split config-server in apiserver and controller

.github/workflows/test.yml

@@ -78,7 +78,7 @@ jobs:
       - name: Extract docker image build version from GoReleaser
         id: image
         run: |
-          echo "version=$( echo '${{ steps.goreleaser.outputs.artifacts }}' | jq '.[] | select(.type == "Published Docker Image" and (.name | contains("ghcr.io")) and (.name | contains("latest") | not)) | .name | split(":") | .[1]' )" >> $GITHUB_OUTPUT
+          echo "version=$( echo '${{ steps.goreleaser.outputs.artifacts }}' | jq -r 'limit(1; .[] | select(.type == "Published Docker Image" and (.name | contains("ghcr.io")) and (.name | contains("latest") | not))) | .name | split(":") | .[1]' )" >> $GITHUB_OUTPUT
 
   latest-versions:
     name: Fetch latest versions from GH API

.goreleaser.nightlies.yml

@@ -1,29 +1,57 @@
 version: 2
 project_name: config-server
 builds:
-  - id: config-server
-    binary: config-server
-    main: ./main.go
+  - id: api-server
+    binary:  api-server
+    main: ./cmd/api-server/main.go
     env:
       - CGO_ENABLED=0
     goos:
       - linux
     goarch:
       - amd64
+      - arm64
+  - id: controller
+    binary: controller
+    main: ./cmd/controller/main.go
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
 dockers:
-  - goos: linux
+  - id: api-server-docker
+    goos: linux
+    goarch: amd64
+    ids:
+      - api-server
+    image_templates:
+      - "ghcr.io/sdcio/{{ .ProjectName }}-api-server:v0.0.0-{{ if index .Env \"PR\"  }}PR{{ .Env.PR }}-{{ .ShortCommit }}{{ else }}{{ .ShortCommit }}{{ end }}"
+    dockerfile: goreleaser.api-server.dockerfile
+    skip_push: false
+    build_flag_templates:
+      - "--pull"
+      - "--build-arg=USERID=10000"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}-api-server"
+      - "--label=org.opencontainers.image.source=https://github.com/sdcio/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.version=v{{.Version}}"
+  - id: controller-docker
+    goos: linux
     goarch: amd64
     ids:
-      - config-server
+      - controller
     image_templates:
-      - "ghcr.io/sdcio/config-server:v0.0.0-{{ if index .Env \"PR\"  }}PR{{ .Env.PR }}-{{ .ShortCommit }}{{ else }}{{ .ShortCommit }}{{ end }}"
-    dockerfile: goreleaser.dockerfile
+      - "ghcr.io/sdcio/{{ .ProjectName }}-controller:v0.0.0-{{ if index .Env \"PR\"  }}PR{{ .Env.PR }}-{{ .ShortCommit }}{{ else }}{{ .ShortCommit }}{{ end }}"
+    dockerfile: goreleaser.controller.dockerfile
     skip_push: false
     build_flag_templates:
       - "--pull"
       - "--build-arg=USERID=10000"
       - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}-controller"
       - "--label=org.opencontainers.image.source=https://github.com/sdcio/{{.ProjectName}}"
       - "--label=org.opencontainers.image.version=v{{.Version}}"
 release:

.goreleaser.yml

@@ -1,30 +1,59 @@
 version: 2
 project_name: config-server
 builds:
-  - id: config-server
-    binary: config-server
-    main: ./main.go
+  - id: api-server
+    binary:  api-server
+    main: ./cmd/api-server/main.go
     env:
       - CGO_ENABLED=0
     goos:
       - linux
     goarch:
       - amd64
+      - arm64
+  - id: controller
+    binary: controller
+    main: ./cmd/controller/main.go
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
 dockers:
-  - goos: linux
+  - id: api-server-docker
+    goos: linux
+    goarch: amd64
+    ids:
+      - api-server
+    image_templates:
+      - "ghcr.io/sdcio/{{ .ProjectName }}-api-server:v{{ .Version }}"
+      - "ghcr.io/sdcio/{{ .ProjectName }}-api-server:latest"
+    dockerfile: goreleaser.api-server.dockerfile
+    skip_push: false
+    build_flag_templates:
+      - "--pull"
+      - "--build-arg=USERID=10000"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}-api-server"
+      - "--label=org.opencontainers.image.source=https://github.com/sdcio/{{.ProjectName}}"
+      - "--label=org.opencontainers.image.version=v{{.Version}}"
+  - id: controller-docker
+    goos: linux
     goarch: amd64
     ids:
-      - config-server
+      - controller
     image_templates:
-      - "ghcr.io/sdcio/{{ .ProjectName }}:v{{ .Version }}"
-      - "ghcr.io/sdcio/{{ .ProjectName }}:latest"
-    dockerfile: goreleaser.dockerfile
+      - "ghcr.io/sdcio/{{ .ProjectName }}-controller:v{{ .Version }}"
+      - "ghcr.io/sdcio/{{ .ProjectName }}-controller:latest"
+    dockerfile: goreleaser.controller.dockerfile
     skip_push: false
     build_flag_templates:
       - "--pull"
       - "--build-arg=USERID=10000"
       - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}-controller"
       - "--label=org.opencontainers.image.source=https://github.com/sdcio/{{.ProjectName}}"
       - "--label=org.opencontainers.image.version=v{{.Version}}"
 archives:

