Move to go hooks (#90)

Signed-off-by: Aleksandr Stefurishin <[email protected]>
Signed-off-by: Nikolay Demchuk <[email protected]>
Co-authored-by: Nikolay Demchuk <[email protected]>
Co-authored-by: Aleksandr Stefurishin <[email protected]>

Author: 3 people

hooks/generate_scheduler_extender_certs.py

@@ -19,7 +19,7 @@ package hooks_common
 import (
 	"fmt"
 
-	consts "github.com/deckhouse/csi-nfs/hooks/go/consts"
+	"github.com/deckhouse/csi-nfs/hooks/go/consts"
 	tlscertificate "github.com/deckhouse/module-sdk/common-hooks/tls-certificate"
 )
 

hooks/go/020-webhook-certs/webhook-certs.go

@@ -0,0 +1,38 @@
+/*
+Copyright 2025 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package generatecerts
+
+import (
+	"fmt"
+
+	"github.com/deckhouse/csi-nfs/hooks/go/consts"
+	tlscertificate "github.com/deckhouse/module-sdk/common-hooks/tls-certificate"
+)
+
+var _ = tlscertificate.RegisterInternalTLSHookEM(tlscertificate.GenSelfSignedTLSHookConf{
+	CommonCACanonicalName: fmt.Sprintf("%s-%s", consts.ModulePluralName, consts.SchedulerCertCn),
+	CN:                    fmt.Sprintf("%s-%s", consts.ModulePluralName, consts.SchedulerCertCn),
+	TLSSecretName:         fmt.Sprintf("%s-https-certs", consts.SchedulerCertCn),
+	Namespace:             consts.ModuleNamespace,
+	SANs: tlscertificate.DefaultSANs([]string{
+		fmt.Sprintf("%s-%s", consts.ModulePluralName, consts.SchedulerCertCn),
+		fmt.Sprintf("%s-%s.%s", consts.ModulePluralName, consts.SchedulerCertCn, consts.ModuleNamespace),
+		fmt.Sprintf("%s-%s.%s.svc", consts.ModulePluralName, consts.SchedulerCertCn, consts.ModuleNamespace),
+		// %CLUSTER_DOMAIN%:// is a special value to generate SAN like 'svc_name.svc_namespace.svc.cluster.local'
+		fmt.Sprintf("%%CLUSTER_DOMAIN%%://%s-%s.%s.svc", consts.ModulePluralName, consts.SchedulerCertCn, consts.ModuleNamespace),
+	}),
+	FullValuesPathPrefix: fmt.Sprintf("%s.internal.customSchedulerExtenderCert", consts.ModuleName),
+})

