Commit Graph

250 Commits

Author SHA1 Message Date
Paulo Gomes facda8b422
Check EventRecorder is not nil
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2021-12-21 21:10:43 +00:00
Somtochi Onyekwere f6403df16f Add test for varsub in secret
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
2021-11-25 12:34:20 +01:00
Stefan Prodan 1badc828b4
Replace deprecated dependencies
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-11-23 14:21:21 +02:00
Stefan Prodan bedb53e0fa
Verify artifacts integrity
After downloading an artifact, compute its checksum and verify that it matches the original checksum advertised by source-controller.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-11-12 14:03:58 +02:00
Stefan Prodan 0ce7c1267e
Allow disabling the reconciliation of in-cluster resources
Introduce `kustomize.toolkit.fluxcd.io/reconcile` annotation. When set to `disabled`, the controller will no longer apply changes from source, nor it will prune the annotated resource.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-11-09 10:50:52 +02:00
Stefan Prodan 4958b9c8ce
Warn when secrets are not decrypted before apply
If decryption is not enabled, SOPS encrypted secrets will fail to apply with a validation error that doesn't give any hints. It's better to exit early and throw an error that tells users to enable decryption.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-11-08 15:58:27 +02:00
Stefan Prodan f2715a74c8
Set delete propagation policy to background
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-11-08 15:02:12 +02:00
Rishabh Bohra b8cebd3838
chore: remove deprecated io/ioutil
Signed-off-by: Rishabh Bohra <rishabhbohra01@gmail.com>
2021-10-29 20:28:25 +05:30
Stefan Prodan c610944139
SOPS: Fix dotenv decryption error reporting
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-19 11:10:10 +03:00
Stefan Prodan 7a26305dc8
Fix cluster scope detection of applied objects
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-19 09:34:18 +03:00
Somtochi Onyekwere 84a88d5878 Decrypt dotenv files
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
2021-10-17 15:27:04 +01:00
Stefan Prodan f133d2cb5f
Fix HPA v2beta1 validation
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-12 11:50:11 +03:00
Stefan Prodan a292f28699
Fix drift detection in Secrets and ConfigMaps
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-11 16:26:01 +03:00
Stefan Prodan 7282308883
Fix SSA upstream bugs for Kubernetes < 1.22
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-10 15:28:12 +03:00
Stefan Prodan cd5b6930b3
Fix inventory panic for v1beta1 objects
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-08 17:48:05 +03:00
Stefan Prodan 652da7f1e4
Guard against waiting deadlock
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-08 10:04:23 +03:00
Stefan Prodan b837b8f629
Fix flapping kstatus test due to rate limits
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-07 17:52:55 +03:00
Stefan Prodan ad2fe66dbf
Merge pull request #441 from darkowlzz/use-testenv
Replace envtest with testenv
2021-10-07 14:06:34 +03:00
Sunny dd3935ce8e Replace envtest with testenv
testenv now supports provisioning users. Replace envtest with testenv.

Also, reorder the cleanup to stop the test environment before stopping
the file server to avoid anything in the cluster trying to connect to
the file server after it's stopped.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2021-10-07 16:21:22 +05:30
Stefan Prodan dba56a569e
Add example for `.spec.wait` usage
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-07 11:37:39 +03:00
Sunny b7abdf2b84 envtest: Add cancellable context to stop controllers
In suite test, the context created by SetupSignalHandler() watches for
shutdown signal to cancel the context. This makes it possible to stop
the controllers by sending a kill signal that cancels the context.

This change allows controller context cancellation by creating another
context from SetupSignalHandler() context with a CancelFunc that's
called at the end of the test, instead of sending a kill signal.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2021-10-06 19:15:47 +05:30
Stefan Prodan 6346591f02
Use ssa package from fluxcd/pkg
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-10-01 10:21:15 +03:00
Stefan Prodan d0222867e6
Skip pruning for objects with a different owner
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-30 18:35:40 +03:00
Stefan Prodan 64084ea03b
Add test for reconciling an empty source
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-30 18:35:40 +03:00
Stefan Prodan 9c8f284b7f
Add `spec.wait` usage to the API docs
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-30 18:35:40 +03:00
Stefan Prodan 468f00e416
Implement health checking for all resources
- Add `.spec.wait` optional boolean field to API
- Wait for all applied resources to become ready when `.spec.wait` is set to `true`

