Merge pull request #8 from sers-dev/#5TriggerReloadOnSecretsEvent

#5 added another watcher for secrets...

Author: angylada

.gitignore

@@ -2,3 +2,4 @@
 go.sum
 main
 vendor
+.env

README.md

@@ -1,22 +1,35 @@
 # Dovecot Director Controller
 
-Dovecot director is used to keep a temporary user -> mail server (= dovecot server) mapping, as described in <a href="https://wiki.dovecot.org/Director">dovecot docs</a>.
-If a dovecot director and dovecot server are used in a kubernetes cluster, mappings are not being updated in case a dovecot container restarts for example.
-To update the new pod ip and therefore to correct the mapping a manual execution of the command "doveadm reload" needs to be done on the dovecot director server.
-Since no one wants to waste manual effort on responses to ordinary container events this tool intends to automatically execute said command on the dovecot director shell whenever a dovecot container/pod becomes ready.
+Dovecot director is used to keep a temporary user -> mail server (= dovecot server) mapping, as described in
+[dovecot docs](https://wiki.dovecot.org/Director).
+
+If a dovecot director and dovecot server are used in a kubernetes cluster, mappings are not being updated in case a 
+dovecot container restarts for example since dovecot is not made to be used with private IPs as it is in k8s setup.
+To update the new pod ip and therefore to correct the mapping, a manual execution of the command `doveadm reload` needs 
+to be done on the dovecot director server.
+
+Since no one wants to waste manual effort on responses to ordinary container events this tool intends to automatically
+execute said command on the dovecot director pod container shell whenever a dovecot container/pod becomes ready 
+or when the tls secret is changed or updated.
 
 
 ### Usage
 
 Runs inside and outside of a kubernetes cluster.
+
 If you don't run it inside a k8s cluster it tries to load the kubeconfig in the executing users homedir.
 If it does not exist you need to specify the absolute path with command flag "-c".
 
 Environment variables needed for successful execution:
-* `DOVECOT_NAMESPACE`(string): Namespace name which must contain both dovecot director and dovecot pods
-* `DOVECOT_LABELS`(string): All labels given to dovecot for conclusive identification of dovecot pods, same format as in `DOVECOT_DIRECTOR_LABELS`
+* `DOVECOT_NAMESPACE`(string): Name of namespace that must contain both dovecot and dovecot director pods
 * `DOVECOT_DIRECTOR_LABELS`(string): All labels given to dovecot director for conclusive identification of dovecot director pods in the following format: `<LABEL1>=<VALUE1>,<LABEL2>=<VALUE2>`
-* `DOVECOT_DIRECTOR_CONTAINER_NAME` (string) (optional): Container Name of dovecot-director in Pod. Defaults to first Container in Pod if not set.
+* `DOVECOT_LABELS`(string): All labels given to dovecot for conclusive identification of dovecot pods, same format as in `DOVECOT_DIRECTOR_LABELS`
+
+  Optional environment parameters:
+* `DOVECOT_DIRECTOR_CONTAINER_NAME` (string) : Container Name of dovecot-director in Pod. Defaults to first Container in Pod if not set.
+* `SYNC_FREQUENCY_DURATION` (int, seconds, default: 70): This parameter is based on kubelets parameter `--sync-frequency duration` which is 
+    by default set to 60s, so if you change the value of kubelets parameter you should use the same value plus a few seconds
+    to trigger at `doveadm reload` after adding/changing tls secrets successfully
 
 ### Used Library
 https://github.com/kubernetes/client-go

cmd/main.go

@@ -16,14 +16,15 @@ import (
 	"k8s.io/client-go/util/homedir"
 	"os"
 	"path/filepath"
+	"strconv"
 	"time"
 )
 