hooks/go/070-generate-certs/scheduler_extender_cert.go

@@ -0,0 +1,143 @@
+/*
+Copyright 2025 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package schedulerextenderenabler
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/deckhouse/csi-nfs/api/v1alpha1"
+	"github.com/deckhouse/csi-nfs/hooks/go/consts"
+	"github.com/deckhouse/module-sdk/pkg"
+	"github.com/deckhouse/module-sdk/pkg/registry"
+)
+
+const (
+	NFSStorageClassSnapshotName = "nfs-storage-classes"
+)
+
+var (
+	_ = registry.RegisterFunc(
+		&pkg.HookConfig{
+			Kubernetes: []pkg.KubernetesConfig{
+				{
+					Name:                         NFSStorageClassSnapshotName,
+					APIVersion:                   "storage.deckhouse.io/v1alpha1",
+					Kind:                         "NFSStorageClass",
+					ExecuteHookOnEvents:          ptr(true),
+					ExecuteHookOnSynchronization: ptr(true),
+					JqFilter:                     ".spec.workloadNodes",
+					AllowFailure:                 ptr(true),
+				},
+			},
+			Settings: &pkg.HookConfigSettings{
+				ExecutionMinInterval: time.Second * 3,
+				ExecutionBurst:       1,
+			},
+			Queue: fmt.Sprintf("modules/%s", consts.ModuleName),
+		},
+		mainHook,
+	)
+)
+
+func mainHook(ctx context.Context, input *pkg.HookInput) error {
+	fmt.Println("Scheduler extender enabler hook started")
+	shouldEnable := false
+
+	// Get snapshots using the standard approach
+	snapshots := input.Snapshots.Get(NFSStorageClassSnapshotName)
+	if len(snapshots) == 0 {
+		fmt.Println("No snapshots found")
+		// Don't return early - we need to disable the scheduler extender
+	} else {
+		fmt.Printf("Found %d snapshots\n", len(snapshots))
+
+		for i, snapshot := range snapshots {
+			fmt.Printf("Processing snapshot %d: %v\n", i, snapshot)
+
+			// Try to access the snapshot data as JSON
+			// The JqFilter extracts .spec.workloadNodes, so we should get NFSStorageClassWorkloadNodes directly
+			// If workloadNodes is not configured, the JqFilter returns null
+
+			// The snapshot contains a base64-encoded JSON string
+			// First, marshal the snapshot to get the base64 string
+			snapshotBytes, err := json.Marshal(snapshot)
+			if err != nil {
+				fmt.Printf("Error marshaling snapshot %d: %v\n", i, err)
+				continue
+			}
+
+			// Remove quotes from the JSON string to get the base64 string
+			base64Str := string(snapshotBytes[1 : len(snapshotBytes)-1])
+			fmt.Printf("Snapshot %d base64: %s\n", i, base64Str)
+
+			// Decode the base64 string
+			jsonBytes, err := base64.StdEncoding.DecodeString(base64Str)
+			if err != nil {
+				fmt.Printf("Error decoding base64 for snapshot %d: %v\n", i, err)
+				continue
+			}
+			fmt.Printf("Snapshot %d decoded JSON: %s\n", i, string(jsonBytes))
+
+			// Try to unmarshal as NFSStorageClassWorkloadNodes
+			workloadNodes := new(v1alpha1.NFSStorageClassWorkloadNodes)
+			err = json.Unmarshal(jsonBytes, workloadNodes)
+			if err != nil {
+				fmt.Printf("Error unmarshaling snapshot %d as NFSStorageClassWorkloadNodes: %v\n", i, err)
+				continue
+			}
+
+			fmt.Printf("Successfully unmarshaled workload nodes: %+v\n", workloadNodes)
+
+			// Check if NodeSelector is configured
+			if workloadNodes.NodeSelector == nil {
+				fmt.Println("nodeSelector is nil")
+				continue
+			}
+
+			// Check if NodeSelector has any actual selectors
+			if workloadNodes.NodeSelector.MatchLabels == nil && workloadNodes.NodeSelector.MatchExpressions == nil {
+				fmt.Println("nodeSelector has no matchLabels or matchExpressions")
+				continue
+			}
+
+			fmt.Printf("Found valid nodeSelector: %+v\n", workloadNodes.NodeSelector)
+			fmt.Println("NodeSelector is not empty. Should enable scheduler extender")
+			shouldEnable = true
+			break
+		}
+	}
+
+	enableLabel := fmt.Sprintf("%v.internal.shedulerExtenderEnabled", consts.ModuleName)
+
+	if shouldEnable {
+		fmt.Println("Enable scheduler extender")
+		input.Values.Set(enableLabel, true)
+	} else {
+		fmt.Println("Disable scheduler extender")
+		input.Values.Set(enableLabel, false)
+	}
+
+	return nil
+}
+
+func ptr[T any](a T) *T {
+	return &a
+}

hooks/go/080-scheduler-extender-enabler/scheduler_extender_enabler.go

@@ -17,10 +17,11 @@ limitations under the License.
 package consts
 
 const (
-	ModuleName      	string = "csiNfs"
-	ModuleNamespace 	string = "d8-csi-nfs"
-	ModulePluralName 	string = "csi-nfs"
-	WebhookCertCn   	string = "webhooks"
+	ModuleName       string = "csiNfs"
+	ModuleNamespace  string = "d8-csi-nfs"
+	ModulePluralName string = "csi-nfs"
+	WebhookCertCn    string = "webhooks"
+	SchedulerCertCn  string = "scheduler-extender"
 )
 
 var AllowedProvisioners = []string{

hooks/go/consts/consts.go

@@ -4,7 +4,7 @@ go 1.24.6
 
 require (
 	github.com/deckhouse/csi-nfs/api v0.0.0-20250314071217-91b1f5b52e17
-	github.com/deckhouse/module-sdk v0.2.0
+	github.com/deckhouse/module-sdk v0.2.2
 	github.com/deckhouse/sds-common-lib v0.0.0-20250331104837-4ed70c9f1a83
 	github.com/kubernetes-csi/external-snapshotter/client/v8 v8.2.0
 	k8s.io/api v0.32.3
@@ -21,7 +21,7 @@ require (
 	github.com/cloudflare/cfssl v1.6.5 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250227202034-eda49647c2d9 // indirect
+	github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250424095005-9ab587d01d7a // indirect
 	github.com/docker/cli v28.0.1+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.2 // indirect
@@ -55,6 +55,8 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/onsi/ginkgo/v2 v2.23.3 // indirect
+	github.com/onsi/gomega v1.37.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml v1.9.3 // indirect
@@ -76,14 +78,14 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300 // indirect
 	github.com/zmap/zlint/v3 v3.5.0 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/crypto v0.38.0 // indirect
+	golang.org/x/net v0.40.0 // indirect
 	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/sync v0.12.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/term v0.30.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/time v0.10.0 // indirect
+	golang.org/x/sync v0.14.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/term v0.32.0 // indirect
+	golang.org/x/text v0.25.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect