Allow kcd patcher to enable without custom labels

events/patch.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"github.com/golang/glog"
 	"github.com/mitchellh/mapstructure"
+	"github.com/wish/kcd/gok8s/client/clientset/versioned"
 	"github.com/wish/kcd/registry/ecr"
 	"github.com/wish/kcd/stats"
 	"k8s.io/api/admission/v1beta1"
@@ -18,7 +19,7 @@ import (
 const (
 	EnabledLabel = "kcd-version-patcher.wish.com/enabled"
 
-	PathsAnnotationKey = "kcd-version-patcher.wish.com/container"
+	KcdAppName = "kcdapp"
 
 	ContainerPatchPath = "/spec/template/spec/containers"
 
@@ -87,8 +88,7 @@ func (r Record) Get(nameParts []string, cName string) (string, string, bool) {
 }
 
 // Mutate tag applied by flux to version
-func Mutate(req *v1beta1.AdmissionRequest, stats stats.Stats) *v1beta1.AdmissionResponse {
-
+func Mutate(req *v1beta1.AdmissionRequest, stats stats.Stats, customClient *versioned.Clientset) *v1beta1.AdmissionResponse {
 	var newManifest objectWithMeta
 
 	if err := json.Unmarshal(req.Object.Raw, &newManifest); err != nil {
@@ -100,52 +100,63 @@ func Mutate(req *v1beta1.AdmissionRequest, stats stats.Stats) *v1beta1.Admission
 		}
 	}
 
-	glog.V(4).Infof("AdmissionReview for Kind=%v, Namespace=%v Name=%v (%v) UID=%v patchOperation=%v UserInfo=%v",
-		req.Kind, req.Namespace, req.Name, newManifest.Name, req.UID, req.Operation, req.UserInfo)
-
-	// if no enabled labeld is there, we skip the patching and passing the request.
-	v, ok := newManifest.Labels[EnabledLabel]
-	if !ok {
-		glog.V(4).Info("No label defined kcd-version-patcher.wish.com/enabled")
+	// We will use existing kcdapp label to locate container name
+	var kcdName string
+	if kcdAppName, ok := newManifest.Labels[KcdAppName]; !ok {
+		glog.Infof("Can not find kcdapp label in manifest")
 		return &v1beta1.AdmissionResponse{
 			Allowed: true,
 			Result: &metav1.Status{
-				Message: "Patching does not have defined boolean value enable: true or false",
+				Message: "Can not find kcdapp label in manifest",
 			},
 		}
+	} else {
+		kcdName = kcdAppName + "-kcd"
 	}
-	// if enable label is not TRUE or not boolean, pass the checking
-	if b, err := strconv.ParseBool(v); err != nil {
-		glog.V(4).Infof("Label kcd-version-patcher.wish.com/enabled is not boolean: %v", v)
-		return &v1beta1.AdmissionResponse{
-			Allowed: true,
-			Result: &metav1.Status{
-				Message: "Patching enabled is not boolean value",
-			},
-		}
-	} else if !b {
-		glog.V(4).Infof("Label kcd-version-patcher.wish.com/enabled is not true: %v", v)
+	// Retrieve kcd resource
+	kcd, err := customClient.CustomV1().KCDs(newManifest.Namespace).Get(kcdName, metav1.GetOptions{})
+
+	if err != nil {
+		glog.Errorf("Failed to find KCD resource in namespace=%s, name=%s, error=%v", newManifest.Namespace, newManifest.Name, err)
 		return &v1beta1.AdmissionResponse{
 			Allowed: true,
 			Result: &metav1.Status{
-				Message: "Patching is disabled",
+				Message: "Can not retrieve KCD resources",
 			},
 		}
+	} else {
+		glog.Infof("Kcd resource got: %v", kcd)
 	}
 
-	pathAnnotations := newManifest.GetAnnotations()
-	containerName, ok := pathAnnotations[PathsAnnotationKey]
-	if !ok {
-		return &v1beta1.AdmissionResponse{
-			Allowed: true,
-			Result: &metav1.Status{
-				Message: "Patching does not have defined path",
-			},
+	glog.V(4).Infof("AdmissionReview for Kind=%v, Namespace=%v Name=%v (%v) UID=%v patchOperation=%v UserInfo=%v KCD=%v",
+		req.Kind, req.Namespace, req.Name, newManifest.Name, req.UID, req.Operation, req.UserInfo, kcd)
+
+	// We only check if any labels for disabling
+	v, ok := newManifest.Labels[EnabledLabel]
+	if ok {
+		// if enable label is FALSE or not boolean, pass the checking
+		if b, err := strconv.ParseBool(v); err != nil {
+			glog.V(4).Infof("Label kcd-version-patcher.wish.com/enabled is not boolean: %v", v)
+			return &v1beta1.AdmissionResponse{
+				Allowed: true,
+				Result: &metav1.Status{
+					Message: "Patching enabled is not boolean value",
+				},
+			}
+		} else if !b {
+			glog.V(4).Infof("Label kcd-version-patcher.wish.com/enabled is not true: %v", v)
+			return &v1beta1.AdmissionResponse{
+				Allowed: true,
+				Result: &metav1.Status{
+					Message: "Patching is disabled",
+				},
+			}
 		}
 	}
 
