Skip to content

fix: fix topology injector bug #5911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
May 6, 2025
Merged

fix: fix topology injector bug #5911

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
df0d88d
fix webhook
jukie May 3, 2025
0ff44c6
lint and test fixes
jukie May 3, 2025
2dac24c
Merge branch 'main' into fix-webhook
jukie May 4, 2025
0b5f7f9
Merge branch 'main' into fix-webhook
jukie May 4, 2025
9f2a716
Merge branch 'main' into fix-webhook
jukie May 5, 2025
bc24bb2
Merge branch 'main' into fix-webhook
jukie May 5, 2025
08aa304
Merge branch 'main' into fix-webhook
jukie May 5, 2025
0b50125
Merge branch 'main' into fix-webhook
jukie May 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ require (
github.com/go-logfmt/logfmt v0.6.0
github.com/go-logr/logr v1.4.2
github.com/go-logr/zapr v1.3.0
github.com/go-openapi/jsonpointer v0.21.1
github.com/go-openapi/spec v0.21.0
github.com/go-openapi/strfmt v0.23.0
github.com/go-openapi/validate v0.24.0
Expand Down Expand Up @@ -62,6 +61,7 @@ require (
go.uber.org/zap v1.27.0
golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8
golang.org/x/net v0.39.0
gomodules.xyz/jsonpatch/v2 v2.4.0
google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a
google.golang.org/grpc v1.72.0
google.golang.org/grpc/security/advancedtls v1.0.0
Expand Down Expand Up @@ -221,6 +221,7 @@ require (
github.com/go-ole/go-ole v1.3.0 // indirect
github.com/go-openapi/analysis v0.23.0 // indirect
github.com/go-openapi/errors v0.22.0 // indirect
github.com/go-openapi/jsonpointer v0.21.1 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/loads v0.22.0 // indirect
github.com/go-openapi/swag v0.23.1 // indirect
Expand Down Expand Up @@ -489,7 +490,6 @@ require (
golang.org/x/time v0.10.0 // indirect
golang.org/x/tools v0.31.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2 // indirect
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect
gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
Expand Down
17 changes: 13 additions & 4 deletions internal/cmd/certgen.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@

"github.com/spf13/cobra"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/controller-runtime/pkg/client"
clicfg "sigs.k8s.io/controller-runtime/pkg/client/config"

Expand Down Expand Up @@ -80,7 +82,7 @@
if err = outputCertsForKubernetes(ctx, cli, cfg, overwriteControlPlaneCerts, certs); err != nil {
return fmt.Errorf("failed to output certificates: %w", err)
}
if err = patchTopologyInjectorWebhook(ctx, cli, cfg, certs.CACertificate); err != nil {
if err = patchTopologyInjectorWebhook(ctx, cli, cfg); err != nil {

Check warning on line 85 in internal/cmd/certgen.go

View check run for this annotation

Codecov / codecov/patch

internal/cmd/certgen.go#L85 

Added line #L85 was not covered by tests
return fmt.Errorf("failed to patch webhook: %w", err)
}
} else {
Expand Down Expand Up @@ -116,7 +118,7 @@
return nil
}

func patchTopologyInjectorWebhook(ctx context.Context, cli client.Client, cfg *config.Server, caBundle []byte) error {
func patchTopologyInjectorWebhook(ctx context.Context, cli client.Client, cfg *config.Server) error {
if disableTopologyInjector {
return nil
}
Expand All @@ -127,10 +129,17 @@
return fmt.Errorf("failed to get mutating webhook configuration: %w", err)
}

secretName := types.NamespacedName{Name: "envoy-gateway", Namespace: cfg.ControllerNamespace}
current := &corev1.Secret{}
if err := cli.Get(ctx, secretName, current); err != nil {
return fmt.Errorf("failed to get secret %s/%s: %w", current.Namespace, current.Name, err)
}

