feat(syncer): add resource syncer (#6595)

Author: liubog2008

Makefile

@@ -27,7 +27,7 @@ MOCK_BOILERPLATE_FILE = $(ROOT)/hack/boilerplate/boilerplate.txt
 KUBE_OPT = -n tidb-admin --context kind-tidb-operator
 GO_TOOL_BIN = register-gen deepcopy-gen controller-gen mockgen golangci-lint license-eye mdtoc helm kind ginkgo kubectl
 
-ALL_CMD = tidb-operator prestop-checker testing-workload tidb-backup-manager
+ALL_CMD = tidb-operator prestop-checker testing-workload tidb-backup-manager resource-syncer
 .PHONY: build
 build: $(addprefix build/,$(ALL_CMD))
 build/%:

cmd/resource-syncer/README.md

@@ -0,0 +1,3 @@
+# Resource Syncer
+
+This binary is designed for syncing resources(secrets, configmap, etc...) of kubernetes into pods

cmd/resource-syncer/main.go

@@ -0,0 +1,135 @@
+// Copyright 2024 PingCAP, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"go.uber.org/zap/zapcore"
+	"k8s.io/apimachinery/pkg/labels"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+
+	"github.com/spf13/afero"
+	"github.com/spf13/pflag"
+
+	"github.com/pingcap/tidb-operator/api/v2/core/v1alpha1"
+	"github.com/pingcap/tidb-operator/v2/pkg/controllers/resourcesyncer/secret"
+)
+
+var setupLog = ctrl.Log.WithName("setup")
+
+type Config struct {
+	Namespace     string
+	Labels        map[string]string
+	BaseDir       string
+	SecretDirName string
+
+	ProbeAddr string
+}
+
+func (c *Config) AddFlags(fs *pflag.FlagSet) {
+	fs.StringVarP(&c.Namespace, "namespace", "n", "default", "namespace of syncer")
+	fs.StringVarP(&c.BaseDir, "base-dir", "d", "", "base dir of data")
+	fs.StringVar(&c.SecretDirName, "secret-dir-name", "secrets", "dir name of secret data")
+	fs.StringToStringVarP(&c.Labels, "labels", "l", map[string]string{
+		v1alpha1.LabelKeyManagedBy: v1alpha1.LabelValManagedByOperator,
+	}, "labels of secrets")
+
+	fs.StringVar(&c.ProbeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
+}
+
+func main() {
+	opts := zap.Options{
+		Development:     false,
+		StacktraceLevel: zapcore.PanicLevel, // stacktrace on panic only
+		// use console encoder now for development, switch to json if needed later
+		Encoder: zapcore.NewConsoleEncoder(zapcore.EncoderConfig{
+			TimeKey:        "T",
+			LevelKey:       "L",
+			NameKey:        "N",
+			CallerKey:      "C",
+			FunctionKey:    zapcore.OmitKey,
+			MessageKey:     "M",
+			StacktraceKey:  "S",
+			LineEnding:     zapcore.DefaultLineEnding,
+			EncodeLevel:    zapcore.CapitalLevelEncoder,
+			EncodeTime:     zapcore.ISO8601TimeEncoder,
+			EncodeDuration: zapcore.StringDurationEncoder,
+			EncodeCaller:   zapcore.ShortCallerEncoder,
+		}),
+	}
+	opts.BindFlags(flag.CommandLine)
+	pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
+
+	cfg := Config{}
+	cfg.AddFlags(pflag.CommandLine)
+	pflag.Parse()
+
+	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
+
+	setupLog.Info("current config", "config", &cfg)
+
+	if err := run(&cfg); err != nil {
+		setupLog.Error(err, "unable to run resource syncer")
+		os.Exit(1)
+	}
+}
+
+func run(cfg *Config) error {
+	kubeconfig := ctrl.GetConfigOrDie()
+	cacheOpt := cache.Options{
+		DefaultNamespaces: map[string]cache.Config{
+			cfg.Namespace: {
+				LabelSelector: labels.SelectorFromSet(labels.Set(cfg.Labels)),
+			},
+		},
+	}
+	mgr, err := ctrl.NewManager(kubeconfig, ctrl.Options{
+		HealthProbeBindAddress: cfg.ProbeAddr,
+		Cache:                  cacheOpt,
+	})
+	if err != nil {
+		return fmt.Errorf("unable to new manager: %w", err)
+	}
+
+	if err := secret.EnsureDirExists(afero.NewBasePathFs(afero.NewOsFs(), cfg.BaseDir), cfg.SecretDirName); err != nil {
+		return fmt.Errorf("unable to ensure secret dir exists: %w", err)
+	}
+
+	if err := secret.Setup(mgr, filepath.Join(cfg.BaseDir, cfg.SecretDirName), cfg.Namespace, cfg.Labels); err != nil {
+		return fmt.Errorf("unable to setup secret controller: %w", err)
+	}
+
+	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
+		return fmt.Errorf("unable to set up health check: %w", err)
+	}
+	if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
+		return fmt.Errorf("unable to set up ready check: %w", err)
+	}
+	ctx := ctrl.SetupSignalHandler()
+
+	setupLog.Info("starting manager")
+	if err := mgr.Start(ctx); err != nil {
+		return fmt.Errorf("start manager failed: %w", err)
+	}
+
+	return nil
+}

go.mod

@@ -60,6 +60,7 @@ require (
 	github.com/prometheus/client_model v0.6.1
 	github.com/prometheus/common v0.62.0
 	github.com/prometheus/prom2json v1.3.3
+	github.com/spf13/afero v1.15.0
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.10
 	github.com/stretchr/testify v1.11.1

go.sum

@@ -464,6 +464,8 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
+github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
 github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
 github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=

hack/lib/build.sh

@@ -47,7 +47,13 @@ function build::all() {
         shift
     done
     if [[ ${#targets[@]} -eq 0 ]]; then
-        targets=("tidb-operator" "prestop-checker" "testing-workload" "tidb-backup-manager")
+        targets=(
+            "tidb-operator"
+            "prestop-checker"
+            "testing-workload"
+            "tidb-backup-manager"
+            "resource-syncer"
+        )
     fi
 
     local platforms

hack/lib/image.sh

@@ -28,6 +28,7 @@ CACHE_DIR=$OUTPUT_DIR/cache
 
 declare -A NEED_PREFIX
 NEED_PREFIX["prestop-checker"]=1
+NEED_PREFIX["resource-syncer"]=1
 
 function image::build() {
     local targets=()

image/Dockerfile

@@ -80,3 +80,16 @@ WORKDIR /
 COPY --chown=pingcap:pingcap --from=builder /data/_output/$TARGETPLATFORM/bin/tidb-backup-manager tidb-backup-manager
 
 ENTRYPOINT ["/tidb-backup-manager"]
+
+
+FROM --platform=$TARGETPLATFORM ghcr.io/pingcap-qe/bases/pingcap-base:v1.10.0@sha256:af691c27330cb8e018add3dd16e5403dcd881b23eae815920ddb2c6ae87cbd9b AS resource-syncer
+
+ARG TARGETPLATFORM
+
+USER 1000:2000
+
+WORKDIR /
+
+COPY --chown=pingcap:pingcap --from=builder /data/_output/$TARGETPLATFORM/bin/resource-syncer resource-syncer
+
+ENTRYPOINT ["/resource-syncer"]