initial commit

Author: angylada

.gitignore

@@ -0,0 +1,3 @@
+.idea
+go.sum
+main

README.md

@@ -0,0 +1,21 @@
+# Dovecot Director Controller
+
+Dovecot director is used to keep a temporary user -> mail server (= dovecot server) mapping, as described in <a href="https://wiki.dovecot.org/Director">dovecot docs</a>.
+If a dovecot director and dovecot server are used in a kubernetes cluster, mappings are not being updated in case a dovecot container restarts for example.
+To update the new pod ip and therefore to correct the mapping a manual execution of the command "doveadm reload" needs to be done on the dovecot director server.
+Since no one wants to waste manual effort on responses to ordinary container events this tool intends to automatically execute said command on the dovecot director shell whenever a dovecot container/pod becomes ready.
+
+
+### Usage
+
+Runs inside and outside of a kubernetes cluster.
+If you don't run it inside a k8s cluster it tries to load the kubeconfig in the executing users homedir.
+If it does not exist you need to specify the absolute path with command flag "-c".
+ 
+Environment variables needed for successful execution:
+* `DOVECOT_DIRECTOR_LABELS`(string): All labels given to dovecot director for conclusive identification of dovecot director pods in the following format: `<LABEL1>=<VALUE1>,<LABEL2>=<VALUE2>`
+* `DOVECOT_LABELS`(string): All labels given to dovecot for conclusive identification of dovecot pods, same format as in `DOVECOT_DIRECTOR_LABELS`
+* `DOVECOT_NAMESPACE`(string): Namespace name which must contain both dovecot director and dovecot pods
+
+### Used Library
+https://github.com/kubernetes/client-go

