From 345836630cbab37752d75eadfe570b0abef3423d Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Sat, 30 Apr 2022 17:10:11 +0200 Subject: [PATCH] refactor: avoiding using background context --- controllers/config/manager.go | 2 +- controllers/rbac/manager.go | 22 +++++++++--------- controllers/secret/ca.go | 2 +- controllers/secret/const.go | 9 -------- controllers/secret/reconciler.go | 8 ++----- controllers/secret/tls.go | 2 +- controllers/servicelabels/endpoint.go | 6 +++-- controllers/servicelabels/endpoint_slices.go | 7 +++--- controllers/servicelabels/service.go | 6 +++-- controllers/tenant/limitranges.go | 10 ++++---- controllers/tenant/manager.go | 20 ++++++++-------- controllers/tenant/namespaces.go | 24 ++++++++++---------- controllers/tenant/networkpolicies.go | 10 ++++---- controllers/tenant/resourcequotas.go | 20 ++++++++-------- controllers/tenant/rolebindings.go | 10 ++++---- controllers/tenant/utils.go | 4 ++-- main.go | 12 +++++----- pkg/configuration/client.go | 4 ++-- 18 files changed, 85 insertions(+), 93 deletions(-) delete mode 100644 controllers/secret/const.go diff --git a/controllers/config/manager.go b/controllers/config/manager.go index 4d509540..b396f148 100644 --- a/controllers/config/manager.go +++ b/controllers/config/manager.go @@ -61,7 +61,7 @@ func (c *Manager) SetupWithManager(mgr ctrl.Manager, configurationName string) e func (c *Manager) Reconcile(ctx context.Context, request reconcile.Request) (res reconcile.Result, err error) { c.Log.Info("CapsuleConfiguration reconciliation started", "request.name", request.Name) - cfg := configuration.NewCapsuleConfiguration(c.Client, request.Name) + cfg := configuration.NewCapsuleConfiguration(ctx, c.Client, request.Name) // Validating the Capsule Configuration options if _, err = cfg.ProtectedNamespaceRegexp(); err != nil { panic(errors.Wrap(err, "Invalid configuration for protected Namespace regex")) diff --git a/controllers/rbac/manager.go b/controllers/rbac/manager.go index 4c47d10d..c4a1aa03 100644 --- a/controllers/rbac/manager.go +++ b/controllers/rbac/manager.go @@ -44,7 +44,7 @@ func (r *Manager) filterByNames(name string) bool { } //nolint:dupl -func (r *Manager) SetupWithManager(mgr ctrl.Manager, configurationName string) (err error) { +func (r *Manager) SetupWithManager(ctx context.Context, mgr ctrl.Manager, configurationName string) (err error) { crErr := ctrl.NewControllerManagedBy(mgr). For(&rbacv1.ClusterRole{}, builder.WithPredicates(predicate.Funcs{ CreateFunc: func(event event.CreateEvent) bool { @@ -82,7 +82,7 @@ func (r *Manager) SetupWithManager(mgr ctrl.Manager, configurationName string) ( Watches(source.NewKindWithCache(&capsulev1alpha1.CapsuleConfiguration{}, mgr.GetCache()), handler.Funcs{ UpdateFunc: func(updateEvent event.UpdateEvent, limitingInterface workqueue.RateLimitingInterface) { if updateEvent.ObjectNew.GetName() == configurationName { - if crbErr := r.EnsureClusterRoleBindings(); crbErr != nil { + if crbErr := r.EnsureClusterRoleBindings(ctx); crbErr != nil { r.Log.Error(err, "cannot update ClusterRoleBinding upon CapsuleConfiguration update") } } @@ -100,18 +100,18 @@ func (r *Manager) SetupWithManager(mgr ctrl.Manager, configurationName string) ( func (r *Manager) Reconcile(ctx context.Context, request reconcile.Request) (res reconcile.Result, err error) { switch request.Name { case ProvisionerRoleName: - if err = r.EnsureClusterRole(ProvisionerRoleName); err != nil { + if err = r.EnsureClusterRole(ctx, ProvisionerRoleName); err != nil { r.Log.Error(err, "Reconciliation for ClusterRole failed", "ClusterRole", ProvisionerRoleName) break } - if err = r.EnsureClusterRoleBindings(); err != nil { + if err = r.EnsureClusterRoleBindings(ctx); err != nil { r.Log.Error(err, "Reconciliation for ClusterRoleBindings failed") break } case DeleterRoleName: - if err = r.EnsureClusterRole(DeleterRoleName); err != nil { + if err = r.EnsureClusterRole(ctx, DeleterRoleName); err != nil { r.Log.Error(err, "Reconciliation for ClusterRole failed", "ClusterRole", DeleterRoleName) } } @@ -119,14 +119,14 @@ func (r *Manager) Reconcile(ctx context.Context, request reconcile.Request) (res return } -func (r *Manager) EnsureClusterRoleBindings() (err error) { +func (r *Manager) EnsureClusterRoleBindings(ctx context.Context) (err error) { crb := &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: ProvisionerRoleName, }, } - _, err = controllerutil.CreateOrUpdate(context.TODO(), r.Client, crb, func() (err error) { + _, err = controllerutil.CreateOrUpdate(ctx, r.Client, crb, func() (err error) { crb.RoleRef = provisionerClusterRoleBinding.RoleRef crb.Subjects = []rbacv1.Subject{} @@ -144,7 +144,7 @@ func (r *Manager) EnsureClusterRoleBindings() (err error) { return } -func (r *Manager) EnsureClusterRole(roleName string) (err error) { +func (r *Manager) EnsureClusterRole(ctx context.Context, roleName string) (err error) { role, ok := clusterRoles[roleName] if !ok { return fmt.Errorf("clusterRole %s is not mapped", roleName) @@ -156,7 +156,7 @@ func (r *Manager) EnsureClusterRole(roleName string) (err error) { }, } - _, err = controllerutil.CreateOrUpdate(context.TODO(), r.Client, clusterRole, func() error { + _, err = controllerutil.CreateOrUpdate(ctx, r.Client, clusterRole, func() error { clusterRole.Rules = role.Rules return nil }) @@ -170,7 +170,7 @@ func (r *Manager) EnsureClusterRole(roleName string) (err error) { func (r *Manager) Start(ctx context.Context) error { for roleName := range clusterRoles { r.Log.Info("setting up ClusterRoles", "ClusterRole", roleName) - if err := r.EnsureClusterRole(roleName); err != nil { + if err := r.EnsureClusterRole(ctx, roleName); err != nil { if errors.IsAlreadyExists(err) { continue } @@ -180,7 +180,7 @@ func (r *Manager) Start(ctx context.Context) error { } r.Log.Info("setting up ClusterRoleBindings") - if err := r.EnsureClusterRoleBindings(); err != nil { + if err := r.EnsureClusterRoleBindings(ctx); err != nil { if errors.IsAlreadyExists(err) { return nil } diff --git a/controllers/secret/ca.go b/controllers/secret/ca.go index 638d5e63..343183c8 100644 --- a/controllers/secret/ca.go +++ b/controllers/secret/ca.go @@ -155,7 +155,7 @@ func (r CAReconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl var ca cert.CA var rq time.Duration - ca, err = getCertificateAuthority(r.Client, r.Namespace, r.Configuration.CASecretName()) + ca, err = getCertificateAuthority(ctx, r.Client, r.Namespace, r.Configuration.CASecretName()) if err != nil && errors.Is(err, MissingCaError{}) { ca, err = cert.GenerateCertificateAuthority() if err != nil { diff --git a/controllers/secret/const.go b/controllers/secret/const.go deleted file mode 100644 index c0c42c3e..00000000 --- a/controllers/secret/const.go +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright 2020-2021 Clastix Labs -// SPDX-License-Identifier: Apache-2.0 - -package secret - -const ( - certSecretKey = "tls.crt" - privateKeySecretKey = "tls.key" -) diff --git a/controllers/secret/reconciler.go b/controllers/secret/reconciler.go index b89278ef..66803217 100644 --- a/controllers/secret/reconciler.go +++ b/controllers/secret/reconciler.go @@ -14,14 +14,10 @@ import ( "github.com/clastix/capsule/pkg/cert" ) -func getCertificateAuthority(client client.Client, namespace, name string) (ca cert.CA, err error) { +func getCertificateAuthority(ctx context.Context, client client.Client, namespace, name string) (ca cert.CA, err error) { instance := &corev1.Secret{} - err = client.Get(context.TODO(), types.NamespacedName{ - Namespace: namespace, - Name: name, - }, instance) - if err != nil { + if err = client.Get(ctx, types.NamespacedName{Namespace: namespace, Name: name}, instance); err != nil { return nil, fmt.Errorf("missing secret %s, cannot reconcile", name) } diff --git a/controllers/secret/tls.go b/controllers/secret/tls.go index 7ef31eac..f4a02307 100644 --- a/controllers/secret/tls.go +++ b/controllers/secret/tls.go @@ -60,7 +60,7 @@ func (r TLSReconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctr var ca cert.CA var rq time.Duration - ca, err = getCertificateAuthority(r.Client, r.Namespace, r.Configuration.CASecretName()) + ca, err = getCertificateAuthority(ctx, r.Client, r.Namespace, r.Configuration.CASecretName()) if err != nil { return reconcile.Result{}, err } diff --git