Bump weave gitops

CONTRIBUTING.md

@@ -637,10 +637,10 @@ rules:
     verbs: ["impersonate"]
   - apiGroups: [""]
     resources: ["namespaces"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["apiextensions.k8s.io"] # required for canary support
     resources: ["customresourcedefinitions"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
 ```
 
 **CAPI NAME COLLISION WARNING**

charts/cluster-controller/values.yaml

@@ -13,7 +13,7 @@ controllerManager:
   manager:
     image:
       repository: docker.io/weaveworks/cluster-controller
-      tag: v1.3.2
+      tag: v1.4.1
     resources:
       limits:
         cpu: 500m

charts/mccp/templates/clusters-service/configmap.yaml

@@ -16,6 +16,7 @@ data:
   CAPI_REPOSITORY_CLUSTERS_PATH: {{ .Values.config.capi.repositoryClustersPath | quote }}
   CAPI_TEMPLATES_REPOSITORY_API_URL: {{ .Values.config.capi.repositoryApiURL | quote }}
   CAPI_TEMPLATES_REPOSITORY_BASE_BRANCH: {{ .Values.config.capi.baseBranch | quote }}
+  USE_K8S_CACHED_CLIENTS: {{.Values.global.useK8sCachedClients | quote }}
   {{- /* build up the support auth methods string, should look like "oidc,user-account" */ -}}
   {{- $authMethods := list }}
   {{- if .Values.config.auth.userAccount.enabled -}}{{- $authMethods = append $authMethods "user-account"  -}}{{- end }}
@@ -35,4 +36,4 @@ data:
   {{- if and .Values.tls.enabled .Values.tls.secretName }}
   TLS_CERT_FILE: /etc/clusters-service-tls/tls.crt
   TLS_PRIVATE_KEY: /etc/clusters-service-tls/tls.key
-  {{- end }}
+  {{- end }}

charts/mccp/templates/rbac/clusters_service_customresourcedefinitions_reader_role.yaml

@@ -6,4 +6,4 @@ rules:
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
     # read used to detect if flagger is installed
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]

charts/mccp/templates/rbac/user_roles.yaml

@@ -26,19 +26,19 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets", "pods", "services"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["apps"]
     resources: ["deployments", "replicasets"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["kustomize.toolkit.fluxcd.io"]
     resources: ["kustomizations"]
-    verbs: ["get", "list", "patch"]
+    verbs: ["get", "list", "watch", "patch"]
   - apiGroups: ["helm.toolkit.fluxcd.io"]
     resources: ["helmreleases"]
-    verbs: ["get", "list", "patch"]
+    verbs: ["get", "list", "watch", "patch"]
   - apiGroups: ["source.toolkit.fluxcd.io"]
     resources: ["buckets", "helmcharts", "gitrepositories", "helmrepositories", "ocirepositories"]
-    verbs: ["get", "list", "patch"]
+    verbs: ["get", "list", "watch", "patch"]
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["get", "watch", "list"]
@@ -50,7 +50,7 @@ rules:
     verbs: ["get", "watch", "list", "patch"]
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -115,7 +115,7 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    verbs: ["get", "list", "create"]
+    verbs: ["get", "list", "watch", "create"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -129,7 +129,7 @@ metadata:
 rules:
   - apiGroups: ["pac.weave.works"]
     resources: ["policies"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["get", "watch", "list"]
@@ -146,7 +146,7 @@ metadata:
 rules:
   - apiGroups: ["flagger.app"]
     resources: ["canaries","metrictemplates"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["get", "watch", "list"]

charts/mccp/values.yaml

@@ -141,3 +141,4 @@ networkPolicy:
 
 global:
   capiEnabled: true
+  useK8sCachedClients: false

cmd/clusters-service/app/server.go

@@ -136,6 +136,7 @@ type Params struct {
 	TLSKey                            string                    `mapstructure:"tls-key"`
 	NoTLS                             bool                      `mapstructure:"no-tls"`
 	DevMode                           bool                      `mapstructure:"dev-mode"`
