Support long identities (#71)

* formalizing the behavior to fall back to annotation if label isn't present Signed-off-by: Joe Peacock <joe_peacock@intuit.com> * Removing the hardcoded references to a default identity label Signed-off-by: Joe Peacock <joe_peacock@intuit.com> * Nil check Signed-off-by: Joe Peacock <joe_peacock@intuit.com> * Refactoring to add the rest of the admiral params to the singleton (and to enforce singleton-ness Signed-off-by: Joe Peacock <joe_peacock@intuit.com> * Another test Signed-off-by: Joe Peacock <joe_peacock@intuit.com> * coverage bump Signed-off-by: Joe Peacock <joe_peacock@intuit.com> * Whoops broke a test Signed-off-by: Joe Peacock <joe_peacock@intuit.com> * Adding warning for config re-initialization Signed-off-by: Joe Peacock <joe_peacock@intuit.com> * Fixed rebase-related issues Signed-off-by: Joe Peacock <joe_peacock@intuit.com> Signed-off-by: Madeline <madeline_li@intuit.com>
istio-ecosystem · Apr 20, 2020 · b0e4662 · b0e4662
1 parent 5716874
commit b0e4662
Show file tree

Hide file tree

Showing 22 changed files with 361 additions and 143 deletions.
diff --git a/admiral/cmd/admiral/cmd/root.go b/admiral/cmd/admiral/cmd/root.go
@@ -5,8 +5,8 @@ import (
 	"flag"
 	"fmt"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/clusters"
-	"github.com/prometheus/common/log"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/common"
+	log "github.com/sirupsen/logrus"
 	"os"
 	"os/signal"
 	"syscall"
@@ -21,10 +21,9 @@ var (
 
 // GetRootCmd returns the root of the cobra command-tree.
 func GetRootCmd(args []string) *cobra.Command {
-
 	var ()
 
-	params := clusters.AdmiralParams{LabelSet: &common.LabelSet{}}
+	params := common.AdmiralParams{LabelSet: &common.LabelSet{}}
 
 	rootCmd := &cobra.Command{
 		Use:          "Admiral",
@@ -82,8 +81,8 @@ func GetRootCmd(args []string) *cobra.Command {
 		"The label value, on a namespace, which tells Istio to perform sidecar injection")
 	rootCmd.PersistentFlags().StringVar(&params.HostnameSuffix, "hostname_suffix", "global",
 		"The hostname suffix to customize the cname generated by admiral. Default suffix value will be \"global\"")
-	rootCmd.PersistentFlags().StringVar(&params.LabelSet.WorkloadIdentityLabel, "workload_identity_label", "identity",
-		"The workload identity label key, on deployment which holds identity value used to generate cname by admiral. Default label key will be \"identity\"")
+	rootCmd.PersistentFlags().StringVar(&params.LabelSet.WorkloadIdentityKey, "workload_identity_key", "identity",
+		"The workload identity  key, on deployment which holds identity value used to generate cname by admiral. Default label key will be \"identity\" Admiral will look for a label with this key. If present, that will be used. If not, it will try an annotation (for use cases where an identity is longer than 63 chars)")
 
 	return rootCmd
 }

diff --git a/admiral/pkg/client/clientset/versioned/typed/admiral/model/admiral_client.go b/admiral/pkg/client/clientset/versioned/typed/admiral/model/admiral_client.go
diff --git a/admiral/pkg/clusters/handler.go b/admiral/pkg/clusters/handler.go
@@ -40,7 +40,7 @@ func updateIdentityDependencyCache(sourceIdentity string, identityDependencyCach
 	log.Infof(LogFormat, "Update", "dependency-cache", dr.Name, "", "Updated=true namespace="+dr.Namespace)
 }
 
-func handleDependencyRecord(sourceIdentity string, r *RemoteRegistry, rcs map[string]*RemoteController, config AdmiralParams, obj *v1.Dependency) {
+func handleDependencyRecord(sourceIdentity string, r *RemoteRegistry, rcs map[string]*RemoteController, obj *v1.Dependency) {
 
 	destinationIdentitys := obj.Spec.Destinations
 
@@ -78,7 +78,7 @@ func handleDependencyRecord(sourceIdentity string, r *RemoteRegistry, rcs map[st
 					continue
 				}
 				//TODO pass deployment
-				tmpSe := createServiceEntry(rc, config, r.AdmiralCache, deployment[0], serviceEntries)
+				tmpSe := createServiceEntry(rc, r.AdmiralCache, deployment[0], serviceEntries)
 
 				if tmpSe == nil {
 					continue
@@ -109,7 +109,7 @@ func handleDependencyRecord(sourceIdentity string, r *RemoteRegistry, rcs map[st
 	}
 