DockerfileAPIServer

@@ -0,0 +1,35 @@
+# Copyright 2024 Nokia
+# Licensed under the Apache License 2.0
+# SPDX-License-Identifier: Apache-2.0
+#
+FROM golang:1.24 AS builder
+ARG USERID=10000
+# no need to include cgo bindings
+ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
+
+# add ca certificates and timezone data files
+RUN apt-get install --yes --no-install-recommends ca-certificates tzdata
+
+# add unprivileged user
+RUN adduser --shell /bin/false --uid $USERID --disabled-login --home /app/ --no-create-home --gecos '' app \
+    && sed -i -r "/^(app|root)/!d" /etc/group /etc/passwd \
+    && sed -i -r 's#^(.*):[^:]*$#\1:/bin/false#' /etc/passwd
+
+#
+#FROM scratch
+FROM alpine:latest
+ARG USERID=10000
+# add-in our timezone data file
+COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
+# add-in our unprivileged user
+COPY --from=builder /etc/passwd /etc/group /etc/shadow /etc/
+# add-in our ca certificates
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+COPY --chown=$USERID:$USERID api-server /app/
+WORKDIR /app
+
+# from now on, run as the unprivileged user
+USER $USERID
+
+ENTRYPOINT [ "/app/api-server" ]

Dockerfile → DockerfileController

@@ -28,7 +28,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     go mod download
 
 # Copy the go source
-COPY main.go main.go
+COPY cmd/ cmd/
 COPY apis/ apis/
 COPY pkg/ pkg/
 
@@ -39,7 +39,7 @@ COPY pkg/ pkg/
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=ssh \
-    CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o config-server main.go
+    CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o controller cmd/controller/main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
@@ -56,8 +56,8 @@ COPY --from=builder /etc/passwd /etc/group /etc/shadow /etc/
 # add-in our ca certificates
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 #
-COPY --from=builder --chown=$USERID:$USERID /workspace/config-server /app/
+COPY --from=builder --chown=$USERID:$USERID /workspace/controller /app/
 WORKDIR /app
 # from now on, run as the unprivileged user
 USER $USERID
-ENTRYPOINT ["/app/config-server"]
+ENTRYPOINT ["/app/controller"]

Makefile

@@ -4,8 +4,8 @@
 
 VERSION ?= latest
 REGISTRY ?= europe-docker.pkg.dev/srlinux/eu.gcr.io
-PROJECT ?= config-server
-IMG ?= $(REGISTRY)/${PROJECT}:$(VERSION)
+IMG_SERVER ?= $(REGISTRY)/sdc-apiserver:$(VERSION)
+IMG_CONTROLLER ?= $(REGISTRY)/sdc-controller:$(VERSION)
 
 REPO = github.com/sdcio/config-server
 USERID := 10000
@@ -31,24 +31,23 @@ docker:
 .PHONY: docker-build
 docker-build: ## Build docker image with the manager.
 	ssh-add ./keys/id_rsa 2>/dev/null; true
-	docker build --build-arg USERID="$(USERID)" . -t ${IMG} --ssh default="$(SSH_AUTH_SOCK)"
+	docker build --ssh default="$(SSH_AUTH_SOCK)" --build-arg USERID="$(USERID)" \
+		-f DockerfileAPIServer -t ${IMG_SERVER} .
+	docker build --ssh default="$(SSH_AUTH_SOCK)" --build-arg USERID="$(USERID)" \
+		-f DockerfileController -t ${IMG_CONTROLLER} .
 
 .PHONY: docker-push
 docker-push:  docker-build ## Push docker image with the manager.
-	docker push ${IMG}
+	docker push ${IMG_SERVER}
+	docker push ${IMG_CONTROLLER}
 
 .PHONY: install
-install: docker
-	kustomize build install | kubectl apply -f -
+install: artifacts
+	kubectl apply -f artifacts/out
 
 .PHONY: reinstall
-reinstall: docker
-	kustomize build install | kubectl apply -f -
-	kubectl delete pods -n config-system --all
-
-.PHONY: apiserver-logs
-apiserver-logs:
-	kubectl logs -l apiserver=true --container apiserver -n config-system -f --tail 1000
+reinstall: docker-push artifacts
+	kubectl apply -f artifacts/out
 
 .PHONY: codegen
 codegen:

apis/config/config_helpers.go

@@ -59,14 +59,18 @@ func (r *Config) IsRevertive() bool {
 	return true
 }
 
-func (r *Config) IsRecoverable() bool {
+func (r *Config) IsRecoverable(ctx context.Context) bool {
+	logger := log.FromContext(ctx)
 	c := r.GetCondition(condition.ConditionTypeReady)
 	if c.Reason == string(condition.ConditionReasonUnrecoverable) {
 		unrecoverableMessage := &condition.UnrecoverableMessage{}
 		if err := json.Unmarshal([]byte(c.Message), unrecoverableMessage); err != nil {
+			logger.Error("is recoverable json unmarchal failed", "error", err)
 			return true
 		}
 		if unrecoverableMessage.ResourceVersion != r.GetResourceVersion() {
+			logger.Info("is recoverable resource version changed", "old/new", 
+				fmt.Sprintf("%s/%s", unrecoverableMessage.ResourceVersion, r.GetResourceVersion()))
 			return true
 		}
 		return false