Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20

cmd/local-user-authenticator/main.go

@@ -1,4 +1,4 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 // Package main provides a authentication webhook program.
@@ -31,13 +31,13 @@ import (
 	kubeinformers "k8s.io/client-go/informers"
 	corev1informers "k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/kubernetes"
-	restclient "k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 
 	"go.pinniped.dev/internal/constable"
 	"go.pinniped.dev/internal/controller/apicerts"
 	"go.pinniped.dev/internal/controllerlib"
 	"go.pinniped.dev/internal/dynamiccert"
+	"go.pinniped.dev/internal/kubeclient"
 	"go.pinniped.dev/internal/plog"
 )
 
@@ -279,21 +279,6 @@ func respondWithAuthenticated(
 	}
 }
 
-func newK8sClient() (kubernetes.Interface, error) {
-	kubeConfig, err := restclient.InClusterConfig()
-	if err != nil {
-		return nil, fmt.Errorf("could not load in-cluster configuration: %w", err)
-	}
-
-	// Connect to the core Kubernetes API.
-	kubeClient, err := kubernetes.NewForConfig(kubeConfig)
-	if err != nil {
-		return nil, fmt.Errorf("could not load in-cluster configuration: %w", err)
-	}
-
-	return kubeClient, nil
-}
-
 func startControllers(
 	ctx context.Context,
 	dynamicCertProvider dynamiccert.Provider,
@@ -359,20 +344,20 @@ func run() error {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	kubeClient, err := newK8sClient()
+	client, err := kubeclient.New()
 	if err != nil {
 		return fmt.Errorf("cannot create k8s client: %w", err)
 	}
 
 	kubeInformers := kubeinformers.NewSharedInformerFactoryWithOptions(
-		kubeClient,
+		client.Kubernetes,
 		defaultResyncInterval,
 		kubeinformers.WithNamespace(namespace),
 	)
 
 	dynamicCertProvider := dynamiccert.New()
 
-	startControllers(ctx, dynamicCertProvider, kubeClient, kubeInformers)
+	startControllers(ctx, dynamicCertProvider, client.Kubernetes, kubeInformers)
 	plog.Debug("controllers are ready")
 
 	//nolint: gosec // Intentionally binding to all network interfaces.

cmd/pinniped-supervisor/main.go

@@ -17,13 +17,11 @@ import (
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/clock"
 	kubeinformers "k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/pkg/version"
 	"k8s.io/client-go/rest"
-	restclient "k8s.io/client-go/rest"
 	"k8s.io/component-base/logs"
 	"k8s.io/klog/v2"
 	"k8s.io/klog/v2/klogr"
@@ -37,7 +35,9 @@ import (
 	"go.pinniped.dev/internal/controller/supervisorconfig/upstreamwatcher"
 	"go.pinniped.dev/internal/controller/supervisorstorage"
 	"go.pinniped.dev/internal/controllerlib"
+	"go.pinniped.dev/internal/deploymentref"
 	"go.pinniped.dev/internal/downward"
+	"go.pinniped.dev/internal/kubeclient"
 	"go.pinniped.dev/internal/oidc/jwks"
 	"go.pinniped.dev/internal/oidc/provider"
 	"go.pinniped.dev/internal/oidc/provider/manager"
@@ -252,81 +252,31 @@ func startControllers(
 	go controllerManager.Start(ctx)
 }
 
