feat: stop creation and mounting of flagd-config config map in case of kubernetes sync-provider (#126)

skyerus · web-flow · commit a1d9fe276a37 · 2022-10-19T12:50:23.000+01:00
* feat: stop creation and mounting of flagd-config config map in case of kubernetes sync-provider

Signed-off-by: Skye Gill &lt;gill.skye95@gmail.com&gt;

* simplify IsKubernetes

Signed-off-by: Skye Gill &lt;gill.skye95@gmail.com&gt;

* bump package with vulnerability

Signed-off-by: Skye Gill &lt;gill.skye95@gmail.com&gt;

Signed-off-by: Skye Gill &lt;gill.skye95@gmail.com&gt;
diff --git a/apis/core/v1alpha1/featureflagconfiguration_types.go b/apis/core/v1alpha1/featureflagconfiguration_types.go
@@ -50,6 +50,11 @@ type FlagDSpec struct {
 type FeatureFlagSyncProvider struct {
 	Name string `json:"name"`
 }
+
+func (ffsp FeatureFlagSyncProvider) IsKubernetes() bool {
+	return ffsp.Name == "kubernetes"
+}
+
 type FeatureFlagServiceProvider struct {
 	// +kubebuilder:validation:Enum=flagd
 	Name string `json:"name"`
diff --git a/config/samples/end-to-end.yaml b/config/samples/end-to-end.yaml
@@ -70,7 +70,7 @@ spec:
     spec:
       containers:
         - name: open-feature-demo
-          image: ghcr.io/open-feature/open-feature-demo:latest
+          image: ghcr.io/open-feature/playground-app:v0.1.1
           args:
             - flagd
           ports:
diff --git a/go.mod b/go.mod
@@ -67,7 +67,7 @@ require (
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
 	golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/text v0.3.8 // indirect
 	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
@@ -845,6 +845,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/webhooks/pod_webhook.go b/webhooks/pod_webhook.go
@@ -74,29 +74,32 @@ func (m *PodMutator) Handle(ctx context.Context, req admission.Request) admissio
 		return admission.Denied(err.Error())
 	}
 
-	// Check for ConfigMap and create it if it doesn't exist
-	cm := corev1.ConfigMap{}
-	if err := m.Client.Get(ctx, client.ObjectKey{Name: val, Namespace: req.Namespace}, &cm); errors.IsNotFound(err) {
-		err := m.createConfigMap(ctx, val, req.Namespace, pod)
-		if err != nil {
-			m.Log.V(1).Info(fmt.Sprintf("failed to create config map %s error: %s", val, err.Error()))
-			return admission.Errored(http.StatusInternalServerError, err)
+	// Check to see whether the FeatureFlagConfiguration has service or sync overrides
+	ff := m.getFeatureFlag(ctx, val, req.Namespace)
+
+	if ff.Spec.SyncProvider != nil && !ff.Spec.SyncProvider.IsKubernetes() {
+		// Check for ConfigMap and create it if it doesn't exist (only required if sync provider isn't kubernetes)
+		cm := corev1.ConfigMap{}
+		if err := m.Client.Get(ctx, client.ObjectKey{Name: val, Namespace: req.Namespace}, &cm); errors.IsNotFound(err) {
+			err := m.createConfigMap(ctx, val, req.Namespace, pod)
+			if err != nil {
+				m.Log.V(1).Info(fmt.Sprintf("failed to create config map %s error: %s", val, err.Error()))
+				return admission.Errored(http.StatusInternalServerError, err)
+			}
 		}
-	}
 
