add ytt invocation

katmutua · katmutua · commit d0d25951fbc7 · 2022-12-02T15:55:36.000-05:00
diff --git a/cleanup.sh b/cleanup.sh
@@ -0,0 +1,27 @@
+set -euo pipefail
+
+# make sure to regenerate manifests and run tests 
+make all
+
+# delete any existing convention and deployment
+kubectl delete -f samples/ytt-based-conventions/ytt-example.yaml
+kapp delete -a conventions -n cartographer-system 
+
+# create a new deployment 
+kapp deploy -n cartographer-system -a conventions -f  <( \
+  ko resolve -f <( \
+    ytt \
+      -f dist/cartographer-conventions.yaml
+    ) \
+)
+
+# create the ytt based convention 
+kubectl apply -f samples/ytt-based-conventions/ytt-example.yaml
+#kubectl delete -f samples/ytt-based-conventions/ytt-example.yaml
+
+# inspect the ytt based convention
+kubectl get clusterpodconvention.conventions.carto.run/spring-ytt-sample -o yaml
+
+# create a workload 
+kubectl apply -f samples/ytt-based-conventions/workload.yaml
+#kubectl delete -f samples/ytt-based-conventions/workload.yaml
diff --git a/pkg/apis/conventions/v1alpha1/clusterpodconvention_validation.go b/pkg/apis/conventions/v1alpha1/clusterpodconvention_validation.go
@@ -82,9 +82,9 @@ func (s *ClusterPodConventionSpec) Validate() validation.FieldErrors {
 			errs = errs.Also(s.Webhook.Validate().ViaField("webhook"))
 		}
 		// only invoke ytt validations if the webhook configuration is not being used
-		if s.Webhook == nil && s.Ytt != nil {
-			errs = errs.Also(s.Webhook.Validate().ViaField("ytt"))
-		}
+		// if s.Webhook == nil && s.Ytt != nil {
+		// 	errs = errs.Also(s.Ytt.Validate().ViaField("ytt"))
+		// }
 	}
 
 	if s.SelectorTarget != PodTemplateSpecLabels && s.SelectorTarget != PodIntentLabels {
diff --git a/pkg/controllers/podintent_reconciler.go b/pkg/controllers/podintent_reconciler.go
@@ -20,16 +20,23 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"os"
+	"os/exec"
+	"path"
+	"runtime"
 	"sort"
 	"strings"
+	"time"
 
 	"github.com/go-logr/logr"
 	"github.com/google/go-containerregistry/pkg/authn/k8schain"
 	"github.com/vmware-labs/reconciler-runtime/apis"
 	"github.com/vmware-labs/reconciler-runtime/reconcilers"
 	"github.com/vmware-labs/reconciler-runtime/tracker"
+	"gopkg.in/yaml.v2"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
@@ -132,18 +139,46 @@ func ResolveConventions() reconcilers.SubReconciler {
 					convention.ClientConfig = *clientConfig
 				} else if source.Spec.Ytt != nil {
 					log.Info("handling a ytt based convention")
-					// read template spec and convenert to a sptream of bytes
-					// template
-					template := &parent.Spec.Template
+
+					// read template spec and convert to string
+					template := parent.Spec.Template.AsPodTemplateSpec()
+					log.Info("retrieved pod template spec from the workload", template.String())
+
 					// convert template as a stream of bytes
-					// templatesAsBytes = bytes.NewBuffer([]byte(template(string)))
+					templatesAsBytes := bytes.NewBuffer([]byte(template.String()))
+					log.Info("template spec as a stream of bytes", templatesAsBytes)
 
-					// convert template to a stream of bytes
-					// kubectl = "kubectl"
-					// ytt = "ytt"
-					// args
-					log.Info("your template spec", template.GetObjectMeta())
+					// setup stdin and stdout for ytt invocation
+					ytt := "ytt"
+
+					// ko copies the content of the kodata directory into the container at a path referenced by $KO_DATA_PATH
+					if kodata, ok := os.LookupEnv("KO_DATA_PATH"); ok {
+						ytt = path.Join(kodata, fmt.Sprintf("ytt-%s-%s", runtime.GOOS, runtime.GOARCH))
+					}
 
