Updates (#46)

* Add ability to reload cert and key from disk.

Enables frequent rotation of certificates

* Update docker Go build version

- update go mod dependencies

* Vendor and Lint with all the code present

Otherwise `go mod download / vendor` doesn't download dependencies

* Install golint outside of the module

So it doesn't contaminate our go.mod / vendor dir

* Use later version of Go for Travis build

* Install golint outside of the module

* Revert changes to Dockerfile

* Reinstate golint as a project dependency

.travis.yml

@@ -1,9 +1,9 @@
 language: go
 
 go:
-  - "1.11.x"
-  - "1.12.x"
   - "1.13.x"
+  - "1.14.x"
+  - "1.15.x"
 
 env:
   - GO111MODULE=on

Dockerfile

@@ -1,4 +1,4 @@
-ARG GO_VERSION=1.11.5
+ARG GO_VERSION=1.15.0
 FROM golang:${GO_VERSION}-alpine
 
 RUN apk --no-cache add \

cmd/main.go

@@ -129,7 +129,7 @@ func main() {
 			select {
 			case <-eventsCh:
 				glog.V(1).Infof("triggering ConfigMap reconciliation")
-				updatedInjectionConfigs, err := configWatcher.Get()
+				updatedInjectionConfigs, err := configWatcher.Get(ctx)
 				if err != nil {
 					glog.Errorf("error reconciling configmaps: %s", err.Error())
 					continue

go.mod

@@ -1,46 +1,22 @@
 module github.com/tumblr/k8s-sidecar-injector
 
-go 1.14
+go 1.15
 
 require (
-	github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dyson/certman v0.2.1
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/ghodss/yaml v1.0.0
-	github.com/gogo/protobuf v1.1.1 // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
-	github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c // indirect
-	github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect
-	github.com/googleapis/gnostic v0.2.0 // indirect
-	github.com/gorilla/context v1.1.1 // indirect
-	github.com/gorilla/handlers v1.4.0
-	github.com/gorilla/mux v1.6.2
-	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
-	github.com/imdario/mergo v0.3.6 // indirect
-	github.com/json-iterator/go v1.1.5 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 // indirect
-	github.com/nsf/jsondiff v0.0.0-20190712045011-8443391ee9b6
-	github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c // indirect
-	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v0.9.1
-	github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910 // indirect
-	github.com/prometheus/common v0.0.0-20181020173914-7e9e6cabbd39 // indirect
-	github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d // indirect
-	github.com/spf13/pflag v1.0.3 // indirect
-	github.com/stretchr/testify v1.4.0 // indirect
-	golang.org/x/lint v0.0.0-20200130185559-910be7a94367 // indirect
-	golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288 // indirect
-	golang.org/x/time v0.0.0-20181108054448-85acf8d2951c // indirect
-	google.golang.org/appengine v1.3.0 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.2.2
-	k8s.io/api v0.0.0-20181108192910-6560175f5b2d
-	k8s.io/apimachinery v0.0.0-20181108192626-90473842928c
-	k8s.io/client-go v9.0.0+incompatible
-	k8s.io/kube-openapi v0.0.0-20181106182614-a9a16210091c // indirect
-	sigs.k8s.io/yaml v1.1.0 // indirect
+	github.com/gorilla/handlers v1.4.2
+	github.com/gorilla/mux v1.7.4
+	github.com/imdario/mergo v0.3.11 // indirect
+	github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce
+	github.com/prometheus/client_golang v1.7.1
+	golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
+	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
+	gopkg.in/yaml.v2 v2.3.0
+	k8s.io/api v0.18.6
+	k8s.io/apimachinery v0.18.6
+	k8s.io/client-go v0.18.6
+	k8s.io/utils v0.0.0-20200731180307-f00132d28269 // indirect
 )

internal/pkg/config/config.go

@@ -177,104 +177,104 @@ func LoadConfigDirectory(path string) (*Config, error) {
 	return &cfg, nil
 }
 
-// Merge mutates base by merging in fields from child, to create an inheritance
+// Merge mutates c by merging in fields from child, to create an inheritance
 // functionality.
-func (base *InjectionConfig) Merge(child *InjectionConfig) error {
+func (c *InjectionConfig) Merge(child *InjectionConfig) error {
 	if child == nil {
 		return ErrCannotMergeNilInjectionConfig
 	}
-	// for all fields, merge child into base, eventually returning base
-	base.Name = child.Name
-	base.version = child.version
-	base.Inherits = child.Inherits
+	// for all fields, merge child into c, eventually returning c
+	c.Name = child.Name
+	c.version = child.version
+	c.Inherits = child.Inherits
 
 	// merge containers
 	for _, cctr := range child.Containers {
 		contains := false
 
-		for bi, bctr := range base.Containers {
+		for bi, bctr := range c.Containers {
 			if bctr.Name == cctr.Name {
 				contains = true
-				base.Containers[bi] = cctr
+				c.Containers[bi] = cctr
 			}
 		}
 
 		if !contains {
-			base.Containers = append(base.Containers, cctr)
+			c.Containers = append(c.Containers, cctr)
 		}
 	}
 
