fixup! fix argocd install

aleoli · aleoli · commit 9aedb4d9c7d3 · 2024-11-11T16:37:22.000+01:00
diff --git a/pkg/consts/annotations.go b/pkg/consts/annotations.go
@@ -45,4 +45,8 @@ const (
 	UninstallingAnnotationKey = "liqo.io/uninstalling"
 	// UninstallingAnnotationValue is the value of the annotation used to signal liqo is being uninstalled.
 	UninstallingAnnotationValue = "true"
+
+	// WebhookServiceNameAnnotationKey is the constant representing
+	// the key of the annotation containing the Webhook service name.
+	WebhookServiceNameAnnotationKey = "liqo.io/webhook-service-name"
 )
diff --git a/pkg/consts/controllers.go b/pkg/consts/controllers.go
@@ -51,6 +51,7 @@ const (
 	CtrlPodInternalNet         = "pod_internalnet"
 	CtrlPublicKey              = "publickey"
 	CtrlRouteConfiguration     = "routeconfiguration"
+	CtrlSecretWebhook          = "secret_webhook"
 	CtrlWGGatewayClient        = "wggatewayclient"
 	CtrlWGGatewayServer        = "wggatewayserver"
 
diff --git a/pkg/consts/labels.go b/pkg/consts/labels.go
@@ -51,7 +51,4 @@ const (
 	// WebhookResourceLabelValue is the constant representing
 	// the value of the label assigned to all Webhook resources.
 	WebhookResourceLabelValue = "true"
-	// WebhookServiceNameAnnotationKey is the constant representing
-	// the key of the annotation containing the Webhook service name.
-	WebhookServiceNameAnnotationKey = "liqo.io/webhook-service-name"
 )
diff --git a/pkg/webhooks/secretcontroller/secret_controller.go b/pkg/webhooks/secretcontroller/secret_controller.go
@@ -25,6 +25,7 @@ import (
 	"fmt"
 	"math/big"
 	"os"
+	"path"
 	"time"
 
 	adminssionregistrationv1 "k8s.io/api/admissionregistration/v1"
@@ -42,6 +43,8 @@ import (
 	"github.com/liqotech/liqo/pkg/consts"
 )
 
+const servingCertsDir = "/tmp/k8s-webhook-server/serving-certs/"
+
 // NewSecretReconciler returns a new SecretReconciler.
 func NewSecretReconciler(cl client.Client, s *runtime.Scheme, recorder record.EventRecorder) *SecretReconciler {
 	return &SecretReconciler{
@@ -106,45 +109,55 @@ func (r *SecretReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		return fmt.Errorf("unable to create label selector predicate: %w", err)
 	}
 
-	return ctrl.NewControllerManagedBy(mgr).Named(consts.CtrlIdentity).
+	return ctrl.NewControllerManagedBy(mgr).Named(consts.CtrlSecretWebhook).
 		For(&corev1.Secret{}, builder.WithPredicates(p)).
 		Complete(r)
 }
 
 // HandleSecret handles the given Secret for webhooks.
-func HandleSecret(ctx context.Context, cl client.Client, secret *corev1.Secret) error {
-	serviceName := secret.Annotations[consts.WebhookServiceNameAnnotationKey]
+func HandleSecret(ctx context.Context, cl client.Client, secret *corev1.Secret) (err error) {
+	if secret.Annotations == nil {
+		return fmt.Errorf("no annotations found in Secret %s/%s", secret.Namespace, secret.Name)
+	}
+	serviceName, serviceNameOk := secret.Annotations[consts.WebhookServiceNameAnnotationKey]
+	if !serviceNameOk {
+		return fmt.Errorf("no service name found fot Secret %s/%s. Please, set the annotation %s",
+			secret.Namespace, secret.Name, consts.WebhookServiceNameAnnotationKey)
+	}
 
+	if secret.Data == nil {
+		secret.Data = make(map[string][]byte)
+	}
 	ca, caOk := secret.Data["ca"]
 	tlsKey, tlsKeyOk := secret.Data["tls.key"]
 	tlsCrt, tlsCrtOk := secret.Data["tls.crt"]
 
 	if !caOk || !tlsKeyOk || !tlsCrtOk ||
 		len(ca) == 0 || len(tlsKey) == 0 || len(tlsCrt) == 0 {
-		caB, crtB, keyB, err := createCA(serviceName, secret.Namespace)
+		ca, tlsCrt, tlsKey, err = createCA(serviceName, secret.Namespace)
 		if err != nil {
 			return fmt.Errorf("unable to create CA: %w", err)
 		}
 