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-30 18:35:39 +03:00
Stefan Prodan 8baead9b2e
Add e2e test for CRDs+CRs reconciliation using cert-manager
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-30 18:35:39 +03:00
Stefan Prodan 97bbc59eb6
Skip finalizer pruning when impersonation fails
When impersonation fails, emit an event with the stale objects and continue with the finalization as this is not a retryable error.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-30 18:35:39 +03:00
Stefan Prodan 69069c3ab3
Refactor reconciliation into actions
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-30 18:35:39 +03:00
Stefan Prodan b33e3b3449
Update the status when health checking starts
Set the healthiness status to progressing and specify the health check timeout in the condition message.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-30 18:35:39 +03:00
Stefan Prodan 1e01d800c5
Implement reconciliation using server-side apply
Reconciler behaviour:
- Creates an inventory of objects to be applied (persisted in-cluster under `.status.inventory`).
- Applies first custom resource definitions (CRDs) and namespaces, waits for them to register and only then applies the custom resources.
- Validates all resources with server-side dry-run apply (namespaced objects must contain `metadata.namespace`, defaulting to the `default` namespace is no longer supported).
- Reconciles only the resources that drifted.
- Prunes the objects that were previously applied but are missing from the current inventory.
- Emits events for only the resources that where created, configured or deleted.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-30 18:34:40 +03:00
Max Jonas Werner 435815c2a5
fix: don't skip all errors when recording health check status
fixes #432

Signed-off-by: Max Jonas Werner <mail@makk.es>
2021-09-30 15:31:02 +02:00
Stefan Prodan 14329c6fa0
Refactor tests
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-09-10 16:51:22 +03:00
Michal Schott 72bc54477a
Filter dryrun errors for senstive data.
Signed-off-by: Michal Schott <michal.schott@onegini.com>
2021-09-08 16:32:18 +02:00
Michal Schott cb93667050
Redact secret data.
Signed-off-by: Michal Schott <michal.schott@onegini.com>
2021-09-03 21:52:22 +02:00
Stefan Prodan 16c451ba40
Add GC owner reference tests
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-08-19 17:15:04 +03:00
Stefan Prodan a49bbf9ed3
Skip garbage collection of objects with owner references
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-08-18 12:49:28 +03:00
Somtochi Onyekwere b1071bf871 Add kustomize transformer tests
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
2021-08-16 15:40:14 +01:00
Somtochi Onyekwere 659e660b6d Tests for replacement transformer
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
2021-08-13 07:28:19 +01:00
Stefan Prodan 5d1cb91841
Make the kubeconfig secrets compatible with SOPS
Add `values.yaml` to the supported kubeconfig secret key names in order for SOPS to correctly detect the storage format based on the file extension.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-08-04 14:43:33 +03:00
Sunny 930e7d398e
Remove old util ObjectKey
Replace old utility function ObjectKey with controller-runtime's
client.ObjectKeyFromObject.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2021-08-01 04:27:35 +05:30
Max Jonas Werner 08920d3286
fix: prevent nil pointer dereference in health checks
When checking the health status of each declared resource, kstatus
might return nil for certain resources (for whatever reason). In that
case, this information is now conveyed in the health status event.

https://github.com/fluxcd/kustomize-controller/pull/374

Signed-off-by: Max Jonas Werner <mail@makk.es>
2021-07-26 19:03:46 +02:00
Stefan Prodan f556cb29f6
Fix generation conflicts in tests
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2021-07-08 18:21:22 +03:00
Vincent Boutour 23b0a2d455
Adding test for materializing #375
Signed-off-by: Vincent Boutour <bob@vibioh.fr>
2021-07-07 18:01:57 +02:00
Stefan Prodan bb71e74d53
Merge pull request #374 from makkes/better-health-check-messaging
feat: make it easier to reason about health check failures
2021-07-05 10:34:15 +03:00
Max Jonas Werner bbc4208d1c
feat: make it easier to reason about health check failures
Whenever a health check times out now, the most recently collected
error for each resource will be printed as part of the error message.
This excludes errors for those resources for which no error was
reported in the last update. This is because whenever a timeout
occurs, an error is reported on ALL resources, even those that have
been seen as healthy before.

Also, this commit causes all successfully checked resources to be
omitted in the error event.

Signed-off-by: Max Jonas Werner <mail@makk.es>
2021-07-04 21:51:41 +02:00
Jodok Batlogg d7c45de5ca fixed typo
Signed-off-by: Jodok Batlogg <jodok@batlogg.com>
2021-07-03 00:08:11 +02:00
Jane Liu L d72d8f5b2d
Test kustomization depend on for improve ut
Signed-off-by: Jane Liu L <jane.l.liu@ericsson.com>
2021-06-28 20:13:44 +08:00
Jane Liu L 8ade434726
Test kustomization depend on for improve ut
Signed-off-by: Jane Liu L <jane.l.liu@ericsson.com>
2021-06-28 20:04:24 +08:00
Stefan Prodan 6672928023
Merge pull request #364 from Kissy/generic-patches
Add support for in-line generic patches to Flux Kustomization API
2021-06-14 14:28:15 +03:00