squash

Signed-off-by: yaroslavborbat <[email protected]>
deckhouse · Apr 16, 2024 · c4fe57a · c4fe57a
1 parent 1218009
commit c4fe57a
Show file tree

Hide file tree

Showing 8 changed files with 311 additions and 127 deletions.
diff --git a/.github/workflows/build_dev.yml b/.github/workflows/build_dev.yml
@@ -33,7 +33,7 @@ jobs:
         run: |
           MODULES_MODULE_TAG="$(echo pr${{github.event.pull_request.number}})"
           echo "MODULES_MODULE_TAG=$MODULES_MODULE_TAG" >> "$GITHUB_ENV"
-      
+
       - name: Set vars for main
         if: ${{ github.ref_name == 'main' }}
         run: |
@@ -88,31 +88,31 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: "1.21"
-      
+
       - name: Install Task
         uses: arduino/setup-task@v2
-        
+
       - uses: actions/checkout@v4
-        
+
       - name: Run lint virtualization-controller
         run: |
           task virtualization-controller:init
           task virtualization-controller:lint:go
-  
+
   lint_yaml:
     runs-on: ubuntu-latest
     name: Run yaml linter
     steps:
       - name: Install Task
         uses: arduino/setup-task@v2
-        
+
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Lint yaml with prettier
         run: task -p lint:prettier:yaml
-  
+
   test:
     runs-on: ubuntu-latest
     name: Run unit test
@@ -126,7 +126,7 @@ jobs:
         uses: arduino/setup-task@v2
 
       - uses: actions/checkout@v4
-      
+
       - name: Run test hooks
         run: |
           task hooks:test
@@ -139,7 +139,7 @@ jobs:
   dev_setup_build:
     runs-on: ubuntu-latest
     name: Build and Push images
-    steps:      
+    steps:
       - name: Set vars for PR
         if: ${{ github.ref_name != 'main' }}
         run: |
@@ -160,6 +160,85 @@ jobs:
           echo MODULES_MODULE_SOURCE=$MODULES_MODULE_SOURCE
           echo MODULES_MODULE_TAG=$MODULES_MODULE_TAG
 
+      - name: sizes
+        run: |
+          echo /opt/hostedtoolcache
+          du -shc /opt/hostedtoolcache/* || true
+          echo
+          echo /opt/microsoft
+          du -shc /opt/microsoft/* || true
+          echo
+          echo /opt/az
+          du -shc /opt/az/* || true
+          echo
+          echo /usr/local/lib
+          du -shc /usr/local/lib/* || true
+          echo
+          echo /usr/local/share
+          du -shc /usr/local/share/* || true
+          echo
+          echo /usr/share
+          du -shc /usr/share/* || true
+          echo
+
+          echo /var/lib/docker
+          du -shc /var/lib/docker/* || true
+          echo
+
+          echo "Total size:"
+          du -shc /opt/hostedtoolcache /opt/microsoft /opt/az /usr/local/lib /usr/local/share /usr/share /var/lib/docker || true
+                    
+          echo
+          echo
+          echo Docker images:
+          docker images -a
+
+      - name: remove-unwanted-software
+        run: |
+          echo "=== Available space before cleanup"
+          df -h
+          function cleanup_dir() {
+            dir=$1
+            TIMEFORMAT="Cleanup ${dir} took %R seconds"
+            time {
+              echo "Remove ${desc}"
+              sudo rm -rf $dir || true
+            }
+          }
+          
+          echo "Remove CodeQL ... (5.0G)" 
+          cleanup_dir /opt/hostedtoolcache/CodeQL
+          echo "Remove Android ... (8.9G)"
+          cleanup_dir /usr/local/lib/android
+          echo "Remove Azure tools ... (747M)"
+          cleanup_dir /opt/az
+
+          echo "Remove chromium ... (510M)"
+          cleanup_dir /usr/local/share/chromium
+
+          echo "Remove DotNet ... (???)"
+          cleanup_dir /usr/share/dotnet
+
+          echo "Remove Julia ... (579M)"
+          cleanup_dir /usr/local/julia1.10.2
+
+          echo "Remove MS Tools: MS Edge ... (559M)"
+          cleanup_dir /opt/microsoft/msedge
+          echo "Remove MS Tools: powershell ... (175M)"
+          cleanup_dir /usr/local/share/powershell
+          
+          
+          echo "Remove AWS tools ... (403M)"
+          cleanup_dir /usr/local/aws-cli
+          cleanup_dir /usr/local/aws-sam-cli
+          
+          echo "Remove preinstalled Docker images ..."
+          sudo docker image prune --all --force > /dev/null
+          
+          
+          echo "=== Available space after cleanup"
+          df -h
+
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
@@ -174,6 +253,6 @@ jobs:
               IMAGE_SRC="$(jq -r '.Images."bundle".DockerImageName' images_tags_werf.json)"
               IMAGE_DST="$(jq -r '.Images.bundle.DockerRepo' images_tags_werf.json):main"
               echo "✨ Bundle image : Pushing ${IMAGE_SRC} to ${IMAGE_DST}"
-              crane copy ${IMAGE_SRC} ${IMAGE_DST} 
+              crane copy ${IMAGE_SRC} ${IMAGE_DST}
         if: ${{ github.ref_name == 'main' }}
         name: Bundle image tag main
diff --git a/images/kube-api-proxy/pkg/rewriter/admission.go b/images/kube-api-proxy/pkg/rewriter/admission.go
@@ -0,0 +1,153 @@
+package rewriter
+
+import (
+	"github.com/tidwall/gjson"
+	"github.com/tidwall/sjson"
+)
+
+// RewriteAdmissionReview rewrites AdmissionReview request and response.
+// NOTE: action is not supported yet, Restore is assumed for AdmissionReview
+// request from Kubernetes API Server. Response is passed back to server as is.
+func RewriteAdmissionReview(rules *RewriteRules, obj []byte, origGroup string) ([]byte, error) {
+	response := gjson.GetBytes(obj, "response")
+	if response.Exists() {
+		// TODO rewrite response with the Patch.
+		return obj, nil
+	}
+
+	request := gjson.GetBytes(obj, "request")
+	if request.Exists() {
+		newRequest, err := RewriteAdmissionReviewRequest(rules, []byte(request.Raw), origGroup)
+		if err != nil {
+			return nil, err
+		}
+		if len(newRequest) > 0 {
+			obj, err = sjson.SetRawBytes(obj, "request", newRequest)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	return obj, nil
+}
+
+// RewriteAdmissionReviewRequest restores apiVersion, kind and other fields in an AdmissionReview request.
+// Only restoring is required, as AdmissionReview request only comes from API Server.
+func RewriteAdmissionReviewRequest(rules *RewriteRules, obj []byte, origGroup string) ([]byte, error) {
+	var err error
+
+	// Rewrite "resource" field and find rules.
+	{
+		resourceObj := gjson.GetBytes(obj, "resource")
+		group := resourceObj.Get("group")
+		resource := resourceObj.Get("resource")
+		// Ignore reviews for unknown renamed group.
+		if group.String() != rules.RenamedGroup {
+			return nil, nil
+		}
+		newResource := rules.RestoreResource(resource.String())
+		obj, err = sjson.SetBytes(obj, "resource.resource", newResource)
+		if err != nil {
+			return nil, err
+		}
+		obj, err = sjson.SetBytes(obj, "resource.group", origGroup)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Rewrite "requestResource" field.
+	{
+		fieldObj := gjson.GetBytes(obj, "requestResource")
+		group := fieldObj.Get("group")
+		resource := fieldObj.Get("resource")
+		// Ignore reviews for unknown renamed group.
+		if group.String() != rules.RenamedGroup {
+			return nil, nil
+		}
+		newResource := rules.RestoreResource(resource.String())
+		obj, err = sjson.SetBytes(obj, "requestResource.resource", newResource)
+		if err != nil {
+			return nil, err
+		}
+		obj, err = sjson.SetBytes(obj, "requestResource.group", origGroup)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Check "subresource" field. No need to rewrite kind, requestKind, object and oldObject fields if subresource is set.
+	{
+		fieldObj := gjson.GetBytes(obj, "subresource")
+		if fieldObj.Exists() && fieldObj.String() != "" {
+			return obj, err
+		}
+	}
+
+	// Rewrite "kind" field.
+	{
+		fieldObj := gjson.GetBytes(obj, "kind")
+		kind := fieldObj.Get("kind")
+		newKind := rules.RestoreKind(kind.String())
+		obj, err = sjson.SetBytes(obj, "kind.kind", newKind)
+		if err != nil {
+			return nil, err
+		}
+		obj, err = sjson.SetBytes(obj, "kind.group", origGroup)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Rewrite "requestKind" field.
+	{
+		fieldObj := gjson.GetBytes(obj, "requestKind")
+		kind := fieldObj.Get("kind")
+		newKind := rules.RestoreKind(kind.String())
+		obj, err = sjson.SetBytes(obj, "requestKind.kind", newKind)
+		if err != nil {
+			return nil, err
+		}
+		obj, err = sjson.SetBytes(obj, "requestKind.group", origGroup)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Rewrite "object" field.
+	{
+		fieldObj := gjson.GetBytes(obj, "object")
+		if fieldObj.Exists() {
+			newField, err := RestoreResource(rules, []byte(fieldObj.Raw), origGroup)
+			if err != nil {
+				return nil, err
+			}
+			if len(newField) > 0 {
+				obj, err = sjson.SetRawBytes(obj, "object", newField)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+	}
+
+	// Rewrite "oldObject" field.
+	{
+		fieldObj := gjson.GetBytes(obj, "oldObject")
+		if fieldObj.Exists() {
+			newField, err := RestoreResource(rules, []byte(fieldObj.Raw), origGroup)
+			if err != nil {
+				return nil, err
+			}
+			if len(newField) > 0 {
+				obj, err = sjson.SetRawBytes(obj, "oldObject", newField)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+	}
+
+	return obj, nil
+}
diff --git a/images/kube-api-proxy/pkg/rewriter/mutating.go b/images/kube-api-proxy/pkg/rewriter/mutating.go
@@ -0,0 +1,10 @@
+package rewriter
+
+const (
+	MutatingWebhookConfigurationKind     = "MutatingWebhookConfiguration"
+	MutatingWebhookConfigurationListKind = "MutatingWebhookConfigurationList"
+)
+
+func RewriteMutatingOrList(rules *RewriteRules, obj []byte, action Action) ([]byte, error) {
+	return obj, nil
+}
diff --git a/images/kube-api-proxy/pkg/rewriter/rule_rewriter.go b/images/kube-api-proxy/pkg/rewriter/rule_rewriter.go
@@ -175,6 +175,9 @@ func (rw *RuleBasedRewriter) RewriteJSONPayload(targetReq *TargetRequest, obj []
 	case RoleKind, RoleListKind:
 		rwrBytes, err = RewriteRoleOrList(rw.Rules, obj, action)
 
