Fixes: #265
* registration: negotiate registration protocol
* operator: always update the MachineInventory for authenticated clients
* register: rename sendData to sendSMBIOSdata
* register: rework the Register() function
* operator: rework the registration protocol loop
* operator: no need to return the msgType from the registration loop
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/registration: switch to Kubebuilder client
Fixes#239
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/registration: adapt tests to Kubebuilder client
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* unit-tests: vendor controller-runtime fake client
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add yaml annotations for correct marshalling
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/RBAC: add "get" verb to ServiceAccount resources
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: generate rbac
make generate-manifests
make build-rbac
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Add elementalcli package
Create a separate package to deal with elemental-cli installation.
This brings the elemental-cli functions declared in the config package
to a new package that just parses a map[string]interface argument.
This is a step to enable usage of the elemental-cli functions with the
new elementalv1.Config.Elemental.Install type.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: switch to Kubebuilder api
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: add mapstructure annotations for correct marshalling
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: reduce complexity of the run function
Make linter happy:
"cyclomatic complexity 16 of func `run` is high (> 15) (gocyclo)"
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: drop io/ioutil in favor of os package
io/ioutil is deprecated
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
This commit adds a rate limiter to the ManagedOSVersionChannel controller to prevent
stacking reconcile loops over the same resource in fast rates (doesn't make sense for a
ManagedOSVersionChannel). By default the controller runtime already includes an
equivalent rate limiter, but starts in the range of milliseconds, starting the exponential
rate limiter in the range of seconds is more than enough in this context.
In addition it drops the failures counter in the resource. This counter was supposed to
be used to limit the number attempts to sync in case of failure. This was a bad design,
status should not keep a counter like this as any change in status triggers a new
immediate reconcile loop, hence the counter was reaching the maximum as fast as the
controller runtime was executing reconcile loops without any rate limiter (rate limiter
applies only when there are no changes including status).
For now I think we can just live without the setting any maxium for failures. If we ever
need it I believe it should be coded and tracked within the controller itself, not in each
resource as this prevents the reconcile loop of being idempotent. Alternatively we could
prevent triggering the reconcile loop on status changes, however this prevents
reconciling if any third party (or user from the kubectl client) changes a resource status.
Fixes#257
Part of #240
Signed-off-by: David Cassany <dcassany@suse.com>
This commit adds few changes on the syncer logic:
* Makes use of ManagedOSVersionChannel status reason to track if there
is an on going synchronization rather than polling for the existence of a synchronization pod or not.
* Adds a logic to stop trying to synchronize after 4 consecutive attempts.
If it exceeds the maximum it just programs the next re-sync after the given sync
interval instead of immediately retrying.
* Adds some logging and comments here and there.
Signed-off-by: David Cassany <dcassany@suse.com>
* Implement syncer logic as part of the ManagedOSVersionChannel controller
This commit adds the logic to synchronize managedosversionchannels
within the already existing controller.
* make generate
* make build-manifests
* Update chart
* update e2e tests
Signed-off-by: David Cassany <dcassany@suse.com>
Otherwise we will have no Secrets in the ServiceAccount for kubernetes
clusters >= 1.24
Fixes: #246
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Update vendor
* Run generation tasks
* Minor fixes in Makefile
* Remove old code
* Add remaning controllers
* Minor e2e tests improvements
* Switch osversionchannel syncer to controll runtime
* Minor fixes in controllers
* Fix unit tests
* Add new package to Dockerfile
* Update dependencies
* Add unit test helpers
* Add new machine registration controller
* Remove old machine registration controller
* Add rbac tag for secrets
* Fix container argument in chart
* Add labels to all created resources
The OnChange function of the MachineRegistration controller is becoming
too packed: move the ServiceAccount and associated Secret creation and
management in a separate function
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
If the ServiceAccount for the newly created MachineRegistration
is already there, ensure it has a link to the newly created Secret
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
A Secret referencing a missing ServiceAccount will be deleted.
While we create them one after the other, still the safest path is
to create the ServiceAccount first. Otherwise we may be exposed to
a race condition in which:
1. We create the Secret referencing an unexistent ServiceAccount
2. The Secret controller will detect a Secret referencing an unexistent
ServiceAccount and will mark it for deletion
3. The ServiceAccount is created with the reference to the Secret
4. The Secret gets removed from the controller: the controller also
updates the ServiceAccount removing the linked Secret
Fixes#197
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: manage empty config in MachineRegistrations
We don't deal with empty Spec:Config in MachineRegistrations: in that
case we would end up with a nil Config structure, which we don't check
causing the operator to panic.
Just check and deal with empty (nil) MachineRegistration config.
Fixes#202
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator:trivial: rename var machineRegistration to registration
In order to manage a MachineRegistration resource we instantiate a var named
'registration' in all the functions of the server package, but in the
'unauthenticatedResponse' function.
Let's stay coherent: rename the variable.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: tests: expand the data structure TestInitNewInventory
This has no functional change: just extend the configuration parameter
that can be set in the data structure used for the tests.
Make use of it in the following commit.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: tests: check empty config in MachineRegistrations
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Label objects created by elemental-operator with
"elemental.cattle.io/managed": "true"
It will used by rancher-backup operator to filter these object and
create proper backup from them.
Fixes https://github.com/rancher/elemental/issues/435
Signed-off-by: Michal Jura <mjura@suse.com>
Signed-off-by: Michal Jura <mjura@suse.com>
Mark secrets created and managed by elemental-operator.
It is needed for rancher-backup opeator to select them for backup.
Fixes https://github.com/rancher/elemental/issues/396
Signed-off-by: Michal Jura <mjura@suse.com>
Signed-off-by: Michal Jura <mjura@suse.com>
It seems that elemental-operator RBAC ClusterRole was too wide.
This change is simplifying it and removing unneeded privileges.
Fixes #https://github.com/rancher/elemental-operator/issues/186
Signed-off-by: Michal Jura <mjura@suse.com>
Signed-off-by: Michal Jura <mjura@suse.com>
* Add e2e test config
* Switch to using test config
* Update vendor
* Fix lint issues
* Change rancher namespace variable name
* Put do nothing test back
These changes are required to facilitate OBS code updates and builds by simply triggering OBS services. This allows updating code and rebuild in OBS based on github events such as on tag, on merge, on push...
Signed-off-by: David Cassany <dcassany@suse.com>
- publish only binaries instead of a tar.gz of the binaries bundle
- create SBOM as part of the gorelease pipeline
- use github changelog for the release
- sign ALL the things. Binaries, checksum, and even the SBOM
- release also the cert+sig of the generated artifacts
Signed-off-by: Itxaka <igarcia@suse.com>
Francesco Giudici