Fix cert-manager stability (#92)

* Fixed cert-manager module stability * Code cleanup
emberstack · Sep 26, 2020 · 76a68d4 · 76a68d4
1 parent da8943a
commit 76a68d4
Show file tree

Hide file tree

Showing 13 changed files with 165 additions and 185 deletions.
diff --git a/src/ES.Kubernetes.Reflector.CertManager/CertManagerMonitor.cs b/src/ES.Kubernetes.Reflector.CertManager/CertManagerMonitor.cs
diff --git a/src/ES.Kubernetes.Reflector.CertManager/Events/InternalSecretWatcherEvent.cs b/src/ES.Kubernetes.Reflector.CertManager/Events/InternalSecretWatcherEvent.cs
@@ -1,11 +1,10 @@
-using System.Collections.Generic;
-using ES.Kubernetes.Reflector.Core.Events;
+using ES.Kubernetes.Reflector.Core.Events;
 using k8s.Models;
 
 namespace ES.Kubernetes.Reflector.CertManager.Events
 {
     public class InternalSecretWatcherEvent : WatcherEvent<V1Secret>
     {
-        public List<string> CertificateResourceDefinitionVersions { get; set; }
+        public string CertificateResourceDefinitionVersion { get; set; }
     }
 }
diff --git a/src/ES.Kubernetes.Reflector.CertManager/Resources/Certificate.cs b/src/ES.Kubernetes.Reflector.CertManager/Resources/Certificate.cs
@@ -4,11 +4,8 @@
 
 namespace ES.Kubernetes.Reflector.CertManager.Resources
 {
-    public class Certificate : IKubernetesObject
+    public class Certificate : IKubernetesObject, IMetadata<V1ObjectMeta>
     {
-        [JsonProperty(PropertyName = "metadata")]
-        public V1ObjectMeta Metadata { get; set; }
-
         [JsonProperty(PropertyName = "spec")]
         public SpecDefinition Spec { get; set; }
 
@@ -18,6 +15,9 @@ public class Certificate : IKubernetesObject
         [JsonProperty(PropertyName = "kind")]
         public string Kind { get; set; }
 
+        [JsonProperty(PropertyName = "metadata")]
+        public V1ObjectMeta Metadata { get; set; }
+
         public class SpecDefinition
         {
             [JsonProperty(PropertyName = "secretName")]

diff --git a/src/ES.Kubernetes.Reflector.CertManager/SecretEtcher.cs b/src/ES.Kubernetes.Reflector.CertManager/SecretEtcher.cs
@@ -74,20 +74,20 @@ public async Task Handle(InternalSecretWatcherEvent notification, CancellationTo
                     CertManagerConstants.CertificateKind, certificateId, secretId);
 
                 Certificate certificate = null;
-                foreach (var certificateResourceDefinitionVersion in notification.CertificateResourceDefinitionVersions)
-                    try
-                    {
-                        var certificateJObject = await _client.GetNamespacedCustomObjectAsync(
-                            CertManagerConstants.CrdGroup,
-                            certificateResourceDefinitionVersion, metadata.NamespaceProperty,
-                            CertManagerConstants.CertificatePlural,
-                            certificateName, cancellationToken);
-                        certificate = ((JObject) certificateJObject).ToObject<Certificate>();
-                    }
-                    catch (HttpOperationException exception) when (exception.Response.StatusCode ==
-                                                                   HttpStatusCode.NotFound)
-                    {
-                    }
+                try
+                {
+                    var certificateJObject = await _client.GetNamespacedCustomObjectAsync(
+                        CertManagerConstants.CrdGroup,
+                        notification.CertificateResourceDefinitionVersion,
+                        metadata.NamespaceProperty,
+                        CertManagerConstants.CertificatePlural,
+                        certificateName, cancellationToken);
+                    certificate = ((JObject) certificateJObject).ToObject<Certificate>();
+                }
+                catch (HttpOperationException exception) when (exception.Response.StatusCode ==
+                                                               HttpStatusCode.NotFound)
+                {
+                }
 
                 if (certificate != null)
                     await Annotate(secret, certificate);

diff --git a/src/ES.Kubernetes.Reflector.Core/Constants/Annotations.cs b/src/ES.Kubernetes.Reflector.Core/Constants/Annotations.cs
@@ -18,14 +18,19 @@ public static class Reflection
             public static string FortiHosts => $"{Prefix}/reflection-forti-hosts";
             public static string FortiCertificate => $"{Prefix}/reflection-forti-certificate";
 
