Address code review comments

canonical · Aug 1, 2024 · 4a59d89 · 4a59d89
1 parent 6a422cd
commit 4a59d89
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/src/k8s/pkg/k8sd/api/certs_refresh.go b/src/k8s/pkg/k8sd/api/certs_refresh.go
@@ -25,6 +25,7 @@ import (
 	v1 "k8s.io/api/certificates/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	watch "k8s.io/apimachinery/pkg/watch"
 )
 
 func (e *Endpoints) postRefreshCertsPlan(s state.State, r *http.Request) response.Response {
@@ -141,7 +142,6 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo
 					Organization: csr.organization,
 				},
 				2048,
-				nil,
 				csr.hostnames,
 				csr.ips,
 			)
@@ -161,8 +161,10 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo
 			}, metav1.CreateOptions{}); err != nil {
 				return fmt.Errorf("failed to create CSR for %s: %w", csr.name, err)
 			}
+
 			watcher, err := client.CertificatesV1().CertificateSigningRequests().Watch(ctx, metav1.SingleObject(metav1.ObjectMeta{Name: csr.name}))
 			if err != nil {
+				log.V(1).Error(err, "failed to watch CSR")
 				return fmt.Errorf("failed to watch CSR %s: %w", csr.name, err)
 			}
 
@@ -203,7 +205,7 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo
 	}
 
 	if err := g.Wait(); err != nil {
-		return response.InternalError(fmt.Errorf("failed to generate worker CSRs: %w", err))
+		return response.InternalError(fmt.Errorf("failed to get worker node certificates: %w", err))
 	}
 
 	if _, err = setup.EnsureWorkerPKI(snap, &certificates); err != nil {
@@ -219,7 +221,6 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo
 	}
 
 	// Restart the services
-	log.Info("Restarting kubelet and kube-proxy")
 	if err := snap.RestartService(r.Context(), "kubelet"); err != nil {
 		return response.InternalError(err)
 	}

diff --git a/src/k8s/pkg/snap/snap.go b/src/k8s/pkg/snap/snap.go
@@ -13,6 +13,7 @@ import (
 	"github.com/canonical/k8s/pkg/client/k8sd"
 	"github.com/canonical/k8s/pkg/client/kubernetes"
 	"github.com/canonical/k8s/pkg/k8sd/types"
+	"github.com/canonical/k8s/pkg/log"
 	"github.com/canonical/k8s/pkg/utils"
 	"github.com/moby/sys/mountinfo"
 	"gopkg.in/yaml.v2"
@@ -50,16 +51,19 @@ func NewSnap(opts SnapOpts) *snap {
 
 // StartService starts a k8s service. The name can be either prefixed or not.
 func (s *snap) StartService(ctx context.Context, name string) error {
+	log.FromContext(ctx).WithCallDepth(1).Info("Starting service", "service", name)
 	return s.runCommand(ctx, []string{"snapctl", "start", "--enable", serviceName(name)})
 }
 
 // StopService stops a k8s service. The name can be either prefixed or not.
 func (s *snap) StopService(ctx context.Context, name string) error {
+	log.FromContext(ctx).WithCallDepth(1).Info("Stopping service", "service", name)
 	return s.runCommand(ctx, []string{"snapctl", "stop", "--disable", serviceName(name)})
 }
 
 // RestartService restarts a k8s service. The name can be either prefixed or not.
 func (s *snap) RestartService(ctx context.Context, name string) error {
+	log.FromContext(ctx).WithCallDepth(1).Info("Restarting service", "service", name)
 	return s.runCommand(ctx, []string{"snapctl", "restart", serviceName(name)})
 }
 

diff --git a/src/k8s/pkg/utils/pki/generate.go b/src/k8s/pkg/utils/pki/generate.go
@@ -124,7 +124,7 @@ func GenerateRSAKey(bits int) (string, string, error) {
 }
 
 // GenerateCSR generates a certificate signing request (CSR) and private key for the given subject.
-func GenerateCSR(subject pkix.Name, bits int, priv any, dnsSANs []string, ipSANs []net.IP) (string, string, error) {
+func GenerateCSR(subject pkix.Name, bits int, dnsSANs []string, ipSANs []net.IP) (string, string, error) {
 	key, err := rsa.GenerateKey(rand.Reader, bits)
 	if err != nil {
 		return "", "", fmt.Errorf("failed to generate RSA private key: %w", err)
@@ -134,10 +134,6 @@ func GenerateCSR(subject pkix.Name, bits int, priv any, dnsSANs []string, ipSANs
 		return "", "", fmt.Errorf("failed to encode private key PEM")
 	}
 
-	if priv == nil {
-		priv = key
-	}
-
 	csrKubeletServingTemplate := &x509.CertificateRequest{
 		Subject:     subject,
 		DNSNames:    dnsSANs,