Skip to content

Commit

Permalink
Centralize resource names in settings package
Browse files Browse the repository at this point in the history
ref: pulp#1025
[noissue]
  • Loading branch information
git-hyagi committed Sep 18, 2023
1 parent 2ef866e commit 5de5651
Show file tree
Hide file tree
Showing 35 changed files with 566 additions and 369 deletions.
4 changes: 3 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -689,7 +689,9 @@ jobs:
deploy:
runs-on: ubuntu-latest
needs: [containerized, components, galaxy]
if: github.event_name != 'pull_request'
if: |
github.event_name != 'pull_request' &&
github.repository_owner == 'pulp'
steps:
- uses: actions/checkout@v3
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/scripts/show_logs.sh
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,11 @@ kubectl logs --timestamps -l app.kubernetes.io/component=worker --tail=10000
echo ::endgroup::

echo ::group::PULP_WEB_PODS
kubectl describe pods -l app.kubernetes.io/component=webserver
kubectl describe pods -l app.kubernetes.io/component=web
echo ::endgroup::

echo ::group::PULP_WEB_LOGS
kubectl logs -l app.kubernetes.io/component=webserver --tail=10000
kubectl logs -l app.kubernetes.io/component=web --tail=10000
echo ::endgroup::

echo ::group::POSTGRES
Expand Down
1 change: 1 addition & 0 deletions .gitleaks.toml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@
".ci/scripts/prepare-object-storage.sh",
"containers/compose/certs/database_fields.symmetric.key",
".github/workflows/ci.yml",
"controllers/settings/secrets.go",
]
151 changes: 67 additions & 84 deletions controllers/deployment.go

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion controllers/ingress.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package controllers

import (
"github.com/pulp/pulp-operator/controllers/settings"
netv1 "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
ctrl "sigs.k8s.io/controller-runtime"
Expand Down Expand Up @@ -46,7 +47,7 @@ func IngressDefaults(resources any, plugins []IngressPlugin) (*netv1.Ingress, er
PathType: &pathType,
Backend: netv1.IngressBackend{
Service: &netv1.IngressServiceBackend{
Name: pulp.Name + "-web-svc",
Name: settings.PulpWebService(pulp.Name),
Port: netv1.ServiceBackendPort{
Number: 24880,
},
Expand Down
9 changes: 5 additions & 4 deletions controllers/ocp/route.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"github.com/go-logr/logr"
routev1 "github.com/openshift/api/route/v1"
"github.com/pulp/pulp-operator/controllers"
"github.com/pulp/pulp-operator/controllers/settings"
"golang.org/x/text/cases"
"golang.org/x/text/language"
corev1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -119,25 +120,25 @@ func PulpRouteController(resources controllers.FunctionResources, restClient res
Name: pulp.Name + "-content",
Path: controllers.GetPulpSetting(pulp, "content_path_prefix"),
TargetPort: "content-24816",
ServiceName: pulp.Name + "-content-svc",
ServiceName: settings.ContentService(pulp.Name),
},
{
Name: pulp.Name + "-api-v3",
Path: controllers.GetPulpSetting(pulp, "api_root") + "api/v3/",
TargetPort: "api-24817",
ServiceName: pulp.Name + "-api-svc",
ServiceName: settings.ApiService(pulp.Name),
},
{
Name: pulp.Name + "-auth",
Path: "/auth/login/",
TargetPort: "api-24817",
ServiceName: pulp.Name + "-api-svc",
ServiceName: settings.ApiService(pulp.Name),
},
{
Name: pulp.Name,
Path: "/",
TargetPort: "api-24817",
ServiceName: pulp.Name + "-api-svc",
ServiceName: settings.ApiService(pulp.Name),
},
}
routeHost := GetRouteHost(pulp)
Expand Down
22 changes: 10 additions & 12 deletions controllers/ocp/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"github.com/go-logr/logr"
repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2"
"github.com/pulp/pulp-operator/controllers"
"github.com/pulp/pulp-operator/controllers/settings"
corev1 "k8s.io/api/core/v1"
k8s_errors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand All @@ -31,24 +32,20 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
)

const (
rhOperatorPullSecretName = "redhat-operators-pull-secret"
caConfigMapName = "user-ca-bundle"
)