-func getSupervisorDeployment(
-	ctx context.Context,
-	kubeClient kubernetes.Interface,
-	podInfo *downward.PodInfo,
-) (*appsv1.Deployment, error) {
-	ns := podInfo.Namespace
-
-	pod, err := kubeClient.CoreV1().Pods(ns).Get(ctx, podInfo.Name, metav1.GetOptions{})
-	if err != nil {
-		return nil, fmt.Errorf("could not get pod: %w", err)
-	}
-
-	podOwner := metav1.GetControllerOf(pod)
-	if podOwner == nil {
-		return nil, fmt.Errorf("pod %s/%s is missing owner", ns, podInfo.Name)
-	}
-
-	rs, err := kubeClient.AppsV1().ReplicaSets(ns).Get(ctx, podOwner.Name, metav1.GetOptions{})
-	if err != nil {
-		return nil, fmt.Errorf("could not get replicaset: %w", err)
-	}
-
-	rsOwner := metav1.GetControllerOf(rs)
-	if rsOwner == nil {
-		return nil, fmt.Errorf("replicaset %s/%s is missing owner", ns, podInfo.Name)
-	}
-
-	d, err := kubeClient.AppsV1().Deployments(ns).Get(ctx, rsOwner.Name, metav1.GetOptions{})
-	if err != nil {
-		return nil, fmt.Errorf("could not get deployment: %w", err)
-	}
-
-	return d, nil
-}
-
-func newClients() (kubernetes.Interface, pinnipedclientset.Interface, error) {
-	kubeConfig, err := restclient.InClusterConfig()
-	if err != nil {
-		return nil, nil, fmt.Errorf("could not load in-cluster configuration: %w", err)
-	}
-
-	// Connect to the core Kubernetes API.
-	kubeClient, err := kubernetes.NewForConfig(kubeConfig)
-	if err != nil {
-		return nil, nil, fmt.Errorf("could not create kube client: %w", err)
-	}
-
-	// Connect to the Pinniped API.
-	pinnipedClient, err := pinnipedclientset.NewForConfig(kubeConfig)
-	if err != nil {
-		return nil, nil, fmt.Errorf("could not create pinniped client: %w", err)
-	}
-
-	return kubeClient, pinnipedClient, nil
-}
-
 func run(podInfo *downward.PodInfo, cfg *supervisor.Config) error {
 	serverInstallationNamespace := podInfo.Namespace
 
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	kubeClient, pinnipedClient, err := newClients()
+	// TODO remove code that relies on supervisorDeployment directly
+	dref, supervisorDeployment, err := deploymentref.New(podInfo)
+	if err != nil {
+		return fmt.Errorf("cannot create deployment ref: %w", err)
+	}
+
+	client, err := kubeclient.New(dref)
 	if err != nil {
 		return fmt.Errorf("cannot create k8s client: %w", err)
 	}
 
 	kubeInformers := kubeinformers.NewSharedInformerFactoryWithOptions(
-		kubeClient,
+		client.Kubernetes,
 		defaultResyncInterval,
 		kubeinformers.WithNamespace(serverInstallationNamespace),
 	)
 
 	pinnipedInformers := pinnipedinformers.NewSharedInformerFactoryWithOptions(
-		pinnipedClient,
+		client.PinnipedSupervisor,
 		defaultResyncInterval,
 		pinnipedinformers.WithNamespace(serverInstallationNamespace),
 	)
@@ -348,14 +298,9 @@ func run(podInfo *downward.PodInfo, cfg *supervisor.Config) error {
 		dynamicJWKSProvider,
 		dynamicUpstreamIDPProvider,
 		&secretCache,
-		kubeClient.CoreV1().Secrets(serverInstallationNamespace),
+		client.Kubernetes.CoreV1().Secrets(serverInstallationNamespace),
 	)
 
-	supervisorDeployment, err := getSupervisorDeployment(ctx, kubeClient, podInfo)
-	if err != nil {
-		return fmt.Errorf("cannot get supervisor deployment: %w", err)
-	}
-
 	startControllers(
 		ctx,
 		cfg,
@@ -365,8 +310,8 @@ func run(podInfo *downward.PodInfo, cfg *supervisor.Config) error {
 		dynamicUpstreamIDPProvider,
 		&secretCache,
 		supervisorDeployment,
-		kubeClient,
-		pinnipedClient,
+		client.Kubernetes,
+		client.PinnipedSupervisor,
 		kubeInformers,
 		pinnipedInformers,
 	)

cmd/pinniped/cmd/kubeconfig.go

@@ -26,6 +26,7 @@ import (
 
 	conciergev1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/authentication/v1alpha1"
 	conciergeclientset "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned"
+	"go.pinniped.dev/internal/kubeclient"
 )
 
 type kubeconfigDeps struct {
@@ -41,7 +42,11 @@ func kubeconfigRealDeps() kubeconfigDeps {
 			if err != nil {
 				return nil, err
 			}
-			return conciergeclientset.NewForConfig(restConfig)
+			client, err := kubeclient.New(kubeclient.WithConfig(restConfig))
+			if err != nil {
+				return nil, err
+			}
+			return client.PinnipedConcierge, nil
 		},
 	}
 }