github-personal/kamaji
1
0
Fork 0
mirror of https://github.com/outbackdingo/kamaji.git synced 2026-01-27 10:19:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: ensuring reconciliation of kubeconfig hashing kubeadm config and ca

Browse Source
This commit is contained in:
Dario Tranchitella
2022-07-13 21:56:03 +02:00
parent 8c24302d8e
commit 0b8f15f86f
2 changed files with 23 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/kubeadm/types.go
View File

@@ -18,7 +18,7 @@ type Configuration struct {
}
func (c *Configuration) Checksum() string {
initConfiguration, _ := json.Marshal(c.InitConfiguration)
initConfiguration, _ := utilities.EncondeToYaml(&c.InitConfiguration)
kubeconfig, _ := json.Marshal(c.Kubeconfig)
parameters, _ := json.Marshal(c.Parameters)

38
internal/resources/kubeconfig.go
View File

@@ -5,8 +5,6 @@ package resources
import (
"context"
"crypto/md5"
"encoding/hex"
"fmt"
"github.com/go-logr/logr"
@@ -108,19 +106,16 @@ func (r *KubeconfigResource) CreateOrUpdate(ctx context.Context, tenantControlPl
return utilities.CreateOrUpdateWithConflict(ctx, r.Client, r.resource, r.mutate(ctx, tenantControlPlane))
}
func (r *KubeconfigResource) checksum(apiServerCertificatesSecret *corev1.Secret, kubeadmChecksum string) string {
return utilities.CalculateConfigMapChecksum(map[string]string{
"ca-cert-checksum": string(apiServerCertificatesSecret.Data[kubeadmconstants.CACertName]),
"ca-key-checksum": string(apiServerCertificatesSecret.Data[kubeadmconstants.CAKeyName]),
"kubeadmconfig": kubeadmChecksum,
})
}
func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.TenantControlPlane) controllerutil.MutateFn {
return func() error {
status, err := r.getKubeconfigStatus(tenantControlPlane)
if err != nil {
return err
}
if status.Checksum == r.resource.GetAnnotations()["checksum"] {
if kubeadm.IsKubeconfigValid(r.resource.Data[r.KubeConfigFileName]) {
return nil
}
}
config, err := getStoredKubeadmConfiguration(ctx, r, tenantControlPlane)
if err != nil {
return err
@@ -136,6 +131,19 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam
return err
}
checksum := r.checksum(apiServerCertificatesSecret, config.Checksum())
status, err := r.getKubeconfigStatus(tenantControlPlane)
if err != nil {
return err
}
if status.Checksum == checksum {
if kubeadm.IsKubeconfigValid(r.resource.Data[r.KubeConfigFileName]) {
return nil
}
}
kubeconfig, err := kubeadm.CreateKubeconfig(
r.KubeConfigFileName,
kubeadm.CertificatePrivateKeyPair{
@@ -159,10 +167,8 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam
},
))
hash := md5.Sum(kubeconfig)
r.resource.SetAnnotations(map[string]string{
"checksum": hex.EncodeToString(hash[:]),
"checksum": checksum,
})
return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme())