This drops the twofold implementation in favor of a single
`MemoryRESTClientGetter` which can work with an arbitrary `rest.Config`.
The new `MemoryRESTClientGetter` lazy-loads and caches the objects it
initializes, thereby creating at most one instance of each object for
the duration of the reconcile of a single `HelmRelease` object.
Based on some initial tests, this seems to reduce the overal memory
footprint of the controller.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Check if the service account to be impersonated actually exists
and proceed with uninstalling the Helm release only if it does.
Otherwise, skip uninstalling the release and carry on with finalization.
Add an e2e test to check if deleting a namespace with the RBAC and
HelmRelease succeeds with the namespace being fully deleted.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
This enables experimental drift detection of cluster state compared to
the current manifest data from the Helm storage's manifest blob.
Drift detection works based on the already proven approach of the
kustomize-controller's SSA package, and utilizes the managed field
configured by the controller since `v0.12.2`.
This feature is planned to go out of experimental once the further
controller rewrite has been finished, and the state of the Helm storage
itself is more fault tolerant.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This updates all the comparisons to make use of `HasRevision` which
supports the RFC-0005 and legacy revision formats.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Fixing a regression introduced in #480 which would always pick the
namespace of the release. In addition, historically seen the
configuration of the impersonation username while making use of a
KubeConfig has never worked correctly, this has been adressed as well.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This is a partial cherry-pick of commit ae4f499e87, including
changes around `kube`. This to include some of the changes around the
construction of the ConfigFlags RESTClientGetter, as an attempt to
solve token refresh issues.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Two new flags were added to allow users to enable the
use of user.Exec and InsecureTLS in the kubeconfigs
provided remote apply reconciliations.
Breaking change: both functionalities are no longer
enabled by default.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This to facilitate improvements on the notification-controller side,
where annotations prefixed with the FQDN of the Group of the Involved
Object will be transformed into "fields".
Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes an update of the source-controller to v0.22.0, to pull in
the v1beta2 API which makes use of the same packages.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Introduce the flag `--default-service-account` for allowing cluster admins to enforce impersonation for resources reconciliation.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
When ExternalEventRecorder is nil, the helm release reference is not used
therefore the function can safely return early.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Add `values.yaml` to the supported kubeconfig secret key names in order for SOPS to correctly detect the storage format based on the file extension.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Before:
{"level":"info","ts":"2021-03-03T12:45:41.305Z","logger":"controller.helmrelease","msg":"could not find optional %s '%s'","reconciler group":"helm.toolkit.fluxcd.io","reconciler kind":"HelmRelease","name":"cert-manager","namespace":"kommander","ConfigMap":{"namespace":"kommander","name":"cert-manager-overrides"}}
After:
{"level":"info","ts":"2021-03-03T13:56:46.365+0100","logger":"controller.helmrelease","msg":"could not find optional ConfigMap 'kommander/cert-manager-overrides'","reconciler group":"helm.toolkit.fluxcd.io","reconciler kind":"HelmRelease","name":"cert-manager","namespace":"kommander"}
Signed-off-by: Max Jonas Werner <mwerner@d2iq.com>
To include a bug fix to the `ReconcilateAtChangedPredicate`
and renaming to `ReconcileRequestedPredicate`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit upgrades the `controller-runtime` dependency to `v0.7.0`,
including all changes required to make all wiring work again.
- Upgrade `runtime` to v0.6.0 to include `controller-runtime` changes.
- Loggers have been removed from the reconcilers and are now retrieved
from the `context.Context` passed to the `Reconcile` method and
downwards functions.
- Logger configuration flags are now bound to the flag set using
`BindFlags` from `runtime/logger`, ensuring the same contract across
GitOps Toolkit controllers, and the `--log-json` flag has been
deprecated in favour of the `--log-encoding=json` default.
- The `ChangePredicate` from `runtime` has changed to a
`ReconcilateAtChangedPredicate`, and is now chained with the
`GenerationChangedPredicate` from `controller-runtime` using
`predicate.Or`.
- Signatures that made use of `runtime.Object` have changed to
`client.Object`, removing the requirement to e.g. call
`runtime.Object#Object`.
- The `leader-election-role` was changed, as leader election now works
via the `coordination/v1` API.
Other notable changes:
- `util.ObjectKey` was added to easily construct a `client.ObjectKey` /
`types.NamespacedName` from a `metav1.Object`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This prevents the resource hanging forever if the release does not exist
in the Helm storage because it was either never created, or because it
was already removed by e.g. Kubernetes due to a namespace deletion.
Signed-off-by: Hidde Beydals <hello@hidde.co>
If a resource is marked as suspended we should not perform any
reconciliation action for the resource at all.
This includes updating the status of the resource to a
`Ready==False` state, as this is not an accurate representation of
the resource's state: we have been told to no longer look at it
and with that our last observation freezes in time.
Resource deletions are the sole exception to actions (not) being
performed, as we are duty-bound to remove our finalizer from the
resource to make a deletion succeed.
To make the suspend state still visible to the user, a column has
been added to the Custom Resource Definition which prints the
`.spec.suspend` of every HelmRelease.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Changes the condition type to the one introduced in k8s 1.19, including
the newly introduced helpers in place of the old pkg/apis/meta types.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Hidde Beydals
Sanskar Jaiswal
Hidde Beydals
Stefan Prodan
Santosh Kaluskar
Nick Stogner
Alex Marston
Paulo Gomes
Sunny
Somtochi Onyekwere
Kingdon Barrett
Aurel Canciu
Zhongcheng Lao
Hidde Beydals
Max Jonas Werner
Dylan Arbour
Will Salt
gtracer