+	case CRDKind, CRDListKind:
+		rwrBytes, err = RewriteCRDOrList(rw.Rules, obj, mode, reqResult.OrigGroup)
+
 	default:
 		if targetReq.IsCore() {
 			rwrBytes, err = RewriteOwnerReferences(rw.Rules, obj, action)

diff --git a/images/kube-api-proxy/pkg/rewriter/rules.go b/images/kube-api-proxy/pkg/rewriter/rules.go
@@ -105,6 +105,20 @@ func (rr *RewriteRules) GroupRule(group string) *GroupRule {
 	return nil
 }
 
+func (rr *RewriteRules) WebhookRule(path string) *WebhookRule {
+	if webhookRule, ok := rr.Webhooks[path]; ok {
+		return &webhookRule
+	}
+	return nil
+}
+
+func (rr *RewriteRules) GroupRule(group string) *GroupRule {
+	if groupRule, ok := rr.Rules[group]; ok {
+		return &groupRule.GroupRule
+	}
+	return nil
+}
+
 func (rr *RewriteRules) ResourceRules(group, resource string) (*GroupRule, *ResourceRule) {
 	groupRule, ok := rr.Rules[group]
 	if !ok {

diff --git a/images/kube-api-proxy/pkg/rewriter/validating.go b/images/kube-api-proxy/pkg/rewriter/validating.go
@@ -0,0 +1,10 @@
+package rewriter
+
+const (
+	ValidatingWebhookConfigurationKind     = "ValidatingWebhookConfiguration"
+	ValidatingWebhookConfigurationListKind = "ValidatingWebhookConfigurationList"
+)
+
+func RewriteValidatingOrList(rules *RewriteRules, obj []byte, action Action) ([]byte, error) {
+	return obj, nil
+}
diff --git a/templates/cdi/_helpers.tpl b/templates/cdi/_helpers.tpl
@@ -71,4 +71,4 @@ spec:
         volumeMounts:
         - name: kube-api-proxy-kubeconfig
           mountPath: /kubeconfig.local
-{{- end -}}
+{{- end -}}