add kube event logging

devops/k8s/role.yaml

@@ -7,6 +7,9 @@ rules:
 - apiGroups: [""]
   resources: ["secrets"]
   verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["create", "update", "patch"]
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1

pkg/certmanagersync/certmanagersync.go

@@ -304,14 +304,17 @@ func SyncSecretToStore(secret *corev1.Secret, store StoreType) error {
 	if err != nil {
 		l.WithError(err).Error("NewStore error")
 		metrics.SetFailure(secret.Namespace, secret.Name, string(store))
+		state.EventRecorder.Event(secret, corev1.EventTypeWarning, "SyncFailed", fmt.Sprintf("Secret sync failed to store %s", store))
 		return fmt.Errorf("error creating store %s: %v", store, err)
 	}
 	if err := rs.Update(secret); err != nil {
 		l.WithError(err).Error("sync error")
 		metrics.SetFailure(secret.Namespace, secret.Name, string(store))
+		state.EventRecorder.Event(secret, corev1.EventTypeWarning, "SyncFailed", fmt.Sprintf("Secret sync failed to store %s", store))
 		return fmt.Errorf("error syncing secret %s/%s to store %s: %v", secret.Namespace, secret.Name, store, err)
 	}
 	metrics.SetSuccess(secret.Namespace, secret.Name, string(store))
+	state.EventRecorder.Event(secret, corev1.EventTypeNormal, "Synced", fmt.Sprintf("Secret synced to %s", store))
 	return nil
 }
 
@@ -361,6 +364,7 @@ func HandleSecret(s *corev1.Secret) error {
 		if err := incrementRetries(s.Namespace, s.Name); err != nil {
 			l.WithError(err).Errorf("incrementRetries error")
 		}
+		state.EventRecorder.Event(s, corev1.EventTypeWarning, "SyncFailed", "Secret sync failed")
 		return fmt.Errorf("errors syncing secret %s/%s: %v", s.Namespace, s.Name, errs)
 	} else {
 		// reset the failed-sync-attempts annotation
@@ -370,5 +374,12 @@ func HandleSecret(s *corev1.Secret) error {
 	}
 	// if the sync was a success, add the secret to the cache
 	state.Cache(s)
+	eventMsg := fmt.Sprintf("Secret synced to %d store%s", len(stores), func() string {
+		if len(stores) == 1 {
+			return ""
+		}
+		return "s"
+	}())
+	state.EventRecorder.Event(s, corev1.EventTypeNormal, "Synced", eventMsg)
 	return nil
 }

pkg/state/certmanagersync.go

@@ -15,14 +15,18 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/kubernetes/scheme"
+	typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/record"
 	"k8s.io/client-go/util/homedir"
 )
 
 var (
-	OperatorName = "cert-manager-sync.lestak.sh"
-	KubeClient   *kubernetes.Clientset
+	OperatorName  = "cert-manager-sync.lestak.sh"
+	KubeClient    *kubernetes.Clientset
+	EventRecorder record.EventRecorder
 )
 
 func addHashAnnotation(secretNamespace, secretName, hash string) error {
@@ -41,6 +45,7 @@ func addHashAnnotation(secretNamespace, secretName, hash string) error {
 	secret, err := KubeClient.CoreV1().Secrets(secretNamespace).Get(context.Background(), secretName, gopt)
 	if err != nil {
 		l.WithError(err).Errorf("Get error")
+		EventRecorder.Eventf(secret, corev1.EventTypeWarning, "GetError", "Error getting secret: %v", err)
 		return err
 	}
 	if secret.Annotations == nil {
@@ -53,6 +58,7 @@ func addHashAnnotation(secretNamespace, secretName, hash string) error {
 	_, err = KubeClient.CoreV1().Secrets(secretNamespace).Update(context.Background(), secret, uo)
 	if err != nil {
 		l.WithError(err).Errorf("Update secret error")
+		EventRecorder.Eventf(secret, corev1.EventTypeWarning, "UpdateError", "Error updating secret: %v", err)
 		return err
 	}
 	l.Debugf("incremented retries")
@@ -245,6 +251,12 @@ func CreateKubeClient() error {
 		l.Debugf("kubernetes.NewForConfig error=%v", err)
 		return err
 	}
+	// Create broadcaster
+	broadcaster := record.NewBroadcaster()
+	broadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface: KubeClient.CoreV1().Events("")})
+
+	// Create event recorder
+	EventRecorder = broadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: OperatorName})
 	return nil
 }