React to eventmesh changes

kyma-project · Sep 28, 2023 · 63dc543 · 63dc543
1 parent 7e5da78
commit 63dc543
Show file tree

Hide file tree

Showing 7 changed files with 148 additions and 222 deletions.
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/external/apirules.gateway.crd.yaml b/config/crd/external/apirules.gateway.crd.yaml
@@ -14,205 +14,8 @@ spec:
     plural: apirules
     singular: apirule
   scope: Namespaced
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          namespace: kyma-system
-          name: api-gateway-webhook-service
-          path: /convert
-      conversionReviewVersions:
-        - v1beta1
-        - v1alpha1
   preserveUnknownFields: false
   versions:
-  - deprecated: true
-    deprecationWarning: Since Kyma 2.5.X, APIRule in version v1alpha1 has been deprecated.
-      Consider using v1beta1.
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: APIRule is the Schema for ApiRule APIs.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: Defines the desired state of ApiRule.
-            properties:
-              gateway:
-                description: Specifies the Istio Gateway to be used.
-                pattern: ^[0-9a-z-_]+(\/[0-9a-z-_]+|(\.[0-9a-z-_]+)*)$
-                type: string
-              rules:
-                description: Represents the array of Oathkeeper access rules to be
-                  applied.
-                items:
-                  properties:
-                    accessStrategies:
-                      description: Specifies the list of access strategies. All strategies
-                        listed in [Oathkeeper documentation](https://www.ory.sh/docs/oathkeeper/pipeline/authn)
-                        are supported.
-                      items:
-                        description: Represents a handler that authenticates provided
-                          credentials. See the corresponding type in the oathkeeper-maester
-                          project.
-                        properties:
-                          config:
-                            description: Configures the handler. Configuration keys
-                              vary per handler.
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                            properties:
-                              jwks_urls:
-                                description: Specifies the array of URLs from which Ory Oathkeeper can retrieve JSON Web Keys for validating JSON Web Token.
-                                  The value must begin with either `http://`, `https://`, or `file://`.
-                                type: array
-                                items:
-                                  type: string
-                                  pattern: ^(http://|https://|file://).*$
-                              trusted_issuers:
-                                description: If the **trusted_issuers** field is set, the JWT must contain a value for the claim `iss`
-                                  that matches exactly (case-sensitive) one of the values of **trusted_issuers**.
-                                  The value must begin with either `http://`, `https://`, or `file://`.
-                                type: array
-                                items:
-                                  type: string
-                                  pattern: ^(http://|https://|file://).*$
-                          handler:
-                            description: Specifies the name of the handler.
-                            type: string
-                        required:
-                        - handler
-                        type: object
-                      minItems: 1
-                      type: array
-                    methods:
-                      description: Represents the list of allowed HTTP request methods
-                        available for the **spec.rules.path**.
-                      items:
-                        type: string
-                      minItems: 1
-                      type: array
-                    mutators:
-                      description: Specifies the list of [Ory Oathkeeper mutators](https://www.ory.sh/docs/oathkeeper/pipeline/mutator).
-                      items:
-                        description: Mutator represents a handler that transforms
-                          the HTTP request before forwarding it. See the corresponding
-                          in the oathkeeper-maester project.
-                        properties:
-                          config:
-                            description: Configures the handler. Configuration keys
-                              vary per handler.
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                          handler:
-                            description: Specifies the name of the handler.
-                            type: string
-                        required:
-                        - handler
-                        type: object
-                      type: array
-                    path:
-                      description: Specifies the path of the exposed service.
-                      pattern: ^([0-9a-zA-Z./*()?!\\_-]+)
-                      type: string
-                  required:
-                  - accessStrategies
-                  - methods
-                  - path
-                  type: object
-                minItems: 1
-                type: array
-              service:
-                description: Describes the service to expose.
-                properties:
-                  external:
-                    description: Specifies if the service is internal (in cluster) or
-                      external.
-                    type: boolean
-                  host:
-                    description: Specifies the URL of the exposed service.
-                    maxLength: 256
-                    minLength: 3
-                    pattern: ^([a-zA-Z0-9][a-zA-Z0-9-_]*\.)*[a-zA-Z0-9]*[a-zA-Z0-9-_]*[[a-zA-Z0-9]+$
-                    type: string
-                  name:
-                    description: Specifies the name of the exposed service.
-                    type: string
-                  port:
-                    description: Specifies the communication port of the exposed service.
-                    format: int32
-                    maximum: 65535
-                    minimum: 1
-                    type: integer
-                required:
-                - host
-                - name
-                - port
-                type: object
-            required:
-            - gateway
-            - rules
-            - service
-            type: object
-          status:
-            description: Describes the observed state of ApiRule.
-            properties:
-              APIRuleStatus:
-                description: Describes the status of APIRule.
-                properties:
-                  code:
-                    description: Status code describing APIRule.
-                    type: string
-                  desc:
-                    description: Explains the status of APIRule.
-                    type: string
-                type: object
-              accessRuleStatus:
-                description: Describes the status of ORY Oathkeeper Rule.
-                properties:
-                  code:
-                    description: Status code describing ORY Oathkeeper Rule.
-                    type: string
-                  desc:
-                    description: Explains the status of ORY Oathkeeper Rule.
-                    type: string
-                type: object
-              lastProcessedTime:
-                description: Indicates the timestamp when the API Gateway controller last processed APIRule.
-                format: date-time
-                type: string
-              observedGeneration:
-                description: Specifies the generation of the resource that was observed by the API Gateway controller.
-                format: int64
-                type: integer
-              virtualServiceStatus:
-                description: Describes the status of Istio VirtualService.
-                properties:
-                  code:
-                    description: Status code describing Istio VirtualService.
-                    type: string
-                  desc:
-                    description: Explains the status of Istio VirtualService.
-                    type: string
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
   - additionalPrinterColumns:
     - jsonPath: .status.APIRuleStatus.code
       name: Status

diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -5,5 +5,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: europe-docker.pkg.dev/kyma-project/prod/eventing-manager
-  newTag: v20230907-01f5bd76
+  newName: grischperl0/eventing-manager
+  newTag: withElseImg
diff --git a/internal/controller/eventing/eventmesh.go b/internal/controller/eventing/eventmesh.go
@@ -5,6 +5,8 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	eventingv1alpha1 "github.com/kyma-project/eventing-manager/api/v1alpha1"
+	"github.com/kyma-project/kyma/components/eventing-controller/pkg/env"
 	"os"
 
 	"github.com/kyma-project/eventing-manager/api/v1alpha1"
@@ -39,7 +41,6 @@ func (r *Reconciler) reconcileEventMeshSubManager(ctx context.Context, eventing
 	if err != nil {
 		return errors.Errorf("failed to sync OAuth secret: %v", err)
 	}
-
 	// retrieve secret to authenticate with EventMesh
 	eventMeshSecret, err := r.kubeClient.GetSecret(ctx, eventing.Spec.Backend.Config.EventMeshSecret)
 	if err != nil {
@@ -57,6 +58,16 @@ func (r *Reconciler) reconcileEventMeshSubManager(ctx context.Context, eventing
 		return fmt.Errorf("failed to setup environment variables for EventMesh controller: %v", err)
 	}
 
+	// get the subscription config
+	defaultSubsConfig := r.getDefaultSubscriptionConfig()
+	// get the subManager parameters
+	eventMeshSubMgrParams := r.getEventMeshSubManagerParams()
+	// get the hash of current config
+	specHash, err := r.getEventMeshBackendConfigHash(eventMeshSecret, eventMeshSubMgrParams)
+	if err != nil {
+		return err
+	}
+
 	if r.eventMeshSubManager == nil {
 		// create instance of EventMesh subscription manager
 		eventMeshSubManager, err := r.subManagerFactory.NewEventMeshManager()
@@ -72,27 +83,59 @@ func (r *Reconciler) reconcileEventMeshSubManager(ctx context.Context, eventing
 		r.namedLogger().Info("EventMesh subscription-manager initialized")
 		// save instance only when init is successful.
 		r.eventMeshSubManager = eventMeshSubManager
+	} else {
+		// update the config if hashes differ
+		if eventing.Status.BackendConfigHash != specHash && r.isEventMeshSubManagerStarted {
+			// set the eventing CR status to processing
+			if err = r.syncStatusWithSubscriptionManagerProcessingWithReason(ctx,
+				eventingv1alpha1.ConditionReasonSubscriptionManagerProcessing,
+				eventing, "Updating EventMesh subscription-manager with new config.", r.namedLogger()); err != nil {
+				return err
+			}
+
+			// stop the subsManager without cleanup
+			if err := r.stopEventMeshSubManager(false, r.namedLogger()); err != nil {
+				return err
+			}
+			return nil
+		}
 	}
 
 	if r.isEventMeshSubManagerStarted {
 		r.namedLogger().Info("EventMesh subscription-manager is already started")
 		return nil
 	}
 
-	defaultSubsConfig := r.eventingManager.GetBackendConfig().
-		DefaultSubscriptionConfig.ToECENVDefaultSubscriptionConfig()
-	eventMeshSubMgrParams := ecsubscriptionmanager.Params{
+	err = r.startEventMeshSubManager(defaultSubsConfig, eventMeshSubMgrParams)
+	if err != nil {
+		return err
+	}
+
+	// update the hash of the current config only once subManager is started
+	eventing.Status.BackendConfigHash = specHash
+	r.namedLogger().Info(fmt.Sprintf("NATS subscription-manager has been updated, new hash: %d", specHash))
+
+	return nil
+}
+
+func (r *Reconciler) getEventMeshSubManagerParams() ecsubscriptionmanager.Params {
+	return ecsubscriptionmanager.Params{
 		ecsubscriptionmanager.ParamNameClientID:     r.oauth2credentials.clientID,
 		ecsubscriptionmanager.ParamNameClientSecret: r.oauth2credentials.clientSecret,
 		ecsubscriptionmanager.ParamNameTokenURL:     r.oauth2credentials.tokenURL,
 		ecsubscriptionmanager.ParamNameCertsURL:     r.oauth2credentials.certsURL,
 	}
-	if err = r.eventMeshSubManager.Start(defaultSubsConfig, eventMeshSubMgrParams); err != nil {
+}
+
+func (r *Reconciler) startEventMeshSubManager(defaultSubsConfig env.DefaultSubscriptionConfig,
+	eventMeshSubMgrParams ecsubscriptionmanager.Params) error {
+	if err := r.eventMeshSubManager.Start(defaultSubsConfig, eventMeshSubMgrParams); err != nil {
 		return err
 	}
+
 	r.namedLogger().Info("EventMesh subscription-manager started")
+	// update flag so it does not try to start the manager again
 	r.isEventMeshSubManagerStarted = true
-
 	return nil
 }