+            public static string AutoReflects => $"{Prefix}/auto-reflects";
+            public static string Reflects => $"{Prefix}/reflects";
+            public static string ReflectedVersion => $"{Prefix}/reflected-version";
+            public static string ReflectedAt => $"{Prefix}/reflected-at";
+
             #region Ubiquiti
 
             public static string UbiquitiEnabled => $"{Prefix}/reflection-ubiquiti-enabled";
             public static string UbiquitiHosts => $"{Prefix}/reflection-ubiquiti-hosts";
             public static string UbiquitiCertificate => $"{Prefix}/reflection-ubiquiti-certificate";
 
             #endregion
-            
+
             #region VMware
 
             public static string VMwareEnabled => $"{Prefix}/reflection-vmware-enabled";
@@ -41,11 +46,6 @@ public static class Reflection
             public static string FreeNasCertificate => $"{Prefix}/reflection-freenas-certificate";
 
             #endregion
-
-            public static string AutoReflects => $"{Prefix}/auto-reflects";
-            public static string Reflects => $"{Prefix}/reflects";
-            public static string ReflectedVersion => $"{Prefix}/reflected-version";
-            public static string ReflectedAt => $"{Prefix}/reflected-at";
         }
 
         public static class CertManagerCertificate
@@ -67,15 +67,15 @@ public static class CertManagerCertificate
             public static string SecretUbiquitiCertificate => $"{Prefix}/secret-reflection-ubiquiti-certificate";
 
             #endregion
-            
+
             #region VMware
 
             public static string SecretVMwareEnabled => $"{Prefix}/secret-reflection-vmware-enabled";
             public static string SecretVMwareHosts => $"{Prefix}/secret-reflection-vmware-hosts";
             public static string SecretVMwareCertificate => $"{Prefix}/secret-reflection-vmware-certificate";
 
             #endregion
-            
+
             #region FreeNAS
 
             public static string SecretFreeNasEnabled => $"{Prefix}/secret-reflection-freenas-enabled";

diff --git a/src/ES.Kubernetes.Reflector.Core/ES.Kubernetes.Reflector.Core.csproj b/src/ES.Kubernetes.Reflector.Core/ES.Kubernetes.Reflector.Core.csproj
@@ -6,13 +6,13 @@
 
   <ItemGroup>
     <PackageReference Include="Autofac" Version="5.2.0" />
-    <PackageReference Include="KubernetesClient" Version="2.0.29" />
+    <PackageReference Include="KubernetesClient" Version="2.0.32" />
     <PackageReference Include="MediatR" Version="8.1.0" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="3.1.7" />
-    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks" Version="3.1.7" />
-    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks.Abstractions" Version="3.1.7" />
-    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="3.1.7" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="3.1.7" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="3.1.8" />
+    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks" Version="3.1.8" />
+    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks.Abstractions" Version="3.1.8" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="3.1.8" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="3.1.8" />
     <PackageReference Include="System.Threading.Channels" Version="4.7.1" />
   </ItemGroup>
 

diff --git a/src/ES.Kubernetes.Reflector.Core/Extensions/MetadataExtensions.cs b/src/ES.Kubernetes.Reflector.Core/Extensions/MetadataExtensions.cs
@@ -166,7 +166,7 @@ public static string UbiquitiCertificate(this V1ObjectMeta metadata)
         }
 
         #endregion
-        
+
         #region VMware
 
         public static bool VMwareReflectionEnabled(this V1ObjectMeta metadata)
@@ -195,7 +195,7 @@ public static string VMwareCertificate(this V1ObjectMeta metadata)
         }
 