 // variables: namespace, labels
 var dovecotLabels string
 var dovecotDirectorLabels string
 var dovecotDirectorContainerName string
-
+var syncFrequencyDuration int
 
 var namespace string
 var kubeconf *rest.Config
@@ -41,14 +42,22 @@ func main() {
 	}
 	dovecotDirectorLabels = os.Getenv("DOVECOT_DIRECTOR_LABELS")
 	dovecotDirectorContainerName = os.Getenv("DOVECOT_DIRECTOR_CONTAINER_NAME")
-
 	dovecotLabels = os.Getenv("DOVECOT_LABELS")
 	namespace = os.Getenv("DOVECOT_NAMESPACE")
+	syncFrequencyDurationEnv := os.Getenv("SYNC_FREQUENCY_DURATION")
+
+	syncFrequencyDuration = 70
+	if syncFrequencyDurationEnv != "" {
+		syncFrequencyDuration, err = strconv.Atoi(syncFrequencyDurationEnv)
+		if err != nil {
+			syncFrequencyDuration = 70
+		}
+	}
 
 	dovecotPods := GetPodsByLabel(clientset, namespace, dovecotLabels)
 	initialDovecotPodCount = len(dovecotPods.Items)
 
-	StartWatcher(clientset, namespace)
+	StartWatchers(clientset, namespace)
 }
 
 func GetPodsByLabel(clientset *kubernetes.Clientset, namespace string, labels string) *v1.PodList {
@@ -73,11 +82,11 @@ func ExecuteCommand(command string, podname string, namespace string, clientset
 	// THE FOLLOWING EXPECTS THE POD TO HAVE ONLY ONE CONTAINER IN WHICH THE COMMAND IS GOING TO BE EXECUTED
 	option := &v1.PodExecOptions{
 		Container: dovecotDirectorContainerName,
-		Command: cmd,
-		Stdin:   false,
-		Stdout:  true,
-		Stderr:  true,
-		TTY:     true,
+		Command:   cmd,
+		Stdin:     false,
+		Stdout:    true,
+		Stderr:    true,
+		TTY:       true,
 	}
 
 	req.VersionedParams(
@@ -116,69 +125,97 @@ func handleEvent(pod *v1.Pod, clientset *kubernetes.Clientset) {
 		containerStatusSlice := pod.Status.ContainerStatuses
 
 		for _, containerStatus := range containerStatusSlice {
-
 			if containerStatus.Ready {
-				podlist := GetPodsByLabel(clientset, namespace, dovecotDirectorLabels)
-
-				for _, dovecotDirectorPod := range podlist.Items {
-                    time := time.Now()
-                    logLevel := "info"
-                    logMessage := "success"
-                    formattedTime := time.Format("2006-01-02 15:04:05 MST")
-
-					err := ExecuteCommand(
-						"doveadm reload",
-						dovecotDirectorPod.ObjectMeta.Name,
-						namespace,
-						clientset)
-
-					if err != nil {
-					    logLevel = "error"
-					    logMessage = err.Error()
-					}
-
-					log := fmt.Sprintf("{ \"level\": \"%s\", \"timestamp\": \"%s\", \"pod\": \"%s\", \"command\": \"doveadm reload\", \"message\": \"%s\" }", logLevel, formattedTime, dovecotDirectorPod.ObjectMeta.Name, logMessage)
-					fmt.Println(log)
-				}
+				ExecuteDoveAdm(clientset, dovecotDirectorLabels, 0)
 			}
 		}
 	}
-
 }
 