Check warning on line 136 in internal/cmd/certgen.go

View check run for this annotation

Codecov / codecov/patch

internal/cmd/certgen.go#L135-L136 

Added lines #L135 - L136 were not covered by tests

var updated bool
desiredBundle := current.Data["ca.crt"]
for i, webhook := range webhookCfg.Webhooks {
if !bytes.Equal(caBundle, webhook.ClientConfig.CABundle) {
webhookCfg.Webhooks[i].ClientConfig.CABundle = caBundle
if !bytes.Equal(desiredBundle, webhook.ClientConfig.CABundle) {
webhookCfg.Webhooks[i].ClientConfig.CABundle = desiredBundle
updated = true
}
}
Expand Down
19 changes: 13 additions & 6 deletions internal/cmd/certgen_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
Expand Down Expand Up @@ -57,7 +58,7 @@ func TestPatchTopologyWebhook(t *testing.T) {
cases := []struct {
caseName string
webhook *admissionregistrationv1.MutatingWebhookConfiguration
caBundle []byte
secret *corev1.Secret
wantErr error
wantPatch bool
}{
Expand All @@ -69,7 +70,10 @@ func TestPatchTopologyWebhook(t *testing.T) {
},
Webhooks: []admissionregistrationv1.MutatingWebhook{{ClientConfig: admissionregistrationv1.WebhookClientConfig{}}},
},
caBundle: []byte("foo"),
secret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: "envoy-gateway", Namespace: cfg.ControllerNamespace},
Data: map[string][]byte{"ca.crt": []byte("foo")},
},
wantErr: nil,
wantPatch: true,
},
Expand All @@ -81,25 +85,28 @@ func TestPatchTopologyWebhook(t *testing.T) {
},
Webhooks: []admissionregistrationv1.MutatingWebhook{{ClientConfig: admissionregistrationv1.WebhookClientConfig{CABundle: []byte("foo")}}},
},
caBundle: []byte("foo"),
secret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: "envoy-gateway", Namespace: cfg.ControllerNamespace},
Data: map[string][]byte{"ca.crt": []byte("foo")},
},
wantPatch: false,
},
}
for _, tc := range cases {
t.Run(tc.caseName, func(t *testing.T) {
fakeClient := fake.NewClientBuilder().
WithRuntimeObjects(tc.webhook).
WithRuntimeObjects(tc.webhook, tc.secret).
Build()
beforeWebhook := &admissionregistrationv1.MutatingWebhookConfiguration{}
require.NoError(t, fakeClient.Get(context.Background(), client.ObjectKey{Name: tc.webhook.Name}, beforeWebhook))
err = patchTopologyInjectorWebhook(context.Background(), fakeClient, cfg, tc.caBundle)

err = patchTopologyInjectorWebhook(context.Background(), fakeClient, cfg)
require.NoError(t, err)

afterWebhook := &admissionregistrationv1.MutatingWebhookConfiguration{}
require.NoError(t, fakeClient.Get(context.Background(), client.ObjectKey{Name: tc.webhook.Name}, afterWebhook))

require.Equal(t, afterWebhook.Webhooks[0].ClientConfig.CABundle, tc.caBundle)
require.Equal(t, afterWebhook.Webhooks[0].ClientConfig.CABundle, tc.secret.Data["ca.crt"])
assert.Equal(t, tc.wantPatch, beforeWebhook.GetResourceVersion() != afterWebhook.GetResourceVersion())
})
}
Expand Down
2 changes: 1 addition & 1 deletion internal/infrastructure/kubernetes/proxy/resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -402,7 +402,7 @@ func expectedContainerEnv(containerSpec *egv1a1.KubernetesContainerSpec, gateway
ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
APIVersion: "v1",
FieldPath: fmt.Sprintf("metadata.labels['%s']", corev1.LabelTopologyZone),
FieldPath: fmt.Sprintf("metadata.annotations['%s']", corev1.LabelTopologyZone),
},
},
},
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -142,7 +142,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -339,7 +339,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -338,7 +338,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -329,7 +329,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -275,7 +275,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -342,7 +342,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions .../infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -338,7 +338,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -329,7 +329,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -334,7 +334,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -342,7 +342,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -334,7 +334,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -142,7 +142,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
4 changes: 2 additions & 2 deletions internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down Expand Up @@ -331,7 +331,7 @@ spec:
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.labels['topology.kubernetes.io/zone']
fieldPath: metadata.annotations['topology.kubernetes.io/zone']
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
Expand Down
Loading