Re-watch services/TLS when closed (#52)

Also
- upgraded to Spring Boot 3.0.2

Author: itzg

build.gradle

@@ -1,10 +1,11 @@
 plugins {
-    id 'org.springframework.boot' version '2.7.5'
+    id 'org.springframework.boot' version '3.0.2'
     id 'io.spring.dependency-management' version '1.1.0'
+    id 'io.freefair.lombok' version '6.6.2'
     id 'java'
-    id 'io.github.itzg.simple-boot-image' version '0.5.2'
+    id 'io.github.itzg.simple-boot-image' version '3.0.0'
     // https://github.com/qoomon/gradle-git-versioning-plugin
-    id 'me.qoomon.git-versioning' version '6.4.0'
+    id 'me.qoomon.git-versioning' version '6.4.2'
 }
 
 group = 'io.github.itzg'
@@ -45,10 +46,8 @@ dependencies {
     implementation 'com.nimbusds:nimbus-jose-jwt:9.30.1'
     implementation 'org.bouncycastle:bcpkix-jdk18on:1.72'
 
-    compileOnly 'org.projectlombok:lombok'
     developmentOnly 'org.springframework.boot:spring-boot-devtools'
     annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor'
-    annotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'io.projectreactor:reactor-test'
 }

gradle/wrapper/gradle-wrapper.jar

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradle/wrapper/gradle-wrapper.properties

@@ -205,6 +205,12 @@ set -- \
         org.gradle.wrapper.GradleWrapperMain \
         "$@"
 
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
 # Use "xargs" to parse quoted args.
 #
 # With -n1 it outputs one arg per line, with the quotes and backslashes removed.

gradlew

@@ -14,7 +14,7 @@
 @rem limitations under the License.
 @rem
 
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
 @rem
 @rem  Gradle startup script for Windows
@@ -25,7 +25,7 @@
 if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
@@ -40,7 +40,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
+if %ERRORLEVEL% equ 0 goto execute
 
 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -75,13 +75,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 :end
 @rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
 
 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
 
 :mainEnd
 if "%OS%"=="Windows_NT" endlocal

gradlew.bat

@@ -1,12 +1,12 @@
 package app.config;
 
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
 import java.time.Duration;
 import java.util.Map;
-import javax.validation.Valid;
-import javax.validation.constraints.Min;
-import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.bind.DefaultValue;
 import org.springframework.validation.annotation.Validated;

src/main/java/app/config/AppProperties.java

@@ -1,11 +1,11 @@
 package app.config;
 
+import jakarta.validation.constraints.AssertTrue;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
 import java.net.URI;
 import java.util.List;
-import javax.validation.constraints.AssertTrue;
-import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
 
 public record Issuer(
     @NotNull

src/main/java/app/config/Issuer.java

@@ -1,7 +1,7 @@
 package app.config;
 
-import io.fabric8.kubernetes.client.DefaultKubernetesClient;
 import io.fabric8.kubernetes.client.KubernetesClient;
+import io.fabric8.kubernetes.client.KubernetesClientBuilder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
@@ -10,6 +10,6 @@ public class KubeConfig {
 
     @Bean
     public KubernetesClient kubernetesClient() {
-        return new DefaultKubernetesClient();
+        return new KubernetesClientBuilder().build();
     }
 }

src/main/java/app/config/KubeConfig.java

@@ -5,7 +5,7 @@
 import com.nimbusds.jose.jwk.RSAKey;
 import java.net.URI;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
 import org.springframework.http.ResponseEntity;
 import org.springframework.lang.NonNull;
 import org.springframework.lang.Nullable;
@@ -61,7 +61,7 @@ private ResponseSpec preEntityRequest(String issuerId, RSAKey jwk, String kid, U
                     ), SignableValue.class
             )
             .retrieve()
-            .onStatus(HttpStatus::isError, clientResponse ->
+            .onStatus(HttpStatusCode::isError, clientResponse ->
                 clientResponse.bodyToMono(Problem.class)
                     .flatMap(problem -> clientResponse.createException()
                         .map(e -> new AcmeProblemException(problem, e))

src/main/java/app/services/AcmeBaseRequestService.java

@@ -45,10 +45,10 @@ public class ApplicationIngressesService implements Closeable {
     private final TaskScheduler taskScheduler;
     private final CertificateProcessingService certificateProcessingService;
     private final AppProperties appProperties;
-    private final Watch ingressWatches;
-    private final Watch tlsSecretWatches;
     private final Set<String/*ingress name*/> activeIngressReconciles = Collections.synchronizedSet(new HashSet<>());
     private final Map<String/*secretName*/, ScheduledFuture<?>> scheduledRenewals = new ConcurrentHashMap<>();
+    private Watch ingressWatches;
+    private Watch tlsSecretWatches;
 
     public ApplicationIngressesService(KubernetesClient k8s,
         TaskScheduler taskScheduler,
@@ -65,6 +65,7 @@ public ApplicationIngressesService(KubernetesClient k8s,
     }
 
     private Watch setupIngressWatch() {
+        log.debug("Setting up ingress watch");
         return k8s.network().v1().ingresses()
             .withLabel(Metadata.ISSUER_LABEL)
             // ...but not solver ingress that we created temporarily
@@ -87,12 +88,14 @@ public void eventReceived(Action action, Ingress ingress) {
 
                 @Override
                 public void onClose(WatcherException cause) {
-                    log.warn("Ingress watch has closed", cause);
+                    log.debug("Ingress watch has closed", cause);
+                    ingressWatches = setupIngressWatch();
                 }
             });
     }
 
     private Watch setupTlsSecretWatch() {
+        log.debug("Setting up TLS secret watch");
         return k8s.secrets()
             .withLabel(Metadata.ISSUER_LABEL)
             .watch(new Watcher<>() {
@@ -123,7 +126,8 @@ public void eventReceived(Action action, Secret resource) {
 
                 @Override
                 public void onClose(WatcherException cause) {
-                    log.warn("TLS secrets watch closed", cause);
+                    log.debug("TLS secrets watch closed", cause);
+                    tlsSecretWatches = setupTlsSecretWatch();
                 }
             });
     }