IjJInSpiurr+1tvNdzGhulx6qOWJqPWILdssy5aZRzOzzvMdreABe60dwIjCaARmJblPNbJgMqLXqSZ879Cge/gEak65sbRb3JXO3rx0R/71o1/xvGuJD07+t+3+Ns+L9r3q71tT53zGocEAr1EwCkdo4hTNaA9CGRjZe3sI3EuSFahxSIu+GOp2kHkSoL7O5I5KU9OC1IHrqfW4oJGhztRO0/EyhN/hekSwSJh+6JAH18qKgL8X9+befZQFCvhtAGkxnxLGSJ8AljKWYWW5oPC2LuWBgQjuR8qXNjA1DKDaTI0okIj5l84MEUE0PkSFpWbz7hBAsInDaiZ+SniqzHJFoCB8tnitruciSDPlwN9NQ4UFei+rJFXUSa8mNIF/ZXNT7Ns/gvybtf/9L3oCbQjhAWVlsDojtDrLRN2zD/3brbBn/G9VGvaHx/xik73/pHcDj3f+S2HEvseM6hY4XuAy2FqKOeHSUyirliB6WUdJCn0s5b7V2Sj6j5NZY86U91q74v9gX3D8N2IL/zWa7Ubz/Va+eafw/Bmn01+h/jPP/NAlYSQC+3QsAaZ7JyNQVZe9ARZD8XIpRW6gqS6QhREvpR/LwXGyMKVEiud9JmRLGF9uslznpDt9MTOE5YZybSck1gFWl1LPIWXd0yFmKOyH2YxT7lQMcrpwVN7C9GBKvX+SLNugf5l0is/kalHaDYT0bOyUXxq/IBL+oXhICifJSLmWigryl6QWTIXxG2aPYulje+KxwWmagKNfPnayBtap0N2t/+G5vakSCwvxFx/6ODIT55Pdad2+X7WVkE1HecYUpkrpYUmL6BpeZn3z57Cb2vCQ1R8XgxgyzwiXTor4POLJQUhlttrKsIgmm+VZqTN3/3gFuAw4+ACK+6b296tw89DtX3dubznk3q42QvC/6hlHfyj1E4HOI52TbF4XnwkytbH2ZGQCtCHHZ7Vx0Bw/dy+65gOSnBUh1sGuAXOyod9V5272HXq4HD9f33cH7Qe9uTScVe4IZz0WglbUhadZwSr3YJ1fCzqLVKX4qrE7JF+3UXK12nKvHCHauAw9MhbM4ZaC6XjHVzX3aaYqQV9tzMoSUHHV7WO0tQTT6w+4abY7/p8oqD934T2hL/N+AyL/4/r/e/zkS6fhfx/8vFf/nI2EL1Uql7CKFhUrKEQRkJgyOAdDcEkBzB2LpRhWVSicnJ+hOGIOYGwXGyqlJWTOwUv5BTPwQ/ieRmD5pJCLPKA+xMM6Q0anrwBeP2thTxdmbHngIA0Q1s9US+oZOeyNplDMM0SqwzZwDcvkpCmWqkXJUAkWi2jnEWox6HmGL1CatxtRGlpmAaUnFVSp9SF4vt5RsExpxqwXouDUQ4ngMbcTOjDhCCXPRV8eb4XlUKk1DmQgkh3mZq113GrZ6tiVPtmpVPz38So6a2s0rd+tJjCEOAA2lwf71XdcCPWZTlekCbBNWJfyjEAhInTrgjz0aipmriHFJm4sBhmBVIixsDtSOwYbFqgfeF3mriE6TvzLgSMSQwYc5pggW+KMwEFi1xB8SR9wJSYqTUEg6t1MpioQnNT0SP1jMJ4bq7EYp3qEKqQIRvAoVc1AZoFysQCJvOH+AYwEWc2RMiOdnqRoyDWmBNOYLKxZLcl3kJ7YKBWgpSS35facYviyvlHieXJwJ7uVN5iSJww6zv1XuuwkFgwj4l5cmZZu8fKumaQTyDUH56RTCIkns9SQJ8To2d6fCXtOqhixy0vfGtrZLan7fb4Vtjv/OxUp5bvi3w/tfxb//UKu26zr+Owbp+E/Hf0d6/0u5iBxwZ5Cz/HZuB70THlN6aTWl0tukLdW107K6ac1EZLCIBqF2FtlBqCEuLZZKfB4SK1WadFnTVKqqWQM1Q9HimlPNrLXN6vcN6po0adKkSZMmTZo0adKkSZMmTZo0adKkSZMmTZo0adKkSZMmTZo0adKk6Yen/wOVSPh7AHgAAA== + chart: H4sIAAAAAAAAA+1daXPbOBLNZ/0KFL1Tc5RFiZIoOtraqtU4SqLa+Cjbk9n5lIJISOKEJDggKFmbmf++DfAQdUSi5JjOxHiV2DRxNYDu5sNF6o1rfP+WYIewqDHBzCEBYXVyz0kQuTSo28ytMxL5E/biaDQB3U5H/gas/24a7dYLo9PttC2zZZhw3+g2rc4LdH98keURRxwzEKWKsr5CtJvI565P/mVYrabVbDXNrt46e3lmdQ3TqkEoXg9tt4wzyzKNrgi1P5/2qWumUAY7Tb7xZcoQNm6Z5mftX1yv2b/VBvs3v0zxu5HZP6OU74q3L3y9cn8T7O7/wrPhfIoZ1xfY9w4uo5z/N60uROpYoCeGZXWbyv9XgYL/N5ovu/DDAB9+1rG64NBX/X/37GW7a+ids1bnrNM2jKL/35L2qWumUAa77f8BRl/AHvs3QJlW7R90zbJeoEps8pn7/xN0TsMFcydTjlrNVgsNA048uMlCysD2aaCjvuehGxEjQjckImxGHL12UjtB71wbdIY4KA7gGYH4lKB+iG34lYacovfw7