Add support for version annotation on Peering Dialer and Acceptor.

CHANGELOG.md

@@ -1,5 +1,10 @@
 ## UNRELEASED
 
+FEATURES:
+* [Experimental] Cluster Peering:
+  * Add support for secret watchers on the Peering Acceptor and Peering Dialer controllers. [[GH-1284](https://github.com/hashicorp/consul-k8s/pull/1284)]
+  * Add support for version annotation on the Peering Acceptor and Peering Dialer controllers. [[GH-1302](https://github.com/hashicorp/consul-k8s/pull/1302)]
+
 ## 0.45.0 (June 17, 2022)
 FEATURES:
 * [Experimental] Cluster Peering: Support Consul cluster peering, which allows service connectivity between two independent clusters.

charts/consul/templates/crd-peeringacceptors.yaml

@@ -71,6 +71,11 @@ spec:
                 description: LastReconcileTime is the last time the resource was reconciled.
                 format: date-time
                 type: string
+              latestPeeringVersion:
+                description: LatestPeeringVersion is the latest version of the resource
+                  that was reconciled.
+                format: int64
+                type: integer
               reconcileError:
                 description: ReconcileError shows any errors during the last reconciliation
                   of this resource.

charts/consul/templates/crd-peeringdialers.yaml

@@ -71,6 +71,11 @@ spec:
                 description: LastReconcileTime is the last time the resource was reconciled.
                 format: date-time
                 type: string
+              latestPeeringVersion:
+                description: LatestPeeringVersion is the latest version of the resource
+                  that was reconciled.
+                format: int64
+                type: integer
               reconcileError:
                 description: ReconcileError shows any errors during the last reconciliation
                   of this resource.

control-plane/api/v1alpha1/peeringacceptor_types.go

@@ -33,8 +33,6 @@ type PeeringAcceptorList struct {
 
 // PeeringAcceptorSpec defines the desired state of PeeringAcceptor.
 type PeeringAcceptorSpec struct {
-	// Important: Run "make" to regenerate code after modifying this file
-
 	// Peer describes the information needed to create a peering.
 	Peer *Peer `json:"peer"`
 }
@@ -55,8 +53,8 @@ type Secret struct {
 
 // PeeringAcceptorStatus defines the observed state of PeeringAcceptor.
 type PeeringAcceptorStatus struct {
-	// Important: Run "make" to regenerate code after modifying this file
-
+	// LatestPeeringVersion is the latest version of the resource that was reconciled.
+	LatestPeeringVersion *uint64 `json:"latestPeeringVersion,omitempty"`
 	// LastReconcileTime is the last time the resource was reconciled.
 	// +optional
 	LastReconcileTime *metav1.Time `json:"lastReconcileTime,omitempty" description:"last time the resource was reconciled"`

control-plane/api/v1alpha1/peeringdialer_types.go

@@ -33,16 +33,14 @@ type PeeringDialerList struct {
 
 // PeeringDialerSpec defines the desired state of PeeringDialer.
 type PeeringDialerSpec struct {
-	// Important: Run "make" to regenerate code after modifying this file
-
 	// Peer describes the information needed to create a peering.
 	Peer *Peer `json:"peer"`
 }
 
 // PeeringDialerStatus defines the observed state of PeeringDialer.
 type PeeringDialerStatus struct {
-	// Important: Run "make" to regenerate code after modifying this file
-
+	// LatestPeeringVersion is the latest version of the resource that was reconciled.
+	LatestPeeringVersion *uint64 `json:"latestPeeringVersion,omitempty"`
 	// LastReconcileTime is the last time the resource was reconciled.
 	// +optional
 	LastReconcileTime *metav1.Time `json:"lastReconcileTime,omitempty" description:"last time the resource was reconciled"`

control-plane/config/crd/bases/consul.hashicorp.com_peeringacceptors.yaml

@@ -64,6 +64,11 @@ spec:
                 description: LastReconcileTime is the last time the resource was reconciled.
                 format: date-time
                 type: string
+              latestPeeringVersion:
+                description: LatestPeeringVersion is the latest version of the resource
+                  that was reconciled.
+                format: int64
+                type: integer
               reconcileError:
                 description: ReconcileError shows any errors during the last reconciliation
                   of this resource.