a/controllers/servicelabels/endpoint.go b/controllers/servicelabels/endpoint.go index 945b3e3b..44ac7882 100644 --- a/controllers/servicelabels/endpoint.go +++ b/controllers/servicelabels/endpoint.go @@ -4,6 +4,8 @@ package servicelabels import ( + "context" + "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" ctrl "sigs.k8s.io/controller-runtime" @@ -15,7 +17,7 @@ type EndpointsLabelsReconciler struct { Log logr.Logger } -func (r *EndpointsLabelsReconciler) SetupWithManager(mgr ctrl.Manager) error { +func (r *EndpointsLabelsReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error { r.abstractServiceLabelsReconciler = abstractServiceLabelsReconciler{ obj: &corev1.Endpoints{}, scheme: mgr.GetScheme(), @@ -23,6 +25,6 @@ func (r *EndpointsLabelsReconciler) SetupWithManager(mgr ctrl.Manager) error { } return ctrl.NewControllerManagedBy(mgr). - For(r.abstractServiceLabelsReconciler.obj, r.abstractServiceLabelsReconciler.forOptionPerInstanceName()). + For(r.abstractServiceLabelsReconciler.obj, r.abstractServiceLabelsReconciler.forOptionPerInstanceName(ctx)). Complete(r) } diff --git a/controllers/servicelabels/endpoint_slices.go b/controllers/servicelabels/endpoint_slices.go index 021be700..5389e398 100644 --- a/controllers/servicelabels/endpoint_slices.go +++ b/controllers/servicelabels/endpoint_slices.go @@ -4,6 +4,8 @@ package servicelabels import ( + "context" + "github.com/go-logr/logr" discoveryv1 "k8s.io/api/discovery/v1" discoveryv1beta1 "k8s.io/api/discovery/v1beta1" @@ -18,8 +20,7 @@ type EndpointSlicesLabelsReconciler struct { VersionMajor uint } -func (r *EndpointSlicesLabelsReconciler) SetupWithManager(mgr ctrl.Manager) error { - r.scheme = mgr.GetScheme() +func (r *EndpointSlicesLabelsReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error { r.abstractServiceLabelsReconciler = abstractServiceLabelsReconciler{ scheme: mgr.GetScheme(), log: r.Log, @@ -36,6 +37,6 @@ func (r *EndpointSlicesLabelsReconciler) SetupWithManager(mgr ctrl.Manager) erro } return ctrl.NewControllerManagedBy(mgr). - For(r.obj, r.abstractServiceLabelsReconciler.forOptionPerInstanceName()). + For(r.obj, r.abstractServiceLabelsReconciler.forOptionPerInstanceName(ctx)). Complete(r) } diff --git a/controllers/servicelabels/service.go b/controllers/servicelabels/service.go index 390bc290..1e097b43 100644 --- a/controllers/servicelabels/service.go +++ b/controllers/servicelabels/service.go @@ -4,6 +4,8 @@ package servicelabels import ( + "context" + "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" ctrl "sigs.k8s.io/controller-runtime" @@ -15,13 +17,13 @@ type ServicesLabelsReconciler struct { Log logr.Logger } -func (r *ServicesLabelsReconciler) SetupWithManager(mgr ctrl.Manager) error { +func (r *ServicesLabelsReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error { r.abstractServiceLabelsReconciler = abstractServiceLabelsReconciler{ obj: &corev1.Service{}, scheme: mgr.GetScheme(), log: r.Log, } return ctrl.NewControllerManagedBy(mgr). - For(r.abstractServiceLabelsReconciler.obj, r.abstractServiceLabelsReconciler.forOptionPerInstanceName()). + For(r.abstractServiceLabelsReconciler.obj, r.abstractServiceLabelsReconciler.forOptionPerInstanceName(ctx)). Complete(r) } diff --git a/controllers/tenant/limitranges.go b/controllers/tenant/limitranges.go index f5652ab9..726108c5 100644 --- a/controllers/tenant/limitranges.go +++ b/controllers/tenant/limitranges.go @@ -14,7 +14,7 @@ import ( ) // Ensuring all the LimitRange are applied to each Namespace handled by the Tenant. -func (r *Manager) syncLimitRanges(tenant *capsulev1beta1.Tenant) error { +func (r *Manager) syncLimitRanges(ctx context.Context, tenant *capsulev1beta1.Tenant) error { // getting requested LimitRange keys keys := make([]string, 0, len(tenant.Spec.LimitRanges.Items)) @@ -28,14 +28,14 @@ func (r *Manager) syncLimitRanges(tenant *capsulev1beta1.Tenant) error { namespace := ns group.Go(func() error { - return r.syncLimitRange(tenant, namespace, keys) + return r.syncLimitRange(ctx, tenant, namespace, keys) }) } return group.Wait() } -func (r *Manager) syncLimitRange(tenant *capsulev1beta1.Tenant, namespace string, keys []string) (err