From 4a59d89c3427388bd452eca07230cfe5ae35d977 Mon Sep 17 00:00:00 2001 From: Mateo Florido Date: Thu, 1 Aug 2024 18:40:50 -0500 Subject: [PATCH] Address code review comments --- src/k8s/pkg/k8sd/api/certs_refresh.go | 7 ++++--- src/k8s/pkg/snap/snap.go | 4 ++++ src/k8s/pkg/utils/pki/generate.go | 6 +----- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/k8s/pkg/k8sd/api/certs_refresh.go b/src/k8s/pkg/k8sd/api/certs_refresh.go index 5aa4d9c662..d8e6eb81a2 100644 --- a/src/k8s/pkg/k8sd/api/certs_refresh.go +++ b/src/k8s/pkg/k8sd/api/certs_refresh.go @@ -25,6 +25,7 @@ import ( v1 "k8s.io/api/certificates/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + watch "k8s.io/apimachinery/pkg/watch" ) func (e *Endpoints) postRefreshCertsPlan(s state.State, r *http.Request) response.Response { @@ -141,7 +142,6 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo Organization: csr.organization, }, 2048, - nil, csr.hostnames, csr.ips, ) @@ -161,8 +161,10 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo }, metav1.CreateOptions{}); err != nil { return fmt.Errorf("failed to create CSR for %s: %w", csr.name, err) } + watcher, err := client.CertificatesV1().CertificateSigningRequests().Watch(ctx, metav1.SingleObject(metav1.ObjectMeta{Name: csr.name})) if err != nil { + log.V(1).Error(err, "failed to watch CSR") return fmt.Errorf("failed to watch CSR %s: %w", csr.name, err) } @@ -203,7 +205,7 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo } if err := g.Wait(); err != nil { - return response.InternalError(fmt.Errorf("failed to generate worker CSRs: %w", err)) + return response.InternalError(fmt.Errorf("failed to get worker node certificates: %w", err)) } if _, err = setup.EnsureWorkerPKI(snap, &certificates); err != nil { @@ -219,7 +221,6 @@ func refreshCertsRunWorker(s state.State, r *http.Request, snap snap.Snap) respo } // Restart the services - log.Info("Restarting kubelet and kube-proxy") if err := snap.RestartService(r.Context(), "kubelet"); err != nil { return response.InternalError(err) } diff --git a/src/k8s/pkg/snap/snap.go b/src/k8s/pkg/snap/snap.go index e0af05bd7b..cc6f835bb6 100644 --- a/src/k8s/pkg/snap/snap.go +++ b/src/k8s/pkg/snap/snap.go @@ -13,6 +13,7 @@ import ( "github.com/canonical/k8s/pkg/client/k8sd" "github.com/canonical/k8s/pkg/client/kubernetes" "github.com/canonical/k8s/pkg/k8sd/types" + "github.com/canonical/k8s/pkg/log" "github.com/canonical/k8s/pkg/utils" "github.com/moby/sys/mountinfo" "gopkg.in/yaml.v2" @@ -50,16 +51,19 @@ func NewSnap(opts SnapOpts) *snap { // StartService starts a k8s service. The name can be either prefixed or not. func (s *snap) StartService(ctx context.Context, name string) error { + log.FromContext(ctx).WithCallDepth(1).Info("Starting service", "service", name) return s.runCommand(ctx, []string{"snapctl", "start", "--enable", serviceName(name)}) } // StopService stops a k8s service. The name can be either prefixed or not. func (s *snap) StopService(ctx context.Context, name string) error { + log.FromContext(ctx).WithCallDepth(1).Info("Stopping service", "service", name) return s.runCommand(ctx, []string{"snapctl", "stop", "--disable", serviceName(name)}) } // RestartService restarts a k8s service. The name can be either prefixed or not. func (s *snap) RestartService(ctx context.Context, name string) error { + log.FromContext(ctx).WithCallDepth(1).Info("Restarting service", "service", name) return s.runCommand(ctx, []string{"snapctl", "restart", serviceName(name)}) } diff --git a/src/k8s/pkg/utils/pki/generate.go b/src/k8s/pkg/utils/pki/generate.go index a090b7d2e0..18eee9da90 100644 --- a/src/k8s/pkg/utils/pki/generate.go +++ b/src/k8s/pkg/utils/pki/generate.go @@ -124,7 +124,7 @@ func GenerateRSAKey(bits int) (string, string, error) { } // GenerateCSR generates a certificate signing request (CSR) and private key for the given subject. -func GenerateCSR(subject pkix.Name, bits int, priv any, dnsSANs []string, ipSANs []net.IP) (string, string, error) { +func GenerateCSR(subject pkix.Name, bits int, dnsSANs []string, ipSANs []net.IP) (string, string, error) { key, err := rsa.GenerateKey(rand.Reader, bits) if err != nil { return "", "", fmt.Errorf("failed to generate RSA private key: %w", err) @@ -134,10 +134,6 @@ func GenerateCSR(subject pkix.Name, bits int, priv any, dnsSANs []string, ipSANs return "", "", fmt.Errorf("failed to encode private key PEM") } - if priv == nil { - priv = key - } - csrKubeletServingTemplate := &x509.CertificateRequest{ Subject: subject, DNSNames: dnsSANs,