-	// Add owner reference of the pod's owner
-	if !podOwnerIsOwner(pod, cm) {
-		reference := pod.OwnerReferences[0]
-		reference.Controller = utils.FalseVal()
-		cm.OwnerReferences = append(cm.OwnerReferences, reference)
-		err := m.Client.Update(ctx, &cm)
-		if err != nil {
-			m.Log.V(1).Info(fmt.Sprintf("failed to update owner reference for %s error: %s", val, err.Error()))
+		// Add owner reference of the pod's owner
+		if !podOwnerIsOwner(pod, cm) {
+			reference := pod.OwnerReferences[0]
+			reference.Controller = utils.FalseVal()
+			cm.OwnerReferences = append(cm.OwnerReferences, reference)
+			err := m.Client.Update(ctx, &cm)
+			if err != nil {
+				m.Log.V(1).Info(fmt.Sprintf("failed to update owner reference for %s error: %s", val, err.Error()))
+			}
 		}
 	}
 
-	// Check to see whether the FeatureFlagConfiguration has service or sync overrides
-	ff := m.getFeatureFlag(ctx, val, req.Namespace)
 	marshaledPod, err := m.injectSidecar(pod, val, &ff)
 	if err != nil {
 		return admission.Errored(http.StatusInternalServerError, err)
@@ -196,17 +199,6 @@ func (m *PodMutator) getFeatureFlag(ctx context.Context, name string, namespace
 
 func (m *PodMutator) injectSidecar(pod *corev1.Pod, configMap string, featureFlag *corev1alpha1.FeatureFlagConfiguration) ([]byte, error) {
 	m.Log.V(1).Info(fmt.Sprintf("Creating sidecar for pod %s/%s", pod.Namespace, pod.Name))
-	// Inject the agent
-	pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{
-		Name: "flagd-config",
-		VolumeSource: corev1.VolumeSource{
-			ConfigMap: &corev1.ConfigMapVolumeSource{
-				LocalObjectReference: corev1.LocalObjectReference{
-					Name: configMap,
-				},
-			},
-		},
-	})
 
 	commandSequence := []string{
 		"start", "--uri", "/etc/flagd/config.json",
@@ -217,11 +209,28 @@ func (m *PodMutator) injectSidecar(pod *corev1.Pod, configMap string, featureFla
 		commandSequence = append(commandSequence, "--service-provider")
 		commandSequence = append(commandSequence, "http")
 	}
+
+	var volumeMounts []corev1.VolumeMount
 	// Adds the sync provider if it is set
-	if featureFlag.Spec.SyncProvider != nil {
-		if featureFlag.Spec.SyncProvider.Name != "kubernetes" {
-			commandSequence = append(commandSequence, "--sync-provider")
-			commandSequence = append(commandSequence, featureFlag.Spec.SyncProvider.Name)
+	if featureFlag.Spec.SyncProvider != nil && !featureFlag.Spec.SyncProvider.IsKubernetes() {
+		commandSequence = append(commandSequence, "--sync-provider")
+		commandSequence = append(commandSequence, featureFlag.Spec.SyncProvider.Name)
+		// inject config map as volume if sync provider not kubernetes
+		pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{
+			Name: "flagd-config",
+			VolumeSource: corev1.VolumeSource{
+				ConfigMap: &corev1.ConfigMapVolumeSource{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: configMap,
+					},
+				},
+			},
+		})
+		volumeMounts = []corev1.VolumeMount{
+			{
+				Name:      "flagd-config",
+				MountPath: "/etc/flagd",
+			},
 		}
 	} else {
 		featureFlag.Spec.SyncProvider = &corev1alpha1.FeatureFlagSyncProvider{
@@ -253,13 +262,8 @@ func (m *PodMutator) injectSidecar(pod *corev1.Pod, configMap string, featureFla
 		Image:           "ghcr.io/open-feature/flagd:" + FlagDTag,
 		Args:            commandSequence,
 		ImagePullPolicy: FlagDImagePullPolicy,
-		VolumeMounts: []corev1.VolumeMount{
-			{
-				Name:      "flagd-config",
-				MountPath: "/etc/flagd",
-			},
-		},
-		Env: envs,
+		VolumeMounts:    volumeMounts,
+		Env:             envs,
 		Ports: []corev1.ContainerPort{
 			{
 				Name:          "metrics",