cmd/main.go

@@ -0,0 +1,194 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"flag"
+	"fmt"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/cache"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/remotecommand"
+	"k8s.io/client-go/util/homedir"
+	"os"
+	"path/filepath"
+	"time"
+)
+
+// variables: namespace, labels
+var dovecotLabels string
+var dovecotDirectorLabels string
+
+var namespace string
+var kubeconf *rest.Config
+
+func main() {
+	clientset, err := InClusterAuth()
+
+	if clientset == nil {
+		clientset, err = OutOfClusterAuth()
+	}
+	if err != nil {
+		panic(err.Error())
+	}
+	dovecotDirectorLabels = os.Getenv("DOVECOT_DIRECTOR_LABELS")
+	dovecotLabels = os.Getenv("DOVECOT_LABELS")
+	namespace = os.Getenv("DOVECOT_NAMESPACE")
+
+	StartWatcher(clientset, namespace)
+}
+
+func GetPodsByLabel(clientset *kubernetes.Clientset, namespace string, labels string) *v1.PodList {
+	listOptions := metav1.ListOptions{
+		LabelSelector: labels,
+	}
+	pods, err := clientset.CoreV1().Pods(namespace).List(context.TODO(), listOptions)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	return pods
+}
+
+func ExecuteCommand(command string, podname string, namespace string, clientset *kubernetes.Clientset) error {
+	cmd := []string{
+		"sh",
+		"-c",
+		command,
+	}
+	req := clientset.CoreV1().RESTClient().Post().Resource("pods").Name(podname).Namespace(namespace).SubResource("exec")
+	// THE FOLLOWING EXPECTS THE POD TO HAVE ONLY ONE CONTAINER IN WHICH THE COMMAND IS GOING TO BE EXECUTED
+	option := &v1.PodExecOptions{
+		Command: cmd,
+		Stdin:   false,
+		Stdout:  true,
+		Stderr:  true,
+		TTY:     true,
+	}
+
+	req.VersionedParams(
+		option,
+		scheme.ParameterCodec,
+	)
+
+	exec, err := remotecommand.NewSPDYExecutor(kubeconf, "POST", req.URL())
+	if err != nil {
+		return err
+	}
+	var stdout, stderr bytes.Buffer
+
+	err = exec.Stream(remotecommand.StreamOptions{
+		Stdin:  nil,
+		Stdout: &stdout,
+		Stderr: &stderr,
+		Tty:    true,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func handleEvent(pod *v1.Pod, clientset *kubernetes.Clientset) {
+	switch pod.Status.Phase {
+	case v1.PodFailed, v1.PodSucceeded:
+	case v1.PodRunning:
+		containerStatusSlice := pod.Status.ContainerStatuses
+
+		for _, containerStatus := range containerStatusSlice {
+
+			if containerStatus.Ready {
+				podlist := GetPodsByLabel(clientset, namespace, dovecotDirectorLabels)
+
+				for _, dovecotPod := range podlist.Items {
+					err := ExecuteCommand(
+						"doveadm reload",
+						dovecotPod.ObjectMeta.Name,
+						namespace,
+						clientset)
+					if err != nil {
+						fmt.Println(err.Error())
+					}
+				}
+			}
+		}
+	}
+
+}
+
+func StartWatcher(clientset *kubernetes.Clientset, namespace string) () {
+	optionsModifierFunc := func(options *metav1.ListOptions) {
+		options.LabelSelector = dovecotLabels
+	}
+	watchlist := cache.NewFilteredListWatchFromClient(
+		clientset.CoreV1().RESTClient(),
+		"pods",
+		namespace,
+		optionsModifierFunc)
+
+	_, controller := cache.NewInformer(
+		watchlist,
+		&v1.Pod{},
+		time.Second*0,
+		cache.ResourceEventHandlerFuncs{
+			AddFunc: func(obj interface{}) {
+				pod := obj.(*v1.Pod)
+				handleEvent(pod, clientset)
+			},
+			UpdateFunc: func(oldObj, newObj interface{}) {
+				pod := newObj.(*v1.Pod)
+				handleEvent(pod, clientset)
+			},
+		},
+	)
+
+	go controller.Run(make(chan struct{}))
+	for {
+		time.Sleep(time.Second)
+	}
+}
+
+
+func InClusterAuth() (*kubernetes.Clientset, error) {
+	var err error
+	kubeconf, err = rest.InClusterConfig()
+
+	if err != nil {
+		return nil, nil
+	}
+
+	clientset, err := kubernetes.NewForConfig(kubeconf)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	return clientset, nil
+}
+
+func OutOfClusterAuth() (*kubernetes.Clientset, error) {
+	var kubeconfig *string
+	if home := homedir.HomeDir(); home != "" {
+		kubeconfig = flag.String("c", filepath.Join(home, ".kube", "config"), "(optional) absolute path to the kubeconfig file")
+	} else {
+		kubeconfig = flag.String("c", "", "absolute path to the kubeconfig file")
+	}
+	flag.Parse()
+
+	var err error
+	kubeconf, err = clientcmd.BuildConfigFromFlags("", *kubeconfig)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	clientset, err := kubernetes.NewForConfig(kubeconf)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	return clientset, nil
+}

docker/Dockerfile

@@ -0,0 +1,9 @@
+FROM golang:1.15.3-alpine3.12
+
+WORKDIR /workdir/go
+
+ADD cmd/main.go go.mod ./
+
+RUN go get -d -v ./... && go install -v ./... && go build main.go
+
+CMD ["main"]

docker/build.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build --tag dovecot-director-controller:latest -f $(dirname "$0")/Dockerfile $(dirname "$0")/..

go.mod

@@ -0,0 +1,15 @@
+module cmd/main.go
+
+go 1.15
+
+require (
+	github.com/golang/protobuf v1.4.3 // indirect
+	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 // indirect
+	golang.org/x/net v0.0.0-20201016165138-7b1cca2348c0 // indirect
+	golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 // indirect
+	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
+	k8s.io/api v0.19.2
+	k8s.io/apimachinery v0.19.2
+	k8s.io/client-go v0.19.2
+	k8s.io/utils v0.0.0-20201015054608-420da100c033 // indirect
+)