From 8584400d7109b09c8db832cfe8e34da37c321777 Mon Sep 17 00:00:00 2001
From: kaiyou <dev@kaiyou.fr>
Date: Sat, 21 Oct 2023 13:35:40 +0200
Subject: [PATCH] Simplify inter-unit dependencies

---
 services/apiserver.go |  2 +-
 services/certs.go     | 17 +++++++++++------
 services/cm.go        |  2 +-
 services/discovery.go | 34 ++++++++++++----------------------
 services/kubelet.go   |  2 +-
 services/meta.go      |  2 +-
 services/scheduler.go |  2 +-
 services/vpn.go       |  3 +++
 8 files changed, 31 insertions(+), 33 deletions(-)

diff --git a/services/apiserver.go b/services/apiserver.go
index 64efb14..3f614b7 100644
--- a/services/apiserver.go
+++ b/services/apiserver.go
@@ -64,7 +64,7 @@ const apiserverPort = 6443
 
 var kubeApiserver = &Unit{
 	Name:         "kube-apiserver",
-	Dependencies: []*Unit{etcd, pkiCA, pkiMaster, vpn, kubeLogger},
+	Dependencies: []*Unit{etcd, pkiMaster, vpn, kubeLogger},
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		config, clients, err := buildConfig(c)
 		if err != nil {
diff --git a/services/certs.go b/services/certs.go
index 150a548..0f189f1 100644
--- a/services/certs.go
+++ b/services/certs.go
@@ -40,9 +40,9 @@ type NodeCerts struct {
 	API *pekahi.Certificate `json:"api"`
 }
 
-// PKI Client on non-master nodes
-var pkiCA = &Unit{
-	Name: "pki-ca",
+// Initialize the CA
+var pkiInit = &Unit{
+	Name: "pki-init",
 	Start: func(u *Unit, c *Cluster, ctx context.Context) error {
 		bundle, err := pekahi.NewFileBundle(path.Join(c.settings.DataDir, "pki/ca"))
 		if err != nil {
@@ -56,6 +56,11 @@ var pkiCA = &Unit{
 		c.state.PKI = c.pki
 		return nil
 	},
+}
+
+// Wait for the CA on nodes
+var pkiCA = &Unit{
+	Name: "pki-ca",
 	Ready: func(u *Unit, c *Cluster) bool {
 		return (c.pki != nil &&
 			c.pki.TLS.Cert != nil &&
@@ -66,8 +71,7 @@ var pkiCA = &Unit{
 
 // PKI manager on the master node
 var pkiManager = &Unit{
-	Name:         "pki-manager",
-	Dependencies: []*Unit{pkiCA},
+	Name: "pki-manager",
 	Start: func(u *Unit, c *Cluster, ctx context.Context) error {
 		bundle, err := pekahi.NewFileBundle(path.Join(c.settings.DataDir, "pki/ca"))
 		if err != nil {
@@ -166,7 +170,8 @@ var pkiMaster = &Unit{
 
 // Unit for requesting and getting node certs
 var pkiNode = &Unit{
-	Name: "pki-node",
+	Name:         "pki-node",
+	Dependencies: []*Unit{pkiInit},
 	Start: func(u *Unit, c *Cluster, ctx context.Context) error {
 		// See: https://kubernetes.io/docs/setup/best-practices/certificates/
 		bundle, err := pekahi.NewFileBundle(path.Join(c.settings.DataDir, "pki/node"))
diff --git a/services/cm.go b/services/cm.go
index 96196da..ddc765c 100644
--- a/services/cm.go
+++ b/services/cm.go
@@ -37,7 +37,7 @@ import (
 