// CreateRHOperatorPullSecret creates a default secret called redhat-operators-pull-secret
func CreateRHOperatorPullSecret(r client.Client, ctx context.Context, namespace string) error {
func CreateRHOperatorPullSecret(r client.Client, ctx context.Context, namespace, pulpName string) error {
log := logr.Logger{}

secretName := settings.RedHatOperatorPullSecret(pulpName)
// Get redhat-operators-pull-secret
defaultSecret := &corev1.Secret{}
err := r.Get(ctx, types.NamespacedName{Name: rhOperatorPullSecretName, Namespace: namespace}, defaultSecret)
err := r.Get(ctx, types.NamespacedName{Name: secretName, Namespace: namespace}, defaultSecret)

// Create the secret in case it is not found
if err != nil && k8s_errors.IsNotFound(err) {
defaultSecret = &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: rhOperatorPullSecretName,
Name: secretName,
Namespace: namespace,
},
StringData: map[string]string{
Expand All @@ -57,7 +54,7 @@ func CreateRHOperatorPullSecret(r client.Client, ctx context.Context, namespace
}
r.Create(ctx, defaultSecret)
} else if err != nil {
log.Error(err, "Failed to get "+rhOperatorPullSecretName)
log.Error(err, "Failed to get "+secretName)
return err
}
return nil
Expand All @@ -67,12 +64,13 @@ func CreateRHOperatorPullSecret(r client.Client, ctx context.Context, namespace
// inject custom CA into containers
func CreateEmptyConfigMap(r client.Client, scheme *runtime.Scheme, ctx context.Context, pulp *repomanagerpulpprojectorgv1beta2.Pulp, log logr.Logger) (ctrl.Result, error) {

configMapName := settings.EmptyCAConfigMapName(pulp.Name)
configMap := &corev1.ConfigMap{}
err := r.Get(ctx, types.NamespacedName{Name: caConfigMapName, Namespace: pulp.Namespace}, configMap)
err := r.Get(ctx, types.NamespacedName{Name: configMapName, Namespace: pulp.Namespace}, configMap)

expected_cm := &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Name: caConfigMapName,
Name: configMapName,
Namespace: pulp.Namespace,
Labels: map[string]string{
"config.openshift.io/inject-trusted-cabundle": "true",
Expand Down Expand Up @@ -110,7 +108,7 @@ func mountCASpec(pulp *repomanagerpulpprojectorgv1beta2.Pulp, volumes []corev1.V
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: caConfigMapName,
Name: settings.EmptyCAConfigMapName(pulp.Name),
},
Items: []corev1.KeyToPath{
{Key: "ca-bundle.crt", Path: "tls-ca-bundle.pem"},
Expand Down
74 changes: 41 additions & 33 deletions controllers/repo_manager/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"github.com/go-logr/logr"
repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2"
"github.com/pulp/pulp-operator/controllers"
"github.com/pulp/pulp-operator/controllers/settings"
"golang.org/x/text/cases"
"golang.org/x/text/language"
appsv1 "k8s.io/api/apps/v1"
Expand Down Expand Up @@ -52,7 +53,8 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep
// pulp-file-storage
// the PVC will be created only if a StorageClassName is provided
if storageClassProvided(pulp) {
requeue, err := r.createPulpResource(ResourceDefinition{ctx, &corev1.PersistentVolumeClaim{}, pulp.Name + "-file-storage", "FileStorage", conditionType, pulp}, fileStoragePVC)
pvcName := settings.DefaultPulpFileStorage(pulp.Name)
requeue, err := r.createPulpResource(ResourceDefinition{ctx, &corev1.PersistentVolumeClaim{}, pvcName, "FileStorage", conditionType, pulp}, fileStoragePVC)
if err != nil {
return ctrl.Result{}, err
} else if requeue {
Expand All @@ -61,16 +63,16 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep

// Reconcile PVC
pvcFound := &corev1.PersistentVolumeClaim{}
r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-file-storage", Namespace: pulp.Namespace}, pvcFound)
r.Get(ctx, types.NamespacedName{Name: pvcName, Namespace: pulp.Namespace}, pvcFound)
expected_pvc := fileStoragePVC(funcResources)
if !equality.Semantic.DeepDerivative(expected_pvc.(*corev1.PersistentVolumeClaim).Spec, pvcFound.Spec) {
log.Info("The PVC has been modified! Reconciling ...")
controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingFileStoragePVC", "Reconciling "+pulp.Name+"-file-storage PVC resource")
controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingFileStoragePVC", "Reconciling "+pvcName+" PVC resource")
r.recorder.Event(pulp, corev1.EventTypeNormal, "Updating", "Reconciling file storage PVC")
err = r.Update(ctx, expected_pvc.(*corev1.PersistentVolumeClaim))
if err != nil {
log.Error(err, "Error trying to update the PVC object ... ")
controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingFileStoragePVC", "Failed to reconcile "+pulp.Name+"-file-storage PVC resource")
controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingFileStoragePVC", "Failed to reconcile "+pvcName+" PVC resource")
r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to reconcile file storage PVC")
return ctrl.Result{}, err
}
Expand All @@ -80,7 +82,7 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep
}

// if .spec.admin_password_secret is not defined, operator will default to pulp-admin-password
adminSecretName := pulp.Name + "-admin-password"
adminSecretName := settings.DefaultAdminPassword(pulp.Name)
if len(pulp.Spec.AdminPasswordSecret) > 1 {
adminSecretName = pulp.Spec.AdminPasswordSecret
}
Expand All @@ -90,50 +92,63 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep
}

// if .spec.pulp_secret_key is not defined, operator will default to "pulp-secret-key"
djangoKey := pulp.Name + "-secret-key"
djangoKey := settings.DefaultDjangoSecretKey(pulp.Name)
if len(pulp.Spec.PulpSecretKey) > 0 {
djangoKey = pulp.Spec.PulpSecretKey
}
// update pulp CR pulp_secret_key secret with default name
// we need to set this field "early" because it will be used to populate
// pulp-server-secret with its value
if err := controllers.UpdateCRField(ctx, r.Client, pulp, "PulpSecretKey", djangoKey); err != nil {
return ctrl.Result{}, err
}

// update pulp CR with default values
dbFieldsEncryptionSecret := settings.DefaultDBFieldsEncryptionSecret(pulp.Name)
if len(pulp.Spec.DBFieldsEncryptionSecret) > 0 {
dbFieldsEncryptionSecret = pulp.Spec.DBFieldsEncryptionSecret
}
if err := controllers.UpdateCRField(ctx, r.Client, pulp, "DBFieldsEncryptionSecret", dbFieldsEncryptionSecret); err != nil {
return ctrl.Result{}, err
}

// update pulp CR with container_token_secret secret value
if len(pulp.Spec.ContainerTokenSecret) == 0 {
patch := client.MergeFrom(pulp.DeepCopy())
pulp.Spec.ContainerTokenSecret = pulp.Name + "-container-auth"
r.Patch(ctx, pulp, patch)
containerTokenSecret := settings.DefaultContainerTokenSecret(pulp.Name)
if len(pulp.Spec.ContainerTokenSecret) > 0 {
containerTokenSecret = pulp.Spec.ContainerTokenSecret
}
if err := controllers.UpdateCRField(ctx, r.Client, pulp, "ContainerTokenSecret", containerTokenSecret); err != nil {
return ctrl.Result{}, err
}

serverSecretName := settings.PulpServerSecret(pulp.Name)
// define the k8s Deployment function based on k8s distribution and deployment type
deploymentForPulpApi := initDeployment(API_DEPLOYMENT).Deploy

deploymentName := settings.API.DeploymentName(pulp.Name)
serviceName := settings.ApiService(pulp.Name)