IBMUEtvoh9EBC0N0n78J+SwoDHy8QIFlKM4IpCFG6Gx6xFE7m0ScuQGyKZ+6Lk4sAmau3wqi0kzATHQb2kWdMQxxMYQP4S/xsV44MWkwAJTzsNeozGfz3UshdUpmzS8JGLUeDc8H1zeDuogsEzyS+CRKEKM/BG7DKo6WiAcgjw2HoGUHp4jyhCeMAJhnAp558zlbjA5RREd8zlmBHJx3IgzdxTzlcbKpIM6FyNAc+EAaf1bNLzV0M/92+HtKeTx6/Du7dUvd+jX/s1N//JuOLhFVzfo/Ory1fBueHUJf71G/cvf0H+Gl69OEYGmgmLIfciE/CCkK5pRdh26JWRFgDFNBIpCYrtj14Z6BZMYTwia0BlhAVQHhYT5biQ6MwLxHMjFc32XSx2JNiul12o4dNPu76GZUQuwT3po6V2WLqfmkAjuh1xG7aO3xPORLXxP0qRgoqCCaUoaM5tEdR8HIB80fYTyfETsN6lDQyGjvxOb12p8EUK5aaeJImqzTKqmbkA3Q1Aup2boRldvas/l8VWa/3EC6oM5iQ4v4xj+Z6rxfyU4lP+BxbzsdFovzZcdxf++Aey2/9zoHzQTUG78v8L/LNNQ4/8qULb/C0+CD1PiARmIdB6WGxYc7P9brbbZVv6/Cqjx//NGWfs/2OgL2Df+N1vmmv23W1ZXjf+rgBjiqhkANQPwKDMAJ7VPn+oIOWTsBtDvrg/5aaj+1181hESIO0ZTHF0zCL9HWjTFLbPb05D+HnsxiXQZX+d4gvIUIXMDPkbad9G/v4vWYzIS0sjllC12ZUE8qO6WDHtHZxg44o/C5VMb9QE4gv/ZNBi7Ex+H9eQq2jdBfDj/67SbXcX/qoDif88bZe3/YKMvYC//s9bXf0xggIr/VQHF/xT/e2T+BywvY0+p7xAcaW1x6KMbOD1QOhF+gcOaTzh2MMc9IFnJwtFOT5V5pTR2BN0KST59QvoN8QgGYS6z2wlx8/AIiKDIHYne1D/GI6gl4YLi0UaJEmuZdKKK6/X7ExThN/CPcAEtB5mAaX2dHPFB/E+S4RmxgSHXhZYIvSebD4bD+Z/YT6j4XxVQ/O9543D+V9LoC9jH/7qmtWr/7abRaSr+VwUU/1P8rzr+J33He+k7rjLX8QhkcKuLegJqKOWIPqx6yR76syZK39Ukf6KUNXYemzUewf8cEnp04YN4JecADud/7Sb8UvyvAij+97xR1v4PNvoC9th/p9Ntr8//wz/F/6qAYn+K/VWx/xvaLGrk1O5V7k0O5XYVsjjRGCI9IzNXhL2FLqJs8U7UuoeaMkQqQpQIkhK69OY5jYG/SVEikFDwu0QYH3N7+q4g3bHyIZS55zTjQkvKXAOwqqR7slv5svs+Qp5FB/OwP0axv/to+HbCLVvFDWwvdgj6QS60o3/od6nM+s/QadcY7FkrNbmg/Yh04MXJJgGQqChlgSAnN7yV5gWVIXxOGejeRM8qotsejZ0Gp3UGHQUspg7qKp0bA231PDonTp7+2A5CKFMiAWgCCvVZnHs4ii5LZiDUh83Apvq2LVSqfDpoVeERwQIzAeolLSyB7IuVTsx2cOjFxpf3rmPPu6ag94sVW0h2S4R54IpqUd8HP7LspDrarWV5RBLMiqmSOg3+ewd+G/zgB/CIr4dvLvrXHy77F4Pb6/75II+N0ExI9ppRv1e4ieCZQzznhoxX76b3hZr2cvvScwe0IcS7Qf/V4ObD4N3gXLjkzwuQ9UHZAfJ6QcOL/pvBeyjl6ubD1fvBza83w7sthTTkIZrCCLSxdUiaJ5xRL/bJhdCzaLOJPzeszuCLdElbbRZciMdgIHkVeKAqnMVZBknRG6q6u0w7myIodttDZggyOGSMY49fUAey6rSaX+HKzZfBEeP/zI3Zwo2VGQ0cMf7vttT5n0qgxv/PG2Xt/2CjL2Df+k/H7K6P/01T7f+pBGr8r8b/VYz/I2hoJ/bECOzjmRxB5ZMB18Vh0cHzASnTNTIy0axNPDrC3quEwfXQGHsRWT1hrmVFIunO8urnZ8fzkorn1fVv8VD4EfyPjbB90BPgcP5nKP5XERT/e94oa/8HG30Be+zfbLU2zv+aHVPxvyqg+J/if4/F/+r1+goHlD4Ex3wK3Ot/iW6tc8FzD+yRsBvqkS1MMPdR0do0fm/fxPHDV4O2p5TvJgq2LUWJmUIWe2JGsw4J3TeMxqGUoC4Xw+TyUfoyo+Tucom9GCiXtZIIoujlKgXcgp+jNGxCuPztgR7Ji7lYZpJXobw6Soj9BWxk+9k+2izLTjr78QtygogRmzLnyKLy7PaWlLyVysnvrpan/aRtZq5pm9nkKwyP3zbLqGt/NkCzeVxOgKWaias4BLMlm1LZFLrADYqWvymPtKC1Um1GsJye31/zw8rYYmRbvMCUYMZHIALa3hhpfXfY2rY+zhc9k4aPCNSSp50w27S/rbrzt2jRwrKLJ4eQdbkeLl7EtiJToRlFyz7s6fEz3ICn1rfwEIHapAuTWc/saAyItfkkfWjVo3gkXqUnH2VJ7rcra9Ilp2rKbd14akb8vHDE/E+6HwEnfV9iUHjE+p8lzv+q+Z/Hh5r/ed4oa/8HG30Be9f/Nt//0VXrf9VAzf+o+Z+K3v+8lTl+vdt/n9oyq8ER/G8W4i/q/7et/5lN9f7PSnAM/+sC/+ucKf73LaCs/R9s9AXs439ta/39ny3xSRDF/yrA2v5z0c0kENTGWTuWreGY08jGq1t4tPSpDtE4UCLvmjr9NB5hj/Rwz45UbBE9m30snjZYvZcwgvxohLzpZtvO68uA5JjF9z99n24K992gnxwKWW41t8NYiplzQ+3zsujLDHRIJyhflkzbUYX1ZIWjAD7xKVscJUCS9BgZ0pTr775ECIxoQnh+gGLb0S9xf+P4V8kN+xAvmR4u9mJyJ9mjXzh0ImpQjKwv432d72B6SpT+/scsadxjngHl+F/h+38t8QUQxf+qwBHf/zSsM8tqdyz1/c9vALvt/wFGX8Ae+2+bzc6a/RtGS/G/SqDm/9T832PN/xVPwveQUavlGyl6qJYcBA3IXCgcA0dzS4B8O1EPwWOlVjs5OUF3QhlE2yRb+ZNDrVLW5Rff5EFO0fAj+Eki0XxSSQTRrI+wUM6Q0ZnrwIVHYViSBOc7/fEIKogM3TRFf0Ohw7FUyjkO5Mfn8sOhyOWnKJTDkSzHRKBIRDuHcQOjHgx6ltw2i8aSF1npqTOtJeeq5cgke718L5FtSiPeM4EQ7T0IzfEE0oiRuaDQYeH0dd+b40VUqwELFmWkg7n8qO220dDm2EaObIymX1sdanQ7F+5eJq6JAaCW9ODl1d2gB/2YN1XeF6CbYJXwnwbeQvapQ2bEo6FouYaol9S5GNwQWKX4yh+YBLnHoMPC6iHvV0WtiE7Trww40mPIw8f6hCIw8I9CQcBqiT8ijtgTkganR6Hlw+1UiiLdU9I80n+wmE+1pLDrpOMdmniqQBxeF13MocvAy8WJkygqzu/wYIEsFkibiq8ZZjMpSNekBtKYL7VYmOS2k9/iVWHCaSWS9uR1qTP89fSbicnnDhO/V1SZk/Qc9nH6t5l7OaGgEgH/8tJk2aYv302aaQzyjaDzsyYEI0n19SQdP/eBu86EvmZRNRnkZOeG9qZLY36Lp4IUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFP5u+D8fWXlkAKAAAA== values: ### For development purposes - set it to 0 (if you want to register extension but use local process with "make start"). diff --git a/examples/shoot.yaml b/examples/shoot.yaml index 6befe2ef..aac20f11 100644 --- a/examples/shoot.yaml +++ b/examples/shoot.yaml @@ -18,11 +18,11 @@ metadata: name: local namespace: garden-local annotations: - shoot.gardener.cloud/infrastructure-cleanup-wait-period-seconds: "0" + shoot.gardener.cloud/cloud-config-execution-max-delay-seconds: "0" + authentication.gardener.cloud/issuer: "managed" spec: - seedName: local cloudProfileName: local - secretBindingName: local + secretBindingName: local # dummy, doesn't contain any credentials region: local ## In this shoot, local extension is disabled by default and uses configuration from ControllerDeployment. ## To enable mark it as disable=false or use globallyEnabled: true @@ -31,12 +31,7 @@ spec: disabled: true networking: type: calico - providerConfig: - apiVersion: calico.networking.extensions.gardener.cloud/v1alpha1 - kind: NetworkConfig - backend: none - typha: - enabled: false + nodes: 10.10.0.0/16 provider: type: local workers: @@ -46,8 +41,14 @@ spec: cri: name: containerd minimum: 1 - maximum: 1 # currently, only single-node clusters are supported + maximum: 2 maxSurge: 1 maxUnavailable: 0 kubernetes: - version: 1.27.1 # please keep that in