 var kubeControllerManager = &Unit{
 	Name:         "kube-controller-manager",
-	Dependencies: []*Unit{kubeApiserver, pkiCA, pkiMaster, kubeLogger},
+	Dependencies: []*Unit{kubeApiserver, pkiMaster, kubeLogger},
 	Start: func(u *Unit, c *Cluster, ctx context.Context) error {
 		// Used as a replacement for InformersStarted in vanilla code
 		allReady := make(chan struct{})
diff --git a/services/discovery.go b/services/discovery.go
index 2333719..4e9b3c3 100644
--- a/services/discovery.go
+++ b/services/discovery.go
@@ -10,7 +10,7 @@ import (
 var memberlist = &Unit{
 	Name: "memberlist",
 	// Depend on the vpn so the vpn key is properly populated before we start broadcasting any node metadata
-	Dependencies: []*Unit{vpn, pkiCA},
+	Dependencies: []*Unit{},
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		ml := sml.New[HeptoMeta, HeptoState](
 			c.thisNode.Name, c.thisNode.PublicIP,
@@ -29,29 +29,19 @@ var memberlist = &Unit{
 			<-events
 			c.nodes = ml.Nodes()
 			u.Manager.Logger.Info("memberlist metadata received", "nodes", c.nodes)
-			u.Manager.Trigger()
-		}
-	},
-	Wake: func(u *Unit, c *Cluster) error {
-		// Try and find master node if required
-		if c.masterNode == nil {
-			for _, node := range c.nodes {
-				if node.Role == "master" || node.Role == "full" {
-					u.Manager.Logger.Info("found remote master", "name", node.Name)
-					c.masterNode = node
-					c.masterUrl = fmt.Sprintf("https://[%s]:%d", node.VpnIP.String(), apiserverPort)
-					u.Manager.Trigger()
+
+			// Try and find master node if required
+			if c.masterNode == nil {
+				for _, node := range c.nodes {
+					if node.Role == "master" || node.Role == "full" {
+						u.Manager.Logger.Info("found remote master", "name", node.Name)
+						c.masterNode = node
+						c.masterUrl = fmt.Sprintf("https://[%s]:%d", node.VpnIP.String(), apiserverPort)
+						u.Markready()
+					}
 				}
 			}
+			u.Manager.Trigger()
 		}
-		return nil
-	},
-}
-
-// Simple depencency unit waiting for the master node to be ready
-var masterDiscovery = &Unit{
-	Name: "master-discovery",
-	Ready: func(u *Unit, c *Cluster) bool {
-		return c.masterNode != nil
 	},
 }
diff --git a/services/kubelet.go b/services/kubelet.go
index cf00b4f..c8e8c83 100644
--- a/services/kubelet.go
+++ b/services/kubelet.go
@@ -38,7 +38,7 @@ import (
 
 var kubeKubelet = &Unit{
 	Name:         "kubelet",
-	Dependencies: []*Unit{masterDiscovery, containerdGRPC, containerdTTRPC, pkiCA, pkiNode, kubeLogger, reaper},
+	Dependencies: []*Unit{memberlist, containerdGRPC, containerdTTRPC, pkiCA, pkiNode, kubeLogger, reaper},
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		// Sleep before starting, to make sure that containerd is actually ready
 		// (very difficult to check otherwise)
diff --git a/services/meta.go b/services/meta.go
index ef3ae99..104425e 100644
--- a/services/meta.go
+++ b/services/meta.go
@@ -81,7 +81,7 @@ func (s *HeptoState) Merge(b []byte) (bool, error) {
 	if err != nil {
 		return false, err
 	}
-	if remote.PKI == nil {
+	if s.PKI == nil || remote.PKI == nil {
 		return false, nil
 	}
 	change := false
diff --git a/services/scheduler.go b/services/scheduler.go
index 1c4ff84..5542571 100644
--- a/services/scheduler.go
+++ b/services/scheduler.go
@@ -9,7 +9,7 @@ import (
 
 var kubeScheduler = &Unit{
 	Name:         "kube-scheduler",
-	Dependencies: []*Unit{kubeApiserver, pkiCA, pkiMaster, kubeLogger},
+	Dependencies: []*Unit{kubeApiserver, pkiMaster, kubeLogger},
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		clients, err := k8s.NewTokenClients(c.masterUrl, c.pki.TLS, c.loopbackToken)
 		if err != nil {
diff --git a/services/vpn.go b/services/vpn.go
index c911b12..7410493 100644
--- a/services/vpn.go
+++ b/services/vpn.go
@@ -14,6 +14,9 @@ var vpn = &Unit{
 		}
 		peers := []wg.Peer{}
 		for _, node := range c.nodes {
+			if node.VpnKey == "" {
+				continue
+			}
 			peers = append(peers, node)
 		}
 		c.vpn.Update(peers, c.networking.MTU)
-- 
GitLab