From 017233e749edb8ae676575b5f83a997e23794765 Mon Sep 17 00:00:00 2001
From: Joel Speed <joel.speed@hotmail.co.uk>
Date: Fri, 24 Jan 2020 11:20:13 +0000
Subject: [PATCH] Register MachineHealthCheck controller and webhook

---
 config/crd/kustomization.yaml                 |  3 ++
 .../cainjection_in_machinehealthchecks.yaml   |  8 ++++
 .../webhook_in_machinehealthchecks.yaml       | 19 +++++++++
 config/kustomization.yaml                     |  6 +++
 config/rbac/role.yaml                         | 11 +++++
 controllers/machinehealthcheck_controller.go  |  5 +++
 main.go                                       | 40 +++++++++++++------
 7 files changed, 80 insertions(+), 12 deletions(-)
 create mode 100644 config/crd/patches/cainjection_in_machinehealthchecks.yaml
 create mode 100644 config/crd/patches/webhook_in_machinehealthchecks.yaml

diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
index 95d7f7ca07cc..d38aab8cbf82 100644
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -7,6 +7,7 @@ resources:
 - bases/cluster.x-k8s.io_machinesets.yaml
 - bases/cluster.x-k8s.io_machinedeployments.yaml
 - bases/exp.cluster.x-k8s.io_machinepools.yaml
+- bases/cluster.x-k8s.io_machinehealthchecks.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -16,6 +17,7 @@ patchesStrategicMerge:
 - patches/webhook_in_machines.yaml
 - patches/webhook_in_machinesets.yaml
 - patches/webhook_in_machinedeployments.yaml
+- patches/webhook_in_machinehealthchecks.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
@@ -24,6 +26,7 @@ patchesStrategicMerge:
 - patches/cainjection_in_machines.yaml
 - patches/cainjection_in_machinesets.yaml
 - patches/cainjection_in_machinedeployments.yaml
+- patches/cainjection_in_machinehealthchecks.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.
diff --git a/config/crd/patches/cainjection_in_machinehealthchecks.yaml b/config/crd/patches/cainjection_in_machinehealthchecks.yaml
new file mode 100644
index 000000000000..eb79d32e32af
--- /dev/null
+++ b/config/crd/patches/cainjection_in_machinehealthchecks.yaml
@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: machinehealthchecks.cluster.x-k8s.io
diff --git a/config/crd/patches/webhook_in_machinehealthchecks.yaml b/config/crd/patches/webhook_in_machinehealthchecks.yaml
new file mode 100644
index 000000000000..06ca3dfcda9c
--- /dev/null
+++ b/config/crd/patches/webhook_in_machinehealthchecks.yaml
@@ -0,0 +1,19 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: machinehealthchecks.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      conversionReviewVersions: ["v1", "v1beta1"]
+      clientConfig:
+        # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+        # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+        caBundle: Cg==
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
diff --git a/config/kustomization.yaml b/config/kustomization.yaml
index 1643fe7df625..94df3ce22bcd 100644
--- a/config/kustomization.yaml
+++ b/config/kustomization.yaml
@@ -33,3 +33,9 @@ patchesJson6902:
     kind: CustomResourceDefinition
     name: machinesets.cluster.x-k8s.io
   path: patch_crd_webhook_namespace.yaml
+- target:
+    group: apiextensions.k8s.io
+    version: v1
+    kind: CustomResourceDefinition
+    name: machinehealthchecks.cluster.x-k8s.io
+  path: patch_crd_webhook_namespace.yaml
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 537796441df1..1714db616ac0 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -67,6 +67,17 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinehealthchecks
+  - machinehealthchecks/status
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - cluster.x-k8s.io
   resources:
diff --git a/controllers/machinehealthcheck_controller.go b/controllers/machinehealthcheck_controller.go
index 4732c9250386..6d12908b92cb 100644
--- a/controllers/machinehealthcheck_controller.go
+++ b/controllers/machinehealthcheck_controller.go
@@ -58,6 +58,11 @@ const (
 	EventRemediationRestricted string = "RemediationRestricted"
 )
 
+// +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;patch
+// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch
+// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=machines;machines/status,verbs=get;list;watch;delete
+// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=machinehealthchecks;machinehealthchecks/status,verbs=get;list;watch;update;patch
+
 // MachineHealthCheckReconciler reconciles a MachineHealthCheck object
 type MachineHealthCheckReconciler struct {
 	Client client.Client
diff --git a/main.go b/main.go
index beef6197c58c..565e6aeb5079 100644
--- a/main.go
+++ b/main.go
@@ -48,18 +48,19 @@ var (
 	setupLog = ctrl.Log.WithName("setup")
 
 	// flags
-	metricsAddr                  string
-	enableLeaderElection         bool
-	watchNamespace               string
-	profilerAddress              string
-	clusterConcurrency           int
-	machineConcurrency           int
-	machineSetConcurrency        int
-	machineDeploymentConcurrency int
-	machinePoolConcurrency       int
-	syncPeriod                   time.Duration
-	webhookPort                  int
-	healthAddr                   string
+	metricsAddr                   string
+	enableLeaderElection          bool
+	watchNamespace                string
+	profilerAddress               string
+	clusterConcurrency            int
+	machineConcurrency            int
+	machineSetConcurrency         int
+	machineDeploymentConcurrency  int
+	machinePoolConcurrency        int
+	machineHealthCheckConcurrency int
+	syncPeriod                    time.Duration
+	webhookPort                   int
+	healthAddr                    string
 )
 
 func init() {
@@ -102,6 +103,9 @@ func InitFlags(fs *pflag.FlagSet) {
 	fs.IntVar(&machinePoolConcurrency, "machinepool-concurrency", 10,
 		"Number of machine pools to process simultaneously")
 
+	fs.IntVar(&machineHealthCheckConcurrency, "machinehealthcheck-concurrency", 10,
+		"Number of machine health checks to process simultaneously")
+
 	fs.DurationVar(&syncPeriod, "sync-period", 10*time.Minute,
 		"The minimum interval at which watched resources are reconciled (e.g. 15m)")
 
@@ -210,6 +214,13 @@ func setupReconcilers(mgr ctrl.Manager) {
 			os.Exit(1)
 		}
 	}
+	if err := (&controllers.MachineHealthCheckReconciler{
+		Client: mgr.GetClient(),
+		Log:    ctrl.Log.WithName("controllers").WithName("MachineHealthCheck"),
+	}).SetupWithManager(mgr, concurrency(machineHealthCheckConcurrency)); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "MachineHealthCheck")
+		os.Exit(1)
+	}
 }
 
 func setupWebhooks(mgr ctrl.Manager) {
@@ -279,6 +290,11 @@ func setupWebhooks(mgr ctrl.Manager) {
 			os.Exit(1)
 		}
 	}
+
+	if err := (&clusterv1alpha3.MachineHealthCheck{}).SetupWebhookWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create webhook", "webhook", "MachineHealthCheck")
+		os.Exit(1)
+	}
 }
 
 func concurrency(c int) controller.Options {