Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Consul Ent NS's for CRDs #323

Merged
merged 5 commits into from
Sep 14, 2020
Merged

Support Consul Ent NS's for CRDs #323

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2f0dfbf
Support Consul Ent NS's for CRDs
lkysow Sep 10, 2020
e8bf7a3
Code review updates
lkysow Sep 11, 2020
b056592
Extract consulNamespace into common package
lkysow Sep 14, 2020
23801f5
Code review updates
lkysow Sep 14, 2020
f21f2bd
Fix tests via loop
lkysow Sep 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions api/v1alpha1/servicedefaults_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,8 @@ func init() {
// ToConsul converts the entry into it's Consul equivalent struct.
func (s *ServiceDefaults) ToConsul() *capi.ServiceConfigEntry {
return &capi.ServiceConfigEntry{
Kind: capi.ServiceDefaults,
Name: s.Name,
//Namespace: s.Namespace, // todo: don't set this unless enterprise
lkysow marked this conversation as resolved.
Show resolved Hide resolved
Kind: capi.ServiceDefaults,
Name: s.Name,
Protocol: s.Spec.Protocol,
MeshGateway: s.Spec.MeshGateway.toConsul(),
Expose: s.Spec.Expose.toConsul(),
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/servicedefaults_webhook_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func TestRun_HandleErrorsIfServiceDefaultsWithSameNameExists(t *testing.T) {
validator := &serviceDefaultsValidator{
Client: client,
ConsulClient: consulClient,
Logger: logrtest.NullLogger{},
Logger: logrtest.TestLogger{T: t},
}

decoder, err := admission.NewDecoder(scheme.Scheme)
Expand Down
42 changes: 2 additions & 40 deletions catalog/to-consul/syncer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (

"github.com/cenkalti/backoff"
"github.com/deckarep/golang-set"
"github.com/hashicorp/consul-k8s/namespaces"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/go-hclog"
)
Expand Down Expand Up @@ -417,9 +418,7 @@ func (s *ConsulSyncer) syncFull(ctx context.Context) {
for _, services := range s.namespaces {
for _, r := range services {
if s.EnableNamespaces {
// Check and potentially create the service's namespace if
// it doesn't already exist
err := s.checkAndCreateNamespace(r.Service.Namespace)
err := namespaces.EnsureExists(s.Client, r.Service.Namespace, s.CrossNamespaceACLPolicy)
if err != nil {
s.Log.Warn("error checking and creating Consul namespace",
"node-name", r.Node,
Expand Down Expand Up @@ -475,40 +474,3 @@ func (s *ConsulSyncer) init() {
s.initialSync = make(chan bool)
}
}

func (s *ConsulSyncer) checkAndCreateNamespace(ns string) error {
// Check if the Consul namespace exists
namespaceInfo, _, err := s.Client.Namespaces().Read(ns, nil)
if err != nil {
return err
}

// If not, create it
if namespaceInfo == nil {
var aclConfig api.NamespaceACLConfig
if s.CrossNamespaceACLPolicy != "" {
// Create the ACLs config for the cross-Consul-namespace
// default policy that needs to be attached
aclConfig = api.NamespaceACLConfig{
PolicyDefaults: []api.ACLLink{
{Name: s.CrossNamespaceACLPolicy},
},
}
}

consulNamespace := api.Namespace{
Name: ns,
Description: "Auto-generated by a Catalog Sync Process",
lkysow marked this conversation as resolved.
Show resolved Hide resolved
ACLs: &aclConfig,
Meta: map[string]string{"external-source": "kubernetes"},
}

_, _, err = s.Client.Namespaces().Create(&consulNamespace, nil)
if err != nil {
return err
}
s.Log.Info("creating consul namespace", "name", consulNamespace.Name)
}

return nil
}
40 changes: 2 additions & 38 deletions connect-inject/handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"strconv"

"github.com/deckarep/golang-set"
"github.com/hashicorp/consul-k8s/namespaces"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/go-hclog"
"github.com/mattbaird/jsonpatch"
Expand Down Expand Up @@ -370,8 +371,7 @@ func (h *Handler) Mutate(req *v1beta1.AdmissionRequest) *v1beta1.AdmissionRespon
// all patches are created to guarantee no errors were encountered in
// that process before modifying the Consul cluster.
if h.EnableNamespaces {
// Check if the namespace exists. If not, create it.
if err := h.checkAndCreateNamespace(h.consulNamespace(req.Namespace)); err != nil {
if err := namespaces.EnsureExists(h.ConsulClient, h.consulNamespace(req.Namespace), h.CrossNamespaceACLPolicy); err != nil {
h.Log.Error("Error checking or creating namespace", "err", err,
"Namespace", h.consulNamespace(req.Namespace), "Request Name", req.Name)
return &v1beta1.AdmissionResponse{
Expand Down Expand Up @@ -503,42 +503,6 @@ func (h *Handler) consulNamespace(ns string) string {
}
}

func (h *Handler) checkAndCreateNamespace(ns string) error {
// Check if the Consul namespace exists
namespaceInfo, _, err := h.ConsulClient.Namespaces().Read(ns, nil)
if err != nil {
return err
}

// If not, create it
if namespaceInfo == nil {
var aclConfig api.NamespaceACLConfig
if h.CrossNamespaceACLPolicy != "" {
// Create the ACLs config for the cross-Consul-namespace
// default policy that needs to be attached
aclConfig = api.NamespaceACLConfig{
PolicyDefaults: []api.ACLLink{
{Name: h.CrossNamespaceACLPolicy},
},
}
}

consulNamespace := api.Namespace{
Name: ns,
Description: "Auto-generated by a Connect Injector",
ACLs: &aclConfig,
Meta: map[string]string{"external-source": "kubernetes"},
}

_, _, err = h.ConsulClient.Namespaces().Create(&consulNamespace, nil)
if err != nil {
return err
}
}

return nil
}

func portValue(pod *corev1.Pod, value string) (int32, error) {
// First search for the named port
for _, c := range pod.Spec.Containers {
Expand Down
5 changes: 2 additions & 3 deletions connect-inject/handler_ent_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ func TestHandler_MutateWithNamespaces(t *testing.T) {

// Check created namespace properties
if ns != "default" {
require.Equalf("Auto-generated by a Connect Injector", actNamespace.Description,
require.Equalf("Auto-generated by consul-k8s", actNamespace.Description,
"wrong namespace description for namespace %s", ns)
require.Containsf(actNamespace.Meta, "external-source",
"namespace %s does not contain external-source metadata key", ns)
Expand Down Expand Up @@ -420,7 +420,6 @@ func TestHandler_MutateWithNamespaces_ACLs(t *testing.T) {
a, err := testutil.NewTestServerConfigT(t, func(c *testutil.TestServerConfig) {
c.ACL.Enabled = true
})
require.NoError(t, err)
defer a.Stop()

// Set up a client for bootstrapping
Expand Down Expand Up @@ -489,7 +488,7 @@ func TestHandler_MutateWithNamespaces_ACLs(t *testing.T) {

// Check created namespace properties
if ns != "default" {
require.Equalf(t, "Auto-generated by a Connect Injector", actNamespace.Description,
require.Equalf(t, "Auto-generated by consul-k8s", actNamespace.Description,
"wrong namespace description for namespace %s", ns)
require.Containsf(t, actNamespace.Meta, "external-source",
"namespace %s does not contain external-source metadata key", ns)
Expand Down
Loading