sync with test/e2e/cri-resmgr-extension/common_test.go "kubernetesVersion" 1 + kubelet: + seccompDefault: true + serializeImagePulls: false + registryPullQPS: 10 + registryBurst: 20 + protectKernelDefaults: true + streamingConnectionIdleTimeout: 5m diff --git a/examples/shoot2.yaml b/examples/shoot2.yaml index bc813969..91d80d17 100644 --- a/examples/shoot2.yaml +++ b/examples/shoot2.yaml @@ -18,11 +18,11 @@ metadata: name: local2 namespace: garden-local annotations: - shoot.gardener.cloud/infrastructure-cleanup-wait-period-seconds: "0" + shoot.gardener.cloud/cloud-config-execution-max-delay-seconds: "0" + authentication.gardener.cloud/issuer: "managed" spec: - seedName: local cloudProfileName: local - secretBindingName: local + secretBindingName: local # dummy, doesn't contain any credentials region: local ### In shoot local2 extension is required and not disabled with own config to test override. extensions: @@ -76,23 +76,24 @@ spec: networking: type: calico - providerConfig: - apiVersion: calico.networking.extensions.gardener.cloud/v1alpha1 - kind: NetworkConfig - backend: none - typha: - enabled: false + nodes: 10.10.0.0/16 provider: type: local workers: - - name: local - machine: - type: local - cri: - name: containerd - minimum: 1 - maximum: 1 - maxSurge: 1 - maxUnavailable: 0 + - name: local + machine: + type: local + cri: + name: containerd + minimum: 1 + maximum: 2 + maxSurge: 1 + maxUnavailable: 0 kubernetes: - version: 1.27.1 # please keep that in sync with test/e2e/cri-resmgr-extension/common_test.go "kubernetesVersion" 1 + kubelet: + seccompDefault: true + serializeImagePulls: false + registryPullQPS: 10 + registryBurst: 20 + protectKernelDefaults: true + streamingConnectionIdleTimeout: 5m diff --git a/pkg/controller/lifecycle/actuator.go b/pkg/controller/lifecycle/actuator.go index 008806ab..20645a42 100644 --- a/pkg/controller/lifecycle/actuator.go +++ b/pkg/controller/lifecycle/actuator.go @@ -39,8 +39,6 @@ import ( "github.com/intel/gardener-extension-cri-resmgr/pkg/imagevector" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/client-go/rest" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" ) @@ -81,16 +79,18 @@ func GetProviderConfig(logger logr.Logger, extensions []v1beta1.Extension) (bool // --------------------------------------------------------------------------------------- // NewActuator return new Actuator. -func NewActuator(name string) extension.Actuator { +func NewActuator(c client.Client, name string) extension.Actuator { return &Actuator{ + client: c, ChartRendererFactory: extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot), logger: log.Log.WithName(name), } } // NewActuatorWithSuffix return new Actuator with suffix. -func NewActuatorWithSuffix(nameSuffix string) extension.Actuator { +func NewActuatorWithSuffix(c client.Client, nameSuffix string) extension.Actuator { return &Actuator{ + client: c, ChartRendererFactory: extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot), logger: log.Log.WithName(consts.ActuatorName + nameSuffix), } @@ -98,11 +98,11 @@ func NewActuatorWithSuffix(nameSuffix string) extension.Actuator { // Actuator type. type Actuator struct { - client client.Client - config *rest.Config + client client.Client + //config *rest.Config ChartRendererFactory extensionscontroller.ChartRendererFactory - decoder runtime.Decoder - logger logr.Logger + //decoder runtime.Decoder + logger logr.Logger } // GenerateSecretData return byte map which is k8s secret with data. @@ -169,6 +169,10 @@ func (a *Actuator) GenerateSecretDataToMonitoringManagedResource(namespace strin func (a *Actuator) Reconcile(ctx context.Context, logger logr.Logger, ex *extensionsv1alpha1.Extension) error { namespace := ex.GetNamespace() + if a.client == nil { + panic("a.client is nil!") + } + // Find what shoot cluster we dealing with. // to find k8s version for chart renderer // and get providerConfig for configurations for CRI-resource-manager configmaps @@ -264,21 +268,3 @@ func (a *Actuator) Restore(ctx context.Context, logger logr.Logger, ex *extensio func (a *Actuator) Migrate(ctx context.Context, logger logr.Logger, ex *extensionsv1alpha1.Extension) error { return a.Delete(ctx, logger, ex) } - -// InjectConfig the Extension resource. -func (a *Actuator) InjectConfig(config *rest.Config) error { - a.config = config - return nil -} - -// InjectClient the Extension resource. -func (a *Actuator) InjectClient(client client.Client) error { - a.client = client - return nil -} - -// InjectScheme the Extension resource. -func (a *Actuator) InjectScheme(scheme *runtime.Scheme) error { - a.decoder = serializer.NewCodecFactory(scheme, serializer.EnableStrict).UniversalDecoder() - return nil -} diff --git a/pkg/controller/lifecycle/actuator_test.go b/pkg/controller/lifecycle/actuator_test.go index a728db9d..71a40dc8 100644 --- a/pkg/controller/lifecycle/actuator_test.go +++ b/pkg/controller/lifecycle/actuator_test.go @@ -111,7 +111,7 @@ var _ = Describe("cri-resource-manager extension actuator tests", func() { // TODO: consider using mock instead of real rendered - not enough logic inside golang code yet! // unused but useful for future // "github.com/golang/mock/gomock" - a := actuator.NewActuator("mock").