diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b89f528c..6c93c9a79 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -689,7 +689,9 @@ jobs: deploy: runs-on: ubuntu-latest needs: [containerized, components, galaxy] - if: github.event_name != 'pull_request' + if: | + github.event_name != 'pull_request' && + github.repository_owner == 'pulp' steps: - uses: actions/checkout@v3 with: diff --git a/.github/workflows/scripts/show_logs.sh b/.github/workflows/scripts/show_logs.sh index e6311bb17..27750163f 100755 --- a/.github/workflows/scripts/show_logs.sh +++ b/.github/workflows/scripts/show_logs.sh @@ -75,11 +75,11 @@ kubectl logs --timestamps -l app.kubernetes.io/component=worker --tail=10000 echo ::endgroup:: echo ::group::PULP_WEB_PODS -kubectl describe pods -l app.kubernetes.io/component=webserver +kubectl describe pods -l app.kubernetes.io/component=web echo ::endgroup:: echo ::group::PULP_WEB_LOGS -kubectl logs -l app.kubernetes.io/component=webserver --tail=10000 +kubectl logs -l app.kubernetes.io/component=web --tail=10000 echo ::endgroup:: echo ::group::POSTGRES diff --git a/.gitleaks.toml b/.gitleaks.toml index 4fd582ce9..fb8ecb5dd 100644 --- a/.gitleaks.toml +++ b/.gitleaks.toml @@ -8,4 +8,5 @@ ".ci/scripts/prepare-object-storage.sh", "containers/compose/certs/database_fields.symmetric.key", ".github/workflows/ci.yml", + "controllers/settings/secrets.go", ] diff --git a/controllers/deployment.go b/controllers/deployment.go index ce6e88a84..7d030fdd5 100644 --- a/controllers/deployment.go +++ b/controllers/deployment.go @@ -24,6 +24,7 @@ import ( "strings" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" + "github.com/pulp/pulp-operator/controllers/settings" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -33,12 +34,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -const ( - api string = "Api" - content string = "Content" - worker string = "Worker" -) - // CommonDeployment has the common definition for all pulpcore deployments type CommonDeployment struct { replicas int32 @@ -72,14 +67,14 @@ type CommonDeployment struct { } // Deploy returns a common Deployment object that can be used by any pulpcore component -func (d CommonDeployment) Deploy(resources any, pulpcoreType string) client.Object { +func (d CommonDeployment) Deploy(resources any, pulpcoreType settings.PulpcoreType) client.Object { pulp := resources.(FunctionResources).Pulp d.build(resources, pulpcoreType) // deployment definition dep := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ - Name: pulp.Name + "-" + strings.ToLower(pulpcoreType), + Name: pulpcoreType.DeploymentName(pulp.Name), Namespace: pulp.Namespace, Annotations: d.deploymentAnnotations, Labels: d.deploymentLabels, @@ -101,7 +96,7 @@ func (d CommonDeployment) Deploy(resources any, pulpcoreType string) client.Obje NodeSelector: d.nodeSelector, Tolerations: d.toleration, Volumes: d.volumes, - ServiceAccountName: pulp.Name, + ServiceAccountName: settings.PulpServiceAccount(pulp.Name), TopologySpreadConstraints: d.topologySpreadConstraint, InitContainers: d.initContainers, Containers: d.containers, @@ -127,7 +122,7 @@ type DeploymentAPICommon struct { // Deploy returns a pulp-api Deployment object func (d DeploymentAPICommon) Deploy(resources any) client.Object { - return d.CommonDeployment.Deploy(resources, api) + return d.CommonDeployment.Deploy(resources, settings.API) } // DeploymentContentCommon is the common pulpcore-content Deployment definition @@ -137,7 +132,7 @@ type DeploymentContentCommon struct { // Deploy returns a pulp-content Deployment object func (d DeploymentContentCommon) Deploy(resources any) client.Object { - return d.CommonDeployment.Deploy(resources, content) + return d.CommonDeployment.Deploy(resources, settings.CONTENT) } // DeploymentWorkerCommon is the common pulpcore-worker Deployment definition @@ -147,24 +142,24 @@ type DeploymentWorkerCommon struct { // Deploy returns a pulp-worker Deployment object func (d DeploymentWorkerCommon) Deploy(resources any) client.Object { - return d.CommonDeployment.Deploy(resources, worker) + return d.CommonDeployment.Deploy(resources, settings.WORKER) } // setReplicas defines the number of pod replicas -func (d *CommonDeployment) setReplicas(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { - d.replicas = int32(reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("Replicas").Int()) +func (d *CommonDeployment) setReplicas(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { + d.replicas = int32(reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("Replicas").Int()) } // setLabels defines the pod and deployment labels -func (d *CommonDeployment) setLabels(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { - pulpcoreType = strings.ToLower(pulpcoreType) +func (d *CommonDeployment) setLabels(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { + pulpType := strings.ToLower(string(pulpcoreType)) d.podLabels = map[string]string{ - "app.kubernetes.io/name": pulp.Spec.DeploymentType + "-" + pulpcoreType, - "app.kubernetes.io/instance": pulp.Spec.DeploymentType + "-" + pulpcoreType + "-" + pulp.Name, - "app.kubernetes.io/component": pulpcoreType, + "app.kubernetes.io/name": pulp.Spec.DeploymentType + "-" + pulpType, + "app.kubernetes.io/instance": pulp.Spec.DeploymentType + "-" + pulpType + "-" + pulp.Name, + "app.kubernetes.io/component": pulpType, "app.kubernetes.io/part-of": pulp.Spec.DeploymentType, "app.kubernetes.io/managed-by": pulp.Spec.DeploymentType + "-operator", - "app": "pulp-" + pulpcoreType, + "app": "pulp-" + pulpType, "pulp_cr": pulp.Name, } @@ -176,9 +171,9 @@ func (d *CommonDeployment) setLabels(pulp repomanagerpulpprojectorgv1beta2.Pulp, } // setAffinity defines the affinity rules -func (d *CommonDeployment) setAffinity(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setAffinity(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { affinity := &corev1.Affinity{} - specField := reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("Affinity").Interface().(*corev1.Affinity) + specField := reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("Affinity").Interface().(*corev1.Affinity) if specField != nil { affinity = specField } @@ -186,11 +181,11 @@ func (d *CommonDeployment) setAffinity(pulp repomanagerpulpprojectorgv1beta2.Pul } // setStrategy defines the deployment strategy to use to replace existing pods with new ones -func (d *CommonDeployment) setStrategy(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setStrategy(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { // if no strategy is defined in pulp CR we are setting `strategy.Type` with the // default value ("RollingUpdate"), this will be helpful during the reconciliation // when a strategy was previously defined and eventually the field is removed - strategy := reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("Strategy").Interface().(appsv1.DeploymentStrategy) + strategy := reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("Strategy").Interface().(appsv1.DeploymentStrategy) if strategy.Type == "" { strategy.Type = "RollingUpdate" } @@ -209,9 +204,9 @@ func (d *CommonDeployment) setPodSecurityContext(pulp repomanagerpulpprojectorgv } // setNodeSelector defines the selectors to schedule the pod on a node -func (d *CommonDeployment) setNodeSelector(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setNodeSelector(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { nodeSelector := map[string]string{} - specField := reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("NodeSelector").Interface().(map[string]string) + specField := reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("NodeSelector").Interface().(map[string]string) if specField != nil { nodeSelector = specField } @@ -219,9 +214,9 @@ func (d *CommonDeployment) setNodeSelector(pulp repomanagerpulpprojectorgv1beta2 } // setTolerations defines the pod tolerations -func (d *CommonDeployment) setTolerations(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setTolerations(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { toleration := []corev1.Toleration{} - specField := reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("Tolerations").Interface().([]corev1.Toleration) + specField := reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("Tolerations").Interface().([]corev1.Toleration) if specField != nil { toleration = specField } @@ -229,9 +224,9 @@ func (d *CommonDeployment) setTolerations(pulp repomanagerpulpprojectorgv1beta2. } // setTopologySpreadConstraints defines how to spread pods across topology -func (d *CommonDeployment) setTopologySpreadConstraints(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setTopologySpreadConstraints(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { topologySpreadConstraint := []corev1.TopologySpreadConstraint{} - specField := reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("TopologySpreadConstraints").Interface().([]corev1.TopologySpreadConstraint) + specField := reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("TopologySpreadConstraints").Interface().([]corev1.TopologySpreadConstraint) if specField != nil { topologySpreadConstraint = specField } @@ -239,13 +234,13 @@ func (d *CommonDeployment) setTopologySpreadConstraints(pulp repomanagerpulpproj } // setEnvVars defines the list of containers' environment variables -func (d *CommonDeployment) setEnvVars(resources any, pulpcoreType string) { +func (d *CommonDeployment) setEnvVars(resources any, pulpcoreType settings.PulpcoreType) { pulp := resources.(FunctionResources).Pulp - pulpcoreTypeField := reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType) + pulpcoreTypeField := reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)) var envVars []corev1.EnvVar - if pulpcoreType != worker { + if pulpcoreType != settings.WORKER { // gunicornWorkers definition gunicornWorkers := strconv.FormatInt(pulpcoreTypeField.FieldByName("GunicornWorkers").Int(), 10) @@ -254,7 +249,7 @@ func (d *CommonDeployment) setEnvVars(resources any, pulpcoreType string) { envVars = []corev1.EnvVar{ {Name: "PULP_GUNICORN_TIMEOUT", Value: gunicornTimeout}, - {Name: "PULP_" + strings.ToUpper(pulpcoreType) + "_WORKERS", Value: gunicornWorkers}, + {Name: "PULP_" + strings.ToUpper(string(pulpcoreType)) + "_WORKERS", Value: gunicornWorkers}, } } @@ -402,11 +397,7 @@ func GetPostgresEnvVars(pulp repomanagerpulpprojectorgv1beta2.Pulp) (envVars []c // GetAdminSecretName retrieves pulp admin user password func GetAdminSecretName(pulp repomanagerpulpprojectorgv1beta2.Pulp) string { - adminSecretName := pulp.Name + "-admin-password" - if len(pulp.Spec.AdminPasswordSecret) > 1 { - adminSecretName = pulp.Spec.AdminPasswordSecret - } - return adminSecretName + return pulp.Spec.AdminPasswordSecret } // getStorageType retrieves the storage type defined in pulp CR @@ -417,21 +408,18 @@ func getStorageType(pulp repomanagerpulpprojectorgv1beta2.Pulp) []string { // GetDBFieldsEncryptionSecret returns the name of DBFieldsEncryption Secret func GetDBFieldsEncryptionSecret(pulp repomanagerpulpprojectorgv1beta2.Pulp) string { - if pulp.Spec.DBFieldsEncryptionSecret == "" { - return pulp.Name + "-db-fields-encryption" - } return pulp.Spec.DBFieldsEncryptionSecret } // setVolumes defines the list of pod volumes -func (d *CommonDeployment) setVolumes(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setVolumes(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { dbFieldsEncryptionSecret := GetDBFieldsEncryptionSecret(pulp) volumes := []corev1.Volume{ { Name: pulp.Name + "-server", VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ - SecretName: pulp.Name + "-server", + SecretName: settings.PulpServerSecret(pulp.Name), Items: []corev1.KeyToPath{{ Key: "settings.py", Path: "settings.py", @@ -454,7 +442,7 @@ func (d *CommonDeployment) setVolumes(pulp repomanagerpulpprojectorgv1beta2.Pulp } // only worker pods need to mount ansible dir - if pulpcoreType == worker { + if pulpcoreType == settings.WORKER { ansibleVolume := corev1.Volume{ Name: pulp.Name + "-ansible-tmp", VolumeSource: corev1.VolumeSource{ @@ -465,7 +453,7 @@ func (d *CommonDeployment) setVolumes(pulp repomanagerpulpprojectorgv1beta2.Pulp } // worker and content pods don't need to mount the admin secret - if pulpcoreType == api { + if pulpcoreType == settings.API { adminSecretName := GetAdminSecretName(pulp) volume := corev1.Volume{ Name: adminSecretName, @@ -488,7 +476,7 @@ func (d *CommonDeployment) setVolumes(pulp repomanagerpulpprojectorgv1beta2.Pulp Name: "file-storage", VolumeSource: corev1.VolumeSource{ PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: pulp.Name + "-file-storage", + ClaimName: settings.DefaultPulpFileStorage(pulp.Name), }, }, } @@ -512,7 +500,7 @@ func (d *CommonDeployment) setVolumes(pulp repomanagerpulpprojectorgv1beta2.Pulp } volumes = append(volumes, emptyDir) // only api pods need the assets-file-storage - if pulpcoreType == api { + if pulpcoreType == settings.API { assetVolume := corev1.Volume{ Name: "assets-file-storage", VolumeSource: corev1.VolumeSource{ @@ -558,13 +546,8 @@ func (d *CommonDeployment) setVolumes(pulp repomanagerpulpprojectorgv1beta2.Pulp } // only api pods need the container-auth-certs - if pulpcoreType == api { - var containerAuthSecretName string - if pulp.Spec.ContainerTokenSecret != "" { - containerAuthSecretName = pulp.Spec.ContainerTokenSecret - } else { - containerAuthSecretName = pulp.Name + "-container-auth" - } + if pulpcoreType == settings.API { + containerAuthSecretName := pulp.Spec.ContainerTokenSecret containerTokenSecretVolume := corev1.Volume{ Name: pulp.Name + "-container-auth-certs", VolumeSource: corev1.VolumeSource{ @@ -589,7 +572,7 @@ func (d *CommonDeployment) setVolumes(pulp repomanagerpulpprojectorgv1beta2.Pulp } // setVolumeMounts defines the list containers volumes mount points -func (d *CommonDeployment) setVolumeMounts(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setVolumeMounts(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { volumeMounts := []corev1.VolumeMount{ { @@ -607,13 +590,13 @@ func (d *CommonDeployment) setVolumeMounts(pulp repomanagerpulpprojectorgv1beta2 } // only worker pods need to mount ansible dir - if pulpcoreType == worker { + if pulpcoreType == settings.WORKER { ansibleVolume := corev1.VolumeMount{Name: pulp.Name + "-ansible-tmp", MountPath: "/.ansible/tmp"} volumeMounts = append(volumeMounts, ansibleVolume) } // worker and content pods don't need to mount the admin secret - if pulpcoreType == api { + if pulpcoreType == settings.API { adminSecretName := GetAdminSecretName(pulp) adminSecret := corev1.VolumeMount{ Name: adminSecretName, @@ -635,7 +618,7 @@ func (d *CommonDeployment) setVolumeMounts(pulp repomanagerpulpprojectorgv1beta2 } else if storageType[0] == EmptyDirType { // if no file-storage nor object storage were provided we will mount the emptyDir emptyDir := corev1.VolumeMount{Name: "tmp-file-storage", MountPath: "/var/lib/pulp/tmp"} volumeMounts = append(volumeMounts, emptyDir) - if pulpcoreType == api { // worker and content pods don't need to mount the assets-file-storage secret + if pulpcoreType == settings.API { // worker and content pods don't need to mount the assets-file-storage secret assetsVolume := corev1.VolumeMount{Name: "assets-file-storage", MountPath: "/var/lib/pulp/assets"} volumeMounts = append(volumeMounts, assetsVolume) } @@ -665,7 +648,7 @@ func (d *CommonDeployment) setVolumeMounts(pulp repomanagerpulpprojectorgv1beta2 volumeMounts = append(volumeMounts, signingSecretMount...) } - if pulpcoreType == api && pulp.Spec.ContainerTokenSecret != "" { + if pulpcoreType == settings.API && pulp.Spec.ContainerTokenSecret != "" { containerTokenSecretMount := []corev1.VolumeMount{ { Name: pulp.Name + "-container-auth-certs", @@ -719,20 +702,20 @@ func (d *CommonDeployment) setInitContainerVolumeMounts(pulp repomanagerpulpproj } // setResourceRequirements defines the container resources -func (d *CommonDeployment) setResourceRequirements(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { - d.resourceRequirements = reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("ResourceRequirements").Interface().(corev1.ResourceRequirements) +func (d *CommonDeployment) setResourceRequirements(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { + d.resourceRequirements = reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("ResourceRequirements").Interface().(corev1.ResourceRequirements) } // setInitContainerResourceRequirements defines the init-container resources -func (d *CommonDeployment) setInitContainerResourceRequirements(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { - d.initContainerResourceRequirements = reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("InitContainer").FieldByName("ResourceRequirements").Interface().(corev1.ResourceRequirements) +func (d *CommonDeployment) setInitContainerResourceRequirements(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { + d.initContainerResourceRequirements = reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("InitContainer").FieldByName("ResourceRequirements").Interface().(corev1.ResourceRequirements) } // setReadinessProbe defines the container readinessprobe -func (d *CommonDeployment) setReadinessProbe(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { - readinessProbe := reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("ReadinessProbe").Interface().(*corev1.Probe) +func (d *CommonDeployment) setReadinessProbe(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { + readinessProbe := reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("ReadinessProbe").Interface().(*corev1.Probe) switch pulpcoreType { - case api: + case settings.API: if readinessProbe == nil { readinessProbe = &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ @@ -750,7 +733,7 @@ func (d *CommonDeployment) setReadinessProbe(pulp repomanagerpulpprojectorgv1bet TimeoutSeconds: 10, } } - case content: + case settings.CONTENT: if readinessProbe == nil { readinessProbe = &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ @@ -768,7 +751,7 @@ func (d *CommonDeployment) setReadinessProbe(pulp repomanagerpulpprojectorgv1bet TimeoutSeconds: 10, } } - case worker: + case settings.WORKER: if readinessProbe == nil { readinessProbe = &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ @@ -791,10 +774,10 @@ func (d *CommonDeployment) setReadinessProbe(pulp repomanagerpulpprojectorgv1bet } // setReadinessProbe defines the container livenessprobe -func (d *CommonDeployment) setLivenessProbe(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { - livenessProbe := reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("LivenessProbe").Interface().(*corev1.Probe) +func (d *CommonDeployment) setLivenessProbe(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { + livenessProbe := reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("LivenessProbe").Interface().(*corev1.Probe) switch pulpcoreType { - case api: + case settings.API: if livenessProbe == nil { livenessProbe = &corev1.Probe{ FailureThreshold: 10, @@ -829,21 +812,21 @@ func (d *CommonDeployment) setImage(pulp repomanagerpulpprojectorgv1beta2.Pulp) } // setInitContainerImage defines pulpcore init-container image -func (d *CommonDeployment) setInitContainerImage(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { - d.initContainerImage = reflect.ValueOf(pulp.Spec).FieldByName(pulpcoreType).FieldByName("InitContainer").FieldByName("Image").String() +func (d *CommonDeployment) setInitContainerImage(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { + d.initContainerImage = reflect.ValueOf(pulp.Spec).FieldByName(string(pulpcoreType)).FieldByName("InitContainer").FieldByName("Image").String() if len(d.initContainerImage) == 0 { d.initContainerImage = d.image } } // setInitContainers defines initContainers specs -func (d *CommonDeployment) setInitContainers(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setInitContainers(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { args := []string{ "-c", `/usr/bin/wait_on_postgres.py /usr/bin/wait_on_database_migrations.sh`, } - if pulpcoreType == api { + if pulpcoreType == settings.API { args = []string{ "-c", `mkdir -p /var/lib/pulp/{media,assets,tmp} @@ -867,10 +850,10 @@ func (d *CommonDeployment) setInitContainers(pulp repomanagerpulpprojectorgv1bet } // setContainers defines pulpcore containers specs -func (d *CommonDeployment) setContainers(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setContainers(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { var containers []corev1.Container switch pulpcoreType { - case api: + case settings.API: containers = []corev1.Container{ { Name: "api", @@ -902,7 +885,7 @@ exec "${PULP_API_ENTRYPOINT[@]}" \ VolumeMounts: d.volumeMounts, }, } - case content: + case settings.CONTENT: containers = []corev1.Container{{ Name: "content", Image: d.image, @@ -933,7 +916,7 @@ exec "${PULP_CONTENT_ENTRYPOINT[@]}" \ ReadinessProbe: d.readinessProbe, VolumeMounts: d.volumeMounts, }} - case worker: + case settings.WORKER: containers = []corev1.Container{{ Name: "worker", Image: d.image, @@ -956,9 +939,9 @@ exec pulpcore-worker`, } // setAnnotations defines the list of pods and deployments annotations -func (d *CommonDeployment) setAnnotations(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType string) { +func (d *CommonDeployment) setAnnotations(pulp repomanagerpulpprojectorgv1beta2.Pulp, pulpcoreType settings.PulpcoreType) { d.podAnnotations = map[string]string{ - "kubectl.kubernetes.io/default-container": strings.ToLower(pulpcoreType), + "kubectl.kubernetes.io/default-container": strings.ToLower(string(pulpcoreType)), } if pulp.Status.LastDeploymentUpdate != "" { @@ -993,7 +976,7 @@ func (d *CommonDeployment) setSchedulerName() { } // setTelemetryConfig defines the containers and volumes configuration if telemetry is enabled -func (d *CommonDeployment) setTelemetryConfig(resources any, pulpcoreType string) { +func (d *CommonDeployment) setTelemetryConfig(resources any, pulpcoreType settings.PulpcoreType) { d.containers, d.volumes = telemetryConfig(resources, d.envVars, d.containers, d.volumes, pulpcoreType) } @@ -1051,7 +1034,7 @@ func (d *CommonDeployment) setLDAPConfigs(resources any) { } // build constructs the fields used in the deployment specification -func (d *CommonDeployment) build(resources any, pulpcoreType string) { +func (d *CommonDeployment) build(resources any, pulpcoreType settings.PulpcoreType) { pulp := resources.(FunctionResources).Pulp d.setReplicas(*pulp, pulpcoreType) d.setEnvVars(resources, pulpcoreType) diff --git a/controllers/ingress.go b/controllers/ingress.go index 63a553efd..ec5d692f3 100644 --- a/controllers/ingress.go +++ b/controllers/ingress.go @@ -17,6 +17,7 @@ limitations under the License. package controllers import ( + "github.com/pulp/pulp-operator/controllers/settings" netv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ctrl "sigs.k8s.io/controller-runtime" @@ -46,7 +47,7 @@ func IngressDefaults(resources any, plugins []IngressPlugin) (*netv1.Ingress, er PathType: &pathType, Backend: netv1.IngressBackend{ Service: &netv1.IngressServiceBackend{ - Name: pulp.Name + "-web-svc", + Name: settings.PulpWebService(pulp.Name), Port: netv1.ServiceBackendPort{ Number: 24880, }, diff --git a/controllers/ocp/route.go b/controllers/ocp/route.go index f005f4579..786a2210d 100644 --- a/controllers/ocp/route.go +++ b/controllers/ocp/route.go @@ -24,6 +24,7 @@ import ( "github.com/go-logr/logr" routev1 "github.com/openshift/api/route/v1" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" corev1 "k8s.io/api/core/v1" @@ -119,25 +120,25 @@ func PulpRouteController(resources controllers.FunctionResources, restClient res Name: pulp.Name + "-content", Path: controllers.GetPulpSetting(pulp, "content_path_prefix"), TargetPort: "content-24816", - ServiceName: pulp.Name + "-content-svc", + ServiceName: settings.ContentService(pulp.Name), }, { Name: pulp.Name + "-api-v3", Path: controllers.GetPulpSetting(pulp, "api_root") + "api/v3/", TargetPort: "api-24817", - ServiceName: pulp.Name + "-api-svc", + ServiceName: settings.ApiService(pulp.Name), }, { Name: pulp.Name + "-auth", Path: "/auth/login/", TargetPort: "api-24817", - ServiceName: pulp.Name + "-api-svc", + ServiceName: settings.ApiService(pulp.Name), }, { Name: pulp.Name, Path: "/", TargetPort: "api-24817", - ServiceName: pulp.Name + "-api-svc", + ServiceName: settings.ApiService(pulp.Name), }, } routeHost := GetRouteHost(pulp) diff --git a/controllers/ocp/utils.go b/controllers/ocp/utils.go index a50055991..351f5528e 100644 --- a/controllers/ocp/utils.go +++ b/controllers/ocp/utils.go @@ -22,6 +22,7 @@ import ( "github.com/go-logr/logr" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" corev1 "k8s.io/api/core/v1" k8s_errors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -31,24 +32,20 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -const ( - rhOperatorPullSecretName = "redhat-operators-pull-secret" - caConfigMapName = "user-ca-bundle" -) - // CreateRHOperatorPullSecret creates a default secret called redhat-operators-pull-secret -func CreateRHOperatorPullSecret(r client.Client, ctx context.Context, namespace string) error { +func CreateRHOperatorPullSecret(r client.Client, ctx context.Context, namespace, pulpName string) error { log := logr.Logger{} + secretName := settings.RedHatOperatorPullSecret(pulpName) // Get redhat-operators-pull-secret defaultSecret := &corev1.Secret{} - err := r.Get(ctx, types.NamespacedName{Name: rhOperatorPullSecretName, Namespace: namespace}, defaultSecret) + err := r.Get(ctx, types.NamespacedName{Name: secretName, Namespace: namespace}, defaultSecret) // Create the secret in case it is not found if err != nil && k8s_errors.IsNotFound(err) { defaultSecret = &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: rhOperatorPullSecretName, + Name: secretName, Namespace: namespace, }, StringData: map[string]string{ @@ -57,7 +54,7 @@ func CreateRHOperatorPullSecret(r client.Client, ctx context.Context, namespace } r.Create(ctx, defaultSecret) } else