Add Kubernetes Controller

[micahhausler]

Signed-off-by: Micah Hausler [email protected]

Description

This PR adds a new Kubernetes controller binary for the types merged in #542.

• Adds a new cmd/tink-controller package with a Dockerfile and a main.go
• Removes the status.data field on Workflows. This was just a string of the interpolated template, and was redundant given the strongly typed template actions already on the .status of Workflows.
• Adds tests to the methods on the workflow API structure
• Adds a new pkg/controllers package. This introduces a Manager abstraction that wraps sigs.k8s.io/controller-runtime's Reconciler type
  • Controllers for individual types (workflows, templates, hardware) will reside in individual sub-packages
  • Controllers patch incoming objects even in the event of an error: this is intentional as a controller in the Kubernetes Resource Model attempts to converge on desired state
• Adds a new pkg/conversion package for converting protobuf types to Kubernetes CRD types and vice versa
• Adds an internal pkg/internal/tests package with internal testing utilities.
  • The first utility added is a FrozenTime interface with Before/After connivence methods for time.Time, as well as protobuf and K8s metav1 package time formats.

How Has This Been Tested?

• I added unit tests for nearly all new branching logic
• I added a CI target for building the tink-controller

How are existing users impacted? What migration steps/scripts do we need?

There is no impact to existing users. Nothing form this change is called in any existing code path.

Checklist:

I have:

• updated the documentation and/or roadmap (if required)
• added unit or e2e tests
• provided instructions on how to upgrade

[codecov]

Codecov Report

Merging #563 (c2694a4) into main (bb45990) will increase coverage by 2.54%.
The diff coverage is 93.77%.

❗ Current head c2694a4 differs from pull request most recent head 38af099. Consider uploading reports for the commit 38af099 to get more accurate results

@@            Coverage Diff             @@
##             main     #563      +/-   ##
==========================================
+ Coverage   36.01%   38.56%   +2.54%     
==========================================
  Files          44       54      +10     
  Lines        3207     3563     +356     
==========================================
+ Hits         1155     1374     +219     
- Misses       1959     2092     +133     
- Partials       93       97       +4     

Impacted Files	Coverage Δ
pkg/apis/core/v1alpha1/workflow_types.go	100.00% <ø> (ø)
pkg/controllers/workflow/controller.go	76.78% <76.78%> (ø)
pkg/apis/core/v1alpha1/hardware_methods.go	100.00% <100.00%> (ø)
pkg/apis/core/v1alpha1/template_methods.go	100.00% <100.00%> (ø)
pkg/apis/core/v1alpha1/workflow_methods.go	100.00% <100.00%> (ø)
pkg/convert/template.go	100.00% <100.00%> (ø)
pkg/convert/workflow.go	100.00% <100.00%> (ø)
workflow/template_validator.go	95.29% <100.00%> (+10.67%)	⬆️
http-server/http_handlers.go	6.64% <0.00%> (-0.16%)	⬇️
pkg/apis/core/v1alpha1/hardware_types.go	100.00% <0.00%> (ø)
... and 5 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bb45990...38af099. Read the comment docs.

[jacobweinstock]

This is really great. I'm very excited about this, thank you!
There is quite a bit of new code going in. Is it too early for docs? Would be really helpful to know about things like Kubernetes client/server version requirements, how to run/deploy the controller, how the controller pattern works in general, how the controller code here is laid out, etc.

[mmlb]

I only just skimmed the layout so far and the autogenerated file question popped up and I wanted to ask that before diving deeper here.

[micahhausler]

This is really great. I'm very excited about this, thank you! There is quite a bit of new code going in. Is it too early for docs? Would be really helpful to know about things like Kubernetes client/server version requirements, how the controller pattern works in general, how the controller code here is laid out, etc.

Thank you! I did want to hold on docs initially, since there is nothing to write about other than "there is a controller you can run that nothing else interacts with yet."

I'll add docs in the next PR, that includes changes to the Tink API.

[micahhausler]

I call BS on CodeCov saying we're 2% lower in coverage. I know there are specific tests and cases I added that cover files CC is showing as uncovered.

[mmlb]

I call BS on CodeCov saying we're 2% lower in coverage. I know there are specific tests and cases I added that cover files CC is showing as uncovered.

codecov is hard to understand some (most?) times. Don't sweat it too much imo.

[mmlb]

here's what I've seen so far. Next up is reviewing the tests. About the import blocks, you can automatically fix everthing with:

sed -i '/^import (/,/^)/ { /^\s*$/ d }' $(git ls-files '*.go') && gofumpt -w -s .

I've been meaning to add this to ci-checks.sh but I thought gofumpt did that itself :(

[micahhausler]

@mmlb I removed go from the Nix install, it was using a different version than what GH Actions uses and caused CI failures

[micahhausler]

@mmlb anything else you'd like to see here?

[mmlb]

@mmlb anything else you'd like to see here?

aahhg, sorry for dropping the ball on this. I think I was pretty happy with everything except for dropping go from shell.nix. I'll look again on Tuesday though if thats ok? If its just the go in shell.nix thing then we can merge and I'll sync up with you on why you needed to drop it so we can add it back in. Is that alright?

[micahhausler]

I think I was pretty happy with everything except for dropping go from shell.nix.

This is due to newer point releases of Go in the GH actions than nix has available. We set the Go version in GH actions to 1.17 in #565 which auto updated for two December point releases (including CVEs in 1.17.5) and one in Jan, but the latest Go 1.17 Nix commit is 2 months old pinning to 1.17.3 (32ef30c). This resulted in CI build failures when some tooling was built with 1.17.5 and Nix was 1.17.3.

I'll look again on Tuesday though if thats ok?

SGTM!

If its just the go in shell.nix thing then we can merge and I'll sync up with you on why you needed to drop it so we can add it back in. Is that alright?

SGTM!

[micahhausler]

@displague @mmlb I rebased on upstream main so it dismissed previous reviews

[mmlb]

fyi:

[manny@zennix:~/t/debug]$ tree
.
├── bar
│   └── from-bar
└── foo
    └── from-foo

2 directories, 2 files

[manny@zennix:~/t/debug]$ docker run --rm -ti -v $PWD/foo:/foo -v $PWD/bar:/foo/bar alpine
/ # echo ==foo==; ls -l /foo/; echo ==bar==; ls -l /foo/bar; 
==foo==
total 33
drwxr-xr-x    2 1000     users            3 Jan 18 20:23 bar
-rw-r--r--    1 1000     users            0 Jan 18 20:23 from-foo
==bar==
total 1
-rw-r--r--    1 1000     users            0 Jan 18 20:23 from-bar
/ # 

[manny@zennix:~/t/debug]$ tree
.
├── bar
│   └── from-bar
└── foo
    ├── bar
    └── from-foo

3 directories, 2 files

note how foo/bar directory now exists

[mmlb]

Looks like mergify is getting stuck on docker-images, possibly due to the check being set up as a matrix job. I've opened up a chat with them to see what the fix/work-around is. I'd like to hold this here until tomorrow at most.

[micahhausler]

🎉