+					args := []string{"--version"}
+					cmd := exec.CommandContext(ctx, ytt, args...)
+
+					stdout := bytes.NewBuffer([]byte{})
+					stderr := bytes.NewBuffer([]byte{})
+					// stderr := bytes.NewBuffer([]byte{})
+
+					cmd.Stdin = templatesAsBytes
+					cmd.Stdout = stdout
+					cmd.Stderr = stderr
+
+					log.Info("ytt call", "args", args, "input", template)
+					cmd.Run()
+					// if err := cmd.Run(); err != nil {
+					// 	msg := stderr.String()
+					// 	if msg == "" {
+					// 		log.Error(err, "unable to apply ytt for", "ClusterPodConvention", msg)
+					// 		return nil
+					// 	}
+					// 	output := stdout.String()
+					// 	log.Info("ytt result", "output", output)
+					// 	return nil
+					// }
 					return nil
 				}
 				conventions = append(conventions, convention)
@@ -162,6 +197,50 @@ func ResolveConventions() reconcilers.SubReconciler {
 	}
 }
 
+func ApplyYtt(ctx context.Context, template conventionsv1alpha1.PodTemplateSpec) (interface{}, error) {
+	log := logr.FromContextOrDiscard(ctx)
+
+	ctx, cancel := context.WithTimeout(ctx, 4*time.Second)
+	defer cancel()
+
+	ytt := "ytt"
+	if kodata, ok := os.LookupEnv("KO_DATA_PATH"); ok {
+		ytt = path.Join(kodata, fmt.Sprintf("ytt-%s-%s", runtime.GOOS, runtime.GOARCH))
+	}
+
+	args := []string{"--", "version"}
+	stdin := bytes.NewReader([]byte(template.Spec.String()))
+	stdout := bytes.NewBuffer([]byte{})
+	stderr := bytes.NewBuffer([]byte{})
+
+	cmd := exec.CommandContext(ctx, ytt, args...)
+	cmd.Stdin = stdin
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
+
+	log.Info("ytt call args", args)
+	log.Info("ytt call input", template)
+
+	if err := cmd.Run(); err != nil {
+		msg := stderr.String()
+		if msg == "" {
+			log.Error(err, "failed handle ytt")
+			return nil, err
+		}
+		return nil, err
+	}
+	output := stdout.String()
+	log.Info("ytt result", "output", output)
+
+	stampedObject := &unstructured.Unstructured{}
+	log.Info("your stamped object", stampedObject)
+	if err := yaml.Unmarshal([]byte(output), stampedObject); err != nil {
+		// ytt should never return invalid yaml
+		return nil, err
+	}
+	return stampedObject, nil
+}
+
 // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch
 // +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;list;watch
 
diff --git a/samples/ytt-based-conventions/workload.yaml b/samples/ytt-based-conventions/workload.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: conventions.carto.run/v1alpha1
+kind: PodIntent
+metadata:
+  name: spring-sample
+spec:
+  template:
+    spec:
+      containers:
+      - name: workload
+        image: scothis/petclinic:sbom-20211210@sha256:8b517f21f283229e855e316e2753396239884eb9c4009ab6c797bdf2a041140f

Original file line number	Diff line number	Diff line change
`@@ -82,9 +82,9 @@ func (s *ClusterPodConventionSpec) Validate() validation.FieldErrors {`
`82`	`82`	`errs = errs.Also(s.Webhook.Validate().ViaField("webhook"))`
`83`	`83`	`}`
`84`	`84`	`// only invoke ytt validations if the webhook configuration is not being used`
`85`		`- if s.Webhook == nil && s.Ytt != nil {`
`86`		`- errs = errs.Also(s.Webhook.Validate().ViaField("ytt"))`
`87`		`- }`
	`85`	`+ // if s.Webhook == nil && s.Ytt != nil {`
	`86`	`+ // errs = errs.Also(s.Ytt.Validate().ViaField("ytt"))`
	`87`	`+ // }`
`88`	`88`	`}`
`89`	`89`
`90`	`90`	`if s.SelectorTarget != PodTemplateSpecLabels && s.SelectorTarget != PodIntentLabels {`