Fix scheme for controller manager & refactor way to get API server to…

…ken for bootstrap script (#180)

* Fix scheme for controller manager & refactor way to get API server token for bootstrap script

* Fix tests and update testdata

Signed-off-by: Waleed Malik <[email protected]>

cmd/osm-controller/main.go

@@ -213,6 +213,7 @@ func main() {
 		}
 
 		workerMgr, err = manager.New(workerClusterConfig, manager.Options{
+			Scheme:           scheme,
 			LeaderElection:   opt.enableLeaderElection,
 			LeaderElectionID: "operating-system-manager-worker-manager",
 			// We use hard-coded namespace kube-system here since manager uses worker cluster config
@@ -285,6 +286,7 @@ func main() {
 func createManager(opt *options) (manager.Manager, error) {
 	// Manager options
 	options := manager.Options{
+		Scheme:                  scheme,
 		LeaderElection:          opt.enableLeaderElection,
 		LeaderElectionID:        "operating-system-manager",
 		LeaderElectionNamespace: opt.namespace,

deploy/cloud-init-settings.yaml

@@ -26,6 +26,15 @@ metadata:
   name: cloud-init-getter
   namespace: cloud-init-settings
 ---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: cloud-init-getter-token
+  namespace: cloud-init-settings
+  annotations:
+    kubernetes.io/service-account.name: "cloud-init-getter"
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:

deploy/crd/operatingsystemmanager.k8c.io_operatingsystemconfigs.yaml

@@ -12,6 +12,8 @@ spec:
     kind: OperatingSystemConfig
     listKind: OperatingSystemConfigList
     plural: operatingsystemconfigs
+    shortNames:
+    - osc
     singular: operatingsystemconfig
   scope: Namespaced
   versions:

deploy/crd/operatingsystemmanager.k8c.io_operatingsystemprofiles.yaml

@@ -12,6 +12,8 @@ spec:
     kind: OperatingSystemProfile
     listKind: OperatingSystemProfileList
     plural: operatingsystemprofiles
+    shortNames:
+    - osp
     singular: operatingsystemprofile
   scope: Namespaced
   versions:

deploy/role.yaml

@@ -54,6 +54,7 @@ rules:
       - ""
     resources:
       - configmaps
+      - secrets
     verbs:
       - get
       - create

pkg/bootstrap/cloud_init_settings.go

@@ -20,33 +20,26 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"strings"
 
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
 	ctrlruntimeclient "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 const (
-	CloudInitNamespace = "cloud-init-settings"
-	jwtTokenNamePrefix = "cloud-init-getter-token"
+	CloudInitNamespace    = "cloud-init-settings"
+	cloudInitGetterSecret = "cloud-init-getter-token"
 )
 
 func ExtractAPIServerToken(ctx context.Context, client ctrlruntimeclient.Client) (string, error) {
-	secretList := corev1.SecretList{}
-	if err := client.List(ctx, &secretList, &ctrlruntimeclient.ListOptions{Namespace: CloudInitNamespace}); err != nil {
-		return "", fmt.Errorf("failed to list secrets in namespace %s: %w", CloudInitNamespace, err)
+	secret := &corev1.Secret{}
+	if err := client.Get(ctx, types.NamespacedName{Name: cloudInitGetterSecret, Namespace: CloudInitNamespace}, secret); err != nil {
+		return "", fmt.Errorf("failed to get %s secrets in namespace %s: %w", cloudInitGetterSecret, CloudInitNamespace, err)
 	}
 
-	for _, secret := range secretList.Items {
-		if strings.HasPrefix(secret.Name, jwtTokenNamePrefix) {
-			if secret.Data != nil {
-				jwtToken := secret.Data["token"]
-				if jwtToken != nil {
-					token := string(jwtToken)
-					return token, nil
-				}
-			}
-		}
+	token := secret.Data["token"]
+	if token != nil {
+		return string(token), nil
 	}
 
 	return "", errors.New("failed to fetch api server token")