package konfigkonnector import ( "context" _ "embed" //nolint let a human embed "fmt" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" "sigs.k8s.io/controller-runtime/pkg/client" kccAPI "edge-infra.dev/pkg/k8s/konfigkonnector/apis/configconnector/v1beta1" configconnector "edge-infra.dev/third_party/k8s/configconnector" ) const ( ResourceName = "k8s-cfg-connector" ) var ( namespace = "cnrm-system" ) // LoadManifests reads the manifests from the embedded byte mapping containing // vendored KCC installation manifests, and decodes the data into unstructured.Unstructured // objects that can be applied to the K8s API using controller-runtime's client func LoadManifests() ([]*unstructured.Unstructured, error) { return configconnector.LoadManifests() } // Install applies loaded manifests to K8s. // // Deprecated: One-shot install clients should use the generic SSA Install function // from pkg/k8s/runtime/ssa instead. func Install(ctx context.Context, c client.Client, manifests []*unstructured.Unstructured) error { // apply namespace first for _, manifest := range manifests { if manifest.GetKind() == "Namespace" { if err := c.Create(ctx, manifest); err != nil && !errors.IsAlreadyExists(err) { return err } } } // apply everything else for _, manifest := range manifests { if manifest.GetKind() != "Namespace" { if err := c.Create(ctx, manifest); err != nil && !errors.IsAlreadyExists(err) { return err } } } return nil } // CreateScheme builds the runtime.Scheme with the necessary API types for // creating a client that can install K8s config connector and configure it // (using their CRDs) func CreateScheme() *runtime.Scheme { scheme := runtime.NewScheme() utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(kccAPI.AddToScheme(scheme)) return scheme } // SetupCNRMSystem sets up the cnrm-system namespace for the K8s config connector // for non-GKE K8s distros func SetupCNRMSystem(ctx context.Context, c client.Client, secretName string, key []byte) error { err := c.Create(ctx, &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{Name: namespace}, }) if err != nil && !errors.IsAlreadyExists(err) { return fmt.Errorf("konfigkonnector.SetupCNRMSystem: failed to create namespace: %w", err) } err = c.Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Name: secretName, Namespace: namespace}, Data: map[string][]byte{"key.json": key}, }) if err != nil && !errors.IsAlreadyExists(err) { return fmt.Errorf("konfigkonnector.SetupCNRMSystem: failed to create secret: %w", err) } return nil }