 		if secret.Data == nil {
 			secret.Data = make(map[string][]byte)
 		}
-		secret.Data["ca"] = caB
-		secret.Data["tls.crt"] = crtB
-		secret.Data["tls.key"] = keyB
-	} else {
-		err := os.MkdirAll("/tmp/k8s-webhook-server/serving-certs/", 0o700)
-		if err != nil {
-			return fmt.Errorf("unable to create directory: %w", err)
-		}
-		err = writeFile("/tmp/k8s-webhook-server/serving-certs/tls.crt", bytes.NewBuffer(tlsCrt))
-		if err != nil {
-			return fmt.Errorf("unable to write file: %w", err)
-		}
-		err = writeFile("/tmp/k8s-webhook-server/serving-certs/tls.key", bytes.NewBuffer(tlsKey))
-		if err != nil {
-			return fmt.Errorf("unable to write file: %w", err)
-		}
+		secret.Data["ca"] = ca
+		secret.Data["tls.crt"] = tlsCrt
+		secret.Data["tls.key"] = tlsKey
+	}
+
+	err = os.MkdirAll(servingCertsDir, 0o700)
+	if err != nil {
+		return fmt.Errorf("unable to create directory: %w", err)
+	}
+	err = writeFile(path.Join(servingCertsDir, "tls.crt"), bytes.NewBuffer(tlsCrt))
+	if err != nil {
+		return fmt.Errorf("unable to write file: %w", err)
+	}
+	err = writeFile(path.Join(servingCertsDir, "tls.key"), bytes.NewBuffer(tlsKey))
+	if err != nil {
+		return fmt.Errorf("unable to write file: %w", err)
 	}
 
 	// patch webhook configurations
@@ -196,7 +209,7 @@ func createCA(serviceName, namespace string) (caB, crtB, keyB []byte, err error)
 	ca := &x509.Certificate{
 		SerialNumber: big.NewInt(1),
 		Subject: pkix.Name{
-			Organization: []string{"Liqo"},
+			Organization: []string{"liqo.io"},
 		},
 		NotBefore:             time.Now(),
 		NotAfter:              time.Now().Add(10 * 365 * 24 * time.Hour),
@@ -224,7 +237,7 @@ func createCA(serviceName, namespace string) (caB, crtB, keyB []byte, err error)
 		SerialNumber: big.NewInt(1658),
 		Subject: pkix.Name{
 			CommonName:   commonName,
-			Organization: []string{"Liqo"},
+			Organization: []string{"liqo.io"},
 		},
 		NotBefore:    time.Now(),
 		NotAfter:     time.Now().AddDate(1, 0, 0),
@@ -264,20 +277,6 @@ func createCA(serviceName, namespace string) (caB, crtB, keyB []byte, err error)
 		return nil, nil, nil, fmt.Errorf("failed to encode server private key: %w", err)
 	}
 
-	// save the server cert and key to disk in the path expected by the webhook server.
-	err = os.MkdirAll("/tmp/k8s-webhook-server/serving-certs/", 0o700)
-	if err != nil {
-		return nil, nil, nil, fmt.Errorf("unable to create directory: %w", err)
-	}
-	err = writeFile("/tmp/k8s-webhook-server/serving-certs/tls.crt", serverCertPEM)
-	if err != nil {
-		return nil, nil, nil, fmt.Errorf("unable to write file: %w", err)
-	}
-	err = writeFile("/tmp/k8s-webhook-server/serving-certs/tls.key", serverPrivKeyPEM)
-	if err != nil {
-		return nil, nil, nil, fmt.Errorf("unable to write file: %w", err)
-	}
-
 	return certPEM, serverCertPEM.Bytes(), serverPrivKeyPEM.Bytes(), nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -45,4 +45,8 @@ const (`
`45`	`45`	`UninstallingAnnotationKey = "liqo.io/uninstalling"`
`46`	`46`	`// UninstallingAnnotationValue is the value of the annotation used to signal liqo is being uninstalled.`
`47`	`47`	`UninstallingAnnotationValue = "true"`
	`48`	`+`
	`49`	`+ // WebhookServiceNameAnnotationKey is the constant representing`
	`50`	`+ // the key of the annotation containing the Webhook service name.`
	`51`	`+ WebhookServiceNameAnnotationKey = "liqo.io/webhook-service-name"`
`48`	`52`	`)`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,4 @@ const (`
`51`	`51`	`// WebhookResourceLabelValue is the constant representing`
`52`	`52`	`// the value of the label assigned to all Webhook resources.`
`53`	`53`	`WebhookResourceLabelValue = "true"`
`54`		`- // WebhookServiceNameAnnotationKey is the constant representing`
`55`		`- // the key of the annotation containing the Webhook service name.`
`56`		`- WebhookServiceNameAnnotationKey = "liqo.io/webhook-service-name"`
`57`	`54`	`)`