From 542ca3b90fbd5a3a8e106562206e697783bdfd90 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 15 Aug 2023 21:16:52 +0200 Subject: [PATCH] Make webhook Logging options configurable using configfile. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- cmd/webhook/app/webhook.go | 7 +- .../apis/config/controller/fuzzer/fuzzer.go | 116 ++++++++++++------ internal/apis/config/util/conversion.go | 51 ++++++++ internal/apis/config/webhook/fuzzer/fuzzer.go | 3 + internal/apis/config/webhook/types.go | 4 + .../apis/config/webhook/v1alpha1/defaults.go | 3 + pkg/apis/config/webhook/v1alpha1/types.go | 5 + pkg/webhook/options/options.go | 10 +- 8 files changed, 154 insertions(+), 45 deletions(-) create mode 100644 internal/apis/config/util/conversion.go diff --git a/cmd/webhook/app/webhook.go b/cmd/webhook/app/webhook.go index d7a512a9fbf..2d2104d4406 100644 --- a/cmd/webhook/app/webhook.go +++ b/cmd/webhook/app/webhook.go @@ -95,7 +95,7 @@ func NewServerCommand(stopCh <-chan struct{}) *cobra.Command { os.Exit(1) } - if err := logf.ValidateAndApply(webhookFlags.Logging); err != nil { + if err := logf.ValidateAndApply(&webhookConfig.Logging); err != nil { log.Error(err, "Failed to validate webhook flags") os.Exit(1) } @@ -117,6 +117,11 @@ func NewServerCommand(stopCh <-chan struct{}) *cobra.Command { log.Error(err, "Failed to set feature gates from config file") os.Exit(1) } + + if err := logf.ValidateAndApply(&webhookConfig.Logging); err != nil { + log.Error(err, "Failed to validate webhook flags") + os.Exit(1) + } } srv, err := cmwebhook.NewCertManagerWebhookServer(log, *webhookConfig) diff --git a/internal/apis/config/controller/fuzzer/fuzzer.go b/internal/apis/config/controller/fuzzer/fuzzer.go index 4fe34b75b99..bc79e7d59c1 100644 --- a/internal/apis/config/controller/fuzzer/fuzzer.go +++ b/internal/apis/config/controller/fuzzer/fuzzer.go @@ -33,45 +33,87 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} { func(s *controller.ControllerConfiguration, c fuzz.Continue) { c.FuzzNoCustom(s) // fuzz self without calling this function again - defaultTime := 60 * time.Second - s.APIServerHost = "defaultHost" - s.KubeConfig = "defaultConfig" - s.KubernetesAPIQPS = 10 - s.KubernetesAPIBurst = 10 - s.ClusterResourceNamespace = "defaultClusterResourceNamespace" - s.Namespace = "defaultNamespace" - s.LeaderElectionConfig.Enabled = true - s.LeaderElectionConfig.Namespace = "defaultLeaderElectionNamespace" - s.LeaderElectionConfig.LeaseDuration = defaultTime - s.LeaderElectionConfig.RenewDeadline = defaultTime - s.LeaderElectionConfig.RetryPeriod = defaultTime - s.Controllers = []string{"*"} - s.ACMEHTTP01Config.SolverImage = "defaultACMEHTTP01SolverImage" - s.ACMEHTTP01Config.SolverResourceRequestCPU = "10m" - s.ACMEHTTP01Config.SolverResourceRequestMemory = "64Mi" - s.ACMEHTTP01Config.SolverResourceLimitsCPU = "100m" - s.ACMEHTTP01Config.SolverResourceLimitsMemory = "64Mi" - s.ACMEHTTP01Config.SolverRunAsNonRoot = true - s.ACMEHTTP01Config.SolverNameservers = []string{"8.8.8.8:53"} - s.ClusterIssuerAmbientCredentials = true - s.IssuerAmbientCredentials = true - s.IngressShimConfig.DefaultIssuerName = "defaultTLSACMEIssuerName" - s.IngressShimConfig.DefaultIssuerKind = "defaultIssuerKind" - s.IngressShimConfig.DefaultIssuerGroup = "defaultTLSACMEIssuerGroup" - s.IngressShimConfig.DefaultAutoCertificateAnnotations = []string{"kubernetes.io/tls-acme"} - s.ACMEDNS01Config.RecursiveNameservers = []string{"8.8.8.8:53"} - s.ACMEDNS01Config.RecursiveNameserversOnly = true - s.EnableCertificateOwnerRef = true - s.NumberOfConcurrentWorkers = 1 - s.MaxConcurrentChallenges = 1 - s.MetricsListenAddress = "0.0.0.0:9402" - s.HealthzListenAddress = "0.0.0.0:9402" - s.LeaderElectionConfig.HealthzTimeout = defaultTime - s.EnablePprof = true - s.PprofAddress = "something:1234" - s.CopiedAnnotationPrefixes = []string{"*", "-kubectl.kubernetes.io/", "-fluxcd.io/", "-argocd.argoproj.io/"} + if