-func StartWatcher(clientset *kubernetes.Clientset, namespace string) () {
-	optionsModifierFunc := func(options *metav1.ListOptions) {
-		options.LabelSelector = dovecotLabels
+func ExecuteDoveAdm(clientset *kubernetes.Clientset, dovecotDirectorLabels string, sleeptime int) {
+	if sleeptime != 0 {
+		time.Sleep(time.Second * time.Duration(int64(sleeptime)))
 	}
-	watchlist := cache.NewFilteredListWatchFromClient(
+	podlist := GetPodsByLabel(clientset, namespace, dovecotDirectorLabels)
+
+	for _, dovecotDirectorPod := range podlist.Items {
+		curTime := time.Now()
+		logLevel := "info"
+		logMessage := "success"
+		formattedTime := curTime.Format("2006-01-02 15:04:05 MST")
+
+		err := ExecuteCommand(
+			"doveadm reload",
+			dovecotDirectorPod.ObjectMeta.Name,
+			namespace,
+			clientset)
+
+		if err != nil {
+			logLevel = "error"
+			logMessage = err.Error()
+		}
+
+		log := fmt.Sprintf("{ \"level\": \"%s\", \"timestamp\": \"%s\", \"pod\": \"%s\", \"command\": \"doveadm reload\", \"message\": \"%s\" }", logLevel, formattedTime, dovecotDirectorPod.ObjectMeta.Name, logMessage)
+		fmt.Println(log)
+	}
+}
+
+func StartWatchers(clientset *kubernetes.Clientset, namespace string) {
+	watchlistSecrets := cache.NewFilteredListWatchFromClient(
+		clientset.CoreV1().RESTClient(),
+		"secrets",
+		namespace,
+		func(options *metav1.ListOptions) {},
+	)
+	_, controllerSecrets := cache.NewInformer(
+		watchlistSecrets,
+		&v1.Secret{},
+		time.Second*0,
+		cache.ResourceEventHandlerFuncs{
+			AddFunc: func(obj interface{}) {
+				secret := obj.(*v1.Secret)
+				if secret.Type == "kubernetes.io/tls" {
+					go ExecuteDoveAdm(clientset, dovecotDirectorLabels, syncFrequencyDuration)
+				}
+			},
+			UpdateFunc: func(oldObj, newObj interface{}) {
+				secret := newObj.(*v1.Secret)
+				if secret.Type == "kubernetes.io/tls" {
+					go ExecuteDoveAdm(clientset, dovecotDirectorLabels, syncFrequencyDuration)
+				}
+			},
+		},
+	)
+
+	watchlistPods := cache.NewFilteredListWatchFromClient(
 		clientset.CoreV1().RESTClient(),
 		"pods",
 		namespace,
-		optionsModifierFunc)
+		func(options *metav1.ListOptions) { options.LabelSelector = dovecotLabels },
+	)
 
-	_, controller := cache.NewInformer(
-		watchlist,
+	_, controllerPods := cache.NewInformer(
+		watchlistPods,
 		&v1.Pod{},
 		time.Second*0,
 		cache.ResourceEventHandlerFuncs{
 			AddFunc: func(obj interface{}) {
-				pod := obj.(*v1.Pod)
-				handleEvent(pod, clientset)
+				handleEvent(obj.(*v1.Pod), clientset)
 			},
 			UpdateFunc: func(oldObj, newObj interface{}) {
-				pod := newObj.(*v1.Pod)
-				handleEvent(pod, clientset)
+				handleEvent(newObj.(*v1.Pod), clientset)
 			},
 		},
 	)
 
-	go controller.Run(make(chan struct{}))
+	go controllerPods.Run(make(chan struct{}))
+	go controllerSecrets.Run(make(chan struct{}))
+
 	for {
 		time.Sleep(time.Second)
 	}
 }
 
-
 func InClusterAuth() (*kubernetes.Clientset, error) {
 	var err error
 	kubeconf, err = rest.InClusterConfig()

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.15.3-alpine3.12 as builder
+FROM golang:1.19.2-alpine as builder
 
 WORKDIR /workdir/go
 

docker/docker-compose.yaml

@@ -12,3 +12,4 @@ services:
       - DOVECOT_LABELS=app.kubernetes.io/instance=test,app.kubernetes.io/name=dovecot
       - DOVECOT_DIRECTOR_LABELS=app.kubernetes.io/instance=test,app.kubernetes.io/name=dovecot-director
       - DOVECOT_DIRECTOR_CONTAINER_NAME=dovecot-director
+      - SYNC_FREQUENCY_DURATION=80

go.mod

@@ -1,15 +1,48 @@
 module cmd/main.go
 
-go 1.15
+go 1.19
 
 require (
-	github.com/golang/protobuf v1.4.3 // indirect
-	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 // indirect
-	golang.org/x/net v0.0.0-20201016165138-7b1cca2348c0 // indirect
-	golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 // indirect
-	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
-	k8s.io/api v0.19.2
-	k8s.io/apimachinery v0.19.2
-	k8s.io/client-go v0.19.2
-	k8s.io/utils v0.0.0-20201015054608-420da100c033 // indirect
+	github.com/PuerkitoBio/purell v1.1.1 // indirect
+	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
+	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
+	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.25.3 // indirect
+	k8s.io/apimachinery v0.25.3 // indirect
+	k8s.io/client-go v0.25.3 // indirect
+	k8s.io/klog/v2 v2.70.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
+	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
+	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
 )