if err != nil { - log.Error(err, "Failed to get "+rhOperatorPullSecretName) + log.Error(err, "Failed to get "+secretName) return err } return nil @@ -67,12 +64,13 @@ func CreateRHOperatorPullSecret(r client.Client, ctx context.Context, namespace // inject custom CA into containers func CreateEmptyConfigMap(r client.Client, scheme *runtime.Scheme, ctx context.Context, pulp *repomanagerpulpprojectorgv1beta2.Pulp, log logr.Logger) (ctrl.Result, error) { + configMapName := settings.EmptyCAConfigMapName(pulp.Name) configMap := &corev1.ConfigMap{} - err := r.Get(ctx, types.NamespacedName{Name: caConfigMapName, Namespace: pulp.Namespace}, configMap) + err := r.Get(ctx, types.NamespacedName{Name: configMapName, Namespace: pulp.Namespace}, configMap) expected_cm := &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ - Name: caConfigMapName, + Name: configMapName, Namespace: pulp.Namespace, Labels: map[string]string{ "config.openshift.io/inject-trusted-cabundle": "true", @@ -110,7 +108,7 @@ func mountCASpec(pulp *repomanagerpulpprojectorgv1beta2.Pulp, volumes []corev1.V VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ - Name: caConfigMapName, + Name: settings.EmptyCAConfigMapName(pulp.Name), }, Items: []corev1.KeyToPath{ {Key: "ca-bundle.crt", Path: "tls-ca-bundle.pem"}, diff --git a/controllers/repo_manager/api.go b/controllers/repo_manager/api.go index 65118acb3..f51d015f0 100644 --- a/controllers/repo_manager/api.go +++ b/controllers/repo_manager/api.go @@ -23,6 +23,7 @@ import ( "github.com/go-logr/logr" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" appsv1 "k8s.io/api/apps/v1" @@ -52,7 +53,8 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep // pulp-file-storage // the PVC will be created only if a StorageClassName is provided if storageClassProvided(pulp) { - requeue, err := r.createPulpResource(ResourceDefinition{ctx, &corev1.PersistentVolumeClaim{}, pulp.Name + "-file-storage", "FileStorage", conditionType, pulp}, fileStoragePVC) + pvcName := settings.DefaultPulpFileStorage(pulp.Name) + requeue, err := r.createPulpResource(ResourceDefinition{ctx, &corev1.PersistentVolumeClaim{}, pvcName, "FileStorage", conditionType, pulp}, fileStoragePVC) if err != nil { return ctrl.Result{}, err } else if requeue { @@ -61,16 +63,16 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep // Reconcile PVC pvcFound := &corev1.PersistentVolumeClaim{} - r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-file-storage", Namespace: pulp.Namespace}, pvcFound) + r.Get(ctx, types.NamespacedName{Name: pvcName, Namespace: pulp.Namespace}, pvcFound) expected_pvc := fileStoragePVC(funcResources) if !equality.Semantic.DeepDerivative(expected_pvc.(*corev1.PersistentVolumeClaim).Spec, pvcFound.Spec) { log.Info("The PVC has been modified! Reconciling ...") - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingFileStoragePVC", "Reconciling "+pulp.Name+"-file-storage PVC resource") + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingFileStoragePVC", "Reconciling "+pvcName+" PVC resource") r.recorder.Event(pulp, corev1.EventTypeNormal, "Updating", "Reconciling file storage PVC") err = r.Update(ctx, expected_pvc.(*corev1.PersistentVolumeClaim)) if err != nil { log.Error(err, "Error trying to update the PVC object ... ") - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingFileStoragePVC", "Failed to reconcile "+pulp.Name+"-file-storage PVC resource") + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingFileStoragePVC", "Failed to reconcile "+pvcName+" PVC resource") r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to reconcile file storage PVC") return ctrl.Result{}, err } @@ -80,7 +82,7 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep } // if .spec.admin_password_secret is not defined, operator will default to pulp-admin-password - adminSecretName := pulp.Name + "-admin-password" + adminSecretName := settings.DefaultAdminPassword(pulp.Name) if len(pulp.Spec.AdminPasswordSecret) > 1 { adminSecretName = pulp.Spec.AdminPasswordSecret } @@ -90,50 +92,63 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep } // if .spec.pulp_secret_key is not defined, operator will default to "pulp-secret-key" - djangoKey := pulp.Name + "-secret-key" + djangoKey := settings.DefaultDjangoSecretKey(pulp.Name) if len(pulp.Spec.PulpSecretKey) > 0 { djangoKey = pulp.Spec.PulpSecretKey } // update pulp CR pulp_secret_key secret with default name - // we need to set this field "early" because it will be used to populate - // pulp-server-secret with its value if err := controllers.UpdateCRField(ctx, r.Client, pulp, "PulpSecretKey", djangoKey); err != nil { return ctrl.Result{}, err } + // update pulp CR with default values + dbFieldsEncryptionSecret := settings.DefaultDBFieldsEncryptionSecret(pulp.Name) + if len(pulp.Spec.DBFieldsEncryptionSecret) > 0 { + dbFieldsEncryptionSecret = pulp.Spec.DBFieldsEncryptionSecret + } + if err := controllers.UpdateCRField(ctx, r.Client, pulp, "DBFieldsEncryptionSecret", dbFieldsEncryptionSecret); err != nil { + return ctrl.Result{}, err + } + // update pulp CR with container_token_secret secret value - if len(pulp.Spec.ContainerTokenSecret) == 0 { - patch := client.MergeFrom(pulp.DeepCopy()) - pulp.Spec.ContainerTokenSecret = pulp.Name + "-container-auth" - r.Patch(ctx, pulp, patch) + containerTokenSecret := settings.DefaultContainerTokenSecret(pulp.Name) + if len(pulp.Spec.ContainerTokenSecret) > 0 { + containerTokenSecret = pulp.Spec.ContainerTokenSecret + } + if err := controllers.UpdateCRField(ctx, r.Client, pulp, "ContainerTokenSecret", containerTokenSecret); err != nil { + return ctrl.Result{}, err } + serverSecretName := settings.PulpServerSecret(pulp.Name) // define the k8s Deployment function based on k8s distribution and deployment type deploymentForPulpApi := initDeployment(API_DEPLOYMENT).Deploy + deploymentName := settings.API.DeploymentName(pulp.Name) + serviceName := settings.ApiService(pulp.Name) + // list of pulp-api resources that should be provisioned resources := []ApiResource{ // pulp-secret-key secret {ResourceDefinition{ctx, &corev1.Secret{}, djangoKey, "PulpSecretKey", conditionType, pulp}, pulpDjangoKeySecret}, // pulp-server secret - {Definition: ResourceDefinition{Context: ctx, Type: &corev1.Secret{}, Name: pulp.Name + "-server", Alias: "Server", ConditionType: conditionType, Pulp: pulp}, Function: pulpServerSecret}, + {Definition: ResourceDefinition{Context: ctx, Type: &corev1.Secret{}, Name: serverSecretName, Alias: "Server", ConditionType: conditionType, Pulp: pulp}, Function: pulpServerSecret}, // pulp-db-fields-encryption secret - {ResourceDefinition{ctx, &corev1.Secret{}, pulp.Name + "-db-fields-encryption", "DBFieldsEncryption", conditionType, pulp}, pulpDBFieldsEncryptionSecret}, + {ResourceDefinition{ctx, &corev1.Secret{}, dbFieldsEncryptionSecret, "DBFieldsEncryptionSecret", conditionType, pulp}, pulpDBFieldsEncryptionSecret}, // pulp-admin-password secret {ResourceDefinition{ctx, &corev1.Secret{}, adminSecretName, "AdminPassword", conditionType, pulp}, pulpAdminPasswordSecret}, // pulp-container-auth secret - {ResourceDefinition{ctx, &corev1.Secret{}, pulp.Spec.ContainerTokenSecret, "ContainerAuth", conditionType, pulp}, pulpContainerAuth}, + {ResourceDefinition{ctx, &corev1.Secret{}, containerTokenSecret, "ContainerTokenSecret", conditionType, pulp}, pulpContainerAuth}, // pulp-api deployment - {ResourceDefinition{ctx, &appsv1.Deployment{}, pulp.Name + "-api", "Api", conditionType, pulp}, deploymentForPulpApi}, + {ResourceDefinition{ctx, &appsv1.Deployment{}, deploymentName, "Api", conditionType, pulp}, deploymentForPulpApi}, // pulp-api-svc service - {ResourceDefinition{ctx, &corev1.Service{}, pulp.Name + "-api-svc", "Api", conditionType, pulp}, serviceForAPI}, + {ResourceDefinition{ctx, &corev1.Service{}, serviceName, "Api", conditionType, pulp}, serviceForAPI}, } // create telemetry resources if pulp.Spec.Telemetry.Enabled { telemetry := []ApiResource{ - {ResourceDefinition{ctx, &corev1.ConfigMap{}, controllers.OtelConfigName, "Telemetry", conditionType, pulp}, controllers.OtelConfigMap}, - {ResourceDefinition{ctx, &corev1.Service{}, controllers.OtelServiceName, "Telemetry", conditionType, pulp}, controllers.ServiceOtel}, + {ResourceDefinition{ctx, &corev1.ConfigMap{}, settings.OtelConfigMapName(pulp.Name), "Telemetry", conditionType, pulp}, controllers.OtelConfigMap}, + {ResourceDefinition{ctx, &corev1.Service{}, settings.OtelServiceName(pulp.Name), "Telemetry", conditionType, pulp}, controllers.ServiceOtel}, } resources = append(resources, telemetry...) } @@ -150,22 +165,15 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep // Ensure the deployment spec is as expected apiDeployment := &appsv1.Deployment{} - r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-api", Namespace: pulp.Namespace}, apiDeployment) + r.Get(ctx, types.NamespacedName{Name: deploymentName, Namespace: pulp.Namespace}, apiDeployment) expected := deploymentForPulpApi(funcResources) if requeue, err := controllers.ReconcileObject(funcResources, expected, apiDeployment, conditionType, controllers.PulpDeployment{}); err != nil || requeue { return ctrl.Result{Requeue: requeue}, err } - // update pulp CR with default values - if len(pulp.Spec.DBFieldsEncryptionSecret) == 0 { - patch := client.MergeFrom(pulp.DeepCopy()) - pulp.Spec.DBFieldsEncryptionSecret = pulp.Name + "-db-fields-encryption" - r.Patch(ctx, pulp, patch) - } - // Ensure the service spec is as expected apiSvc := &corev1.Service{} - r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-api-svc", Namespace: pulp.Namespace}, apiSvc) + r.Get(ctx, types.NamespacedName{Name: serviceName, Namespace: pulp.Namespace}, apiSvc) expectedSvc := serviceForAPI(funcResources) if requeue, err := controllers.ReconcileObject(funcResources, expectedSvc, apiSvc, conditionType, controllers.PulpService{}); err != nil || requeue { return ctrl.Result{Requeue: requeue}, err @@ -173,7 +181,7 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep // Ensure the secret data is as expected serverSecret := &corev1.Secret{} - r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-server", Namespace: pulp.Namespace}, serverSecret) + r.Get(ctx, types.NamespacedName{Name: serverSecretName, Namespace: pulp.Namespace}, serverSecret) expectedServerSecret := pulpServerSecret(funcResources) if requeue, err := controllers.ReconcileObject(funcResources, expectedServerSecret, serverSecret, conditionType, controllers.PulpSecret{}); err != nil || requeue { // restart pulpcore pods if the secret has changed @@ -185,7 +193,7 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep if pulp.Spec.Telemetry.Enabled { // Ensure otelConfigMap is as expected telemetryConfigMap := &corev1.ConfigMap{} - r.Get(ctx, types.NamespacedName{Name: controllers.OtelConfigName, Namespace: pulp.Namespace}, telemetryConfigMap) + r.Get(ctx, types.NamespacedName{Name: settings.OtelConfigMapName(pulp.Name), Namespace: pulp.Namespace}, telemetryConfigMap) expectedTelemetryConfigMap := controllers.OtelConfigMap(funcResources) if requeue, err := controllers.ReconcileObject(funcResources, expectedTelemetryConfigMap, telemetryConfigMap, conditionType, controllers.PulpConfigMap{}); err != nil || requeue { return ctrl.Result{Requeue: requeue}, err @@ -193,7 +201,7 @@ func (r *RepoManagerReconciler) pulpApiController(ctx context.Context, pulp *rep // Ensure otelService is as expected telemetryService := &corev1.Service{} - r.Get(ctx, types.NamespacedName{Name: controllers.OtelServiceName, Namespace: pulp.Namespace}, telemetryService) + r.Get(ctx, types.NamespacedName{Name: settings.OtelServiceName(pulp.Name), Namespace: pulp.Namespace}, telemetryService) expectedTelemetryService := controllers.ServiceOtel(funcResources) if requeue, err := controllers.ReconcileObject(funcResources, expectedTelemetryService, telemetryService, conditionType, controllers.PulpService{}); err != nil || requeue { return ctrl.Result{Requeue: requeue}, err @@ -210,7 +218,7 @@ func fileStoragePVC(resources controllers.FunctionResources) client.Object { // Define the new PVC pvc := &corev1.PersistentVolumeClaim{ ObjectMeta: metav1.ObjectMeta{ - Name: pulp.Name + "-file-storage", + Name: settings.DefaultPulpFileStorage(pulp.Name), Namespace: pulp.Namespace, Labels: map[string]string{ "app.kubernetes.io/name": pulp.Spec.DeploymentType + "-storage", @@ -251,7 +259,7 @@ func serviceForAPI(resources controllers.FunctionResources) client.Object { func serviceAPIObject(name, namespace, deployment_type string) *corev1.Service { return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: name + "-api-svc", + Name: settings.ApiService(name), Namespace: namespace, Labels: map[string]string{ "app.kubernetes.io/name": deployment_type + "-api", diff --git a/controllers/repo_manager/content.go b/controllers/repo_manager/content.go index cc071ce62..4dd0813ee 100644 --- a/controllers/repo_manager/content.go +++ b/controllers/repo_manager/content.go @@ -22,6 +22,7 @@ import ( "github.com/go-logr/logr" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" appsv1 "k8s.io/api/apps/v1" @@ -48,12 +49,15 @@ func (r *RepoManagerReconciler) pulpContentController(ctx context.Context, pulp // define the k8s Deployment function based on k8s distribution and deployment type deploymentForPulpContent := initDeployment(CONTENT_DEPLOYMENT).Deploy + deploymentName := settings.CONTENT.DeploymentName(pulp.Name) + serviceName := settings.ContentService(pulp.Name) + // list of pulp-content resources that should be provisioned resources := []ContentResource{ // pulp-content deployment - {ResourceDefinition{ctx, &appsv1.Deployment{}, pulp.Name + "-content", "Content", conditionType, pulp}, deploymentForPulpContent}, + {ResourceDefinition{ctx, &appsv1.Deployment{}, deploymentName, "Content", conditionType, pulp}, deploymentForPulpContent}, // pulp-content-svc service - {ResourceDefinition{ctx, &corev1.Service{}, pulp.Name + "-content-svc", "Content", conditionType, pulp}, serviceForContent}, + {ResourceDefinition{ctx, &corev1.Service{}, serviceName, "Content", conditionType, pulp}, serviceForContent}, } // create pulp-content resources @@ -68,7 +72,7 @@ func (r *RepoManagerReconciler) pulpContentController(ctx context.Context, pulp // Reconcile Deployment deployment := &appsv1.Deployment{} - r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-content", Namespace: pulp.Namespace}, deployment) + r.Get(ctx, types.NamespacedName{Name: deploymentName, Namespace: pulp.Namespace}, deployment) expected := deploymentForPulpContent(funcResources) if requeue, err := controllers.ReconcileObject(funcResources, expected, deployment, conditionType, controllers.PulpDeployment{}); err != nil || requeue { return ctrl.Result{Requeue: requeue}, err @@ -76,7 +80,7 @@ func (r *RepoManagerReconciler) pulpContentController(ctx context.Context, pulp // Reconcile Service cntSvc := &corev1.Service{} - r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-content-svc", Namespace: pulp.Namespace}, cntSvc) + r.Get(ctx, types.NamespacedName{Name: serviceName, Namespace: pulp.Namespace}, cntSvc) newCntSvc := serviceForContent(funcResources) if requeue, err := controllers.ReconcileObject(funcResources, newCntSvc, cntSvc, conditionType, controllers.PulpService{}); err != nil || requeue { return ctrl.Result{Requeue: requeue}, err @@ -99,7 +103,7 @@ func serviceForContent(resources controllers.FunctionResources) client.Object { func serviceContentObject(name, namespace, deployment_type string) *corev1.Service { return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: name + "-content-svc", + Name: settings.ContentService(name), Namespace: namespace, Labels: map[string]string{ "app.kubernetes.io/name": deployment_type + "-content", diff --git a/controllers/repo_manager/controller.go b/controllers/repo_manager/controller.go index 1691cc8a6..ae4b6ff52 100644 --- a/controllers/repo_manager/controller.go +++ b/controllers/repo_manager/controller.go @@ -71,17 +71,8 @@ type RepoManagerReconciler struct { func (r *RepoManagerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { log := r.RawLogger - isOpenShift, _ := controllers.IsOpenShift() - if isOpenShift { - log.V(1).Info("Running on OpenShift cluster") - if err := pulp_ocp.CreateRHOperatorPullSecret(r.Client, ctx, req.NamespacedName.Namespace); err != nil { - return ctrl.Result{}, err - } - } - pulp := &repomanagerpulpprojectorgv1beta2.Pulp{} err := r.Get(ctx, req.NamespacedName, pulp) - if err != nil { if errors.IsNotFound(err) { // Request object not found, could have been deleted after reconcile request. @@ -95,6 +86,14 @@ func (r *RepoManagerReconciler) Reconcile(ctx context.Context, req ctrl.Request) return ctrl.Result{}, err } + isOpenShift, _ := controllers.IsOpenShift() + if isOpenShift { + log.V(1).Info("Running on OpenShift cluster") + if err := pulp_ocp.CreateRHOperatorPullSecret(r.Client, ctx, req.NamespacedName.Namespace, pulp.Name); err != nil { + return ctrl.Result{}, err + } + } + // if Unmanaged the operator should do nothing // this is useful in situations where we don't want the operator to do reconciliation // for example, during a troubleshooting or for testing diff --git a/controllers/repo_manager/controller_test.go b/controllers/repo_manager/controller_test.go index 919bf4ec8..b58bf1b82 100644 --- a/controllers/repo_manager/controller_test.go +++ b/controllers/repo_manager/controller_test.go @@ -34,6 +34,7 @@ const ( ApiName = PulpName + "-api" ContentName = PulpName + "-content" WorkerName = PulpName + "-worker" + DBVolumeName = PulpName + "-postgres" timeout = time.Minute interval = time.Second @@ -194,7 +195,7 @@ var _ = Describe("Pulp controller", Ordered, func() { volumeMountsSts := []corev1.VolumeMount{ { - Name: "postgres", + Name: DBVolumeName, MountPath: "/var/lib/postgresql/data", SubPath: "data", }, @@ -509,7 +510,7 @@ var _ = Describe("Pulp controller", Ordered, func() { volumeClaimTemplate := []corev1.PersistentVolumeClaim{{ ObjectMeta: metav1.ObjectMeta{ - Name: "postgres", + Name: DBVolumeName, }, Spec: corev1.PersistentVolumeClaimSpec{ AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce}, @@ -991,7 +992,7 @@ exec pulpcore-worker`, By("Checking if sts template is configured to use emptyDir volume") var found bool for _, volume := range createdSts.Spec.Template.Spec.Volumes { - if volume.Name == "postgres" && reflect.DeepEqual(volume.VolumeSource.EmptyDir, &corev1.EmptyDirVolumeSource{}) { + if volume.Name == DBVolumeName && reflect.DeepEqual(volume.VolumeSource.EmptyDir, &corev1.EmptyDirVolumeSource{}) { found = true break } diff --git a/controllers/repo_manager/database.go b/controllers/repo_manager/database.go index 0fc0c70cf..cad3ac91a 100644 --- a/controllers/repo_manager/database.go +++ b/controllers/repo_manager/database.go @@ -25,6 +25,7 @@ import ( "github.com/go-logr/logr" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" appsv1 "k8s.io/api/apps/v1" @@ -44,48 +45,49 @@ func (r *RepoManagerReconciler) databaseController(ctx context.Context, pulp *re // conditionType is used to update .status.conditions with the current resource state conditionType := cases.Title(language.English, cases.Compact).String(pulp.Spec.DeploymentType) + "-Database-Ready" + secretName := settings.DefaultDBSecret(pulp.Name) // Create pulp-postgres-configuration secret pgConfigSecret := &corev1.Secret{} - err := r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-postgres-configuration", Namespace: pulp.Namespace}, pgConfigSecret) - + err := r.Get(ctx, types.NamespacedName{Name: secretName, Namespace: pulp.Namespace}, pgConfigSecret) expected_secret := databaseConfigSecret(pulp) // Create the secret in case it is not found if err != nil && errors.IsNotFound(err) { - log.Info("Creating a new pulp-postgres-configuration secret", "Secret.Namespace", expected_secret.Namespace, "Secret.Name", expected_secret.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingDatabasePostgresSecret", "Creating "+pulp.Name+"-postgres-configuration secret resource") + log.Info("Creating a new "+secretName+" Secret", "Secret.Namespace", expected_secret.Namespace, "Secret.Name", secretName) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingDatabasePostgresSecret", "Creating "+secretName+" Secret resource") // Set Pulp instance as the owner and controller ctrl.SetControllerReference(pulp, expected_secret, r.Scheme) err = r.Create(ctx, expected_secret) if err != nil { - log.Error(err, "Failed to create new pulp-postgres-configuration secret secret", "Secret.Namespace", expected_secret.Namespace, "Secret.Name", expected_secret.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingDatabasePostgresSecret", "Failed to create "+pulp.Name+"-postgres-configuration secret resource: "+err.Error()) - r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to create new postgres-configuration secret") + log.Error(err, "Failed to create "+secretName+" Secret", "Secret.Namespace", expected_secret.Namespace, "Secret.Name", secretName) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingDatabasePostgresSecret", "Failed to create "+secretName+" Secret resource: "+err.Error()) + r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to create "+secretName+" Secret") return ctrl.Result{}, err } // Secret created successfully - return and requeue - r.recorder.Event(pulp, corev1.EventTypeNormal, "Created", "Postgres-configuration secret created") + r.recorder.Event(pulp, corev1.EventTypeNormal, "Created", secretName+" Secret created") return ctrl.Result{Requeue: true}, nil } else if err != nil { - log.Error(err, "Failed to get pulp-postgres-configuration secret") + log.Error(err, "Failed to get "+secretName+" Secret") return ctrl.Result{}, err } // StatefulSet + statefulSetName := settings.DefaultDBStatefulSet(pulp.Name) pgSts := &appsv1.StatefulSet{} - err = r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-database", Namespace: pulp.Namespace}, pgSts) + err = r.Get(ctx, types.NamespacedName{Name: statefulSetName, Namespace: pulp.Namespace}, pgSts) expected_sts := statefulSetForDatabase(pulp) if err != nil && errors.IsNotFound(err) { - log.Info("Creating a new Database StatefulSet", "StatefulSet.Namespace", pgSts.Namespace, "StatefulSet.Name", pgSts.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingDatabaseSts", "Creating "+pulp.Name+"-database statefulset resource") + log.Info("Creating a new Database StatefulSet", "StatefulSet.Namespace", pgSts.Namespace, "StatefulSet.Name", statefulSetName) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingDatabaseSts", "Creating "+statefulSetName+" StatefulSet resource") controllers.CheckEmptyDir(pulp, controllers.DatabaseResource) // Set Pulp instance as the owner and controller ctrl.SetControllerReference(pulp, expected_sts, r.Scheme) err = r.Create(ctx, expected_sts) if err != nil { - log.Error(err, "Failed to create new Database StatefulSet", "StatefulSet.Namespace", expected_sts.Namespace, "StatefulSet.Name", expected_sts.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingDatabaseSts", "Failed to create "+pulp.Name+"-database statefulset resource: "+err.Error()) + log.Error(err, "Failed to create new Database StatefulSet", "StatefulSet.Namespace", expected_sts.Namespace, "StatefulSet.Name", statefulSetName) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingDatabaseSts", "Failed to create "+statefulSetName+" Statefulset resource: "+err.Error()) r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to create database StatefulSet") return ctrl.Result{}, err } @@ -99,38 +101,39 @@ func (r *RepoManagerReconciler) databaseController(ctx context.Context, pulp *re // Reconcile StatefulSet if !equality.Semantic.DeepDerivative(expected_sts.Spec, pgSts.Spec) { - log.Info("The Database StatefulSet has been modified! Reconciling ...") - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingDatabaseSts", "Reconciling "+pulp.Name+"-database statefulset resource") - r.recorder.Event(pulp, corev1.EventTypeNormal, "Updating", "Reconciling database StatefulSet") + log.Info("The " + statefulSetName + " StatefulSet has been modified! Reconciling ...") + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingDatabaseSts", "Reconciling "+statefulSetName+" Statefulset resource") + r.recorder.Event(pulp, corev1.EventTypeNormal, "Updating", "Reconciling "+statefulSetName+" StatefulSet") // Set Pulp instance as the owner and controller // not sure if this is the best way to do this, but every time that // a reconciliation occurred the object lost the owner reference ctrl.SetControllerReference(pulp, expected_sts, r.Scheme) err = r.Update(ctx, expected_sts) if err != nil { - log.Error(err, "Error trying to update the Database StatefulSet object ... ") - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingDatabaseSts", "Failed to reconcile "+pulp.Name+"-database statefulset resource") - r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to reconcile database StatefulSet") + log.Error(err, "Error trying to update the "+statefulSetName+" StatefulSet object ... ") + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingDatabaseSts", "Failed to reconcile "+statefulSetName+" Statefulset resource") + r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to reconcile "+statefulSetName+" StatefulSet") return ctrl.Result{}, err } - r.recorder.Event(pulp, corev1.EventTypeNormal, "Updated", "Database StatefulSet reconciled") + r.recorder.Event(pulp, corev1.EventTypeNormal, "Updated", statefulSetName+" StatefulSet reconciled") return ctrl.Result{Requeue: true, RequeueAfter: time.Minute}, nil } // SERVICE + svcName := settings.DBService(pulp.Name) dbSvc := &corev1.Service{} - err = r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-database-svc", Namespace: pulp.Namespace}, dbSvc) + err = r.Get(ctx, types.NamespacedName{Name: svcName, Namespace: pulp.Namespace}, dbSvc) expected_svc := serviceForDatabase(pulp) if err != nil && errors.IsNotFound(err) { - log.Info("Creating a new Database Service", "Service.Namespace", expected_svc.Namespace, "Service.Name", expected_svc.