 	//add service entries for all dependencies in source cluster
-	AddServiceEntriesWithDr(r, sourceClusters, rcs, serviceEntries, config.SyncNamespace)
+	AddServiceEntriesWithDr(r.AdmiralCache, sourceClusters, rcs, serviceEntries)
 }
 
 func getIstioResourceName(host string, suffix string) string {
@@ -211,7 +211,7 @@ func handleDestinationRuleEvent(obj *v1alpha3.DestinationRule, dh *DestinationRu
 
 	var localIdentityId string
 
-	syncNamespace := dh.RemoteRegistry.config.SyncNamespace
+	syncNamespace := common.GetSyncNamespace()
 
 	r := dh.RemoteRegistry
 
@@ -253,7 +253,7 @@ func handleDestinationRuleEvent(obj *v1alpha3.DestinationRule, dh *DestinationRu
 
 		var drServiceEntries = make(map[string]*v1alpha32.ServiceEntry)
 
-		exist, err := rc.ServiceEntryController.IstioClient.NetworkingV1alpha3().ServiceEntries(r.config.SyncNamespace).Get(basicSEName, v12.GetOptions{})
+		exist, err := rc.ServiceEntryController.IstioClient.NetworkingV1alpha3().ServiceEntries(syncNamespace).Get(basicSEName, v12.GetOptions{})
 
 		var identityId = ""
 
@@ -279,36 +279,36 @@ func handleDestinationRuleEvent(obj *v1alpha3.DestinationRule, dh *DestinationRu
 
 		if event == common.Delete {
 
-			rc.DestinationRuleController.IstioClient.NetworkingV1alpha3().DestinationRules(r.config.SyncNamespace).Delete(obj.Name, &v12.DeleteOptions{})
+			rc.DestinationRuleController.IstioClient.NetworkingV1alpha3().DestinationRules(syncNamespace).Delete(obj.Name, &v12.DeleteOptions{})
 			log.Infof(LogFormat, "Delete", "DestinationRule", obj.Name, clusterId, "success")
-			rc.ServiceEntryController.IstioClient.NetworkingV1alpha3().ServiceEntries(r.config.SyncNamespace).Delete(seName, &v12.DeleteOptions{})
+			rc.ServiceEntryController.IstioClient.NetworkingV1alpha3().ServiceEntries(syncNamespace).Delete(seName, &v12.DeleteOptions{})
 			log.Infof(LogFormat, "Delete", "ServiceEntry", seName, clusterId, "success")
 			for _, subset := range destinationRule.Subsets {
 				sseName := seName + common.Dash + subset.Name
-				rc.ServiceEntryController.IstioClient.NetworkingV1alpha3().ServiceEntries(r.config.SyncNamespace).Delete(sseName, &v12.DeleteOptions{})
+				rc.ServiceEntryController.IstioClient.NetworkingV1alpha3().ServiceEntries(syncNamespace).Delete(sseName, &v12.DeleteOptions{})
 				log.Infof(LogFormat, "Delete", "ServiceEntry", sseName, clusterId, "success")
 			}
-			rc.DestinationRuleController.IstioClient.NetworkingV1alpha3().DestinationRules(r.config.SyncNamespace).Delete(localDrName, &v12.DeleteOptions{})
+			rc.DestinationRuleController.IstioClient.NetworkingV1alpha3().DestinationRules(syncNamespace).Delete(localDrName, &v12.DeleteOptions{})
 			log.Infof(LogFormat, "Delete", "DestinationRule", localDrName, clusterId, "success")
 
 		} else {
 
-			exist, _ := rc.DestinationRuleController.IstioClient.NetworkingV1alpha3().DestinationRules(r.config.SyncNamespace).Get(obj.Name, v12.GetOptions{})
+			exist, _ := rc.DestinationRuleController.IstioClient.NetworkingV1alpha3().DestinationRules(syncNamespace).Get(obj.Name, v12.GetOptions{})
 
 			//copy destination rule only to other clusters
 			if dependentCluster != clusterId {
-				addUpdateDestinationRule(obj, exist, r.config.SyncNamespace, rc)
+				addUpdateDestinationRule(obj, exist, syncNamespace, rc)
 			}
 
 			if drServiceEntries != nil {
 				for _seName, se := range drServiceEntries {
-					existsServiceEntry, _ = rc.ServiceEntryController.IstioClient.NetworkingV1alpha3().ServiceEntries(r.config.SyncNamespace).Get(_seName, v12.GetOptions{})
-					newServiceEntry = createServiceEntrySkeletion(*se, _seName, r.config.SyncNamespace)
+					existsServiceEntry, _ = rc.ServiceEntryController.IstioClient.NetworkingV1alpha3().ServiceEntries(syncNamespace).Get(_seName, v12.GetOptions{})
+					newServiceEntry = createServiceEntrySkeletion(*se, _seName, syncNamespace)
 					if err != nil {
 						log.Warnf(LogErrFormat, "Create", "ServiceEntry", seName, clusterId, err)
 					}
 					if newServiceEntry != nil {
-						addUpdateServiceEntry(newServiceEntry, existsServiceEntry, r.config.SyncNamespace, rc)
+						addUpdateServiceEntry(newServiceEntry, existsServiceEntry, syncNamespace, rc)
 					}
 					//cache the subset service entries for updating them later for pod events
 					if dependentCluster == clusterId && se.Resolution == v1alpha32.ServiceEntry_STATIC {
@@ -319,15 +319,15 @@ func handleDestinationRuleEvent(obj *v1alpha3.DestinationRule, dh *DestinationRu
 
 			if dependentCluster == clusterId {
 				//we need a destination rule with local fqdn for destination rules created with cnames to work in local cluster
-				createDestinationRuleForLocal(rc, localDrName, localIdentityId, clusterId, &destinationRule, r.config.SyncNamespace, r.config.HostnameSuffix, r.config.LabelSet.WorkloadIdentityLabel)
+				createDestinationRuleForLocal(rc, localDrName, localIdentityId, clusterId, &destinationRule)
 			}
 
 		}
 	}
 }
 
 func createDestinationRuleForLocal(remoteController *RemoteController, localDrName string, identityId string, clusterId string,
-	destinationRule *v1alpha32.DestinationRule, syncNamespace string, nameSuffix string, identifier string) {
+	destinationRule *v1alpha32.DestinationRule) {
 
 	deployment := remoteController.DeploymentController.Cache.Get(identityId)
 
@@ -343,9 +343,10 @@ func createDestinationRuleForLocal(remoteController *RemoteController, localDrNa
 		break
 	}
 
+	syncNamespace := common.GetSyncNamespace()
 	serviceInstance := getServiceForDeployment(remoteController, deploymentInstance)
 
-	cname := common.GetCname(deploymentInstance, identifier, nameSuffix)
+	cname := common.GetCname(deploymentInstance, common.GetHostnameSuffix(), common.GetWorkloadIdentifier())
 	if cname == destinationRule.Host {
 		destinationRule.Host = serviceInstance.Name + common.Sep + serviceInstance.Namespace + common.DotLocalDomainSuffix
 		existsDestinationRule, err := remoteController.DestinationRuleController.IstioClient.NetworkingV1alpha3().DestinationRules(syncNamespace).Get(localDrName, v12.GetOptions{})
@@ -371,7 +372,9 @@ func handleVirtualServiceEvent(obj *v1alpha3.VirtualService, vh *VirtualServiceH
 
 	r := vh.RemoteRegistry
 
-	if obj.Namespace == r.config.SyncNamespace {
+	syncNamespace := common.GetSyncNamespace()
+
+	if obj.Namespace == syncNamespace {
 		log.Infof(LogFormat, "Event", resourceType, obj.Name, clusterId, "Skipping the namespace: "+obj.Namespace)
 		return
 	}
@@ -398,11 +401,11 @@ func handleVirtualServiceEvent(obj *v1alpha3.VirtualService, vh *VirtualServiceH
 
 			if event == common.Delete {
 				log.Infof(LogFormat, "Delete", "VirtualService", obj.Name, clusterId, "Success")
-				rc.VirtualServiceController.IstioClient.NetworkingV1alpha3().VirtualServices(r.config.SyncNamespace).Delete(obj.Name, &v12.DeleteOptions{})
+				rc.VirtualServiceController.IstioClient.NetworkingV1alpha3().VirtualServices(syncNamespace).Delete(obj.Name, &v12.DeleteOptions{})
 
 			} else {
 
-				exist, _ := rc.VirtualServiceController.IstioClient.NetworkingV1alpha3().VirtualServices(r.config.SyncNamespace).Get(obj.Name, v12.GetOptions{})
+				exist, _ := rc.VirtualServiceController.IstioClient.NetworkingV1alpha3().VirtualServices(syncNamespace).Get(obj.Name, v12.GetOptions{})
 
 				//change destination host for all http routes <service_name>.<ns>. to same as host on the virtual service
 				for _, httpRoute := range virtualService.Http {
@@ -419,7 +422,7 @@ func handleVirtualServiceEvent(obj *v1alpha3.VirtualService, vh *VirtualServiceH
 					}
 				}
 
