Merge pull request #1 from neilharris123/neil/init_metamirror

Add metamirror config

.gitignore

@@ -0,0 +1,25 @@
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin
+testbin/*
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+*.swp
+*.swo
+*~

Dockerfile

@@ -0,0 +1,22 @@
+FROM golang:1.18 as builder
+
+WORKDIR /workspace
+
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+COPY controllers/ controllers/
+COPY config/ config/
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
+
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER 65532:65532
+
+ENTRYPOINT ["/manager"]

PROJECT

@@ -0,0 +1,15 @@
+domain: metamirror.es
+layout:
+- go.kubebuilder.io/v3
+plugins:
+  manifests.sdk.operatorframework.io/v2: {}
+  scorecard.sdk.operatorframework.io/v2: {}
+projectName: k8s-metamirror
+repo: github.com/neilharris123/k8s-metamirror
+resources:
+- controller: true
+  group: core
+  kind: Pod
+  path: k8s.io/api/core/v1
+  version: v1
+version: "3"

README.md

@@ -1 +1,45 @@
-# k8s-metamirror
+# k8s-metamirror
+
+A Kubernetes operator to synchronize selected annotation and label values in running Pods.
+
+## Usage
+
+The operator requires `get`, `list`, `patch`, `update` and `watch` permissions on Pods cluster wide. Minimal RBAC resource and operator manifests can be found in [k8s-resources](https://github.com/neilharris123/k8s-metamirror/tree/main/k8s-resources).
+
+Set the required environment variables in the metamirror-operator pod:
+
+```Bash
+...
+  env:
+  - name: MM_ANNOTATION
+    value: "example/annotation" # an annotation key present in other pod(s). The operator will copy the corresponding annotation value.
+  - name: MM_LABEL
+    value: "examplelabel"       # the label name to be added to pod(s) with the "example/annotation" annotation. The value of the label will be that of the copied annotation value.
+```
+
+Deploy a seperate pod with the relevent annotation key and an arbitary value:
+
+```Bash
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    example/annotation: "foo"
+  labels: {}
+  name: test
+spec:
+  containers:
+  - image: alpine:3.16
+    imagePullPolicy: Always
+    name: test
+```
+
+### Results
+
+The operator adds a label to the new pod, combining the MM_LABEL env var and extracted annotation value.
+```Bash
+kubectl get pod test --show-labels
+
+NAME   READY   STATUS    RESTARTS   AGE   LABELS
+test   1/1     Running   0          12s   examplelabel=foo
+```

config/config.go

@@ -6,12 +6,12 @@ import (
 )
 
 var Metadata struct {
-    annotation  string `envconfig:"annotation"`
-    label       string `envconfig:"label"`
+    Annotation  string `envconfig:"annotation"`
+    Label       string `envconfig:"label"`
 }
 
 func init() {
-  err := envconfig.Process("", &Metadata)
+  err := envconfig.Process("mm", &Metadata)
   if err != nil {
     log.Fatal(err)
   }

controllers/pod_controller.go

@@ -0,0 +1,89 @@
+package controllers
+
+import (
+  "context"
+
+  "github.com/go-logr/logr"
+  corev1 "k8s.io/api/core/v1"
+  apierrors "k8s.io/apimachinery/pkg/api/errors"
+  "k8s.io/apimachinery/pkg/runtime"
+  ctrl "sigs.k8s.io/controller-runtime"
+  "sigs.k8s.io/controller-runtime/pkg/client"
+  "github.com/neilharris123/k8s-metamirror/config"
+)
+
+// PodReconciler reconciles a Pod object
+type PodReconciler struct {
+client.Client
+  Log    logr.Logger
+  Scheme *runtime.Scheme
+}
+
+func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+  log := r.Log.WithValues("pod", req.NamespacedName)
+
+  /*
+     Step 0: Fetch the Pod from the Kubernetes API.
+  */
+
+  var pod corev1.Pod
+  if err := r.Get(ctx, req.NamespacedName, &pod); err != nil {
+    if apierrors.IsNotFound(err) {
+      // we'll ignore not-found errors, since we can get them on deleted requests.
+      return ctrl.Result{}, nil
+    }
+    log.Error(err, "unable to fetch Pod")
+    return ctrl.Result{}, err
+  }
+
+  /*
+     Step 1: Add the label if the annotation exists, but the label does not
+  */
+
+  _, targetAnnotation := pod.Annotations[config.Metadata.Annotation]
+  targetLabel := pod.Labels[config.Metadata.Label] == pod.Annotations[config.Metadata.Annotation]
+
+
+  if targetAnnotation == targetLabel {
+    // The desired state and actual state of the Pod are the same.
+    // No further action is required by the operator at this moment.
+    log.Info("no update required")
+    return ctrl.Result{}, nil
+  }
+
+  if targetAnnotation {
+    // If the label should be set but is not, set it.
+    if pod.Labels == nil {
+      pod.Labels = make(map[string]string)
+    }
+    pod.Labels[config.Metadata.Label] = pod.Annotations[config.Metadata.Annotation]
+    log.Info("adding label")
+  }
+
+  /*
+     Step 2: Push the updated pod to the Kubernetes API.
+  */
+
+  if err := r.Update(ctx, &pod); err != nil {
+    if apierrors.IsConflict(err) {
+      // If the Pod has been by another process since we read it.
+      // Requeue the Pod to try to reconciliate again.
+      return ctrl.Result{Requeue: true}, nil
+    }
+    if apierrors.IsNotFound(err) {
+      // The Pod has been deleted since we read it.
+      // Requeue the Pod to try to reconciliate again.
+      return ctrl.Result{Requeue: true}, nil
+    }
+    log.Error(err, "unable to update Pod")
+    return ctrl.Result{}, err
+  }
+  return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *PodReconciler) SetupWithManager(mgr ctrl.Manager) error {
+  return ctrl.NewControllerManagedBy(mgr).
+    For(&corev1.Pod{}).
+    Complete(r)
+}

go.mod

@@ -0,0 +1,84 @@
+module github.com/neilharris123/k8s-metamirror
+
+go 1.18
+
+require (
+	github.com/go-logr/logr v1.2.0
+	github.com/kelseyhightower/envconfig v1.4.0
+	github.com/onsi/ginkgo v1.16.5
+	github.com/onsi/gomega v1.18.1
+	k8s.io/api v0.24.0
+	k8s.io/apimachinery v0.24.0
+	k8s.io/client-go v0.24.0
+	sigs.k8s.io/controller-runtime v0.12.1
+)
+
+require (
+	cloud.google.com/go v0.81.0 // indirect
+	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest v0.11.18 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect
+	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/logger v0.2.1 // indirect
+	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/PuerkitoBio/purell v1.1.1 // indirect
+	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
+	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
+	github.com/fsnotify/fsnotify v1.5.1 // indirect
+	github.com/go-logr/zapr v1.2.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/uuid v1.1.2 // indirect
+	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/nxadm/tail v1.4.8 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus/client_golang v1.12.1 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.32.1 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.19.1 // indirect
+	golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect
+	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
+	golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect
+	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	k8s.io/apiextensions-apiserver v0.24.0 // indirect
+	k8s.io/component-base v0.24.0 // indirect
+	k8s.io/klog/v2 v2.60.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect
+	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
+	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)