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingDatabaseService", "Creating "+pulp.Name+"-database-svc service resource") + log.Info("Creating a new Database Service", "Service.Namespace", expected_svc.Namespace, "Service.Name", svcName) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingDatabaseService", "Creating "+svcName+" Service resource") // Set Pulp instance as the owner and controller ctrl.SetControllerReference(pulp, expected_svc, r.Scheme) err = r.Create(ctx, expected_svc) if err != nil { - log.Error(err, "Failed to create new Database Service", "Service.Namespace", expected_svc.Namespace, "Service.Name", expected_svc.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingDatabaseService", "Failed to create "+pulp.Name+"-database-svc service resource: "+err.Error()) + log.Error(err, "Failed to create new Database Service", "Service.Namespace", expected_svc.Namespace, "Service.Name", svcName) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingDatabaseService", "Failed to create "+svcName+" Service resource: "+err.Error()) r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to create database service") return ctrl.Result{}, err } @@ -145,13 +148,13 @@ func (r *RepoManagerReconciler) databaseController(ctx context.Context, pulp *re // Reconcile Service if !equality.Semantic.DeepDerivative(expected_svc.Spec, dbSvc.Spec) { log.Info("The Database service has been modified! Reconciling ...") - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingDatabaseService", "Reconciling "+pulp.Name+"-database-svc service resource") + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingDatabaseService", "Reconciling "+svcName+" Service resource") r.recorder.Event(pulp, corev1.EventTypeNormal, "Updating", "Reconciling database service") ctrl.SetControllerReference(pulp, expected_svc, r.Scheme) err = r.Update(ctx, expected_svc) if err != nil { log.Error(err, "Error trying to update the Database Service object ... ") - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingDatabaseService", "Failed to reconcile "+pulp.Name+"-database-svc service resource: "+err.Error()) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingDatabaseService", "Failed to reconcile "+svcName+" Service resource: "+err.Error()) r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to reconcile database service") return ctrl.Result{}, err } @@ -216,7 +219,7 @@ func statefulSetForDatabase(m *repomanagerpulpprojectorgv1beta2.Pulp) *appsv1.St postgresHostAuthMethod = "scram-sha-256" } - postgresConfigurationSecret := m.Name + "-postgres-configuration" + postgresConfigurationSecret := settings.DefaultDBSecret(m.Name) envVars := []corev1.EnvVar{ { Name: "POSTGRESQL_DATABASE", @@ -295,6 +298,7 @@ func statefulSetForDatabase(m *repomanagerpulpprojectorgv1beta2.Pulp) *appsv1.St storageClass := m.Spec.Database.PostgresStorageClass + volumeName := settings.DefaultDBPVC(m.Name) // if SC defined, we should use the PVC claimed by STS if storageType[0] == controllers.SCNameType { @@ -311,7 +315,7 @@ func statefulSetForDatabase(m *repomanagerpulpprojectorgv1beta2.Pulp) *appsv1.St pvc := corev1.PersistentVolumeClaim{ ObjectMeta: metav1.ObjectMeta{ - Name: "postgres", + Name: volumeName, }, Spec: corev1.PersistentVolumeClaimSpec{ AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce}, @@ -324,7 +328,7 @@ func statefulSetForDatabase(m *repomanagerpulpprojectorgv1beta2.Pulp) *appsv1.St // if .spec.Database.PVC defined we should use the PVC provisioned by user } else if storageType[0] == controllers.PVCType { volume := corev1.Volume{ - Name: "postgres", + Name: volumeName, VolumeSource: corev1.VolumeSource{ PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ ClaimName: m.Spec.Database.PVC, @@ -337,7 +341,7 @@ func statefulSetForDatabase(m *repomanagerpulpprojectorgv1beta2.Pulp) *appsv1.St } else if storageType[0] == controllers.EmptyDirType { emptyDir := []corev1.Volume{ { - Name: "postgres", + Name: volumeName, VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, @@ -349,7 +353,7 @@ func statefulSetForDatabase(m *repomanagerpulpprojectorgv1beta2.Pulp) *appsv1.St pgDataMountPath := filepath.Dir(postgresDataPath) volumeMounts := []corev1.VolumeMount{ { - Name: "postgres", + Name: volumeName, MountPath: pgDataMountPath, SubPath: filepath.Base(pgDataMountPath), }, @@ -415,7 +419,7 @@ func statefulSetForDatabase(m *repomanagerpulpprojectorgv1beta2.Pulp) *appsv1.St return &appsv1.StatefulSet{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name + "-database", + Name: settings.DefaultDBStatefulSet(m.Name), Namespace: m.Namespace, Labels: map[string]string{ "app.kubernetes.io/name": "postgres", @@ -439,7 +443,7 @@ func statefulSetForDatabase(m *repomanagerpulpprojectorgv1beta2.Pulp) *appsv1.St Affinity: affinity, NodeSelector: nodeSelector, Tolerations: toleration, - ServiceAccountName: m.Name, + ServiceAccountName: settings.PulpServiceAccount(m.Name), Containers: []corev1.Container{{ Image: postgresImage, Name: "postgres", @@ -489,7 +493,7 @@ func serviceForDatabase(m *repomanagerpulpprojectorgv1beta2.Pulp) *corev1.Servic return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name + "-database-svc", + Name: settings.DBService(m.Name), Namespace: m.Namespace, }, Spec: corev1.ServiceSpec{ @@ -525,7 +529,7 @@ func databaseConfigSecret(m *repomanagerpulpprojectorgv1beta2.Pulp) *corev1.Secr return &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name + "-postgres-configuration", + Name: settings.DefaultDBSecret(m.Name), Namespace: m.Namespace, }, StringData: map[string]string{ diff --git a/controllers/repo_manager/ingress.go b/controllers/repo_manager/ingress.go index 04ef67350..d320ed9eb 100644 --- a/controllers/repo_manager/ingress.go +++ b/controllers/repo_manager/ingress.go @@ -26,6 +26,7 @@ import ( repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" pulp_ocp "github.com/pulp/pulp-operator/controllers/ocp" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" corev1 "k8s.io/api/core/v1" @@ -92,25 +93,25 @@ func (r *RepoManagerReconciler) pulpIngressController(ctx context.Context, pulp Name: pulp.Name + "-content", Path: controllers.GetPulpSetting(pulp, "content_path_prefix"), TargetPort: "content-24816", - ServiceName: pulp.Name + "-content-svc", + ServiceName: settings.ContentService(pulp.Name), }, { Name: pulp.Name + "-api-v3", Path: controllers.GetPulpSetting(pulp, "api_root") + "api/v3/", TargetPort: "api-24817", - ServiceName: pulp.Name + "-api-svc", + ServiceName: settings.ApiService(pulp.Name), }, { Name: pulp.Name + "-auth", Path: "/auth/login/", TargetPort: "api-24817", - ServiceName: pulp.Name + "-api-svc", + ServiceName: settings.ApiService(pulp.Name), }, { Name: pulp.Name, Path: "/", TargetPort: "api-24817", - ServiceName: pulp.Name + "-api-svc", + ServiceName: settings.ApiService(pulp.Name), }, } pulpPlugins = append(defaultPlugins, pulpPlugins...) diff --git a/controllers/repo_manager/job.go b/controllers/repo_manager/job.go index 8ca982fef..faa6509a1 100644 --- a/controllers/repo_manager/job.go +++ b/controllers/repo_manager/job.go @@ -20,19 +20,14 @@ import ( "context" "encoding/json" "reflect" - "time" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -const ( - adminPasswordSecretName = "admin-password" ) // updateAdminPasswordJob creates a k8s job if the admin-password secret has changed @@ -42,7 +37,7 @@ func (r *RepoManagerReconciler) updateAdminPasswordJob(ctx context.Context, pulp adminSecretName := controllers.GetAdminSecretName(*pulp) adminSecret := &corev1.Secret{} if err := r.Get(ctx, types.NamespacedName{Name: adminSecretName, Namespace: pulp.Namespace}, adminSecret); err != nil { - log.Error(err, "Failed to find "+adminPasswordSecretName+" Secret!") + log.Error(err, "Failed to find "+adminSecretName+" Secret!") } // if the secret didn't change there is nothing to do @@ -52,6 +47,7 @@ func (r *RepoManagerReconciler) updateAdminPasswordJob(ctx context.Context, pulp return } + jobName := settings.ResetAdminPwdJob(pulp.Name) labels := jobLabels(*pulp) labels["app.kubernetes.io/component"] = "reset-admin-password" containers := []corev1.Container{resetAdminPasswordContainer(pulp)} @@ -62,7 +58,7 @@ func (r *RepoManagerReconciler) updateAdminPasswordJob(ctx context.Context, pulp // job definition job := &batchv1.Job{ ObjectMeta: metav1.ObjectMeta{ - GenerateName: pulp.Name + "-reset-admin-password-", + GenerateName: jobName, Namespace: pulp.Namespace, Labels: labels, }, @@ -74,23 +70,23 @@ func (r *RepoManagerReconciler) updateAdminPasswordJob(ctx context.Context, pulp RestartPolicy: "Never", Containers: containers, Volumes: volumes, - ServiceAccountName: pulp.Name, + ServiceAccountName: settings.PulpServiceAccount(pulp.Name), }, }, }, } // create job - log.Info("Creating a new " + adminPasswordSecretName + " reset Job") + log.Info("Creating " + jobName + "* Job") if err := r.Create(ctx, job); err != nil { - log.Error(err, "Failed to create "+adminPasswordSecretName+" Job!") + log.Error(err, "Failed to create "+jobName+"* Job!") } // update secret hash label - log.V(1).Info("Updating " + adminPasswordSecretName + " hash label ...") + log.V(1).Info("Updating " + adminSecretName + " hash label ...") controllers.SetHashLabel(calculatedHash, adminSecret) if err := r.Update(ctx, adminSecret); err != nil { - log.Error(err, "Failed to update "+adminPasswordSecretName+" Secret label!") + log.Error(err, "Failed to update "+adminSecretName+" Secret label!") } } @@ -103,7 +99,7 @@ func pulpcoreVolumes(pulp *repomanagerpulpprojectorgv1beta2.Pulp, adminSecretNam Name: pulp.Name + "-server", VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ - SecretName: pulp.Name + "-server", + SecretName: settings.PulpServerSecret(pulp.Name), Items: []corev1.KeyToPath{{ Key: "settings.py", Path: "settings.py", @@ -220,7 +216,7 @@ func (r *RepoManagerReconciler) migrationJob(ctx context.Context, pulp *repomana // job definition job := &batchv1.Job{ ObjectMeta: metav1.ObjectMeta{ - GenerateName: pulp.Name + "-pulpcore-migration-", + GenerateName: settings.MigrationJob(pulp.Name), Namespace: pulp.Namespace, Labels: labels, }, @@ -232,7 +228,7 @@ func (r *RepoManagerReconciler) migrationJob(ctx context.Context, pulp *repomana RestartPolicy: "Never", Containers: containers, Volumes: volumes, - ServiceAccountName: pulp.Name, + ServiceAccountName: settings.PulpServiceAccount(pulp.Name), }, }, }, @@ -288,6 +284,7 @@ func (r *RepoManagerReconciler) updateContentChecksumsJob(ctx context.Context, p return } + jobName := settings.UpdateChecksumsJob(pulp.Name) labels := jobLabels(*pulp) labels["app.kubernetes.io/component"] = "allowed-content-checksums" containers := []corev1.Container{contentChecksumsContainer(pulp)} @@ -298,7 +295,7 @@ func (r *RepoManagerReconciler) updateContentChecksumsJob(ctx context.Context, p // job definition job := &batchv1.Job{ ObjectMeta: metav1.ObjectMeta{ - GenerateName: pulp.Name + "-update-content-checksums-", + GenerateName: jobName, Namespace: pulp.Namespace, Labels: labels, }, @@ -310,16 +307,16 @@ func (r *RepoManagerReconciler) updateContentChecksumsJob(ctx context.Context, p RestartPolicy: "Never", Containers: containers, Volumes: volumes, - ServiceAccountName: pulp.Name, + ServiceAccountName: settings.PulpServiceAccount(pulp.Name), }, }, }, } // create the Job - log.Info("Creating a new update content checksums Job") + log.Info("Creating a new " + jobName + "* Job") if err := r.Create(ctx, job); err != nil { - log.Error(err, "Failed to create update content checksums Job!") + log.Error(err, "Failed to create "+jobName+"* Job!") } // update .status @@ -363,29 +360,3 @@ func contentChecksumsModified(pulp *repomanagerpulpprojectorgv1beta2.Pulp) bool json.Unmarshal([]byte(pulp.Status.AllowedContentChecksums), &statusAllowedChecksum) return !reflect.DeepEqual(pulp.Spec.AllowedContentChecksums, statusAllowedChecksum) } - -// waitJobFinishes wait until content-checksums job completes -func waitJobFinishes(resources RepoManagerReconciler, pulp *repomanagerpulpprojectorgv1beta2.Pulp, timeout time.Duration) { - labels := map[string]string{ - "app.kubernetes.io/component": "allowed-content-checksums", - } - listOpts := []client.ListOption{ - client.InNamespace(pulp.Namespace), - client.MatchingLabels(labels), - } - -TIMEOUT: - for i := 0; i < int(timeout.Seconds()); i++ { - jobList := &batchv1.JobList{} - if err := resources.Client.List(context.TODO(), jobList, listOpts...); err != nil { - resources.RawLogger.Error(err, "Failed to find content-checksum Jobs") - return - } - for _, p := range jobList.Items { - if p.Status.CompletionTime != nil { - break TIMEOUT - } - } - time.Sleep(time.Second) - } -} diff --git a/controllers/repo_manager/pdb.go b/controllers/repo_manager/pdb.go index 9310dcae2..d3e67643b 100644 --- a/controllers/repo_manager/pdb.go +++ b/controllers/repo_manager/pdb.go @@ -19,10 +19,12 @@ package repo_manager import ( "context" "reflect" + "strings" "time" "github.com/go-logr/logr" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" + "github.com/pulp/pulp-operator/controllers/settings" policy "k8s.io/api/policy/v1" "k8s.io/apimachinery/pkg/api/equality" k8s_error "k8s.io/apimachinery/pkg/api/errors" @@ -34,17 +36,18 @@ import ( // pdbController creates and reconciles {api,content,worker,web} pdbs func (r *RepoManagerReconciler) pdbController(ctx context.Context, pulp *repomanagerpulpprojectorgv1beta2.Pulp, log logr.Logger) (ctrl.Result, error) { - pdbList := map[string]*policy.PodDisruptionBudgetSpec{ - "api": pulp.Spec.Api.PDB, - "content": pulp.Spec.Content.PDB, - "worker": pulp.Spec.Worker.PDB, - "webserver": pulp.Spec.Web.PDB, + pdbList := map[settings.PulpcoreType]*policy.PodDisruptionBudgetSpec{ + settings.API: pulp.Spec.Api.PDB, + settings.CONTENT: pulp.Spec.Content.PDB, + settings.WORKER: pulp.Spec.Worker.PDB, + settings.WEB: pulp.Spec.Web.PDB, } for component, pdb := range pdbList { + pdbName := component.PDBName(pulp.Name) pdbFound := &policy.PodDisruptionBudget{} - err := r.Get(ctx, types.NamespacedName{Name: component + "-pdb", Namespace: pulp.Namespace}, pdbFound) + err := r.Get(ctx, types.NamespacedName{Name: pdbName, Namespace: pulp.Namespace}, pdbFound) // check if PDB is defined // we need to check if pdb != nil (no .Spec..PDB field defined) @@ -58,12 +61,13 @@ func (r *RepoManagerReconciler) pdbController(ctx context.Context, pulp *repoman // any config passed through pulp CR with the following pdb.Selector = &metav1.LabelSelector{ MatchLabels: map[string]string{ - "app.kubernetes.io/component": component, + "app.kubernetes.io/component": strings.ToLower(string(component)), + "pulp_cr": pulp.Name, }, } expectedPDB := &policy.PodDisruptionBudget{ ObjectMeta: metav1.ObjectMeta{ - Name: component + "-pdb", + Name: pdbName, Namespace: pulp.Namespace, }, Spec: *pdb, @@ -72,22 +76,22 @@ func (r *RepoManagerReconciler) pdbController(ctx context.Context, pulp *repoman // Create PDB if not found if err != nil && k8s_error.IsNotFound(err) { - log.Info("Creating a new " + component + " PDB ...") + log.Info("Creating a new " + pdbName + " PDB ...") err = r.Create(ctx, expectedPDB) if err != nil { - log.Error(err, "Failed to create new "+component+" PDB") + log.Error(err, "Failed to create new "+pdbName+" PDB") return ctrl.Result{}, err } // PDB created successfully - return and requeue return ctrl.Result{Requeue: true}, nil } else if err != nil { - log.Error(err, "Failed to get "+component+" PDB") + log.Error(err, "Failed to get "+pdbName+" PDB") return ctrl.Result{}, err } // Reconcile PDB if !equality.Semantic.DeepDerivative(expectedPDB.Spec, pdbFound.Spec) { - log.Info("The " + component + "PDB has been modified! Reconciling ...") + log.Info("The " + pdbName + " PDB has been modified! Reconciling ...") // I'm not sure why the error: // "metadata.resourceVersion: Invalid value: 0x0: must be specified for an update" @@ -96,7 +100,7 @@ func (r *RepoManagerReconciler) pdbController(ctx context.Context, pulp *repoman expectedPDB.SetResourceVersion(pdbFound.GetResourceVersion()) err = r.Update(ctx, expectedPDB) if err != nil { - log.Error(err, "Error trying to update the "+component+" PDB object ... ") + log.Error(err, "Error trying to update the "+pdbName+" PDB object ... ") return ctrl.Result{}, err } return ctrl.Result{Requeue: true, RequeueAfter: time.Second}, nil @@ -109,7 +113,7 @@ func (r *RepoManagerReconciler) pdbController(ctx context.Context, pulp *repoman if err != nil && k8s_error.IsNotFound(err) { continue } else if err != nil { - log.Error(err, "Failed to get "+component+" PDB") + log.Error(err, "Failed to get "+pdbName+" PDB") return ctrl.Result{}, err } diff --git a/controllers/repo_manager/rbac.go b/controllers/repo_manager/rbac.go index 8e7967702..a5fa16551 100644 --- a/controllers/repo_manager/rbac.go +++ b/controllers/repo_manager/rbac.go @@ -23,6 +23,7 @@ import ( repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" corev1 "k8s.io/api/core/v1" @@ -36,39 +37,41 @@ import ( func (r *RepoManagerReconciler) CreateServiceAccount(ctx context.Context, pulp *repomanagerpulpprojectorgv1beta2.Pulp) (ctrl.Result, error) { log := r.RawLogger conditionType := getApiConditionType(pulp) + + serviceAccountName := settings.PulpServiceAccount(pulp.Name) sa := &corev1.ServiceAccount{} - err := r.Get(ctx, types.NamespacedName{Name: pulp.Name, Namespace: pulp.Namespace}, sa) + err := r.Get(ctx, types.NamespacedName{Name: serviceAccountName, Namespace: pulp.Namespace}, sa) expectedSA := r.pulpSA(pulp) if err != nil && errors.IsNotFound(err) { - log.Info("Creating a new "+pulp.Spec.DeploymentType+" ServiceAccount", "Namespace", expectedSA.Namespace, "Name", expectedSA.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingSA", "Creating "+pulp.Name+" SA resource") + log.Info("Creating "+serviceAccountName+" ServiceAccount", "Namespace", expectedSA.Namespace, "Name", serviceAccountName) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingSA", "Creating "+serviceAccountName+" SA resource") err = r.Create(ctx, expectedSA) if err != nil { - log.Error(err, "Failed to create new "+pulp.Spec.DeploymentType+" ServiceAccount", "Namespace", expectedSA.Namespace, "Name", expectedSA.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingSA", "Failed to create "+pulp.Name+" SA: "+err.Error()) - r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to create new "+pulp.Spec.DeploymentType+" SA") + log.Error(err, "Failed to create "+serviceAccountName+" ServiceAccount", "Namespace", expectedSA.Namespace, "Name", serviceAccountName) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingSA", "Failed to create "+serviceAccountName+" SA: "+err.Error()) + r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to create "+serviceAccountName+" SA") return ctrl.Result{}, err } // SA created successfully - return and requeue - r.recorder.Event(pulp, corev1.EventTypeNormal, "Created", pulp.Spec.DeploymentType+" SA created") + r.recorder.Event(pulp, corev1.EventTypeNormal, "Created", serviceAccountName+" SA created") return ctrl.Result{Requeue: true}, nil } else if err != nil { - log.Error(err, "Failed to get "+pulp.Spec.DeploymentType+" SA") + log.Error(err, "Failed to get "+serviceAccountName+" SA") return ctrl.Result{}, err } // add the internalRegistrySecret to the list of imagePullSecrets - internalRegistrySecret := r.getInternalRegistrySecret(ctx, pulp.Name, pulp.Namespace) + internalRegistrySecret := r.getInternalRegistrySecret(ctx, serviceAccountName, pulp.Namespace) if internalRegistrySecret != "" { expectedSA.ImagePullSecrets = append([]corev1.LocalObjectReference{{Name: internalRegistrySecret}}, expectedSA.ImagePullSecrets...) } // Check and reconcile pulp-sa if saModified(sa, expectedSA) { - log.Info("The " + sa.Name + " SA has been modified! Reconciling ...") + log.Info("The " + serviceAccountName + " SA has been modified! Reconciling ...") err = r.Update(ctx, expectedSA) if err != nil { - log.Error(err, "Error trying to update "+sa.Name+" SA!") + log.Error(err, "Error trying to update "+serviceAccountName+" SA!") return ctrl.Result{}, err } return ctrl.Result{Requeue: true}, nil @@ -146,7 +149,7 @@ func (r *RepoManagerReconciler) pulpSA(m *repomanagerpulpprojectorgv1beta2.Pulp) sa := &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name, + Name: settings.PulpServiceAccount(m.Name), Namespace: m.Namespace, Labels: labels, Annotations: annotations, @@ -218,7 +221,7 @@ func (r *RepoManagerReconciler) pulpRoleBinding(m *repomanagerpulpprojectorgv1be Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", - Name: m.Name, + Name: settings.PulpServiceAccount(m.Name), }, }, RoleRef: rbacv1.RoleRef{ diff --git a/controllers/repo_manager/redis.go b/controllers/repo_manager/redis.go index c56e46dff..d6fc9506e 100644 --- a/controllers/repo_manager/redis.go +++ b/controllers/repo_manager/redis.go @@ -8,6 +8,7 @@ import ( "github.com/go-logr/logr" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" appsv1 "k8s.io/api/apps/v1" @@ -30,8 +31,9 @@ func (r *RepoManagerReconciler) pulpCacheController(ctx context.Context, pulp *r // pulp-redis-data PVC // the PVC will be created only if a StorageClassName is provided if _, storageType := controllers.MultiStorageConfigured(pulp, "Cache"); storageType[0] == controllers.SCNameType { + pvcName := settings.DefaultCachePVC(pulp.Name) pvcFound := &corev1.PersistentVolumeClaim{} - err := r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-redis-data", Namespace: pulp.Namespace}, pvcFound) + err := r.Get(ctx, types.NamespacedName{Name: pvcName, Namespace: pulp.Namespace}, pvcFound) pvc := redisDataPVC(pulp) if err != nil && errors.IsNotFound(err) { ctrl.SetControllerReference(pulp, pvc, r.Scheme) @@ -67,8 +69,9 @@ func (r *RepoManagerReconciler) pulpCacheController(ctx context.Context, pulp *r } // redis-svc Service + svcName := settings.CacheService(pulp.Name) svcFound := &corev1.Service{} - err := r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-redis-svc", Namespace: pulp.Namespace}, svcFound) + err := r.Get(ctx, types.NamespacedName{Name: svcName, Namespace: pulp.Namespace}, svcFound) svc := redisSvc(pulp) if err != nil && errors.IsNotFound(err) { ctrl.SetControllerReference(pulp, svc, r.Scheme) @@ -103,8 +106,9 @@ func (r *RepoManagerReconciler) pulpCacheController(ctx context.Context, pulp *r } // redis Deployment + deploymentName := settings.CACHE.DeploymentName(pulp.Name) deploymentFound := &appsv1.Deployment{} - err = r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-redis", Namespace: pulp.Namespace}, deploymentFound) + err = r.Get(ctx, types.NamespacedName{Name: deploymentName, Namespace: pulp.Namespace}, deploymentFound) dep := redisDeployment(pulp, funcResources) if err != nil && errors.IsNotFound(err) { log.Info("Creating a new Pulp Redis Deployment", "Deployment.Namespace", dep.Namespace, "Deployment.Name", dep.Name) @@ -145,7 +149,7 @@ func redisDataPVC(m *repomanagerpulpprojectorgv1beta2.Pulp) *corev1.PersistentVo // Define the new PVC pvc := &corev1.PersistentVolumeClaim{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name + "-redis-data", + Name: settings.DefaultCachePVC(m.Name), Namespace: m.Namespace, Labels: map[string]string{ "app.kubernetes.io/name": "redis", @@ -181,7 +185,7 @@ func redisSvc(m *repomanagerpulpprojectorgv1beta2.Pulp) *corev1.Service { return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name + "-redis-svc", + Name: settings.CacheService(m.Name), Namespace: m.Namespace, Labels: map[string]string{ "app.kubernetes.io/name": "redis", @@ -243,7 +247,7 @@ func redisDeployment(m *repomanagerpulpprojectorgv1beta2.Pulp, funcResources con if storageType[0] == controllers.SCNameType { volumeSource = corev1.VolumeSource{ PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: m.Name + "-redis-data", + ClaimName: settings.DefaultCachePVC(m.Name), }, } @@ -333,7 +337,7 @@ func redisDeployment(m *repomanagerpulpprojectorgv1beta2.Pulp, funcResources con // deployment definition dep := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name + "-redis", + Name: settings.CACHE.DeploymentName(m.Name), Namespace: m.Namespace, Annotations: map[string]string{ "email": "pulp-dev@redhat.com", @@ -375,7 +379,7 @@ func redisDeployment(m *repomanagerpulpprojectorgv1beta2.Pulp, funcResources con Affinity: affinity, NodeSelector: nodeSelector, Tolerations: toleration, - ServiceAccountName: m.Name, + ServiceAccountName: settings.PulpServiceAccount(m.Name), Containers: []corev1.Container{{ Name: "redis", Image: redisImage, @@ -416,18 +420,20 @@ func removeStorageDefinition(resources *corev1.ResourceRequirements) { // or in case of a new definition with an external Redis instance func (r *RepoManagerReconciler) deprovisionCache(ctx context.Context, pulp *repomanagerpulpprojectorgv1beta2.Pulp, log logr.Logger) (ctrl.Result, error) { // redis-svc Service + svcName := settings.CacheService(pulp.Name) svcFound := &corev1.Service{} - err := r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-redis-svc", Namespace: pulp.Namespace}, svcFound) + err := r.Get(ctx, types.NamespacedName{Name: svcName, Namespace: pulp.Namespace}, svcFound) if !errors.IsNotFound(err) { - log.Info("Removing Redis service", "Service.Namespace", pulp.Namespace, "Service.Name", pulp.Name+"-redis-svc") + log.Info("Removing Redis service", "Service.Namespace", pulp.Namespace, "Service.Name", svcName) r.Delete(ctx, svcFound) } // redis Deployment + deploymentName := settings.CACHE.DeploymentName(pulp.Name) deploymentFound := &appsv1.Deployment{} - err = r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-redis", Namespace: pulp.Namespace}, deploymentFound) + err = r.Get(ctx, types.NamespacedName{Name: deploymentName, Namespace: pulp.Namespace}, deploymentFound) if !errors.IsNotFound(err) { - log.Info("Removing Redis deployment", "Deployment.Namespace", pulp.Namespace, "Deployment.Name", pulp.Name+"-redis") + log.Info("Removing Redis deployment", "Deployment.Namespace", pulp.Namespace, "Deployment.Name", deploymentName) r.Delete(ctx, deploymentFound) } diff --git a/controllers/repo_manager/secret.go b/controllers/repo_manager/secret.go index 9a6d822aa..9038287ef 100644 --- a/controllers/repo_manager/secret.go +++ b/controllers/repo_manager/secret.go @@ -24,6 +24,7 @@ import ( repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" corev1 "k8s.io/api/core/v1" @@ -78,7 +79,7 @@ func pulpServerSecret(resources controllers.FunctionResources) client.Object { sec := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: pulp.Name + "-server", + Name: settings.PulpServerSecret(pulp.Name), Namespace: pulp.Namespace, }, StringData: map[string]string{ @@ -96,7 +97,7 @@ func pulpDBFieldsEncryptionSecret(resources controllers.FunctionResources) clien pulp := resources.Pulp sec := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: pulp.Name + "-db-fields-encryption", + Name: pulp.Spec.DBFieldsEncryptionSecret, Namespace: pulp.Namespace, }, StringData: map[string]string{ diff --git a/controllers/repo_manager/status.go b/controllers/repo_manager/status.go index d67c6e73a..edfdaf862 100644 --- a/controllers/repo_manager/status.go +++ b/controllers/repo_manager/status.go @@ -24,6 +24,7 @@ import ( "github.com/go-logr/logr" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" appsv1 "k8s.io/api/apps/v1" @@ -60,23 +61,23 @@ func (r *RepoManagerReconciler) pulpStatus(ctx context.Context, pulp *repomanage time.Sleep(time.Millisecond * 200) pulpResources := []pulpResource{ { - Type: "content", - Name: pulp.Name + "-content", + Type: string(settings.CONTENT), + Name: settings.CONTENT.DeploymentName(pulp.Name), ConditionType: cases.Title(language.English, cases.Compact).String(pulp.Spec.DeploymentType) + "-Content-Ready", }, { - Type: "api", - Name: pulp.Name + "-api", + Type: string(settings.API), + Name: settings.API.DeploymentName(pulp.Name), ConditionType: cases.Title(language.English, cases.Compact).String(pulp.Spec.DeploymentType) + "-API-Ready", }, { - Type: "worker", - Name: pulp.Name + "-worker", + Type: string(settings.WORKER), + Name: settings.WORKER.DeploymentName(pulp.Name), ConditionType: cases.Title(language.English, cases.Compact).String(pulp.Spec.DeploymentType) + "-Worker-Ready", }, { - Type: "web", - Name: pulp.Name + "-web", + Type: string(settings.WEB), + Name: settings.WEB.DeploymentName(pulp.Name), ConditionType: cases.Title(language.English, cases.Compact).String(pulp.Spec.DeploymentType) + "-Web-Ready", }, } @@ -89,7 +90,7 @@ func (r *RepoManagerReconciler) pulpStatus(ctx context.Context, pulp *repomanage wg.Add(1) // if route or ingress we should do nothing - if resource.Type == "web" { + if resource.Type == string(settings.WEB) { if isRoute(pulp) || r.isNginxIngress(pulp) { wg.Done() continue @@ -110,14 +111,14 @@ func (r *RepoManagerReconciler) pulpStatus(ctx context.Context, pulp *repomanage typeCapitalized := cases.Title(language.English, cases.Compact).String(resource.Type) if err := r.Get(ctx, types.NamespacedName{Name: resource.Name, Namespace: pulp.Namespace}, deployment); err == nil { if !isDeploymentReady(deployment) { - log.Info(pulp.Spec.DeploymentType + " " + resource.Type + " not ready yet ...") + log.Info(resource.Name + " pods not ready yet ...") controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, resource.ConditionType, "Updating"+typeCapitalized+"Deployment", typeCapitalized+" deployment not ready yet") } else if v1.IsStatusConditionFalse(pulp.Status.Conditions, resource.ConditionType) { controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionTrue, resource.ConditionType, typeCapitalized+"TasksFinished", "All "+typeCapitalized+" tasks ran successfully") r.recorder.Event(pulp, corev1.EventTypeNormal, typeCapitalized+"Ready", "All "+typeCapitalized+" tasks ran successfully") } } else { - log.Error(err, "Failed to get Pulp "+typeCapitalized+" Deployment") + log.Error(err, "Failed to get Pulp "+resource.Name+" Deployment") } }(resource) } @@ -146,7 +147,7 @@ func (r *RepoManagerReconciler) pulpStatus(ctx context.Context, pulp *repomanage log.V(1).Info("Failed to update pulp status", "error", err) return ctrl.Result{Requeue: true}, nil } - log.Info(pulp.Spec.DeploymentType + " operator finished execution ...") + log.Info(pulp.Name + " finished execution ...") } /* diff --git a/controllers/repo_manager/utils.go b/controllers/repo_manager/utils.go index aa41c790f..d36813973 100644 --- a/controllers/repo_manager/utils.go +++ b/controllers/repo_manager/utils.go @@ -21,6 +21,7 @@ import ( repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" pulp_ocp "github.com/pulp/pulp-operator/controllers/ocp" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" appsv1 "k8s.io/api/apps/v1" @@ -285,12 +286,12 @@ func (r *RepoManagerReconciler) updateIngressClass(ctx context.Context, pulp *re // remove pulp-web components webDeployment := &appsv1.Deployment{} - if err := r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-web", Namespace: pulp.Namespace}, webDeployment); err == nil { + if err := r.Get(ctx, types.NamespacedName{Name: settings.WEB.DeploymentName(pulp.Name), Namespace: pulp.Namespace}, webDeployment); err == nil { r.Delete(ctx, webDeployment) } webSvc := &corev1.Service{} - if err := r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-web-svc", Namespace: pulp.Namespace}, webSvc); err == nil { + if err := r.Get(ctx, types.NamespacedName{Name: settings.PulpWebService(pulp.Name), Namespace: pulp.Namespace}, webSvc); err == nil { r.Delete(ctx, webSvc) } webConditionType := cases.Title(language.English, cases.Compact).String(pulp.Spec.DeploymentType) + "-Web-Ready" @@ -445,7 +446,7 @@ func getRootURL(resource controllers.FunctionResources) string { return "https://" + pulp_ocp.GetRouteHost(resource.Pulp) } - return "http://" + resource.Pulp.Name + "-web-svc." + resource.Pulp.Namespace + ".svc.cluster.local:24880" + return "http://" + settings.PulpWebService(resource.Pulp.Name) + "." + resource.Pulp.Namespace + ".svc.cluster.local:24880" } // ignoreUpdateCRStatusPredicate filters update events on pulpbackup CR status @@ -486,24 +487,6 @@ func (r *RepoManagerReconciler) findPulpDependentSecrets(secret client.Object) [ return []reconcile.Request{} } -// [DEPRECATED] this is not working because the r.Patch modification will be -// reconciled by the controller. The reconciliation is triggered because in -// the expected deployment there isn't a "repo-manager.pulpproject.org/restartedAt" annotation. -// restartPods modifies a deployment template field (`.annotations`) which will -// start a new rollout of pods -func (r *RepoManagerReconciler) restartPods(pulp *repomanagerpulpprojectorgv1beta2.Pulp, obj client.Object) { - switch obj := obj.(type) { - case *appsv1.Deployment: - - patch := client.MergeFrom(obj.DeepCopy()) - if obj.Spec.Template.ObjectMeta.Annotations == nil { - obj.Spec.Template.ObjectMeta.Annotations = make(map[string]string) - } - obj.Spec.Template.ObjectMeta.Annotations["repo-manager.pulpproject.org/restartedAt"] = time.Now().Format(time.RFC3339) - r.Patch(context.TODO(), obj, patch) - } -} - // restartPulpCorePods will redeploy all pulpcore (API,content,worker) pods. func (r *RepoManagerReconciler) restartPulpCorePods(pulp *repomanagerpulpprojectorgv1beta2.Pulp) { log := r.RawLogger diff --git a/controllers/repo_manager/web.go b/controllers/repo_manager/web.go index 3bf38fdbc..7f70f93c9 100644 --- a/controllers/repo_manager/web.go +++ b/controllers/repo_manager/web.go @@ -25,6 +25,7 @@ import ( "github.com/go-logr/logr" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" appsv1 "k8s.io/api/apps/v1" @@ -43,8 +44,9 @@ func (r *RepoManagerReconciler) pulpWebController(ctx context.Context, pulp *rep conditionType := cases.Title(language.English, cases.Compact).String(pulp.Spec.DeploymentType) + "-Web-Ready" // pulp-web Configmap + configMapName := settings.PulpWebConfigMapName(pulp.Name) webConfigMap := &corev1.ConfigMap{} - err := r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-configmap", Namespace: pulp.Namespace}, webConfigMap) + err := r.Get(ctx, types.NamespacedName{Name: configMapName, Namespace: pulp.Namespace}, webConfigMap) newWebConfigMap := r.pulpWebConfigMap(pulp) if err != nil && errors.IsNotFound(err) { log.Info("Creating a new Pulp Web ConfigMap", "ConfigMap.Namespace", newWebConfigMap.Namespace, "ConfigMap.Name", newWebConfigMap.Name) @@ -65,16 +67,17 @@ func (r *RepoManagerReconciler) pulpWebController(ctx context.Context, pulp *rep } // pulp-web Deployment + deploymentName := settings.WEB.DeploymentName(pulp.Name) webDeployment := &appsv1.Deployment{} - err = r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-web", Namespace: pulp.Namespace}, webDeployment) + err = r.Get(ctx, types.NamespacedName{Name: deploymentName, Namespace: pulp.Namespace}, webDeployment) newWebDeployment := r.deploymentForPulpWeb(pulp, funcResources) if err != nil && errors.IsNotFound(err) { log.Info("Creating a new Pulp Web Deployment", "Deployment.Namespace", newWebDeployment.Namespace, "Deployment.Name", newWebDeployment.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingWebDeployment", "Creating "+pulp.Name+"-web deployment resource") + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingWebDeployment", "Creating "+deploymentName+" Deployment resource") err = r.Create(ctx, newWebDeployment) if err != nil { log.Error(err, "Failed to create new Pulp Web Deployment", "Deployment.Namespace", newWebDeployment.Namespace, "Deployment.Name", newWebDeployment.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingWebDeployment", "Failed to create "+pulp.Name+"-web deployment resource: "+err.Error()) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingWebDeployment", "Failed to create "+deploymentName+" Deployment resource: "+err.Error()) r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to create new Web Deployment") return ctrl.Result{}, err } @@ -89,12 +92,12 @@ func (r *RepoManagerReconciler) pulpWebController(ctx context.Context, pulp *rep // Reconcile Deployment if controllers.CheckDeploymentSpec(*newWebDeployment, *webDeployment, funcResources) { log.Info("The Web Deployment has been modified! Reconciling ...") - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingWebDeployment", "Reconciling "+pulp.Name+"-web deployment resource") + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "UpdatingWebDeployment", "Reconciling "+deploymentName+" Deployment resource") r.recorder.Event(pulp, corev1.EventTypeNormal, "Updating", "Reconciling Web Deployment") err = r.Update(ctx, newWebDeployment) if err != nil { log.Error(err, "Error trying to update the Web Deployment object ... ") - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingWebDeployment", "Failed to reconcile "+pulp.Name+"-web deployment resource: "+err.Error()) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorUpdatingWebDeployment", "Failed to reconcile "+deploymentName+" Deployment resource: "+err.Error()) r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to reconcile Web Deployment") return ctrl.Result{}, err } @@ -103,17 +106,18 @@ func (r *RepoManagerReconciler) pulpWebController(ctx context.Context, pulp *rep } // SERVICE + serviceName := settings.PulpWebService(pulp.Name) webSvc := &corev1.Service{} - err = r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-web-svc", Namespace: pulp.Namespace}, webSvc) + err = r.Get(ctx, types.NamespacedName{Name: serviceName, Namespace: pulp.Namespace}, webSvc) newWebSvc := serviceForPulpWeb(pulp) if err != nil && errors.IsNotFound(err) { ctrl.SetControllerReference(pulp, newWebSvc, r.Scheme) log.Info("Creating a new Web Service", "Service.Namespace", newWebSvc.Namespace, "Service.Name", newWebSvc.