-				addUpdateVirtualService(obj, exist, vh.RemoteRegistry.config.SyncNamespace, rc)
+				addUpdateVirtualService(obj, exist, syncNamespace, rc)
 			}
 		}
 

diff --git a/admiral/pkg/clusters/registry.go b/admiral/pkg/clusters/registry.go
@@ -4,14 +4,14 @@ import (
 	"context"
 	"fmt"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/istio"
+	"k8s.io/client-go/rest"
 	"sync"
 	"time"
 
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/admiral"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/common"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/secret"
 	log "github.com/sirupsen/logrus"
-	"k8s.io/client-go/rest"
 
 )
 
@@ -20,10 +20,12 @@ const (
 	LogErrFormat = "op=%s type=%v name=%v cluster=%s, e=%v"
 )
 
-func InitAdmiral(ctx context.Context, params AdmiralParams) (*RemoteRegistry, error) {
+func InitAdmiral(ctx context.Context, params common.AdmiralParams) (*RemoteRegistry, error) {
 
 	log.Infof("Initializing Admiral with params: %v", params)
 
+	common.InitializeConfig(params)
+
 	w := RemoteRegistry{
 		ctx: ctx,
 	}
@@ -38,7 +40,6 @@ func InitAdmiral(ctx context.Context, params AdmiralParams) (*RemoteRegistry, er
 		return nil, fmt.Errorf(" Error with dependency controller init: %v", err)
 	}
 
-	w.config = params
 	w.remoteControllers = make(map[string]*RemoteController)
 
 	w.AdmiralCache = &AdmiralCache{
@@ -51,14 +52,14 @@ func InitAdmiral(ctx context.Context, params AdmiralParams) (*RemoteRegistry, er
 		SubsetServiceEntryIdentityCache: &sync.Map{},
 		ServiceEntryAddressStore:        &ServiceEntryAddressStore{EntryAddresses: map[string]string{}, Addresses: []string{}}}
 
-	configMapController, err := admiral.NewConfigMapController(w.config.KubeconfigPath, w.config.SyncNamespace)
+	configMapController, err := admiral.NewConfigMapController()
 	if err != nil {
 		return nil, fmt.Errorf(" Error with configmap controller init: %v", err)
 	}
 	w.AdmiralCache.ConfigMapController = configMapController
 	loadServiceEntryCacheData(w.AdmiralCache.ConfigMapController, w.AdmiralCache)
 
-	err = createSecretController(ctx, &w, params)
+	err = createSecretController(ctx, &w)
 	if err != nil {
 		return nil, fmt.Errorf(" Error with secret control init: %v", err)
 	}
@@ -68,19 +69,19 @@ func InitAdmiral(ctx context.Context, params AdmiralParams) (*RemoteRegistry, er
 	return &w, nil
 }
 
-func createSecretController(ctx context.Context, w *RemoteRegistry, params AdmiralParams) error {
+func createSecretController(ctx context.Context, w *RemoteRegistry) error {
 	var err error
 
-	w.secretClient, err = admiral.K8sClientFromPath(params.KubeconfigPath)
+	w.secretClient, err = admiral.K8sClientFromPath(common.GetKubeconfigPath())
 	if err != nil {
 		return fmt.Errorf("could not create K8s client: %v", err)
 	}
 
 	err = secret.StartSecretController(w.secretClient,
 		w.createCacheController,
 		w.deleteCacheController,
-		w.config.ClusterRegistriesNamespace,
-		ctx, params.SecretResolver)
+		common.GetClusterRegistriesNamespace(),
+		ctx, common.GetSecretResolver())
 
 	if err != nil {
 		return fmt.Errorf("could not start secret controller: %v", err)
@@ -108,14 +109,14 @@ func (r *RemoteRegistry) createCacheController(clientConfig *rest.Config, cluste
 	}
 
 	log.Infof("starting deployment controller clusterID: %v", clusterID)
-	rc.DeploymentController, err = admiral.NewDeploymentController(stop, &DeploymentHandler{RemoteRegistry: r}, clientConfig, resyncPeriod, r.config.LabelSet)
+	rc.DeploymentController, err = admiral.NewDeploymentController(stop, &DeploymentHandler{RemoteRegistry: r}, clientConfig, resyncPeriod)
 
 	if err != nil {
 		return fmt.Errorf(" Error with DeploymentController controller init: %v", err)
 	}
 
 	log.Infof("starting pod controller clusterID: %v", clusterID)
-	rc.PodController, err = admiral.NewPodController(stop, &PodHandler{RemoteRegistry: r}, clientConfig, resyncPeriod, r.config.LabelSet)
+	rc.PodController, err = admiral.NewPodController(stop, &PodHandler{RemoteRegistry: r}, clientConfig, resyncPeriod)
 
 	if err != nil {
 		return fmt.Errorf(" Error with PodController controller init: %v", err)