generated from cybozu-go/neco-template
-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathcertificate.go
104 lines (89 loc) · 3.08 KB
/
certificate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package controllers
import (
"bytes"
"context"
_ "embed"
"fmt"
"text/template"
mocov1beta2 "github.com/cybozu-go/moco/api/v1beta2"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/runtime/serializer/yaml"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
crlog "sigs.k8s.io/controller-runtime/pkg/log"
)
var decUnstructured = yaml.NewDecodingSerializer(unstructured.UnstructuredJSONScheme)
var certificateObj = &unstructured.Unstructured{}
func init() {
certificateObj.SetGroupVersionKind(schema.GroupVersionKind{
Group: "cert-manager.io",
Version: "v1",
Kind: "Certificate",
})
}
//go:embed certificate_tmpl.yaml
var certTmplData string
var certTmpl = template.Must(template.New("").Parse(certTmplData))
type certTmplVal struct {
Name string
Namespace string
ServiceName string
TargetNamespace string
}
func (r *MySQLClusterReconciler) reconcileV1Certificate(ctx context.Context, req ctrl.Request, cluster *mocov1beta2.MySQLCluster) error {
obj := certificateObj.DeepCopy()
err := r.Client.Get(ctx, client.ObjectKey{Namespace: r.SystemNamespace, Name: cluster.CertificateName()}, obj)
if err == nil {
return nil
}
if err != nil && !apierrors.IsNotFound(err) {
return fmt.Errorf("failed to get certificate %s: %w", cluster.CertificateName(), err)
}
buf := new(bytes.Buffer)
err = certTmpl.Execute(buf, certTmplVal{
Name: cluster.CertificateName(),
Namespace: r.SystemNamespace,
ServiceName: cluster.HeadlessServiceName(),
TargetNamespace: cluster.Namespace,
})
if err != nil {
return err
}
obj = &unstructured.Unstructured{}
_, _, err = decUnstructured.Decode(buf.Bytes(), nil, obj)
if err != nil {
return fmt.Errorf("failed to decode certificate YAML: %w", err)
}
obj.SetLabels(labelSet(cluster, true))
if err := r.Client.Create(ctx, obj); err != nil {
return fmt.Errorf("failed to create certificate: %w", err)
}
return nil
}
func (r *MySQLClusterReconciler) reconcileV1GRPCSecret(ctx context.Context, req ctrl.Request, cluster *mocov1beta2.MySQLCluster) error {
log := crlog.FromContext(ctx)
controllerSecret := &corev1.Secret{}
err := r.Client.Get(ctx, client.ObjectKey{Namespace: r.SystemNamespace, Name: cluster.CertificateName()}, controllerSecret)
if err != nil {
return client.IgnoreNotFound(err)
}
secret := &corev1.Secret{}
secret.Namespace = cluster.Namespace
secret.Name = cluster.GRPCSecretName()
result, err := ctrl.CreateOrUpdate(ctx, r.Client, secret, func() error {
secret.Labels = mergeMap(secret.Labels, labelSet(cluster, false))
secret.Data = controllerSecret.Data
return ctrl.SetControllerReference(cluster, secret, r.Scheme)
})
if err != nil {
return fmt.Errorf("failed to reconcile gRPC secret: %w", err)
}
if result != controllerutil.OperationResultNone {
log.Info("reconciled gRPC secret", "operation", string(result))
}
return nil
}