+	UseK8sCachedClients               bool                      `mapstructure:"use-k8s-cached-clients"`
 }
 
 type OIDCAuthenticationOptions struct {
@@ -208,6 +209,7 @@ func NewAPIServerCommand(log logr.Logger, tempDir string) *cobra.Command {
 	cmd.Flags().Duration("oidc-token-duration", time.Hour, "The duration of the ID token. It should be set in the format: number + time unit (s,m,h) e.g., 20m")
 
 	cmd.Flags().Bool("dev-mode", false, "starts the server in development mode")
+	cmd.Flags().Bool("use-k8s-cached-clients", true, "Enables the use of cached clients")
 
 	return cmd
 }
@@ -425,12 +427,17 @@ func StartServer(ctx context.Context, log logr.Logger, tempDir string, p Params)
 	runtimeUtil.Must(pipelinev1alpha1.AddToScheme(clustersManagerScheme))
 	runtimeUtil.Must(tfctrl.AddToScheme(clustersManagerScheme))
 
+	clientsFactory := clustersmngr.CachedClientFactory
+	if !p.UseK8sCachedClients {
+		clientsFactory = clustersmngr.ClientFactory
+	}
+
 	clustersManager := clustersmngr.NewClustersManager(
 		mcf,
 		nsaccess.NewChecker(nsaccess.DefautltWegoAppRules),
 		log,
 		clustersManagerScheme,
-		clustersmngr.ClientFactory,
+		clientsFactory,
 		clustersmngr.DefaultKubeConfigOptions,
 	)
 	clustersManager.Start(ctx)

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
 	github.com/stretchr/testify v1.8.0
-	github.com/weaveworks/weave-gitops v0.10.1-0.20221024150525-829e6f07a46c
+	github.com/weaveworks/weave-gitops v0.10.1-0.20221025160832-a14c13334ea0
 	github.com/weaveworks/weave-gitops-enterprise-credentials v0.0.2
 	github.com/weaveworks/weave-gitops-enterprise/common v0.0.0
 	gopkg.in/yaml.v3 v3.0.1 // indirect
@@ -49,7 +49,7 @@ require (
 	github.com/mkmik/multierror v0.3.0
 	github.com/onsi/ginkgo/v2 v2.1.6
 	github.com/spf13/viper v1.12.0
-	github.com/weaveworks/cluster-controller v1.3.2
+	github.com/weaveworks/cluster-controller v1.4.0
 	github.com/weaveworks/go-checkpoint v0.0.0-20220223124739-fd9899e2b4f2
 	github.com/weaveworks/policy-agent/api v1.0.4
 	github.com/weaveworks/progressive-delivery v0.0.0-20220915081124-d9f0c4063521
@@ -293,7 +293,7 @@ require (
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
 	golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab // indirect
 	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 // indirect
-	golang.org/x/text v0.3.8
+	golang.org/x/text v0.4.0
 	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect

go.sum

@@ -1353,8 +1353,8 @@ github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD
 github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
-github.com/weaveworks/cluster-controller v1.3.2 h1:MBM2u5KDHhizXyx0oEByPXejgvg9e1qTQZuYtXgRVrI=
-github.com/weaveworks/cluster-controller v1.3.2/go.mod h1:e0Bka2iXVITQG+cG7/u8ZOB5QTaguMmgg+n5nrYaqxQ=
+github.com/weaveworks/cluster-controller v1.4.0 h1:AFvWGm3Lpad6zcbx4IMOvsv1vzUIXnevNScv9pI/D00=
+github.com/weaveworks/cluster-controller v1.4.0/go.mod h1:NrgkuiyejE2nizsiXNeqaNWfVhpvG2SlAiWHnxKIS4U=
 github.com/weaveworks/go-checkpoint v0.0.0-20220223124739-fd9899e2b4f2 h1:EWUmjQdHzmBimPxGIus5JOvNPu+tWxOTC+Q4w9fJOok=
 github.com/weaveworks/go-checkpoint v0.0.0-20220223124739-fd9899e2b4f2/go.mod h1:HfUHaw/CuYj2phXCM9etFQwvOQ3W0786feIEs9OMFHk=
 github.com/weaveworks/pipeline-controller/api v0.0.0-20220916165727-cb8504f08c22 h1:Nn0uFFztrATEyTIwYd0yLXKk7Ee9Ndx6P3DFZsU4TxU=
@@ -1365,8 +1365,8 @@ github.com/weaveworks/progressive-delivery v0.0.0-20220915081124-d9f0c4063521 h1
 github.com/weaveworks/progressive-delivery v0.0.0-20220915081124-d9f0c4063521/go.mod h1:ib0H6jkIMkHnz/2BpE2Lvj/D6xwhiieiWjUwAcoZ+Oo=
 github.com/weaveworks/tf-controller/api v0.0.0-20220829140311-2391c1d66e7c h1:mbiOaxEammDTQX0wWZdJ6cfIgGqP7Zf3zyF+qbeTG0s=
 github.com/weaveworks/tf-controller/api v0.0.0-20220829140311-2391c1d66e7c/go.mod h1:I+QGICmh0CMNJnbJamO6+tfdHvOrceMQdYZcj2AzBVA=