(*actuator.Actuator) + a := actuator.NewActuator(nil, "mock").(*actuator.Actuator) It("generate properly with expected bodies inside", func() { secret, err := a.GenerateSecretData(log, consts.Charts, consts.ChartPath, "foo_namespace", "v1.0.0", configTypes, nodeSelector) @@ -129,7 +129,7 @@ var _ = Describe("cri-resource-manager extension actuator tests", func() { Describe("rendering monitoring chart with GenerateSecretDataToMonitoringManagedResource", func() { It("generate correct config with replaced namespace", func() { - a := actuator.NewActuator("mock").(*actuator.Actuator) + a := actuator.NewActuator(nil, "mock").(*actuator.Actuator) output := a.GenerateSecretDataToMonitoringManagedResource("test") diff --git a/pkg/controller/lifecycle/add.go b/pkg/controller/lifecycle/add.go index ad8686ca..8d992efe 100644 --- a/pkg/controller/lifecycle/add.go +++ b/pkg/controller/lifecycle/add.go @@ -90,7 +90,7 @@ func ConfigMapToAllExtensionMapper(ctx context.Context, log logr.Logger, reader func AddToManager(ctx context.Context, mgr manager.Manager, options *options.Options, ignoreOperationAnnotation bool) error { return extension.Add(ctx, mgr, extension.AddArgs{ - Actuator: NewActuator(consts.ActuatorName), + Actuator: NewActuator(mgr.GetClient(), consts.ActuatorName), ControllerOptions: options.ControllerOptions.Completed().Options(), Name: consts.ControllerName, FinalizerSuffix: consts.ExtensionType, @@ -107,12 +107,12 @@ func AddConfigMapWatchingControllerToManager(ctx context.Context, mgr manager.Ma // Create another instance of options - this time for "configMap2Extensions reconciler" controllerOptions := options.ControllerOptions.Completed().Options() configReconcilerArgs := extension.AddArgs{ - Actuator: NewActuator(consts.ActuatorName + consts.ConfigsSuffix), + Actuator: NewActuator(mgr.GetClient(), consts.ActuatorName+consts.ConfigsSuffix), Resync: 60 * time.Minute, FinalizerSuffix: consts.ExtensionType, // We're using the same finalizer as the original controller on purpose to "delete" only once without a need to wait for another "configs" controller } controllerOptions.Reconciler = extension.NewReconciler(mgr, configReconcilerArgs) - recoverPanic := true + recoverPanic := true // TODO: make it configurable for debugging purposes !!?!? controllerOptions.RecoverPanic = &recoverPanic controllerName := consts.ControllerName + consts.ConfigsSuffix