error) { +func (r *Manager) syncLimitRange(ctx context.Context, tenant *capsulev1beta1.Tenant, namespace string, keys []string) (err error) { // getting LimitRange labels for the mutateFn var tenantLabel, limitRangeLabel string @@ -46,7 +46,7 @@ func (r *Manager) syncLimitRange(tenant *capsulev1beta1.Tenant, namespace string return } - if err = r.pruningResources(namespace, keys, &corev1.LimitRange{}); err != nil { + if err = r.pruningResources(ctx, namespace, keys, &corev1.LimitRange{}); err != nil { return } @@ -59,7 +59,7 @@ func (r *Manager) syncLimitRange(tenant *capsulev1beta1.Tenant, namespace string } var res controllerutil.OperationResult - res, err = controllerutil.CreateOrUpdate(context.TODO(), r.Client, target, func() (err error) { + res, err = controllerutil.CreateOrUpdate(ctx, r.Client, target, func() (err error) { target.ObjectMeta.Labels = map[string]string{ tenantLabel: tenant.Name, limitRangeLabel: strconv.Itoa(i), diff --git a/controllers/tenant/manager.go b/controllers/tenant/manager.go index dc26a792..00054649 100644 --- a/controllers/tenant/manager.go +++ b/controllers/tenant/manager.go @@ -52,7 +52,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct return } // Ensuring the Tenant Status - if err = r.updateTenantStatus(instance); err != nil { + if err = r.updateTenantStatus(ctx, instance); err != nil { r.Log.Error(err, "Cannot update Tenant status") return } @@ -65,43 +65,43 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct // Ensuring all namespaces are collected r.Log.Info("Ensuring all Namespaces are collected") - if err = r.collectNamespaces(instance); err != nil { + if err = r.collectNamespaces(ctx, instance); err != nil { r.Log.Error(err, "Cannot collect Namespace resources") return } r.Log.Info("Starting processing of Namespaces", "items", len(instance.Status.Namespaces)) - if err = r.syncNamespaces(instance); err != nil { + if err = r.syncNamespaces(ctx, instance); err != nil { r.Log.Error(err, "Cannot sync Namespace items") return } r.Log.Info("Starting processing of Network Policies") - if err = r.syncNetworkPolicies(instance); err != nil { + if err = r.syncNetworkPolicies(ctx, instance); err != nil { r.Log.Error(err, "Cannot sync NetworkPolicy items") return } r.Log.Info("Starting processing of Limit Ranges", "items", len(instance.Spec.LimitRanges.Items)) - if err = r.syncLimitRanges(instance); err != nil { + if err = r.syncLimitRanges(ctx, instance); err != nil { r.Log.Error(err, "Cannot sync LimitRange items") return } r.Log.Info("Starting processing of Resource Quotas", "items", len(instance.Spec.ResourceQuota.Items)) - if err = r.syncResourceQuotas(instance); err != nil { + if err = r.syncResourceQuotas(ctx, instance); err != nil { r.Log.Error(err, "Cannot sync ResourceQuota items") return } r.Log.Info("Ensuring RoleBindings for Owners and Tenant") - if err = r.syncRoleBindings(instance); err != nil { + if err = r.syncRoleBindings(ctx, instance); err != nil { r.Log.Error(err, "Cannot sync RoleBindings items") return } r.Log.Info("Ensuring Namespace count") - if err = r.ensureNamespaceCount(instance); err != nil { + if err = r.ensureNamespaceCount(ctx, instance); err != nil { r.Log.Error(err, "Cannot sync Namespace count") return } @@ -110,7 +110,7 @@ func (r Manager) Reconcile(ctx context.Context, request ctrl.Request) (result ct return ctrl.Result{}, err } -func (r *Manager) updateTenantStatus(tnt *capsulev1beta1.Tenant) error { +func (r *Manager) updateTenantStatus(ctx context.Context, tnt *capsulev1beta1.Tenant) error { return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) { if tnt.IsCordoned() { tnt.Status.State = capsulev1beta1.TenantStateCordoned @@ -118,6 +118,6 @@ func (r *Manager) updateTenantStatus(tnt *capsulev1beta1.Tenant) error { tnt.Status.State = capsulev1beta1.TenantStateActive } - return r.Client.Status().Update(context.Background(), tnt) + return r.Client.Status().Update(ctx, tnt) }) } diff --git a/controllers/tenant/namespaces.go b/controllers/tenant/namespaces.go index ab0fd456..ec2a5d21 100644 --- a/controllers/tenant/namespaces.go +++ b/controllers/tenant/namespaces.go @@ -20,14 +20,14 @@ import ( ) // Ensuring