Reconcile on all events that may affect webhook services

Author: zohar7ch

src/mapper/cmd/main.go

@@ -260,8 +260,8 @@ func main() {
 		}
 
 		webhookServicesHandler := webhook_traffic.NewWebhookServicesHandler(mgr.GetClient(), cloudClient, kubeFinder)
-		validatingWebhooksReconciler := webhook_traffic.NewValidatingWebhookReconciler(webhookServicesHandler)
-		if err = validatingWebhooksReconciler.SetupWithManager(mgr); err != nil {
+		webhookTrafficReconcilerManager := webhook_traffic.NewWebhookTrafficReconcilerManager(mgr.GetClient(), webhookServicesHandler)
+		if err = webhookTrafficReconcilerManager.SetupWithManager(mgr); err != nil {
 			logrus.WithError(err).Panic("unable to create validating webhooks reconciler")
 		}
 

src/mapper/pkg/webhook_traffic/conversion_webhook_reconciler.go

@@ -0,0 +1,49 @@
+package webhook_traffic
+
+import (
+	"context"
+	"github.com/otterize/intents-operator/src/shared/errors"
+	"github.com/otterize/intents-operator/src/shared/injectablerecorder"
+	"github.com/samber/lo"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/client-go/tools/record"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
+)
+
+//+kubebuilder:rbac:groups="apiextensions.k8s.io",resources=customresourcedefinitions,verbs=get;list;watch;update;create;patch
+
+type ConversionWebhookReconciler struct {
+	client.Client
+	injectablerecorder.InjectableRecorder
+	handler *WebhookServicesHandler
+}
+
+func NewConversionWebhookReconciler(handler *WebhookServicesHandler) *ConversionWebhookReconciler {
+	return &ConversionWebhookReconciler{handler: handler}
+}
+
+func (r *ConversionWebhookReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	recorder := mgr.GetEventRecorderFor("intents-operator")
+	r.InjectRecorder(recorder)
+
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&apiextensionsv1.CustomResourceDefinition{}).
+		WithOptions(controller.Options{RecoverPanic: lo.ToPtr(true)}).
+		Complete(r)
+}
+
+func (r *ConversionWebhookReconciler) InjectRecorder(recorder record.EventRecorder) {
+	r.Recorder = recorder
+}
+
+func (r *ConversionWebhookReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	err := r.handler.HandleAll(ctx)
+
+	if err != nil {
+		return ctrl.Result{}, errors.Wrap(err)
+	}
+
+	return ctrl.Result{}, nil
+}

src/mapper/pkg/webhook_traffic/endpoints_reconciler.go

@@ -0,0 +1,49 @@
+package webhook_traffic
+
+import (
+	"context"
+	"github.com/otterize/intents-operator/src/shared/injectablerecorder"
+	"github.com/samber/lo"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/tools/record"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
+)
+
+// +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=endpoints,verbs=get;list;watch
+
+type EndpointsReconciler struct {
+	client.Client
+	injectablerecorder.InjectableRecorder
+	handler *WebhookServicesHandler
+}
+
+func NewEndpointsReconciler(handler *WebhookServicesHandler) *EndpointsReconciler {
+	return &EndpointsReconciler{
+		handler: handler,
+	}
+}
+
+func (r *EndpointsReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	recorder := mgr.GetEventRecorderFor("intents-operator")
+	r.InjectRecorder(recorder)
+
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&corev1.Service{}).
+		WithOptions(controller.Options{RecoverPanic: lo.ToPtr(true)}).
+		Complete(r)
+}
+
+func (r *EndpointsReconciler) InjectRecorder(recorder record.EventRecorder) {
+	r.Recorder = recorder
+}
+
+func (r *EndpointsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	err := r.handler.HandleAll(ctx)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
+	return ctrl.Result{}, nil
+}