-	// In case there is space inside
-	containerName = strings.TrimSpace(containerName)
+
+	containerName := kcd.Spec.Container.Name
+	glog.V(4).Infof("KCD resource container name to patch %s", containerName)
 
 	var currentMap map[string]interface{}
 

events/patch_test.go

@@ -512,7 +512,7 @@ func TestMutate(t *testing.T) {
 	}
 
 	for idx, test := range tests {
-		out := Mutate(test.in, nil)
+		out := Mutate(test.in, nil, nil)
 		if err := test.out.Validate(out); err != nil {
 			fmt.Println(idx)
 			t.Fatalf("Error: %v\n%v", err, out)

handler/server.go

@@ -29,6 +29,7 @@ import (
 	"k8s.io/apiserver/pkg/authorization/authorizer"
 	"k8s.io/apiserver/pkg/authorization/authorizerfactory"
 	"k8s.io/apiserver/pkg/server/options"
+	"github.com/wish/kcd/gok8s/client/clientset/versioned"
 )
 
 
@@ -50,7 +51,7 @@ func StaticContentHandler(content string) http.HandlerFunc {
 }
 
 // VersionPatchHandler returns a HandlerFunc that writes the given content to the response.
-func VersionPatchHandler(stats stats.Stats) http.HandlerFunc {
+func VersionPatchHandler(stats stats.Stats, customClient *versioned.Clientset) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		glog.V(4).Info("Enter mutation......")
 		var body []byte
@@ -73,7 +74,7 @@ func VersionPatchHandler(stats stats.Stats) http.HandlerFunc {
 			}
 		} else {
 			go func() {
-				admissionResponse = events.Mutate(ar.Request, stats)
+				admissionResponse = events.Mutate(ar.Request, stats, customClient)
 				c <- admissionResponse
 			}()
 		}
@@ -102,7 +103,7 @@ func VersionPatchHandler(stats stats.Stats) http.HandlerFunc {
 // NewServer creates and starts an http server to serve alive and deployment status endpoints
 // if server fails to start then, stop channel is closed notifying all listeners to the channel
 func NewServer(port int, certFile string, keyFile string, version string, resourceProvider resource.Provider, historyProvider history.Provider,
-	authOptions *options.DelegatingAuthenticationOptions, stopCh chan struct{}, stats stats.Stats) error {
+	authOptions *options.DelegatingAuthenticationOptions, stopCh chan struct{}, stats stats.Stats, customClient *versioned.Clientset) error {
 
 	//authOptions := options.NewDelegatingAuthenticationOptions()
 	authenticatorConfig, err := authOptions.ToAuthenticationConfig()
@@ -127,7 +128,7 @@ func NewServer(port int, certFile string, keyFile string, version string, resour
 	mux := goji.NewMux()
 	mux.Handle(pat.Get("/alive"), StaticContentHandler("alive"))
 	mux.Handle(pat.Get("/version"), StaticContentHandler(version))
-	mux.Handle(pat.Post("/mutate"), VersionPatchHandler(stats))
+	mux.Handle(pat.Post("/mutate"), VersionPatchHandler(stats, customClient))
 
 	kcdmux := goji.SubMux()
 	mux.Handle(pat.New("/kcd/*"), kcdmux)

main.go

@@ -218,7 +218,7 @@ func newRunCommand() *cobra.Command {
 				//return errors.Wrap(err, "Shutting down container version controller")
 			}
 		}()
-		err = handler.NewServer(params.port, params.certFile, params.keyFile, Version, resourceProvider, historyProvider, authOptions, stopCh, stats)
+		err = handler.NewServer(params.port, params.certFile, params.keyFile, Version, resourceProvider, historyProvider, authOptions, stopCh, stats, customClient)
 		if err != nil {
 			return errors.Wrap(err, "failed to start new server")
 		}