Merge pull request #2 from fabiante/feat/configurable-max-age

fabiante · web-flow · commit 61c5d3ec8d2d · 2024-11-30T16:46:35.000+01:00
Add support to configure controller via ConfigMap object `podbouncer-system/podbouncer-config`
diff --git a/PROJECT b/PROJECT
@@ -12,4 +12,8 @@ resources:
   domain: fabitee.de
   kind: Pod
   version: v1alpha1
+- controller: true
+  domain: fabitee.de
+  kind: ConfigMap
+  version: v1alpha1
 version: "3"
diff --git a/cmd/main.go b/cmd/main.go
@@ -140,13 +140,24 @@ func main() {
 		os.Exit(1)
 	}
 
+	podReconcilerConfig := controller.NewPodReconcilerConfig()
+
 	if err = (&controller.PodReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
+		Config: podReconcilerConfig,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Pod")
 		os.Exit(1)
 	}
+	if err = (&controller.ConfigMapReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+		Config: podReconcilerConfig,
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "ConfigMap")
+		os.Exit(1)
+	}
 	// +kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -32,6 +32,7 @@ resources:
 # Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will
 # be able to communicate with the Webhook Server.
 #- ../network-policy
+- ../samples
 
 # Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager
 patches:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -7,21 +7,36 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - pods
+  - configmaps
   verbs:
-  - create
-  - delete
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
   - ""
   resources:
+  - configmaps/finalizers
   - pods/finalizers
   verbs:
   - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps/status
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
diff --git a/config/samples/config.yaml b/config/samples/config.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: podbouncer
+    app.kubernetes.io/managed-by: kustomize
+data:
+  maxPodAge: "1h"
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- config.yaml
diff --git a/internal/controller/config.go b/internal/controller/config.go
@@ -0,0 +1,36 @@
+package controller
+
+import (
+	"sync"
+	"time"
+)
+
+// PodReconcilerConfig is the configuration object used by PodReconciler.
+//
+// You should only keep pointers to a PodReconcilerConfig value since it embeds sync.Mutex.
+//
+// Use only the getter / setter funcs for thread-safe access.
+type PodReconcilerConfig struct {
+	sync.Mutex
+
+	maxPodAge time.Duration
+}
+
+func NewPodReconcilerConfig() *PodReconcilerConfig {
+	return &PodReconcilerConfig{
+		maxPodAge: time.Hour,
+	}
+}
+
+func (c *PodReconcilerConfig) SetMaxPodAge(d time.Duration) {
+	c.Lock()
+	defer c.Unlock()
+	c.maxPodAge = d
+}
+
+func (c *PodReconcilerConfig) MaxPodAge() time.Duration {
+	c.Lock()
+	defer c.Unlock()
+
+	return c.maxPodAge
+}
diff --git a/internal/controller/configmap_controller.go b/internal/controller/configmap_controller.go
@@ -0,0 +1,126 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controller
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	v1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+)
+
+// ConfigMapReconciler reconciles a single ConfigMap object.
+//
+// The watched ConfigMap is used to configure a PodReconcilerConfig object.
+type ConfigMapReconciler struct {
+	client.Client
+	Scheme *runtime.Scheme
+
+	Config *PodReconcilerConfig
+}
+
+const (
+	configMapObjectNamespace = "podbouncer-system" // TODO: Make configurable
+	configMapObjectName      = "podbouncer-config" // TODO: Make configurable
+)
+
+// TODO: Check if the permissions below are too broad. Maybe there are permissions this controller does not actually need.
+// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch
+// +kubebuilder:rbac:groups=core,resources=configmaps/status,verbs=get
+// +kubebuilder:rbac:groups=core,resources=configmaps/finalizers,verbs=update
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+func (r *ConfigMapReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	logger := log.FromContext(ctx)
+
+	// Ignore objects which should not be reconciled
+	if req.NamespacedName.String() != fmt.Sprintf("%s/%s", configMapObjectNamespace, configMapObjectName) {
+		return ctrl.Result{}, nil
+	}
+
+	// Get object
+	var config v1.ConfigMap
+	if err := r.Get(ctx, req.NamespacedName, &config); err != nil {
+		return ctrl.Result{}, client.IgnoreNotFound(err)
+	}
+
+	// Retrieve config value
+	data := config.Data
+
+	if maxPodAgeStr, found := data["maxPodAge"]; !found {
+		// Log error but do not requeue - the error must be fixed manually
+		err := errors.New("missing maxPodAge property in ConfigMap")
+		logger.Error(err, "Configuration will not be updated")
+		return ctrl.Result{}, nil
+	} else {
+		maxPodAge, err := time.ParseDuration(maxPodAgeStr)
+
+		if err != nil {
+			// Log error but do not requeue - the error must be fixed manually
+			err := fmt.Errorf("invalid maxPodAge property in ConfigMap: %s", maxPodAgeStr)
+			logger.Error(err, "Configuration will not be updated")
+			return ctrl.Result{}, nil
+		}
+
+		oldMaxPodAge := r.Config.MaxPodAge()
+
+		r.Config.SetMaxPodAge(maxPodAge)
+
+		logger.Info("Configuration updated", "newMaxPodAge", maxPodAge, "currentMaxPodAge", oldMaxPodAge)
+
+		return ctrl.Result{}, nil
+	}
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *ConfigMapReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	filter := func(o client.Object) bool {
+		return o.GetName() == configMapObjectName && o.GetNamespace() == configMapObjectNamespace
+	}
+
+	p := predicate.Funcs{
+		CreateFunc: func(e event.TypedCreateEvent[client.Object]) bool {
+			return filter(e.Object)
+		},
+		DeleteFunc: func(e event.TypedDeleteEvent[client.Object]) bool {
+			return filter(e.Object)
+		},
+		UpdateFunc: func(e event.TypedUpdateEvent[client.Object]) bool {
+			return filter(e.ObjectNew)
+		},
+		GenericFunc: func(e event.TypedGenericEvent[client.Object]) bool {
+			return filter(e.Object)
+		},
+	}
+
+	return ctrl.NewControllerManagedBy(mgr).
+		Watches(&v1.ConfigMap{}, &handler.EnqueueRequestForObject{}).
+		WithEventFilter(p).
+		Named("configmap").
+		Complete(r)
+}
diff --git a/internal/controller/configmap_controller_test.go b/internal/controller/configmap_controller_test.go
@@ -0,0 +1,32 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controller
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+)
+
+var _ = Describe("ConfigMap Controller", func() {
+	Context("When reconciling a resource", func() {
+
+		It("should successfully reconcile the resource", func() {
+
+			// TODO(user): Add more specific assertions depending on your controller's reconciliation logic.
+			// Example: If you expect a certain status condition after reconciliation, verify it here.
+		})
+	})
+})
diff --git a/internal/controller/pod_controller.go b/internal/controller/pod_controller.go
@@ -35,9 +35,9 @@ import (
 type PodReconciler struct {
 	client.Client
 	Scheme *runtime.Scheme
-}
 