         #endregion
-        
+
         #region FreeNAS
 
         public static bool FreeNasReflectionEnabled(this V1ObjectMeta metadata)

diff --git a/src/ES.Kubernetes.Reflector.Core/Queuing/FeederQueue.cs b/src/ES.Kubernetes.Reflector.Core/Queuing/FeederQueue.cs
@@ -8,8 +8,8 @@ public class FeederQueue<T>
     {
         private readonly Func<T, Task> _handler;
         private readonly Func<T, Exception, Task> _onError;
-        private Task _currentHandler;
         private Channel<T> _channel;
+        private Task _currentHandler;
 
         public FeederQueue(Func<T, Task> handler, Func<T, Exception, Task> onError = null)
         {
@@ -37,7 +37,7 @@ public void Clear()
         private void InitializeAndStart()
         {
             var channel = Channel.CreateUnbounded<T>(new UnboundedChannelOptions
-            { SingleReader = true, SingleWriter = false });
+                {SingleReader = true, SingleWriter = false});
 
             async Task ReadChannel()
             {
@@ -55,6 +55,7 @@ async Task ReadChannel()
                     }
                 }
             }
+
             var _ = ReadChannel();
             _channel = channel;
         }

diff --git a/src/ES.Kubernetes.Reflector.Host/ES.Kubernetes.Reflector.Host.csproj b/src/ES.Kubernetes.Reflector.Host/ES.Kubernetes.Reflector.Host.csproj
@@ -9,10 +9,10 @@
 
   <ItemGroup>
     <PackageReference Include="Autofac.Extensions.DependencyInjection" Version="6.0.0" />
-    <PackageReference Include="KubernetesClient" Version="2.0.29" />
+    <PackageReference Include="KubernetesClient" Version="2.0.32" />
     <PackageReference Include="MediatR.Extensions.Microsoft.DependencyInjection" Version="8.1.0" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.10.8" />
-    <PackageReference Include="Serilog" Version="2.9.0" />
+    <PackageReference Include="Serilog" Version="2.10.0" />
     <PackageReference Include="Serilog.Extensions.Hosting" Version="3.1.0" />
     <PackageReference Include="Serilog.Extensions.Logging" Version="3.0.1" />
     <PackageReference Include="Serilog.Settings.Configuration" Version="3.1.0" />

diff --git a/src/ES.Kubernetes.Reflector.Secrets/FortiMirror.cs b/src/ES.Kubernetes.Reflector.Secrets/FortiMirror.cs
@@ -90,6 +90,8 @@ private async Task OnWatcherStateChanged<TS, TSL>(ManagedWatcher<TS, TSL, Watche
 
         private async Task OnEvent(WatcherEvent<V1Secret> e)
         {
+            if (e.Item.Type.StartsWith("helm.sh")) return;
+
             var id = KubernetesObjectId.For(e.Item.Metadata());
             var item = e.Item;
 

diff --git a/src/ES.Kubernetes.Reflector.Secrets/FreeNasMirror.cs b/src/ES.Kubernetes.Reflector.Secrets/FreeNasMirror.cs
@@ -4,7 +4,6 @@
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
-using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Text.Json;
 using System.Threading;
@@ -106,6 +105,8 @@ private async Task OnWatcherStateChanged<TS, TSl>(ManagedWatcher<TS, TSl, Watche
 
         private async Task OnEvent(WatcherEvent<V1Secret> e)
         {
+            if (e.Item.Type.StartsWith("helm.sh")) return;
+
             var secretId = KubernetesObjectId.For(e.Item.Metadata());
             var item = e.Item;
 
@@ -223,15 +224,13 @@ private async Task OnEvent(WatcherEvent<V1Secret> e)
                     .SingleOrDefault(x => x.Name == name);
                 var certExists = !(cert is null);
                 if (certExists)
-                {
                     if (tlsCrt.Contains(cert.Certificate))
                     {
                         _logger.LogDebug(
                             "Skip reflecting {secretId} to FreeNas device using host secret {hostSecretId}. Already exists.",
                             secretId, hostSecretId);
                         return;
                     }
-                }
 