all annotations are applied to each Namespace handled by the Tenant. -func (r *Manager) syncNamespaces(tenant *capsulev1beta1.Tenant) (err error) { +func (r *Manager) syncNamespaces(ctx context.Context, tenant *capsulev1beta1.Tenant) (err error) { group := new(errgroup.Group) for _, item := range tenant.Status.Namespaces { namespace := item group.Go(func() error { - return r.syncNamespaceMetadata(namespace, tenant) + return r.syncNamespaceMetadata(ctx, namespace, tenant) }) } @@ -39,18 +39,18 @@ func (r *Manager) syncNamespaces(tenant *capsulev1beta1.Tenant) (err error) { return } -func (r *Manager) syncNamespaceMetadata(namespace string, tnt *capsulev1beta1.Tenant) (err error) { +func (r *Manager) syncNamespaceMetadata(ctx context.Context, namespace string, tnt *capsulev1beta1.Tenant) (err error) { var res controllerutil.OperationResult err = retry.RetryOnConflict(retry.DefaultBackoff, func() (conflictErr error) { ns := &corev1.Namespace{} - if conflictErr = r.Client.Get(context.TODO(), types.NamespacedName{Name: namespace}, ns); err != nil { + if conflictErr = r.Client.Get(ctx, types.NamespacedName{Name: namespace}, ns); err != nil { return } capsuleLabel, _ := capsulev1beta1.GetTypeLabel(&capsulev1beta1.Tenant{}) - res, conflictErr = controllerutil.CreateOrUpdate(context.TODO(), r.Client, ns, func() error { + res, conflictErr = controllerutil.CreateOrUpdate(ctx, r.Client, ns, func() error { annotations := make(map[string]string) labels := map[string]string{ "name": namespace, @@ -147,25 +147,25 @@ func (r *Manager) syncNamespaceMetadata(namespace string, tnt *capsulev1beta1.Te return } -func (r *Manager) ensureNamespaceCount(tenant *capsulev1beta1.Tenant) error { +func (r *Manager) ensureNamespaceCount(ctx context.Context, tenant *capsulev1beta1.Tenant) error { return retry.RetryOnConflict(retry.DefaultBackoff, func() error { tenant.Status.Size = uint(len(tenant.Status.Namespaces)) found := &capsulev1beta1.Tenant{} - if err := r.Client.Get(context.TODO(), types.NamespacedName{Name: tenant.GetName()}, found); err != nil { + if err := r.Client.Get(ctx, types.NamespacedName{Name: tenant.GetName()}, found); err != nil { return err } found.Status.Size = tenant.Status.Size - return r.Client.Status().Update(context.TODO(), found, &client.UpdateOptions{}) + return r.Client.Status().Update(ctx, found, &client.UpdateOptions{}) }) } -func (r *Manager) collectNamespaces(tenant *capsulev1beta1.Tenant) error { +func (r *Manager) collectNamespaces(ctx context.Context, tenant *capsulev1beta1.Tenant) error { return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) { list := &corev1.NamespaceList{} - err = r.Client.List(context.TODO(), list, client.MatchingFieldsSelector{ + err = r.Client.List(ctx, list, client.MatchingFieldsSelector{ Selector: fields.OneTermEqualSelector(".metadata.ownerReferences[*].capsule", tenant.GetName()), }) @@ -173,10 +173,10 @@ func (r *Manager) collectNamespaces(tenant *capsulev1beta1.Tenant) error { return } - _, err = controllerutil.CreateOrUpdate(context.TODO(), r.Client, tenant.DeepCopy(), func() error { + _, err = controllerutil.CreateOrUpdate(ctx, r.Client, tenant.DeepCopy(), func() error { tenant.AssignNamespaces(list.Items) - return r.Client.Status().Update(context.TODO(), tenant, &client.UpdateOptions{}) + return r.Client.Status().Update(ctx, tenant, &client.UpdateOptions{}) }) return }) diff --git a/controllers/tenant/networkpolicies.go b/controllers/tenant/networkpolicies.go index 4043d1c9..f460c4b9 100644 --- a/controllers/tenant/networkpolicies.go +++ b/controllers/tenant/networkpolicies.go @@ -14,7 +14,7 @@ import ( ) // Ensuring all the NetworkPolicies are applied to each Namespace handled by the Tenant. -func (r *Manager) syncNetworkPolicies(tenant *capsulev1beta1.Tenant) error { +func (r *Manager) syncNetworkPolicies(ctx context.Context, tenant *capsulev1beta1.Tenant) error { // getting requested NetworkPolicy keys keys := make([]string, 0, len(tenant.Spec.NetworkPolicies.Items)) @@ -28,15 +28,15 @@ func (r *Manager) syncNetworkPolicies(tenant *capsulev1beta1.Tenant) error { namespace := ns group.Go(func() error { - return r.syncNetworkPolicy(tenant, namespace, keys) + return