From e2f37b0bf996582a748e2aa007d2232b8dd46798 Mon Sep 17 00:00:00 2001 From: Poornima Krishnasamy Date: Mon, 12 Feb 2024 14:37:31 +0000 Subject: [PATCH 1/4] Remove PSP Tactical fix --- pkg/cluster/create.go | 40 ++------------------------------------ pkg/cluster/create_test.go | 32 ------------------------------ pkg/cluster/node.go | 5 ----- 3 files changed, 2 insertions(+), 75 deletions(-) diff --git a/pkg/cluster/create.go b/pkg/cluster/create.go index 2a22fbaa..08271336 100644 --- a/pkg/cluster/create.go +++ b/pkg/cluster/create.go @@ -16,8 +16,6 @@ import ( "github.com/hashicorp/terraform-exec/tfexec" "github.com/ministryofjustice/cloud-platform-cli/pkg/client" "github.com/ministryofjustice/cloud-platform-cli/pkg/terraform" - kubeErr "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" @@ -83,16 +81,14 @@ func (c *Cluster) ApplyComponents(tf *terraform.TerraformCLIConfig, awsCreds *cl tf.ApplyVars = append(tf.ApplyVars, tfexec.Var(v)) } - clientset, err := AuthToCluster(tf.Workspace, awsCreds.Eks, kubeconf, awsCreds.Profile) + // Auth to the cluster and write the kubeconfig to disk. + _, err := AuthToCluster(tf.Workspace, awsCreds.Eks, kubeconf, awsCreds.Profile) if err != nil { return fmt.Errorf("failed to auth to cluster: %w", err) } tf.WorkingDir = dir - if err := applyTacticalPspFix(clientset); err != nil { - return err - } _, err = terraformApply(tf) if err != nil { return err @@ -257,38 +253,6 @@ func getVpc(name string, svc ec2iface.EC2API) (*ec2.DescribeVpcsOutput, error) { }) } -// applyTacticalPspFix deletes the current eks.privileged psp in the cluster. -// This allows the cluster to be created with a different psp. All pods are recycled -// so the new psp will be applied. -func applyTacticalPspFix(clientset kubernetes.Interface) error { - // Delete the eks.privileged psp - err := clientset.PolicyV1beta1().PodSecurityPolicies().Delete(context.TODO(), "eks.privileged", metav1.DeleteOptions{}) - // if the psp doesn't exist, we don't need to do anything - if kubeErr.IsNotFound(err) { - fmt.Println("No eks.privileged psp found, skipping") - return nil - } - if err != nil { - return fmt.Errorf("failed to delete eks.privileged psp: %w", err) - } - - // Get all pods in the cluster - pods, err := clientset.CoreV1().Pods("").List(context.TODO(), metav1.ListOptions{}) - if err != nil { - return fmt.Errorf("failed to list pods: %w", err) - } - - // Delete all pods in the cluster - for _, pod := range pods.Items { - err = clientset.CoreV1().Pods(pod.Namespace).Delete(context.TODO(), pod.Name, metav1.DeleteOptions{}) - if err != nil { - return fmt.Errorf("failed to delete pod: %w", err) - } - } - - return nil -} - // checkCluster checks the cluster is created and exists. func checkCluster(name string, eks eksiface.EKSAPI) error { cluster, err := getCluster(name, eks) diff --git a/pkg/cluster/create_test.go b/pkg/cluster/create_test.go index 0dfbfea9..d83c9d17 100644 --- a/pkg/cluster/create_test.go +++ b/pkg/cluster/create_test.go @@ -1,7 +1,6 @@ package cluster import ( - "context" "encoding/base64" "errors" "os" @@ -12,10 +11,6 @@ import ( "github.com/aws/aws-sdk-go/service/ec2/ec2iface" "github.com/aws/aws-sdk-go/service/eks" "github.com/aws/aws-sdk-go/service/eks/eksiface" - v1 "k8s.io/api/core/v1" - "k8s.io/api/policy/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes/fake" "sigs.k8s.io/aws-iam-authenticator/pkg/token" ) @@ -199,30 +194,3 @@ func TestGetCluster(t *testing.T) { t.Errorf("was expecting an error here. getCluster() error = %v", "expected error") } } - -func TestApplyTacticalPspFix(t *testing.T) { - fakeClientset := fake.NewSimpleClientset( - &v1beta1.PodSecurityPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: "eks.privileged", - }, - }, - // Add pods - &v1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: "FakePod", - }, - }, - ) - - // Good path - err := applyTacticalPspFix(fakeClientset) - if err != nil { - t.Errorf("applyTacticalPspFix() error = %v", err) - } - - err = fakeClientset.PolicyV1beta1().PodSecurityPolicies().Delete(context.Background(), "eks.privileged", metav1.DeleteOptions{}) - if err == nil { - t.Errorf("we wanted to delete the eks.privileged psp. applyTacticalPspFix() error = %v", err) - } -} diff --git a/pkg/cluster/node.go b/pkg/cluster/node.go index be1e536f..d8e46f8b 100644 --- a/pkg/cluster/node.go +++ b/pkg/cluster/node.go @@ -229,8 +229,3 @@ func CheckEc2InstanceTerminated(node v1.Node, awsCreds AwsCredentials) error { } return