Introduce Monitor support for CSR resource

These changes allow the Monitor to also track CSR (CertificateSigningResource) resources which will make it possible to know when a certificate has been issued by the K8s cluster signer. In turn, DCM will be able to read, store and use that certificate to generate kubeconfigs. Out-of-tree actions required: - publish monitor's docker image built from this source onto emcov2/monitor:latest Issue-ID: MULTICLOUD-1143 Change-Id: I7facd27bbfe08891151bb3b6a9a19948435e24e4 Signed-off-by: Igor D.C <igor.duarte.cardoso@intel.com>
author: Igor D.C <igor.duarte.cardoso@intel.com> 2020-08-31 22:46:10 +0000
committer: Igor D.C <igor.duarte.cardoso@intel.com> 2020-09-25 18:43:36 +0000
commit: 425795c7d4e6ce81932918aca2a1462384d4507f (patch)
tree: 68f9793b29b3d282e62426ab52669319b4dfd4eb /src/monitor/pkg/controller/resourcebundlestate/controller.go
parent: 8b5c4236639a46f39cbfe852590f34e64f58a85a (diff)
1 files changed, 32 insertions, 0 deletions
diff --git a/src/monitor/pkg/controller/resourcebundlestate/controller.go b/src/monitor/pkg/controller/resourcebundlestate/controller.go
index faee5892..5351ea99 100644
--- a/src/monitor/pkg/controller/resourcebundlestate/controller.go
+++ b/src/monitor/pkg/controller/resourcebundlestate/controller.go
@@ -8,6 +8,7 @@ import (
 
 	appsv1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/batch/v1"
+	certsapi "k8s.io/api/certificates/v1beta1"
 	corev1 "k8s.io/api/core/v1"
 	v1beta1 "k8s.io/api/extensions/v1beta1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
@@ -119,6 +120,12 @@ func (r *reconciler) Reconcile(req reconcile.Request) (reconcile.Result, error)
 		return reconcile.Result{}, err
 	}
 
+	err = r.updateCsrs(rbstate, rbstate.Spec.Selector.MatchLabels)
+	if err != nil {
+		log.Printf("Error adding csrStatuses: %v\n", err)
+		return reconcile.Result{}, err
+	}
+
 	// TODO: Update this based on the statuses of the lower resources
 	rbstate.Status.Ready = false
 	err = r.client.Status().Update(context.TODO(), rbstate)
@@ -352,3 +359,28 @@ func (r *reconciler) updateStatefulSets(rbstate *v1alpha1.ResourceBundleState,
 
 	return nil
 }
+
+func (r *reconciler) updateCsrs(rbstate *v1alpha1.ResourceBundleState,
+	selectors map[string]string) error {
+
+	// Update the CR with the csrs tracked
+	csrList := &certsapi.CertificateSigningRequestList{}
+	err := listResources(r.client, rbstate.Namespace, selectors, csrList)
+	if err != nil {
+		log.Printf("Failed to list csrs: %v", err)
+		return err
+	}
+
+	rbstate.Status.CsrStatuses = []certsapi.CertificateSigningRequest{}
+
+	for _, csr := range csrList.Items {
+		resStatus := certsapi.CertificateSigningRequest{
+			TypeMeta:   csr.TypeMeta,
+			ObjectMeta: csr.ObjectMeta,
+			Status:     csr.Status,
+		}
+		rbstate.Status.CsrStatuses = append(rbstate.Status.CsrStatuses, resStatus)
+	}
+
+	return nil
+}
author	Igor D.C <igor.duarte.cardoso@intel.com>	2020-08-31 22:46:10 +0000
committer	Igor D.C <igor.duarte.cardoso@intel.com>	2020-09-25 18:43:36 +0000
commit	425795c7d4e6ce81932918aca2a1462384d4507f (patch)
tree	68f9793b29b3d282e62426ab52669319b4dfd4eb /src/monitor/pkg/controller/resourcebundlestate/controller.go
parent	8b5c4236639a46f39cbfe852590f34e64f58a85a (diff)