changes to the duration in which the operator is run

Author: AnaisUrlichs

.vscode/launch.json

@@ -1,7 +1,4 @@
  {
-    // Use IntelliSense to learn about possible attributes.
-    // Hover to view descriptions of existing attributes.
-    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
     "version": "0.2.0",
     "configurations": [
         {

PROJECT

@@ -9,11 +9,6 @@ multigroup: true
 projectName: controller
 repo: github.com/AnaisUrlichs/security-controller
 resources:
-- controller: true
-  group: core
-  kind: Pod
-  path: k8s.io/api/core/v1
-  version: v1
 - api:
     crdVersion: v1
     namespaced: true

README.md

@@ -133,7 +133,7 @@ More information can be found via the [Kubebuilder Documentation](https://book.k
 3. Build and push your image to the location specified by `IMG`:
 
 ```sh
-make docker-build docker-push IMG=<some-registry>/controller:tag
+make docker-buildx docker-push
 ```
 
 ## License

apis/api/v1alpha1/configuration_types.go

@@ -21,13 +21,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
-// ConfigurationSpec defines the desired state of Configuration
+// ConfigurationSpec defines the desired state of the Misconfiguration to be applied to deployments
 type ConfigurationSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired st ate of cluster
-	// Important: Run "make" to regenerate code after modifying this file
 
 	// Set Container Imagetag
 	ImageTag string `json:"imageTag,omitempty"`

config/samples/api_v1alpha1_configuration.yaml

@@ -10,4 +10,4 @@ spec:
   requests:  "300m"
   runAsNonRoot: false
   memoryrequests: "65Mi"
-  memorylimits: "130Mi"
+  memorylimits: "130Mi"

config/samples/deployment.yaml

@@ -4,7 +4,7 @@ metadata:
   name: nginx-deployment
   namespace: demo
   annotations:
-    anaisurl.com/misconfiguration: "false"
+    anaisurl.com/misconfiguration: "true"
   labels:
     app: nginx
 spec:

controllers/api/configuration_controller.go

@@ -27,7 +27,6 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	apiv1alpha1 "github.com/AnaisUrlichs/security-controller/apis/api/v1alpha1"
@@ -53,12 +52,9 @@ const (
 // +kubebuilder:rbac:groups=api.core.anaisurl.com,resources=configurations/finalizers,verbs=update
 // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;list;watch;create;update;patch;delete
+//
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
-// the Configuration object against the actual cluster state, and then
-// perform operations to make the cluster state reflect the state specified by
-// the user.
 //
 // For more details, check Reconcile and its Result here:
 // - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile
@@ -68,7 +64,6 @@ func (r *ConfigurationReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 	log.Info("Reconciling deployments")
 
 	mdConf := &apiv1alpha1.Configuration{}
-	mdConfFinalizer := mdConf.GetFinalizers()
 
 	if err := r.Client.Get(ctx, req.NamespacedName, mdConf); err != nil {
 		if errors.IsNotFound(err) {
@@ -80,25 +75,7 @@ func (r *ConfigurationReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 		return r.finishReconcile(err, false)
 	}
 
-	if mdConf.ObjectMeta.DeletionTimestamp.IsZero() {
-		// The object is not being deleted, so if it does not have our finalizer,
-		// then lets add the finalizer and update the object. This is equivalent
-		// registering our finalizer.
-		if mdConfFinalizer == nil {
-			controllerutil.AddFinalizer(mdConf, annotationName)
-			if err := r.Update(ctx, mdConf); err != nil {
-				return r.finishReconcile(err, false)
-			}
-		}
-
-	} else {
-		// The object is being deleted
-		if mdConfFinalizer != nil {
-			controllerutil.RemoveFinalizer(mdConf, annotationName)
-			if err := r.Update(ctx, mdConf); err != nil {
-				return ctrl.Result{}, err
-			}
-		}
+	if !mdConf.ObjectMeta.DeletionTimestamp.IsZero() {
 		// Stop reconciliation as the item is being deleted
 		return r.finishReconcile(nil, false)
 	}
@@ -141,6 +118,7 @@ func (r *ConfigurationReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 			cm.Spec.Template.Spec.Containers[0].Resources.Limits[kcore.ResourceCPU] = mdConf.Spec.CPULimits
 			cm.Spec.Template.Spec.Containers[0].Resources.Requests[kcore.ResourceMemory] = mdConf.Spec.MemoryRequests
 			cm.Spec.Template.Spec.Containers[0].Resources.Limits[kcore.ResourceMemory] = mdConf.Spec.MemoryLimits
+			cm.Annotations["anaisurl.com/last-updated"] = time.Now().Format(time.RFC3339)
 
 			val := "false"
 			cm.Annotations["anaisurl.com/misconfiguration"] = val

controllers/apps/deplyment_controller.go

@@ -15,6 +15,7 @@ package apps
 
 import (
 	"context"
+	"time"
 
 	kapps "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -29,16 +30,12 @@ type DeploymentReconciler struct {
 	Scheme *runtime.Scheme
 }
 
-//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-//+kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
-//+kubebuilder:rbac:groups=apps,resources=deployments/finalizers,verbs=update
-
+// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=apps,resources=deployments/finalizers,verbs=update
+//
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
-// the Deployment object against the actual cluster state, and then
-// perform operations to make the cluster state reflect the state specified by
-// the user.
 //
 // For more details, check Reconcile and its Result here:
 // - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile
@@ -54,17 +51,30 @@ func (r *DeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 
 	l.Info("Deployment", "name", deployment.Name, "namespace", deployment.Namespace, "annotations", deployment.Annotations)
 
+	lastUpdated, has := deployment.GetAnnotations()["anaisurl.com/last-updated"]
 	val, ok := deployment.GetAnnotations()["anaisurl.com/misconfiguration"]
-	if ok && val == "false" {
-		val = "true"
 
-		// Update deployment
-		deployment.SetAnnotations(map[string]string{"anaisurl.com/misconfiguration": val})
+	// check if lastUpdated is more than 1 minutes
+	if ok && val == "false" && has {
+
+		lastUpdatedTime, err := time.Parse(time.RFC3339, lastUpdated)
+
+		if time.Now().Sub(lastUpdatedTime) > 5*time.Minute {
+			val = "true"
+			// Update deployment
+			deployment.SetAnnotations(map[string]string{"anaisurl.com/misconfiguration": val})
+			deployment.Annotations["anaisurl.com/last-updated"] = time.Now().Format(time.RFC3339)
+
+			err := r.Client.Update(ctx, deployment)
+			if err != nil {
+				return ctrl.Result{}, err
+			}
+		}
 
-		err := r.Client.Update(ctx, deployment)
 		if err != nil {
-			return ctrl.Result{}, err
+			return ctrl.Result{}, client.IgnoreNotFound(err)
 		}
+
 	}
 
 	return ctrl.Result{}, nil

main.go

@@ -89,18 +89,18 @@ func main() {
 		setupLog.Error(err, "unable to start manager")
 		os.Exit(1)
 	}
-	if err = (&apicontrollers.ConfigurationReconciler{
+	if err = (&appscontrollers.DeploymentReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "Configuration")
+		setupLog.Error(err, "unable to create controller", "controller", "Deployment")
 		os.Exit(1)
 	}
-	if err = (&appscontrollers.DeploymentReconciler{
+	if err = (&apicontrollers.ConfigurationReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "Deployment")
+		setupLog.Error(err, "unable to create controller", "controller", "Configuration")
 		os.Exit(1)
 	}
 	//+kubebuilder:scaffold:builder