nil } - -// getClusterName returns the name of the cluster from a node -func getClusterName(nodes []v1.Node) string { - return nodes[0].Labels["Cluster"] -} From e00791ee21a6c0190f094dbfcc1900ae25043424 Mon Sep 17 00:00:00 2001 From: Poornima Krishnasamy Date: Mon, 12 Feb 2024 15:06:37 +0000 Subject: [PATCH 2/4] Remove getClusterName test --- pkg/cluster/cluster_test.go | 38 ------------------------------------- 1 file changed, 38 deletions(-) diff --git a/pkg/cluster/cluster_test.go b/pkg/cluster/cluster_test.go index 9563cae2..0e86b92d 100644 --- a/pkg/cluster/cluster_test.go +++ b/pkg/cluster/cluster_test.go @@ -3,9 +3,6 @@ package cluster import ( "reflect" "testing" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestCluster_NewSnapshot(t *testing.T) { @@ -31,41 +28,6 @@ func TestCluster_NewSnapshot(t *testing.T) { } } -func Test_getClusterName(t *testing.T) { - type args struct { - nodes []v1.Node - } - tests := []struct { - name string - args args - want string - }{ - { - name: "getClusterName", - args: args{ - nodes: []v1.Node{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "node1", - Labels: map[string]string{ - "Cluster": "test", - }, - }, - }, - }, - }, - want: "test", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := getClusterName(tt.args.nodes); got != tt.want { - t.Errorf("getClusterName() = %v, want %v", got, tt.want) - } - }) - } -} - func TestNewAwsCreds(t *testing.T) { type args struct { region string From e21b3e0196c1d526e3953dc77c92b04a8e6ddf4c Mon Sep 17 00:00:00 2001 From: Poornima Krishnasamy Date: Mon, 12 Feb 2024 15:12:49 +0000 Subject: [PATCH 3/4] Bump go version to 1.21 on gh actions --- .github/dependabot.yml | 8 ++++---- .github/workflows/build-docs.yml | 2 +- .github/workflows/build-release.yml | 2 +- .github/workflows/go-tests.yaml | 2 +- .github/workflows/go-vet-lint-deps.yaml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c588ded1..e3df06e2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,16 +16,16 @@ updates: ignore: - dependency-name: "k8s.io/kubectl" versions: - - ">=v0.26.0" + - ">=v0.27.0" - dependency-name: "k8s.io/client-go" versions: - - ">=v0.26.0" + - ">=v0.27.0" - dependency-name: "k8s.io/api" versions: - - ">=v0.26.0" + - ">=v0.27.0" - dependency-name: "k8s.io/apimachinery" versions: - - ">=v0.26.0" + - ">=v0.27.0" groups: go: patterns: diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 5723e602..59a00822 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -12,7 +12,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "1.19.x" + go-version: " 1.21.x" - run: go install working-directory: ./ - run: rm -r doc/ && mkdir -p doc diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml index a9576234..5c8118ae 100644 --- a/.github/workflows/build-release.yml +++ b/.github/workflows/build-release.yml @@ -23,7 +23,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - go-version: "1.19.x" + go-version: " 1.21.x" id: go - name: Run GoReleaser diff --git a/.github/workflows/go-tests.yaml b/.github/workflows/go-tests.yaml index 20cac2c8..1bc88b92 100644 --- a/.github/workflows/go-tests.yaml +++ b/.github/workflows/go-tests.yaml @@ -22,7 +22,7 @@ jobs: # Install Go on the VM running the action. - uses: actions/setup-go@v5 with: - go-version: "1.19.x" + go-version: " 1.21.x" # Run tests with nice formatting. Save the original log in /tmp/gotest.log - name: Run tests diff --git a/.github/workflows/go-vet-lint-deps.yaml b/.github/workflows/go-vet-lint-deps.yaml index 02c4ca67..121b8e91 100644 --- a/.github/workflows/go-vet-lint-deps.yaml +++ b/.github/workflows/go-vet-lint-deps.yaml @@ -18,7 +18,7 @@ jobs: # Install Go on the VM running the action. - uses: actions/setup-go@v5 with: - go-version: "1.19.x" + go-version: " 1.21.x" - name: Perform staticcheck on codebase uses: dominikh/staticcheck-action@v1.3.0 From 7d6a121740da5802628659c0e3d798b825f193db Mon Sep 17 00:00:00 2001 From: Poornima Krishnasamy Date: Mon, 12 Feb 2024 16:13:31 +0000 Subject: [PATCH 4/4] Use latest staticcheck version --- .github/workflows/go-vet-lint-deps.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/go-vet-lint-deps.yaml b/.github/workflows/go-vet-lint-deps.yaml index 121b8e91..f843b17b 100644 --- a/.github/workflows/go-vet-lint-deps.yaml +++ b/.github/workflows/go-vet-lint-deps.yaml @@ -23,7 +23,6 @@ jobs: - name: Perform staticcheck on codebase uses: dominikh/staticcheck-action@v1.3.0 with: - version: "2022.1.3" install-go: false - name: Install gofumpt