-const maxPodAge = time.Second * 15 // TODO: Add configurable value for max age
+	Config *PodReconcilerConfig
+}
 
 const excludedNamespace = "kube-system"
 
@@ -69,16 +69,25 @@ func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 
 	// Ignore pods which have not yet reached the deletion deadline
 	// TODO: Refactor into testable function?
-	podCreatedAt := pod.GetCreationTimestamp() // TODO: Check for zero value?
+	podCreatedAt := pod.GetCreationTimestamp()
+	if podCreatedAt.IsZero() {
+		return ctrl.Result{}, fmt.Errorf("pod creation timestamp has unexpected zero value")
+	}
+
 	podAge := time.Since(podCreatedAt.Time)
+	maxPodAge := r.Config.MaxPodAge()
 	if podAge < maxPodAge {
-		// Pod is not yet read for deletion - calculate the expected time when it can be deleted
-		requeueAfter := maxPodAge - podAge + time.Second
-		logger.Info("Pod may eventually be deleted", "age", podAge, "phase", pod.Status.Phase, "deletionIn", requeueAfter, "deletionAt", time.Now().Add(requeueAfter))
+		// Pod is not yet read for deletion - run reconciliation again in one minute.
+		// We could wait the exact duration after which the object is reaches its max age
+		// (maxPodAge - podAge) but then this logic would not properly react to changes
+		// in the PodReconcilerConfig. To react to config updates, simply requeue within one minute
+		// (which is a sensible delay for the operator to react to a config update) or less,
+		// if the pod expires before that.
+		requeueAfter := minDuration(time.Minute, maxPodAge+time.Second)
 		return ctrl.Result{RequeueAfter: requeueAfter}, nil
 	}
 
-	logger.Info("Deleting non-running pod", "phase", pod.Status.Phase)
+	logger.Info("Deleting non-running pod", "phase", pod.Status.Phase, "podAge", podAge, "maxPodAge", maxPodAge)
 
 	if err := r.Delete(ctx, &pod); err != nil {
 		return ctrl.Result{}, fmt.Errorf("failed to delete pod: %w", err)
@@ -89,6 +98,13 @@ func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 	return ctrl.Result{}, nil
 }
 
+func minDuration(a, b time.Duration) time.Duration {
+	if a < b {
+		return a
+	}
+	return b
+}
+
 func (r *PodReconciler) shouldDeletePod(pod *v1.Pod) bool {
 	phase := pod.Status.Phase
 	return phase == v1.PodPending || phase == v1.PodSucceeded || phase == v1.PodFailed