// list of pulp-api resources that should be provisioned
resources := []ApiResource{
// pulp-secret-key secret
{ResourceDefinition{ctx, &corev1.Secret{}, djangoKey, "PulpSecretKey", conditionType, pulp}, pulpDjangoKeySecret},
// pulp-server secret
{Definition: ResourceDefinition{Context: ctx, Type: &corev1.Secret{}, Name: pulp.Name + "-server", Alias: "Server", ConditionType: conditionType, Pulp: pulp}, Function: pulpServerSecret},
{Definition: ResourceDefinition{Context: ctx, Type: &corev1.Secret{}, Name: serverSecretName, Alias: "Server", ConditionType: conditionType, Pulp: pulp}, Function: pulpServerSecret},
// pulp-db-fields-encryption secret
{ResourceDefinition{ctx, &corev1.Secret{}, pulp.Name + "-db-fields-encryption", "DBFieldsEncryption", conditionType, pulp}, pulpDBFieldsEncryptionSecret},
{ResourceDefinition{ctx, &corev1.Secret{}, dbFieldsEncryptionSecret, "DBFieldsEncryptionSecret", conditionType, pulp}, pulpDBFieldsEncryptionSecret},
// pulp-admin-password secret
{ResourceDefinition{ctx, &corev1.Secret{}, adminSecretName, "AdminPassword", conditionType, pulp}, pulpAdminPasswordSecret},
// pulp-container-auth secret
{ResourceDefinition{ctx, &corev1.Secret{}, pulp.Spec.ContainerTokenSecret, "ContainerAuth", conditionType, pulp}, pulpContainerAuth},
{ResourceDefinition{ctx, &corev1.Secret{}, containerTokenSecret, "ContainerTokenSecret", conditionType, pulp}, pulpContainerAuth},
// pulp-api deployment
{ResourceDefinition{ctx, &appsv1.Deployment{}, pulp.Name + "-api", "Api", conditionType, pulp}, deploymentForPulpApi},
{ResourceDefinition{ctx, &appsv1.Deployment{}, deploymentName, "Api", conditionType, pulp}, deploymentForPulpApi},
// pulp-api-svc service
{ResourceDefinition{ctx, &corev1.Service{}, pulp.Name + "-api-svc", "Api", conditionType, pulp}, serviceForAPI},
{ResourceDefinition{ctx, &corev1.Service{}, serviceName, "Api", conditionType, pulp}, serviceForAPI},
}

// create telemetry resources
if pulp.Spec.Telemetry.Enabled {
telemetry := []ApiResource{
{ResourceDefinition{ctx, &corev1.ConfigMap{}, controllers.OtelConfigName, "Telemetry", conditionType, pulp}, controllers.OtelConfigMap},
{ResourceDefinition{ctx, &corev1.Service{}, controllers.OtelServiceName, "Telemetry", conditionType, pulp}, controllers.ServiceOtel},
{ResourceDefinition{ctx, &corev1.ConfigMap{}, settings.OtelConfigMapName(pulp.Name), "Telemetry", conditionType, pulp}, controllers.OtelConfigMap},
{ResourceDefinition{ctx, &corev1.Service{}, settings.OtelServiceName(pulp.Name), "Telemetry", conditionType, pulp}, controllers.ServiceOtel},
}
resources = append(resources, telemetry...)
}
Expand All @@ -150,30 +165,23 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep

// Ensure the deployment spec is as expected
apiDeployment := &appsv1.Deployment{}
r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-api", Namespace: pulp.Namespace}, apiDeployment)
r.Get(ctx, types.NamespacedName{Name: deploymentName, Namespace: pulp.Namespace}, apiDeployment)
expected := deploymentForPulpApi(funcResources)
if requeue, err := controllers.ReconcileObject(funcResources, expected, apiDeployment, conditionType, controllers.PulpDeployment{}); err != nil || requeue {
return ctrl.Result{Requeue: requeue}, err
}

