in appconfigmgrv2/controllers/appenvconfigtemplatev2_controller.go [63:174]
func (r *AppEnvConfigTemplateV2Reconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
ctx := context.Background()
log = r.Log.WithValues("appenvconfigtemplatev2", req.NamespacedName)
log.Info("Starting reconcile")
defer log.Info("Reconcile complete")
// Relies on OPA Gatekeeper.
if !r.skipGatekeeper {
/* TODO: Check that app labels are valid via listing instances.
instanceList := &appconfigmgrv1alpha1.AppEnvConfigTemplateV2List{}
if err := r.List(ctx, instanceList); err != nil {
return ctrl.Result{}, err
}
*/
opaNamespaces, err := r.opaNamespaces(ctx)
if err != nil {
return ctrl.Result{}, fmt.Errorf("listing opa namespaces: %v", err)
}
if err := r.reconcileOPAContraints(ctx, opaNamespaces); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling opa constraints: %v", err)
}
}
instance := &appconfigmgrv1alpha1.AppEnvConfigTemplateV2{}
err := r.Get(ctx, req.NamespacedName, instance)
if err != nil {
if errors.IsNotFound(err) {
// Object not found, return. Created objects are automatically garbage collected.
// For additional cleanup logic use finalizers.
return ctrl.Result{}, nil
}
// Error reading the object - requeue the request.
return ctrl.Result{}, err
}
// If istio is enabled, we will light up certain features and use istio
// resources rather than native kubernetes resources for other features.
istioEnabled, err := r.istioAutoInjectEnabled(ctx, instance.Namespace)
if err != nil {
return ctrl.Result{}, fmt.Errorf("checking for istio auto-inject label: %v", err)
}
cfg, err := r.getConfig()
if err != nil {
return ctrl.Result{}, fmt.Errorf("getting config: %v", err)
}
log.Info("Reconciling", "resource", "services")
if err := r.reconcileServices(ctx, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling services: %v", err)
}
log.Info("Reconciling", "resource", "ingress")
if err := r.reconcileIngress(ctx, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling ingress: %v", err)
}
if istioEnabled {
log.Info("Reconciling", "resource", "virtualservices")
if err := r.reconcileIstioVirtualServices(ctx, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling istio virtual services: %v", err)
}
log.Info("Reconciling", "resource", "policies")
if err := r.reconcileIstioPolicies(ctx, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling istio policies: %v", err)
}
log.Info("Reconciling", "resource", "serviceentries")
if err := r.reconcileIstioServiceEntries(ctx, cfg, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling istio service entries: %v", err)
}
log.Info("Reconciling", "resource", "instances")
if err := r.reconcileIstioInstances(ctx, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling istio instances: %v", err)
}
log.Info("Reconciling", "resource", "handlers")
if err := r.reconcileIstioHandlers(ctx, cfg, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling istio handlers: %v", err)
}
log.Info("Reconciling", "resource", "rules")
if err := r.reconcileIstioRules(ctx, cfg, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling istio rules: %v", err)
}
} else {
log.Info("Reconciling", "resource", "networkpolicies")
if err := r.reconcileNetworkPolicies(ctx, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling network policies: %v", err)
}
}
// TODO: Garbage collect istio/non-istio resources on namespace istio injection label update?
// i.e. NetworkPolicies vs istio Rules
vaultEnabled, err := r.vaultInjectEnabled(ctx, instance)
if err != nil {
return ctrl.Result{}, fmt.Errorf("checking vault gcpaccess config: %v", err)
}
if vaultEnabled {
if err := r.reconcileVault(ctx, instance); err != nil {
return ctrl.Result{}, fmt.Errorf("reconciling vault: %v", err)
}
}
return ctrl.Result{}, nil
}