r.syncNetworkPolicy(ctx, tenant, namespace, keys) }) } return group.Wait() } -func (r *Manager) syncNetworkPolicy(tenant *capsulev1beta1.Tenant, namespace string, keys []string) (err error) { - if err = r.pruningResources(namespace, keys, &networkingv1.NetworkPolicy{}); err != nil { +func (r *Manager) syncNetworkPolicy(ctx context.Context, tenant *capsulev1beta1.Tenant, namespace string, keys []string) (err error) { + if err = r.pruningResources(ctx, namespace, keys, &networkingv1.NetworkPolicy{}); err != nil { return } // getting NetworkPolicy labels for the mutateFn @@ -59,7 +59,7 @@ func (r *Manager) syncNetworkPolicy(tenant *capsulev1beta1.Tenant, namespace str } var res controllerutil.OperationResult - res, err = controllerutil.CreateOrUpdate(context.TODO(), r.Client, target, func() (err error) { + res, err = controllerutil.CreateOrUpdate(ctx, r.Client, target, func() (err error) { target.SetLabels(map[string]string{ tenantLabel: tenant.Name, networkPolicyLabel: strconv.Itoa(i), diff --git a/controllers/tenant/resourcequotas.go b/controllers/tenant/resourcequotas.go index d245891e..6d6186ef 100644 --- a/controllers/tenant/resourcequotas.go +++ b/controllers/tenant/resourcequotas.go @@ -31,7 +31,7 @@ import ( // the mutateFn along with the CreateOrUpdate to don't perform the update since resources are identical. // // In case of Namespace-scoped Resource Budget, we're just replicating the resources across all registered Namespaces. -func (r *Manager) syncResourceQuotas(tenant *capsulev1beta1.Tenant) (err error) { +func (r *Manager) syncResourceQuotas(ctx context.Context, tenant *capsulev1beta1.Tenant) (err error) { // getting ResourceQuota labels for the mutateFn var tenantLabel, typeLabel string @@ -67,7 +67,7 @@ func (r *Manager) syncResourceQuotas(tenant *capsulev1beta1.Tenant) (err error) // These are required since Capsule is going to sum all the used quota to // sum them and get the Tenant one. list := &corev1.ResourceQuotaList{} - if scopeErr = r.List(context.TODO(), list, &client.ListOptions{LabelSelector: labels.NewSelector().Add(*tntRequirement).Add(*indexRequirement)}); scopeErr != nil { + if scopeErr = r.List(ctx, list, &client.ListOptions{LabelSelector: labels.NewSelector().Add(*tntRequirement).Add(*indexRequirement)}); scopeErr != nil { r.Log.Error(scopeErr, "Cannot list ResourceQuota", "tenantFilter", tntRequirement.String(), "indexFilter", indexRequirement.String()) return } @@ -116,7 +116,7 @@ func (r *Manager) syncResourceQuotas(tenant *capsulev1beta1.Tenant) (err error) list.Items[item].Spec.Hard[name] = resourceQuota.Hard[name] } } - if scopeErr = r.resourceQuotasUpdate(name, quantity, resourceQuota.Hard[name], list.Items...); scopeErr != nil { + if scopeErr = r.resourceQuotasUpdate(ctx, name, quantity, resourceQuota.Hard[name], list.Items...); scopeErr != nil { r.Log.Error(scopeErr, "cannot proceed with outer ResourceQuota") return } @@ -142,14 +142,14 @@ func (r *Manager) syncResourceQuotas(tenant *capsulev1beta1.Tenant) (err error) namespace := ns group.Go(func() error { - return r.syncResourceQuota(tenant, namespace, keys) + return r.syncResourceQuota(ctx, tenant, namespace, keys) }) } return group.Wait() } -func (r *Manager) syncResourceQuota(tenant *capsulev1beta1.Tenant, namespace string, keys []string) (err error) { +func (r *Manager) syncResourceQuota(ctx context.Context, tenant *capsulev1beta1.Tenant, namespace string, keys []string) (err error) { // getting ResourceQuota labels for the mutateFn var tenantLabel, typeLabel string @@ -161,7 +161,7 @@ func (r *Manager) syncResourceQuota(tenant *capsulev1beta1.Tenant, namespace str return err } // Pruning resource of non-requested resources - if err = r.pruningResources(namespace, keys, &corev1.ResourceQuota{}); err != nil { + if err = r.pruningResources(ctx, namespace, keys, &corev1.ResourceQuota{}); err != nil { return err } @@ -175,7 +175,7 @@ func (r *Manager) syncResourceQuota(tenant *capsulev1beta1.Tenant, namespace str var res controllerutil.OperationResult err = retry.RetryOnConflict(retry.DefaultBackoff, func() (retryErr error) { - res, retryErr = controllerutil.CreateOrUpdate(context.TODO(), r.Client, target, func() (err error) { + res, retryErr = controllerutil.CreateOrUpdate(ctx, r.Client, target, func() (err error) { target.SetLabels(map[string]string{ tenantLabel: tenant.Name, typeLabel: strconv.Itoa(index), @@ -208,7 +208,7 @@ func (r *Manager) syncResourceQuota(tenant *capsulev1beta1.Tenant, namespace str // Serial ResourceQuota processing is expensive: using Go routines we can speed it up. // In case of multiple errors these are logged properly, returning a generic error since we have to repush back the // reconciliation loop. -func (r *Manager) resourceQuotasUpdate(resourceName corev1.ResourceName, actual, limit resource.Quantity, list ...corev1.ResourceQuota) (err error) { +func (r *Manager) resourceQuotasUpdate(ctx context.Context, resourceName corev1.ResourceName, actual, limit resource.Quantity, list ...corev1.ResourceQuota) (err error) { group := new(errgroup.Group) for _, item := range list { @@ -216,12 +216,12 @@ func (r *Manager) resourceQuotasUpdate(resourceName corev1.ResourceName, actual, group.Go(func() (err error) { found := &corev1.ResourceQuota{} - if err = r.Get(context.TODO(), types.NamespacedName{Namespace: rq.Namespace, Name: rq.Name}, found); err != nil { + if err = r.Get(ctx, types.NamespacedName{Namespace: rq.Namespace, Name: rq.Name}, found); err != nil { return } return retry.RetryOnConflict(retry.DefaultBackoff, func() (retryErr error) { - _, retryErr = controllerutil.CreateOrUpdate(context.TODO(), r.Client, found, func() error { + _, retryErr = controllerutil.CreateOrUpdate(ctx, r.Client, found, func() error { // Ensuring annotation map is there to avoid uninitialized map error and // assigning the overall usage if found.Annotations == nil { diff --git a/controllers/tenant/rolebindings.go b/controllers/tenant/rolebindings.go index a4b5561d..85f49c7d 100644 --- a/controllers/tenant/rolebindings.go +++ b/controllers/tenant/rolebindings.go @@ -45,7 +45,7 @@ func (r *Manager) ownerClusterRoleBindings(owner capsulev1beta1.OwnerSpec, clust // Sync the dynamic Tenant Owner specific cluster-roles and additional Role Bindings, which can be used in many ways: // applying Pod Security Policies or giving access to CRDs or specific API groups. -func (r *Manager) syncRoleBindings(tenant *capsulev1beta1.Tenant) (err error) { +func (r *Manager) syncRoleBindings(ctx context.Context, tenant *capsulev1beta1.Tenant) (err error) { // hashing the RoleBinding name due to DNS RFC-1123 applied to Kubernetes labels hashFn := func(binding capsulev1beta1.AdditionalRoleBindingsSpec) string { h := fnv.New64a() @@ -79,14 +79,14 @@ func (r *Manager) syncRoleBindings(tenant *capsulev1beta1.Tenant) (err error) { namespace := ns group.Go(func() error { - return r.syncAdditionalRoleBinding(tenant, namespace, keys, hashFn) + return r.syncAdditionalRoleBinding(ctx, tenant, namespace, keys, hashFn) }) } return group.Wait() } -func (r *Manager) syncAdditionalRoleBinding(tenant *capsulev1beta1.Tenant, ns string, keys []string, hashFn func(binding capsulev1beta1.AdditionalRoleBindingsSpec) string) (err error) { +func (r *Manager) syncAdditionalRoleBinding(ctx context.Context, tenant *capsulev1beta1.Tenant, ns string, keys []string, hashFn func(binding capsulev1beta1.AdditionalRoleBindingsSpec) string) (err error) { var tenantLabel, roleBindingLabel string if tenantLabel, err = capsulev1beta1.GetTypeLabel(&capsulev1beta1.Tenant{}); err != nil { @@ -97,7 +97,7 @@ func (r *Manager) syncAdditionalRoleBinding(tenant *capsulev1beta1.Tenant, ns st return } - if err = r.pruningResources(ns, keys, &rbacv1.RoleBinding{}); err != nil { + if err = r.pruningResources(ctx, ns, keys, &rbacv1.RoleBinding{}); err != nil { return } @@ -122,7 +122,7 @@ func (r *Manager) syncAdditionalRoleBinding(tenant *capsulev1beta1.Tenant, ns st } var res controllerutil.OperationResult - res, err = controllerutil.CreateOrUpdate(context.TODO(), r.Client, target, func() error { + res, err = controllerutil.CreateOrUpdate(ctx, r.Client, target, func() error { target.ObjectMeta.Labels = map[string]string{ tenantLabel: tenant.Name, roleBindingLabel: roleBindingHashLabel, diff --git a/controllers/tenant/utils.go b/controllers/tenant/utils.go index 3ce44cc3..b90ba0b8 100644 --- a/controllers/tenant/utils.go +++ b/controllers/tenant/utils.go @@ -16,7 +16,7 @@ import ( // pruningResources is taking care of removing the no more requested sub-resources as LimitRange, ResourceQuota or // NetworkPolicy using the "exists" and "notin" LabelSelector to perform an outer-join removal. -func (r *Manager) pruningResources(ns string, keys []string, obj client.Object) (err error) { +func (r *Manager) pruningResources(ctx context.Context, ns string, keys []string, obj client.Object) (err error) { var capsuleLabel string if capsuleLabel, err = capsulev1beta1.GetTypeLabel(obj); err != nil { return @@ -42,7 +42,7 @@ func (r *Manager) pruningResources(ns string, keys []string, obj client.Object) r.Log.Info("Pruning objects with label selector " + selector.String()) return retry.RetryOnConflict(retry.DefaultBackoff, func() error { - return r.DeleteAllOf(context.TODO(), obj, &client.DeleteAllOfOptions{ + return r.DeleteAllOf(ctx, obj, &client.DeleteAllOfOptions{ ListOptions: client.ListOptions{ LabelSelector: selector, Namespace: ns, diff --git a/main.go b/main.go index 7428cb00..5d462128 100644 --- a/main.go +++ b/main.go @@ -128,7 +128,7 @@ func main() { ctx := ctrl.SetupSignalHandler() - cfg := configuration.NewCapsuleConfiguration(manager.GetClient(), configurationName) + cfg := configuration.NewCapsuleConfiguration(ctx, manager.GetClient(), configurationName) if err = (&secretcontroller.CAReconciler{ Client: manager.GetClient(), @@ -166,7 +166,7 @@ func main() { setupLog.Error(err, "unable to create the direct client") os.Exit(1) } - directCfg := configuration.NewCapsuleConfiguration(directClient, configurationName) + directCfg := configuration.NewCapsuleConfiguration(ctx, directClient, configurationName) ca, err := clientset.CoreV1().Secrets(namespace).Get(ctx, directCfg.CASecretName(), metav1.GetOptions{}) if err != nil { @@ -244,21 +244,21 @@ func main() { os.Exit(1) } - if err = rbacManager.SetupWithManager(manager, configurationName); err != nil { + if err = rbacManager.SetupWithManager(ctx, manager, configurationName); err != nil { setupLog.Error(err, "unable to create controller", "controller", "Rbac") os.Exit(1) } if err = (&servicelabelscontroller.ServicesLabelsReconciler{ Log: ctrl.Log.WithName("controllers").WithName("ServiceLabels"), - }).SetupWithManager(manager); err != nil { + }).SetupWithManager(ctx, manager); err != nil { setupLog.Error(err, "unable to create controller", "controller", "ServiceLabels") os.Exit(1) } if err = (&servicelabelscontroller.EndpointsLabelsReconciler{ Log: ctrl.Log.WithName("controllers").WithName("EndpointLabels"), - }).SetupWithManager(manager); err != nil { + }).SetupWithManager(ctx, manager); err != nil { setupLog.Error(err, "unable to create controller", "controller", "EndpointLabels") os.Exit(1) } @@ -267,7 +267,7 @@ func main() { Log: ctrl.Log.WithName("controllers").WithName("EndpointSliceLabels"), VersionMinor: kubeVersion.Minor(), VersionMajor: kubeVersion.Major(), - }).SetupWithManager(manager); err != nil { + }).SetupWithManager(ctx, manager); err != nil { setupLog.Error(err, "unable to create controller", "controller", "EndpointSliceLabels") } diff --git a/pkg/configuration/client.go b/pkg/configuration/client.go index b78917a3..55b65490 100644 --- a/pkg/configuration/client.go +++ b/pkg/configuration/client.go @@ -23,11 +23,11 @@ type capsuleConfiguration struct { retrievalFn func() *capsulev1alpha1.CapsuleConfiguration } -func NewCapsuleConfiguration(client client.Client, name string) Configuration { +func NewCapsuleConfiguration(ctx context.Context, client client.Client, name string) Configuration { return &capsuleConfiguration{retrievalFn: func() *capsulev1alpha1.CapsuleConfiguration { config := &capsulev1alpha1.CapsuleConfiguration{} - if err := client.Get(context.Background(), types.NamespacedName{Name: name}, config); err != nil { + if err := client.Get(ctx, types.NamespacedName{Name: name}, config); err != nil { if machineryerr.IsNotFound(err) { return &capsulev1alpha1.CapsuleConfiguration{ Spec: capsulev1alpha1.CapsuleConfigurationSpec{