control-plane/config/crd/bases/consul.hashicorp.com_peeringdialers.yaml

@@ -64,6 +64,11 @@ spec:
                 description: LastReconcileTime is the last time the resource was reconciled.
                 format: date-time
                 type: string
+              latestPeeringVersion:
+                description: LatestPeeringVersion is the latest version of the resource
+                  that was reconciled.
+                format: int64
+                type: integer
               reconcileError:
                 description: ReconcileError shows any errors during the last reconciliation
                   of this resource.

control-plane/connect-inject/annotations.go

@@ -142,6 +142,10 @@ const (
 	// webhook/meshWebhook.
 	annotationOriginalPod = "consul.hashicorp.com/original-pod"
 
+	// annotationPeeringVersion is the version of the peering resource and can be utilized
+	// to explicitly perform the peering operation again.
+	annotationPeeringVersion = "consul.hashicorp.com/peering-version"
+
 	// labelServiceIgnore is a label that can be added to a service to prevent it from being
 	// registered with Consul.
 	labelServiceIgnore = "consul.hashicorp.com/service-ignore"

control-plane/connect-inject/container_init.go

@@ -326,6 +326,11 @@ func pointerToInt64(i int64) *int64 {
 	return &i
 }
 
+// pointerToUInt64 takes an int64 and returns a pointer to it.
+func pointerToUint64(i uint64) *uint64 {
+	return &i
+}
+
 // pointerToBool takes a bool and returns a pointer to it.
 func pointerToBool(b bool) *bool {
 	return &b

control-plane/connect-inject/peering_acceptor_controller.go

@@ -3,6 +3,7 @@ package connectinject
 import (
 	"context"
 	"errors"
+	"strconv"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -214,6 +215,15 @@ func shouldGenerateToken(acceptor *consulv1alpha1.PeeringAcceptor, existingStatu
 	if acceptor.SecretRef().Backend != acceptor.Secret().Backend {
 		return false, false, errors.New("PeeringAcceptor backend cannot be changed")
 	}
+	if peeringVersionString, ok := acceptor.Annotations[annotationPeeringVersion]; ok {
+		peeringVersion, err := strconv.ParseUint(peeringVersionString, 10, 64)
+		if err != nil {
+			return false, false, err
+		}
+		if acceptor.Status.LatestPeeringVersion == nil || *acceptor.Status.LatestPeeringVersion < peeringVersion {
+			return true, false, nil
+		}
+	}
 	// Compare the existing secret resource version.
 	// Get the secret specified by the status, make sure it matches the status' secret.ResourceVersion.
 	if existingStatusSecret != nil {
@@ -238,6 +248,16 @@ func (r *PeeringAcceptorController) updateStatus(ctx context.Context, acceptor *
 		Error:   pointerToBool(false),
 		Message: pointerToString(""),
 	}
+	if peeringVersionString, ok := acceptor.Annotations[annotationPeeringVersion]; ok {
+		peeringVersion, err := strconv.ParseUint(peeringVersionString, 10, 64)
+		if err != nil {
+			r.Log.Error(err, "failed to update PeeringAcceptor status", "name", acceptor.Name, "namespace", acceptor.Namespace)
+			return err
+		}
+		if acceptor.Status.LatestPeeringVersion == nil || *acceptor.Status.LatestPeeringVersion < peeringVersion {
+			acceptor.Status.LatestPeeringVersion = pointerToUint64(peeringVersion)
+		}
+	}
 	err := r.Status().Update(ctx, acceptor)
 	if err != nil {
 		r.Log.Error(err, "failed to update PeeringAcceptor status", "name", acceptor.Name, "namespace", acceptor.Namespace)