s.ClusterResourceNamespace == "" { + s.ClusterResourceNamespace = "test-roundtrip" + } + + if len(s.Controllers) == 0 { + s.Controllers = []string{"test-roundtrip"} + } + + if len(s.CopiedAnnotationPrefixes) == 0 { + s.CopiedAnnotationPrefixes = []string{"test-roundtrip"} + } + + if s.MetricsListenAddress == "" { + s.MetricsListenAddress = "test-roundtrip" + } + + if s.HealthzListenAddress == "" { + s.HealthzListenAddress = "test-roundtrip" + } + + if s.PprofAddress == "" { + s.PprofAddress = "test-roundtrip" + } logsapi.SetRecommendedLoggingConfiguration(&s.Logging) + + if s.LeaderElectionConfig.Namespace == "" { + s.LeaderElectionConfig.Namespace = "test-roundtrip" + } + + if s.LeaderElectionConfig.LeaseDuration == time.Duration(0) { + s.LeaderElectionConfig.LeaseDuration = time.Second * 8875 + } + + if s.LeaderElectionConfig.RenewDeadline == time.Duration(0) { + s.LeaderElectionConfig.RenewDeadline = time.Second * 8875 + } + + if s.LeaderElectionConfig.RetryPeriod == time.Duration(0) { + s.LeaderElectionConfig.RetryPeriod = time.Second * 8875 + } + + if s.LeaderElectionConfig.HealthzTimeout == time.Duration(0) { + s.LeaderElectionConfig.HealthzTimeout = time.Second * 8875 + } + + if s.IngressShimConfig.DefaultIssuerKind == "" { + s.IngressShimConfig.DefaultIssuerKind = "test-roundtrip" + } + + if s.IngressShimConfig.DefaultIssuerGroup == "" { + s.IngressShimConfig.DefaultIssuerGroup = "test-roundtrip" + } + + if len(s.IngressShimConfig.DefaultAutoCertificateAnnotations) == 0 { + s.IngressShimConfig.DefaultAutoCertificateAnnotations = []string{"test-roundtrip"} + } + + if s.ACMEHTTP01Config.SolverImage == "" { + s.ACMEHTTP01Config.SolverImage = "test-roundtrip" + } + + if s.ACMEHTTP01Config.SolverResourceRequestCPU == "" { + s.ACMEHTTP01Config.SolverResourceRequestCPU = "test-roundtrip" + } + + if s.ACMEHTTP01Config.SolverResourceRequestMemory == "" { + s.ACMEHTTP01Config.SolverResourceRequestMemory = "test-roundtrip" + } + + if s.ACMEHTTP01Config.SolverResourceLimitsCPU == "" { + s.ACMEHTTP01Config.SolverResourceLimitsCPU = "test-roundtrip" + } + + if s.ACMEHTTP01Config.SolverResourceLimitsMemory == "" { + s.ACMEHTTP01Config.SolverResourceLimitsMemory = "test-roundtrip" + } + + if s.ACMEDNS01Config.CheckRetryPeriod == time.Duration(0) { + s.ACMEDNS01Config.CheckRetryPeriod = time.Second * 8875 + } }, } } diff --git a/internal/apis/config/util/conversion.go b/internal/apis/config/util/conversion.go new file mode 100644 index 00000000000..aa03ea17a4e --- /dev/null +++ b/internal/apis/config/util/conversion.go @@ -0,0 +1,51 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config + +import ( + conversion "k8s.io/apimachinery/pkg/conversion" +) + +func Convert_Pointer_float32_To_float32(in **float32, out *float32, s conversion.Scope) error { + if *in == nil { + *out = 0 + return nil + } + *out = float32(**in) + return nil +} + +func Convert_float32_To_Pointer_float32(in *float32, out **float32, s conversion.Scope) error { + temp := float32(*in) + *out = &temp + return nil +} + +func Convert_Pointer_int32_To_int(in **int32, out *int, s conversion.Scope) error { + if *in == nil { + *out = 0 + return nil + } + *out = int(**in) + return nil +} + +func Convert_int_To_Pointer_int32(in *int, out **int32, s conversion.Scope) error { + temp := int32(*in) + *out = &temp + return nil +} diff --git a/internal/apis/config/webhook/fuzzer/fuzzer.go b/internal/apis/config/webhook/fuzzer/fuzzer.go index 5c45e63ed68..b20a4fbd4b8 100644 --- a/internal/apis/config/webhook/fuzzer/fuzzer.go +++ b/internal/apis/config/webhook/fuzzer/fuzzer.go @@ -19,6 +19,7 @@ package fuzzer import ( fuzz "github.com/google/gofuzz" runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer" + logsapi "k8s.io/component-base/logs/api/v1" "github.com/cert-manager/cert-manager/internal/apis/config/webhook" ) @@ -32,6 +33,8 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} { if