 	// merge volumes
 	for _, cv := range child.Volumes {
 		contains := false
 
-		for bi, bv := range base.Volumes {
+		for bi, bv := range c.Volumes {
 			if bv.Name == cv.Name {
 				contains = true
-				base.Volumes[bi] = cv
+				c.Volumes[bi] = cv
 			}
 		}
 
 		if !contains {
-			base.Volumes = append(base.Volumes, cv)
+			c.Volumes = append(c.Volumes, cv)
 		}
 	}
 
 	// merge environment
 	for _, cv := range child.Environment {
 		contains := false
 
-		for bi, bv := range base.Environment {
+		for bi, bv := range c.Environment {
 			if bv.Name == cv.Name {
 				contains = true
-				base.Environment[bi] = cv
+				c.Environment[bi] = cv
 			}
 		}
 
 		if !contains {
-			base.Environment = append(base.Environment, cv)
+			c.Environment = append(c.Environment, cv)
 		}
 	}
 
 	// merge volume mounts
 	for _, cv := range child.VolumeMounts {
 		contains := false
 
-		for bi, bv := range base.VolumeMounts {
+		for bi, bv := range c.VolumeMounts {
 			if bv.Name == cv.Name {
 				contains = true
-				base.VolumeMounts[bi] = cv
+				c.VolumeMounts[bi] = cv
 			}
 		}
 
 		if !contains {
-			base.VolumeMounts = append(base.VolumeMounts, cv)
+			c.VolumeMounts = append(c.VolumeMounts, cv)
 		}
 	}
 
 	// merge host aliases
 	// note: we do not need to merge things, as entries are not keyed
-	base.HostAliases = append(base.HostAliases, child.HostAliases...)
+	c.HostAliases = append(c.HostAliases, child.HostAliases...)
 
 	// merge init containers
 	for _, cv := range child.InitContainers {
 		contains := false
 
-		for bi, bv := range base.InitContainers {
+		for bi, bv := range c.InitContainers {
 			if bv.Name == cv.Name {
 				contains = true
-				base.InitContainers[bi] = cv
+				c.InitContainers[bi] = cv
 			}
 		}
 
 		if !contains {
-			base.InitContainers = append(base.InitContainers, cv)
+			c.InitContainers = append(c.InitContainers, cv)
 		}
 	}
 
 	// merge serviceAccount settings to the left
 	if child.ServiceAccountName != "" {
-		base.ServiceAccountName = child.ServiceAccountName
+		c.ServiceAccountName = child.ServiceAccountName
 	}
 
 	return nil

internal/pkg/config/config_test.go

@@ -7,7 +7,6 @@ import (
 	testhelper "github.com/tumblr/k8s-sidecar-injector/internal/pkg/testing"
 )
 
-
 var (
 	// location of the fixture sidecar files
 	fixtureSidecarsDir = "test/fixtures/sidecars"

internal/pkg/config/watcher/watcher.go

@@ -100,7 +100,7 @@ func validate(c *K8sConfigMapWatcher) error {
 // Watch watches for events impacting watched ConfigMaps and emits their events across a channel
 func (c *K8sConfigMapWatcher) Watch(ctx context.Context, notifyMe chan<- interface{}) error {
 	glog.V(3).Infof("Watching for ConfigMaps for changes on namespace=%s with labels=%v", c.Namespace, c.ConfigMapLabels)
-	watcher, err := c.client.ConfigMaps(c.Namespace).Watch(metav1.ListOptions{
+	watcher, err := c.client.ConfigMaps(c.Namespace).Watch(ctx, metav1.ListOptions{
 		LabelSelector: mapStringStringToLabelSelector(c.ConfigMapLabels),
 	})
 	if err != nil {
@@ -147,9 +147,9 @@ func mapStringStringToLabelSelector(m map[string]string) string {
 }
 
 // Get fetches all matching ConfigMaps
-func (c *K8sConfigMapWatcher) Get() (cfgs []*config.InjectionConfig, err error) {
+func (c *K8sConfigMapWatcher) Get(ctx context.Context) (cfgs []*config.InjectionConfig, err error) {
 	glog.V(1).Infof("Fetching ConfigMaps...")
-	clist, err := c.client.ConfigMaps(c.Namespace).List(metav1.ListOptions{
+	clist, err := c.client.ConfigMaps(c.Namespace).List(ctx, metav1.ListOptions{
 		LabelSelector: mapStringStringToLabelSelector(c.ConfigMapLabels),
 	})
 	if err != nil {

internal/pkg/config/watcher/watcher_test.go

@@ -26,7 +26,8 @@ func TestGet(t *testing.T) {
 		client: fake.NewSimpleClientset().CoreV1(),
 	}
 
-	messages, err := w.Get()
+	ctx := context.Background()
+	messages, err := w.Get(ctx)
 	if err != nil {
 		t.Fatal(err.Error())
 	}

internal/pkg/testing/config.go

@@ -27,6 +27,7 @@ type ConfigExpectation struct {
 	LoadError error
 }
 
+// FullName returns name + version string
 func (x *ConfigExpectation) FullName() string {
 	return strings.ToLower(fmt.Sprintf("%s:%s", x.Name, x.Version))
 }