// update pulp CR with default values
if len(pulp.Spec.DBFieldsEncryptionSecret) == 0 {
patch := client.MergeFrom(pulp.DeepCopy())
pulp.Spec.DBFieldsEncryptionSecret = pulp.Name + "-db-fields-encryption"
r.Patch(ctx, pulp, patch)
}

// Ensure the service spec is as expected
apiSvc := &corev1.Service{}
r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-api-svc", Namespace: pulp.Namespace}, apiSvc)
r.Get(ctx, types.NamespacedName{Name: serviceName, Namespace: pulp.Namespace}, apiSvc)
expectedSvc := serviceForAPI(funcResources)
if requeue, err := controllers.ReconcileObject(funcResources, expectedSvc, apiSvc, conditionType, controllers.PulpService{}); err != nil || requeue {
return ctrl.Result{Requeue: requeue}, err
}

// Ensure the secret data is as expected
serverSecret := &corev1.Secret{}
r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-server", Namespace: pulp.Namespace}, serverSecret)
r.Get(ctx, types.NamespacedName{Name: serverSecretName, Namespace: pulp.Namespace}, serverSecret)
expectedServerSecret := pulpServerSecret(funcResources)
if requeue, err := controllers.ReconcileObject(funcResources, expectedServerSecret, serverSecret, conditionType, controllers.PulpSecret{}); err != nil || requeue {
// restart pulpcore pods if the secret has changed
Expand All @@ -185,15 +193,15 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep
if pulp.Spec.Telemetry.Enabled {
// Ensure otelConfigMap is as expected
telemetryConfigMap := &corev1.ConfigMap{}
r.Get(ctx, types.NamespacedName{Name: controllers.OtelConfigName, Namespace: pulp.Namespace}, telemetryConfigMap)
r.Get(ctx, types.NamespacedName{Name: settings.OtelConfigMapName(pulp.Name), Namespace: pulp.Namespace}, telemetryConfigMap)
expectedTelemetryConfigMap := controllers.OtelConfigMap(funcResources)
if requeue, err := controllers.ReconcileObject(funcResources, expectedTelemetryConfigMap, telemetryConfigMap, conditionType, controllers.PulpConfigMap{}); err != nil || requeue {
return ctrl.Result{Requeue: requeue}, err
}

// Ensure otelService is as expected
telemetryService := &corev1.Service{}
r.Get(ctx, types.NamespacedName{Name: controllers.OtelServiceName, Namespace: pulp.Namespace}, telemetryService)
r.Get(ctx, types.NamespacedName{Name: settings.OtelServiceName(pulp.Name), Namespace: pulp.Namespace}, telemetryService)
expectedTelemetryService := controllers.ServiceOtel(funcResources)
if requeue, err := controllers.ReconcileObject(funcResources, expectedTelemetryService, telemetryService, conditionType, controllers.PulpService{}); err != nil || requeue {
return ctrl.Result{Requeue: requeue}, err
Expand All @@ -210,7 +218,7 @@ func fileStoragePVC(resources controllers.FunctionResources) client.Object {
// Define the new PVC
pvc := &corev1.PersistentVolumeClaim{
ObjectMeta: metav1.ObjectMeta{
Name: pulp.Name + "-file-storage",
Name: settings.DefaultPulpFileStorage(pulp.Name),
Namespace: pulp.Namespace,
Labels: map[string]string{
"app.kubernetes.io/name": pulp.Spec.DeploymentType + "-storage",
Expand Down Expand Up @@ -251,7 +259,7 @@ func serviceForAPI(resources controllers.FunctionResources) client.Object {
func serviceAPIObject(name, namespace, deployment_type string) *corev1.Service {
return &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
Name: name + "-api-svc",
Name: settings.ApiService(name),
Namespace: namespace,
Labels: map[string]string{
"app.kubernetes.io/name": deployment_type + "-api",
Expand Down
Loading

0 comments on commit 5de5651

Please sign in to comment.