...

Source file src/github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/kccmanager/kccmanager.go

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/kccmanager 

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package kccmanager
    16  
    17  import (
    18  	"context"
    19  	"fmt"
    20  	"net/http"
    21  
    22  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis"
    23  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/kccmanager/nocache"
    24  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/registration"
    25  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/clientconfig"
    26  	dclconversion "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/conversion"
    27  	dclmetadata "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/metadata"
    28  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/schema/dclschemaloader"
    29  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/gcp"
    30  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/servicemapping/servicemappingloader"
    31  	tfprovider "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/tf/provider"
    32  
    33  	corev1 "k8s.io/api/core/v1"
    34  	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
    35  	"k8s.io/apimachinery/pkg/runtime"
    36  	"k8s.io/client-go/rest"
    37  	"sigs.k8s.io/controller-runtime/pkg/manager"
    38  )
    39  
    40  type Config struct {
    41  	// The 'base' manager options which will be passed to New(...) other default options will be overlayed on top, such
    42  	// as disabling caching
    43  	ManagerOptions manager.Options
    44  
    45  	// UserProjectOverride provides the option to use the resource project for preconditions, quota, and billing,
    46  	// instead of the project the credentials belong to; false by default
    47  	UserProjectOverride bool
    48  
    49  	// BillingProject is the project used by the TF provider and DCL client to determine preconditions,
    50  	// quota, and billing if UserProjectOverride is set to true. If this field is empty,
    51  	// but UserProjectOverride is set to true, resource project will be used.
    52  	BillingProject string
    53  
    54  	// HTTPClient is the http client to use for DCL.
    55  	// Currently only used in tests.
    56  	HTTPClient *http.Client
    57  
    58  	// AccessToken allows configuration of a static access token.
    59  	// Currently only used in tests.
    60  	AccessToken string
    61  }
    62  
    63  // Creates a new controller-runtime manager.Manager and starts all of the KCC controllers pointed at the
    64  // API server associated with the rest.Config argument. The controllers are:
    65  // { tf, gsakeysecretgenerator, iampolicy, iampolicymember, registration-controller }
    66  //
    67  // This serves as the entry point for the in-cluster main and the Borg service main. Any changes made should be done
    68  // with care.
    69  func New(ctx context.Context, restConfig *rest.Config, config Config) (manager.Manager, error) {
    70  	opts := config.ManagerOptions
    71  	if opts.Scheme == nil {
    72  		// By default, controller-runtime uses the Kubernetes client-go scheme, this can create concurrency bugs as the
    73  		// the calls to AddToScheme(..) will modify the internal maps
    74  		opts.Scheme = runtime.NewScheme()
    75  	}
    76  	// Disable the cache. The cache causes problems in namespaced mode when trying
    77  	// to read resources in our system namespace.
    78  	opts.NewClient = nocache.NoCacheClientFunc
    79  	mgr, err := manager.New(restConfig, opts)
    80  	if err != nil {
    81  		return nil, fmt.Errorf("error creating new manager: %w", err)
    82  	}
    83  	if err := addSchemes(mgr); err != nil {
    84  		return nil, err
    85  	}
    86  
    87  	// Bootstrap the Google Terraform provider
    88  	tfCfg := tfprovider.NewConfig()
    89  	tfCfg.UserProjectOverride = config.UserProjectOverride
    90  	tfCfg.BillingProject = config.BillingProject
    91  	tfCfg.AccessToken = config.AccessToken
    92  
    93  	provider, err := tfprovider.New(ctx, tfCfg)
    94  	if err != nil {
    95  		return nil, fmt.Errorf("error creating TF provider: %w", err)
    96  	}
    97  	smLoader, err := servicemappingloader.New()
    98  	if err != nil {
    99  		return nil, fmt.Errorf("error loading service mappings: %w", err)
   100  	}
   101  	// Bootstrap the DCL SDK
   102  	dclSchemaLoader, err := dclschemaloader.New()
   103  	if err != nil {
   104  		return nil, fmt.Errorf("error creating a DCL schema loader: %w", err)
   105  	}
   106  	serviceMetadataLoader := dclmetadata.New()
   107  	dclConverter := dclconversion.New(dclSchemaLoader, serviceMetadataLoader)
   108  
   109  	dclOptions := clientconfig.Options{
   110  		UserProjectOverride: config.UserProjectOverride,
   111  		BillingProject:      config.BillingProject,
   112  		HTTPClient:          config.HTTPClient,
   113  		UserAgent:           gcp.KCCUserAgent,
   114  	}
   115  	dclConfig, err := clientconfig.New(ctx, dclOptions)
   116  	if err != nil {
   117  		return nil, fmt.Errorf("error creating a DCL client config: %w", err)
   118  	}
   119  
   120  	// Register the registration controller, which will dynamically create controllers for
   121  	// all our resources.
   122  	if err := registration.Add(mgr, provider, smLoader, dclConfig, dclConverter, registration.RegisterDefaultController); err != nil {
   123  		return nil, fmt.Errorf("error adding registration controller: %w", err)
   124  	}
   125  	return mgr, nil
   126  }
   127  
   128  func addSchemes(mgr manager.Manager) error {
   129  	scheme := mgr.GetScheme()
   130  	if err := corev1.AddToScheme(scheme); err != nil {
   131  		return fmt.Errorf("error adding 'corev1' resources to the scheme: %w", err)
   132  	}
   133  	if err := apiextensions.AddToScheme(scheme); err != nil {
   134  		return fmt.Errorf("error adding 'apiextensions' resources to the scheme: %w", err)
   135  	}
   136  	if err := apis.AddToScheme(scheme); err != nil {
   137  		return fmt.Errorf("error adding 'apis' resources to the scheme: %w", err)
   138  	}
   139  	return nil
   140  }
   141  

View as plain text