s.PprofAddress == "" { s.PprofAddress = "something:1234" } + + logsapi.SetRecommendedLoggingConfiguration(&s.Logging) }, } } diff --git a/internal/apis/config/webhook/types.go b/internal/apis/config/webhook/types.go index f626a2a6597..a1bbccbe958 100644 --- a/internal/apis/config/webhook/types.go +++ b/internal/apis/config/webhook/types.go @@ -18,6 +18,7 @@ package webhook import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/component-base/logs" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -51,6 +52,9 @@ type WebhookConfiguration struct { // Defaults to 'localhost:6060'. PprofAddress string + // https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration + Logging logs.Options + // featureGates is a map of feature names to bools that enable or disable experimental // features. // Default: nil diff --git a/internal/apis/config/webhook/v1alpha1/defaults.go b/internal/apis/config/webhook/v1alpha1/defaults.go index 3b1a439881f..39077722aab 100644 --- a/internal/apis/config/webhook/v1alpha1/defaults.go +++ b/internal/apis/config/webhook/v1alpha1/defaults.go @@ -18,6 +18,7 @@ package v1alpha1 import ( "k8s.io/apimachinery/pkg/runtime" + logsapi "k8s.io/component-base/logs/api/v1" "k8s.io/utils/pointer" "github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1" @@ -37,4 +38,6 @@ func SetDefaults_WebhookConfiguration(obj *v1alpha1.WebhookConfiguration) { if obj.PprofAddress == "" { obj.PprofAddress = "localhost:6060" } + + logsapi.SetRecommendedLoggingConfiguration(&obj.Logging) } diff --git a/pkg/apis/config/webhook/v1alpha1/types.go b/pkg/apis/config/webhook/v1alpha1/types.go index 2c918b1dba7..1d39615a322 100644 --- a/pkg/apis/config/webhook/v1alpha1/types.go +++ b/pkg/apis/config/webhook/v1alpha1/types.go @@ -18,6 +18,7 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + logsapi "k8s.io/component-base/logs/api/v1" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -51,6 +52,10 @@ type WebhookConfiguration struct { // Defaults to 'localhost:6060'. PprofAddress string `json:"pprofAddress,omitempty"` + // logging configures the logging behaviour of the webhook. + // https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration + Logging logsapi.LoggingConfiguration `json:"logging"` + // featureGates is a map of feature names to bools that enable or disable experimental // features. // Default: nil diff --git a/pkg/webhook/options/options.go b/pkg/webhook/options/options.go index d50520832ca..e2fd19ac7c8 100644 --- a/pkg/webhook/options/options.go +++ b/pkg/webhook/options/options.go @@ -21,7 +21,6 @@ import ( "github.com/spf13/pflag" cliflag "k8s.io/component-base/cli/flag" - "k8s.io/component-base/logs" config "github.com/cert-manager/cert-manager/internal/apis/config/webhook" configscheme "github.com/cert-manager/cert-manager/internal/apis/config/webhook/scheme" @@ -32,21 +31,16 @@ import ( // WebhookFlags defines options that can only be configured via flags. type WebhookFlags struct { - Logging *logs.Options - // Path to a file containing a WebhookConfiguration resource Config string } func NewWebhookFlags() *WebhookFlags { - return &WebhookFlags{ - Logging: logs.NewOptions(), - } + return &WebhookFlags{} } func (f *WebhookFlags) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&f.Config, "config", "", "Path to a file containing a WebhookConfiguration object used to configure the webhook") - logf.AddFlags(f.Logging, fs) } func NewWebhookConfiguration() (*config.WebhookConfiguration, error) { @@ -93,4 +87,6 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.WebhookConfiguration) { "Possible values: "+strings.Join(tlsPossibleVersions, ", ")) fs.Var(cliflag.NewMapStringBool(&c.FeatureGates), "feature-gates", "A set of key=value pairs that describe feature gates for alpha/experimental features. "+ "Options are:\n"+strings.Join(utilfeature.DefaultFeatureGate.KnownFeatures(), "\n")) + + logf.AddFlags(&c.Logging, fs) }