-github.com/weaveworks/weave-gitops v0.10.1-0.20221024150525-829e6f07a46c h1:WO6334LPIlU5wKoMxUeDgYZzjPHX76eq3iuM7Nhac+s=
-github.com/weaveworks/weave-gitops v0.10.1-0.20221024150525-829e6f07a46c/go.mod h1:p6+/3shchN5kCMRZ6L47cd59PEPijQ8wehhFFDKV3fs=
+github.com/weaveworks/weave-gitops v0.10.1-0.20221025160832-a14c13334ea0 h1:rJQm1Zid9cCAUNRozg9B+Z0gCtsdWxkwQqcvZ3FxXEU=
+github.com/weaveworks/weave-gitops v0.10.1-0.20221025160832-a14c13334ea0/go.mod h1:WF96PCMZJjB+9NHUGeczb7XBKlQLtp5G1/5+vx378II=
 github.com/weaveworks/weave-gitops-enterprise-credentials v0.0.2 h1:7jeiQehqmI4ds6YIq8TW1Vqhlb6V7G2BVRJ8VM3r99I=
 github.com/weaveworks/weave-gitops-enterprise-credentials v0.0.2/go.mod h1:6PMYg+VtSNePnP7EXyNG+/hNRNZ3r0mQtolIZU4s/J0=
 github.com/xanzy/go-gitlab v0.73.1 h1:UMagqUZLJdjss1SovIC+kJCH4k2AZWXl58gJd38Y/hI=
@@ -1768,8 +1768,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

pkg/cluster/fetcher/multi.go

@@ -10,7 +10,7 @@ import (
 	mngr "github.com/weaveworks/weave-gitops/core/clustersmngr"
 	"github.com/weaveworks/weave-gitops/pkg/kube"
 	v1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@@ -92,7 +92,7 @@ func (f multiClusterFetcher) leafClusters(ctx context.Context) ([]mngr.Cluster,
 	}
 
 	for _, cluster := range goClusters.Items {
-		if !isReady(cluster) {
+		if !isReady(cluster) || !hasConnectivity(cluster) {
 			continue
 		}
 
@@ -159,10 +159,9 @@ func (f multiClusterFetcher) leafClusters(ctx context.Context) ([]mngr.Cluster,
 }
 
 func isReady(cluster gitopsv1alpha1.GitopsCluster) bool {
-	for _, condition := range cluster.GetConditions() {
-		if condition.Type == meta.ReadyCondition && condition.Status == metav1.ConditionTrue {
-			return true
-		}
-	}
-	return false
+	return apimeta.IsStatusConditionTrue(cluster.GetConditions(), meta.ReadyCondition)
+}
+
+func hasConnectivity(cluster gitopsv1alpha1.GitopsCluster) bool {
+	return apimeta.IsStatusConditionTrue(cluster.GetConditions(), gitopsv1alpha1.ClusterConnectivity)
 }

pkg/cluster/fetcher/multi_test.go

@@ -192,6 +192,29 @@ func TestMultiFetcher(t *testing.T) {
 			},
 			expectedCount: 1,
 		},
+		{
+			context: "when cluster has not connectivity, it is not added",
+			clusterObjects: []runtime.Object{
+				makeTestCluster(func(o *gitopsv1alpha1.GitopsCluster) {
+					o.ObjectMeta.Name = clusterName
+					o.Spec.CAPIClusterRef = &meta.LocalObjectReference{
+						Name: secretName,
+					}
+
+					// Remove connectivity status
+					o.SetConditions([]metav1.Condition{
+						{Type: meta.ReadyCondition, Status: metav1.ConditionTrue},
+					})
+				}),
+				makeTestSecret(func(o *corev1.Secret) {
+					o.ObjectMeta.Name = secretName + "-kubeconfig"
+					o.Data = map[string][]byte{
+						"value": secretData(clusterName),
+					}
+				}),
+			},
+			expectedCount: 1,
+		},
 	}
 
 	for _, tt := range testCases {
@@ -241,6 +264,7 @@ func makeTestCluster(opts ...func(*gitopsv1alpha1.GitopsCluster)) *gitopsv1alpha
 		Status: gitopsv1alpha1.GitopsClusterStatus{
 			Conditions: []metav1.Condition{
 				{Type: meta.ReadyCondition, Status: metav1.ConditionTrue},
+				{Type: gitopsv1alpha1.ClusterConnectivity, Status: metav1.ConditionTrue},
 			},
 		},
 	}

test/acceptance/test/ui_templates.go

@@ -1052,6 +1052,12 @@ func DescribeTemplates(gitopsTestRunner GitopsTestRunner) {
 					TakeScreenShot("capi-cluster-ready")
 				})
 
+				ginkgo.By("And I wait the cluster to have connectivity", func() {
+					// Describe GitopsCluster to check conditions
+					_ = runCommandPassThrough("kubectl", "describe", "gitopsclusters.gitops.weave.works")
+					waitForResourceState("ClusterConnectivity", "true", "gitopscluster", capdCluster.Namespace, "", "", ASSERTION_3MINUTE_TIME_OUT)
+				})
+
 				clusterInfo := pages.GetClustersPage(webDriver).FindClusterInList(clusterName)
 				verifyDashboard(clusterInfo.GetDashboard("prometheus"), clusterName, "Prometheus")