src/mapper/pkg/webhook_traffic/mutating_webhook_reconciler.go

@@ -0,0 +1,49 @@
+package webhook_traffic
+
+import (
+	"context"
+	"github.com/otterize/intents-operator/src/shared/errors"
+	"github.com/otterize/intents-operator/src/shared/injectablerecorder"
+	"github.com/samber/lo"
+	admissionv1 "k8s.io/api/admissionregistration/v1"
+	"k8s.io/client-go/tools/record"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
+)
+
+// +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatinghookconfigurations,verbs=get;list;watch
+
+type MutatingWebhookReconciler struct {
+	client.Client
+	injectablerecorder.InjectableRecorder
+	handler *WebhookServicesHandler
+}
+
+func NewMutatingWebhookReconciler(handler *WebhookServicesHandler) *MutatingWebhookReconciler {
+	return &MutatingWebhookReconciler{handler: handler}
+}
+
+func (r *MutatingWebhookReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	recorder := mgr.GetEventRecorderFor("intents-operator")
+	r.InjectRecorder(recorder)
+
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&admissionv1.MutatingWebhookConfiguration{}).
+		WithOptions(controller.Options{RecoverPanic: lo.ToPtr(true)}).
+		Complete(r)
+}
+
+func (r *MutatingWebhookReconciler) InjectRecorder(recorder record.EventRecorder) {
+	r.Recorder = recorder
+}
+
+func (r *MutatingWebhookReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	err := r.handler.HandleAll(ctx)
+
+	if err != nil {
+		return ctrl.Result{}, errors.Wrap(err)
+	}
+
+	return ctrl.Result{}, nil
+}

src/mapper/pkg/webhook_traffic/services_reconciler.go

@@ -0,0 +1,50 @@
+package webhook_traffic
+
+import (
+	"context"
+	"github.com/otterize/intents-operator/src/shared/injectablerecorder"
+	"github.com/samber/lo"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/tools/record"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
+)
+
+// +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=services,verbs=get;list;watch
+
+type ServicesReconciler struct {
+	client.Client
+
+	injectablerecorder.InjectableRecorder
+	handler *WebhookServicesHandler
+}
+
+func NewServicesReconciler(handler *WebhookServicesHandler) *ServicesReconciler {
+	return &ServicesReconciler{
+		handler: handler,
+	}
+}
+
+func (r *ServicesReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	recorder := mgr.GetEventRecorderFor("intents-operator")
+	r.InjectRecorder(recorder)
+
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&corev1.Service{}).
+		WithOptions(controller.Options{RecoverPanic: lo.ToPtr(true)}).
+		Complete(r)
+}
+
+func (r *ServicesReconciler) InjectRecorder(recorder record.EventRecorder) {
+	r.Recorder = recorder
+}
+
+func (r *ServicesReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	err := r.handler.HandleAll(ctx)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
+	return ctrl.Result{}, nil
+}

src/mapper/pkg/webhook_traffic/webhook_traffic_reconciler_manager.go

@@ -0,0 +1,54 @@
+package webhook_traffic
+
+import (
+	"context"
+	"github.com/otterize/intents-operator/src/shared/errors"
+	"github.com/otterize/intents-operator/src/shared/injectablerecorder"
+	"k8s.io/client-go/tools/record"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type WebhookTrafficReconciler interface {
+	SetupWithManager(mgr ctrl.Manager) error
+	InjectRecorder(recorder record.EventRecorder)
+	Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
+}
+
+type WebhookTrafficReconcilerManager struct {
+	client.Client
+	injectablerecorder.InjectableRecorder
+	handler     *WebhookServicesHandler
+	reconcilers []WebhookTrafficReconciler
+}
+
+func NewWebhookTrafficReconcilerManager(client client.Client, handler *WebhookServicesHandler) *WebhookTrafficReconcilerManager {
+	return &WebhookTrafficReconcilerManager{
+		Client:  client,
+		handler: handler,
+		reconcilers: []WebhookTrafficReconciler{
+			NewValidatingWebhookReconciler(handler),
+			NewMutatingWebhookReconciler(handler),
+			NewConversionWebhookReconciler(handler),
+			NewServicesReconciler(handler),  // We need the service itself when reporting to Otterize cloud (for name resolution)
+			NewEndpointsReconciler(handler), // We need the service itself when reporting to Otterize cloud (for name resolution)
+		},
+	}
+}
+
+func (r *WebhookTrafficReconcilerManager) SetupWithManager(mgr ctrl.Manager) error {
+	recorder := mgr.GetEventRecorderFor("intents-operator")
+	r.InjectRecorder(recorder)
+
+	for _, reconciler := range r.reconcilers {
+		if err := reconciler.SetupWithManager(mgr); err != nil {
+			return errors.Wrap(err)
+		}
+	}
+
+	return nil
+}
+
+func (r *WebhookTrafficReconcilerManager) InjectRecorder(recorder record.EventRecorder) {
+	r.Recorder = recorder
+}