                 // Create the certificate
                 var bodyCreate = JsonSerializer.Serialize(new FreeNasCertificateCreateImported
@@ -246,11 +245,11 @@ private async Task OnEvent(WatcherEvent<V1Secret> e)
                 var certId = certExists
                     ? cert.Id
                     : certificates.Single(x => x.Name == name).Id;
-                
+
                 var bodyGeneral = JsonSerializer.Serialize(new FreeNasSystemGeneral
                     {Ui_certificate = certId}, options);
                 await client.PutAsync("system/general/", new StringContent(bodyGeneral));
-                
+
                 _logger.LogInformation("Reflected {secretId} to FreeNas device using host secret {hostSecretId}.",
                     secretId, hostSecretId);
             }

diff --git a/src/ES.Kubernetes.Reflector.Secrets/UbiquitiMirror.cs b/src/ES.Kubernetes.Reflector.Secrets/UbiquitiMirror.cs
@@ -98,6 +98,8 @@ private async Task OnWatcherStateChanged<TS, TSl>(ManagedWatcher<TS, TSl, Watche
 
         private async Task OnEvent(WatcherEvent<V1Secret> e)
         {
+            if (e.Item.Type.StartsWith("helm.sh")) return;
+
             var secretId = KubernetesObjectId.For(e.Item.Metadata());
             var item = e.Item;
 
@@ -108,7 +110,7 @@ private async Task OnEvent(WatcherEvent<V1Secret> e)
             if (!e.Item.Type.Equals("kubernetes.io/tls", StringComparison.InvariantCultureIgnoreCase)) return;
 
             _logger.LogDebug("Ubiquiti enabled using host secret {secretId}.", secretId);
-            
+
             var tlsCrt = Encoding.Default.GetString(item.Data["tls.crt"]);
             var tlsKey = Encoding.Default.GetString(item.Data["tls.key"]);
 

diff --git a/src/ES.Kubernetes.Reflector.Secrets/VMwareMirror.cs b/src/ES.Kubernetes.Reflector.Secrets/VMwareMirror.cs
@@ -98,6 +98,8 @@ private async Task OnWatcherStateChanged<TS, TSl>(ManagedWatcher<TS, TSl, Watche
 
         private async Task OnEvent(WatcherEvent<V1Secret> e)
         {
+            if (e.Item.Type.StartsWith("helm.sh")) return;
+
             var secretId = KubernetesObjectId.For(e.Item.Metadata());
             var item = e.Item;
 
@@ -108,7 +110,7 @@ private async Task OnEvent(WatcherEvent<V1Secret> e)
             if (!e.Item.Type.Equals("kubernetes.io/tls", StringComparison.InvariantCultureIgnoreCase)) return;
 
             _logger.LogDebug("VMware enabled using host secret {secretId}.", secretId);
-            
+
             var tlsCrt = Encoding.Default.GetString(item.Data["tls.crt"]);
             var tlsKey = Encoding.Default.GetString(item.Data["tls.key"]);
 
@@ -188,20 +190,16 @@ private async Task OnEvent(WatcherEvent<V1Secret> e)
 
                 // SSH
                 void HandleKeyEvent(object sender, AuthenticationPromptEventArgs eventArgs)
-                { 
+                {
                     foreach (var prompt in eventArgs.Prompts)
-                    {
                         if (prompt.Request.IndexOf("Password:", StringComparison.InvariantCultureIgnoreCase) != -1)
-                        {
                             prompt.Response = password;
-                        }
-                    }
                 }
-                
+
                 var keyboardAuth = new KeyboardInteractiveAuthenticationMethod(username);
                 keyboardAuth.AuthenticationPrompt += HandleKeyEvent;
                 var connectionInfo = new ConnectionInfo(host, port, username, keyboardAuth);
-                
+
                 using var client = new SshClient(connectionInfo);
                 client.ErrorOccurred += delegate(object sender, ExceptionEventArgs exceptionEventArgs)
                 {