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingWebService", "Creating "+pulp.Name+"-web-svc service resource") + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "CreatingWebService", "Creating "+serviceName+" Service resource") err = r.Create(ctx, newWebSvc) if err != nil { log.Error(err, "Failed to create new Web Service", "Service.Namespace", newWebSvc.Namespace, "Service.Name", newWebSvc.Name) - controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingWebDService", "Failed to create "+pulp.Name+"-web-svc service resource: "+err.Error()) + controllers.UpdateStatus(ctx, r.Client, pulp, metav1.ConditionFalse, conditionType, "ErrorCreatingWebDService", "Failed to create "+serviceName+" Service resource: "+err.Error()) r.recorder.Event(pulp, corev1.EventTypeWarning, "Failed", "Failed to create new Web Service") return ctrl.Result{}, err } @@ -183,12 +187,12 @@ func (r *RepoManagerReconciler) deploymentForPulpWeb(m *repomanagerpulpprojector dep := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name + "-web", + Name: settings.WEB.DeploymentName(m.Name), Namespace: m.Namespace, Labels: map[string]string{ "app.kubernetes.io/name": "nginx", "app.kubernetes.io/instance": "nginx-" + m.Name, - "app.kubernetes.io/component": "webserver", + "app.kubernetes.io/component": "web", "app.kubernetes.io/part-of": m.Spec.DeploymentType, "app.kubernetes.io/managed-by": m.Spec.DeploymentType + "-operator", "owner": "pulp-dev", @@ -206,7 +210,7 @@ func (r *RepoManagerReconciler) deploymentForPulpWeb(m *repomanagerpulpprojector }, Spec: corev1.PodSpec{ NodeSelector: nodeSelector, - ServiceAccountName: m.Name, + ServiceAccountName: settings.PulpServiceAccount(m.Name), Containers: []corev1.Container{{ Image: ImageWeb, Name: "web", @@ -243,7 +247,7 @@ func (r *RepoManagerReconciler) deploymentForPulpWeb(m *repomanagerpulpprojector VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ - Name: m.Name + "-configmap", + Name: settings.PulpWebConfigMapName(m.Name), }, Items: []corev1.KeyToPath{ {Key: "nginx.conf", Path: "nginx.conf"}, @@ -269,7 +273,7 @@ func labelsForPulpWeb(m *repomanagerpulpprojectorgv1beta2.Pulp) map[string]strin return map[string]string{ "app.kubernetes.io/name": "nginx", "app.kubernetes.io/instance": "nginx-" + m.Name, - "app.kubernetes.io/component": "webserver", + "app.kubernetes.io/component": "web", "app.kubernetes.io/part-of": m.Spec.DeploymentType, "app.kubernetes.io/managed-by": m.Spec.DeploymentType + "-operator", "pulp_cr": m.Name, @@ -337,7 +341,7 @@ func serviceForPulpWeb(m *repomanagerpulpprojectorgv1beta2.Pulp) *corev1.Service return &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name + "-web-svc", + Name: settings.PulpWebService(m.Name), Namespace: m.Namespace, Labels: labelsForPulpWeb(m), Annotations: annotations, @@ -441,11 +445,11 @@ func (r *RepoManagerReconciler) pulpWebConfigMap(m *repomanagerpulpprojectorgv1b types_hash_max_size 4096; upstream pulp-content { - server ` + m.Name + `-content-svc:24816; + server ` + settings.ContentService(m.Name) + `:24816; } upstream pulp-api { - server ` + m.Name + `-api-svc:24817; + server ` + settings.ApiService(m.Name) + `:24817; } ` + serverConfig + ` @@ -516,7 +520,7 @@ func (r *RepoManagerReconciler) pulpWebConfigMap(m *repomanagerpulpprojectorgv1b sec := &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ - Name: m.Name + "-configmap", + Name: settings.PulpWebConfigMapName(m.Name), Namespace: m.Namespace, }, Data: data, diff --git a/controllers/repo_manager/worker.go b/controllers/repo_manager/worker.go index d3d952e0f..1d212df50 100644 --- a/controllers/repo_manager/worker.go +++ b/controllers/repo_manager/worker.go @@ -22,6 +22,7 @@ import ( "github.com/go-logr/logr" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" "github.com/pulp/pulp-operator/controllers" + "github.com/pulp/pulp-operator/controllers/settings" "golang.org/x/text/cases" "golang.org/x/text/language" appsv1 "k8s.io/api/apps/v1" @@ -40,15 +41,16 @@ func (r *RepoManagerReconciler) pulpWorkerController(ctx context.Context, pulp * // define the k8s Deployment function based on k8s distribution and deployment type deploymentForPulpWorker := initDeployment(WORKER_DEPLOYMENT).Deploy + deploymentName := settings.WORKER.DeploymentName(pulp.Name) // Create Worker Deployment - if requeue, err := r.createPulpResource(ResourceDefinition{ctx, &appsv1.Deployment{}, pulp.Name + "-worker", "Worker", conditionType, pulp}, deploymentForPulpWorker); err != nil || requeue { + if requeue, err := r.createPulpResource(ResourceDefinition{ctx, &appsv1.Deployment{}, deploymentName, "Worker", conditionType, pulp}, deploymentForPulpWorker); err != nil || requeue { return ctrl.Result{Requeue: requeue}, err } // Reconcile Deployment found := &appsv1.Deployment{} - r.Get(ctx, types.NamespacedName{Name: pulp.Name + "-worker", Namespace: pulp.Namespace}, found) + r.Get(ctx, types.NamespacedName{Name: deploymentName, Namespace: pulp.Namespace}, found) expected := deploymentForPulpWorker(funcResources) if requeue, err := controllers.ReconcileObject(funcResources, expected, found, conditionType, controllers.PulpDeployment{}); err != nil || requeue { return ctrl.Result{Requeue: requeue}, err diff --git a/controllers/settings/configmap.go b/controllers/settings/configmap.go new file mode 100644 index 000000000..05e68e6fe --- /dev/null +++ b/controllers/settings/configmap.go @@ -0,0 +1,21 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +const ( + caConfigMapName = "user-ca-bundle" +) + +func EmptyCAConfigMapName(pulpName string) string { + return pulpName + "-" + caConfigMapName +} + +func PulpWebConfigMapName(pulpName string) string { + return pulpName + "-configmap" +} diff --git a/controllers/settings/deployments.go b/controllers/settings/deployments.go new file mode 100644 index 000000000..d429388dc --- /dev/null +++ b/controllers/settings/deployments.go @@ -0,0 +1,25 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +import "strings" + +type PulpcoreType string + +const ( + API PulpcoreType = "Api" + CONTENT PulpcoreType = "Content" + WORKER PulpcoreType = "Worker" + WEB PulpcoreType = "Web" + CACHE PulpcoreType = "Redis" +) + +func (t PulpcoreType) DeploymentName(pulpName string) string { + return pulpName + "-" + strings.ToLower(string(t)) +} diff --git a/controllers/settings/jobs.go b/controllers/settings/jobs.go new file mode 100644 index 000000000..9f003b355 --- /dev/null +++ b/controllers/settings/jobs.go @@ -0,0 +1,25 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +const ( + migrationJob = "pulpcore-migration-" + resetAdminPwdJob = "reset-admin-password-" + updateChecksumsJob = "update-content-checksums-" +) + +func MigrationJob(pulpName string) string { + return pulpName + "-" + migrationJob +} +func ResetAdminPwdJob(pulpName string) string { + return pulpName + "-" + resetAdminPwdJob +} +func UpdateChecksumsJob(pulpName string) string { + return pulpName + "-" + updateChecksumsJob +} diff --git a/controllers/settings/pdbs.go b/controllers/settings/pdbs.go new file mode 100644 index 000000000..820685116 --- /dev/null +++ b/controllers/settings/pdbs.go @@ -0,0 +1,15 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +import "strings" + +func (t PulpcoreType) PDBName(pulpName string) string { + return pulpName + "-" + strings.ToLower(string(t)) +} diff --git a/controllers/settings/pvc.go b/controllers/settings/pvc.go new file mode 100644 index 000000000..4c65afbe2 --- /dev/null +++ b/controllers/settings/pvc.go @@ -0,0 +1,25 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +const ( + pulpFileStorage = "file-storage" + DBVolumeName = "postgres" + cacheVolumeName = "redis-data" +) + +func DefaultPulpFileStorage(pulpName string) string { + return pulpName + "-" + pulpFileStorage +} +func DefaultDBPVC(pulpName string) string { + return pulpName + "-postgres" +} +func DefaultCachePVC(pulpName string) string { + return pulpName + "-" + cacheVolumeName +} diff --git a/controllers/settings/secrets.go b/controllers/settings/secrets.go new file mode 100644 index 000000000..8d1a67a77 --- /dev/null +++ b/controllers/settings/secrets.go @@ -0,0 +1,41 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +const ( + adminPassword = "admin-password" + djangoSecretKey = "secret-key" + containerTokenSecret = "container-auth" + pulpServerSecret = "server" + dBFieldsEncryptionSecret = "db-fields-encryption" + rhOperatorPullSecretName = "redhat-operators-pull-secret" + postgresConfiguration = "postgres-configuration" +) + +func DefaultAdminPassword(pulpName string) string { + return pulpName + "-" + adminPassword +} +func DefaultDjangoSecretKey(pulpName string) string { + return pulpName + "-" + djangoSecretKey +} +func DefaultContainerTokenSecret(pulpName string) string { + return pulpName + "-" + containerTokenSecret +} +func PulpServerSecret(pulpName string) string { + return pulpName + "-" + pulpServerSecret +} +func DefaultDBFieldsEncryptionSecret(pulpName string) string { + return pulpName + "-" + dBFieldsEncryptionSecret +} +func RedHatOperatorPullSecret(pulpName string) string { + return pulpName + "-" + rhOperatorPullSecretName +} +func DefaultDBSecret(pulpName string) string { + return pulpName + "-" + postgresConfiguration +} diff --git a/controllers/settings/service_account.go b/controllers/settings/service_account.go new file mode 100644 index 000000000..ce513bffe --- /dev/null +++ b/controllers/settings/service_account.go @@ -0,0 +1,13 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +func PulpServiceAccount(pulpName string) string { + return pulpName +} diff --git a/controllers/settings/services.go b/controllers/settings/services.go new file mode 100644 index 000000000..fcae22851 --- /dev/null +++ b/controllers/settings/services.go @@ -0,0 +1,28 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +func ApiService(pulpName string) string { + return pulpName + "-api-svc" +} +func ContentService(pulpName string) string { + return pulpName + "-content-svc" +} +func WorkerService(pulpName string) string { + return pulpName + "-worker-svc" +} +func PulpWebService(pulpName string) string { + return pulpName + "-web-svc" +} +func DBService(pulpName string) string { + return pulpName + "-database-svc" +} +func CacheService(pulpName string) string { + return pulpName + "-redis-svc" +} diff --git a/controllers/settings/statefulsets.go b/controllers/settings/statefulsets.go new file mode 100644 index 000000000..201ae0083 --- /dev/null +++ b/controllers/settings/statefulsets.go @@ -0,0 +1,13 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +func DefaultDBStatefulSet(pulpName string) string { + return pulpName + "-database" +} diff --git a/controllers/settings/telemetry.go b/controllers/settings/telemetry.go new file mode 100644 index 000000000..96bf08346 --- /dev/null +++ b/controllers/settings/telemetry.go @@ -0,0 +1,23 @@ +// This file contains resource names and constants that are used to provision +// the Kubernetes objects. We are centralizing them here to make it easier to +// maintain and, in case we decide to support multiple CRs running in the same +// namespace, to avoid name colision or code repetition. +// Since go const does not allow to pass variables and there is no immutable vars +// we are encapsulating the constants in each function to return a value based +// on Pulp CR name. + +package settings + +const ( + otelConfigName = "otel-collector-config" + otelServiceName = "otel-collector-svc" + OtelConfigFile = "otel-collector-config.yaml" + OtelContainerPort = 8889 +) + +func OtelConfigMapName(pulpName string) string { + return pulpName + "-" + otelConfigName +} +func OtelServiceName(pulpName string) string { + return pulpName + "-" + otelServiceName +} diff --git a/controllers/telemetry.go b/controllers/telemetry.go index 96f466e4d..3b4cf4278 100644 --- a/controllers/telemetry.go +++ b/controllers/telemetry.go @@ -5,6 +5,7 @@ import ( "reflect" "strconv" + "github.com/pulp/pulp-operator/controllers/settings" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -14,15 +15,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -const OtelConfigName = "otel-collector-config" -const OtelConfigFile = "otel-collector-config.yaml" -const OtelServiceName = "otel-collector-svc" -const otelContainerPort = 8889 - // telemetryConfig adds the otel container sidecar to containers' slice, an otelConfigMap as a new volume, and a pod annotation -func telemetryConfig(resources any, envVars []corev1.EnvVar, containers []corev1.Container, volumes []corev1.Volume, pulpcoreType string) ([]corev1.Container, []corev1.Volume) { +func telemetryConfig(resources any, envVars []corev1.EnvVar, containers []corev1.Container, volumes []corev1.Volume, pulpcoreType settings.PulpcoreType) ([]corev1.Container, []corev1.Volume) { pulp := resources.(FunctionResources).Pulp - if !pulp.Spec.Telemetry.Enabled || pulpcoreType != api { + if !pulp.Spec.Telemetry.Enabled || pulpcoreType != settings.API { return containers, volumes } @@ -51,13 +47,14 @@ exec /usr/local/bin/opentelemetry-instrument --service_name pulp-api "${PULP_AP --access-logfile -`, } + volumeName := "otel-collector-config" // create a volume using the otelconfigmap as source telemetryVolume := corev1.Volume{ - Name: OtelConfigName, + Name: volumeName, VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ - Name: OtelConfigName, + Name: settings.OtelConfigMapName(pulp.Name), }, }, }, @@ -66,9 +63,9 @@ exec /usr/local/bin/opentelemetry-instrument --service_name pulp-api "${PULP_AP // set the otel configmap mountpoint telemetryVolMount := []corev1.VolumeMount{ { - Name: OtelConfigName, - MountPath: "/etc/otelcol-contrib/" + OtelConfigFile, - SubPath: OtelConfigFile, + Name: volumeName, + MountPath: "/etc/otelcol-contrib/" + settings.OtelConfigFile, + SubPath: settings.OtelConfigFile, ReadOnly: true, }, } @@ -82,11 +79,11 @@ exec /usr/local/bin/opentelemetry-instrument --service_name pulp-api "${PULP_AP Image: telemetryImage, ImagePullPolicy: corev1.PullPolicy(pulp.Spec.ImagePullPolicy), Ports: []corev1.ContainerPort{{ - ContainerPort: otelContainerPort, + ContainerPort: settings.OtelContainerPort, Protocol: "TCP", }}, Args: []string{ - "--config", "file:/etc/otelcol-contrib/" + OtelConfigFile, + "--config", "file:/etc/otelcol-contrib/" + settings.OtelConfigFile, }, VolumeMounts: telemetryVolMount, Resources: requirements, @@ -142,7 +139,7 @@ func setResourceRequirements(resources any) corev1.ResourceRequirements { func OtelConfigMap(resources FunctionResources) client.Object { otelConfig := map[string]string{ - OtelConfigFile: ` + settings.OtelConfigFile: ` receivers: otlp: protocols: @@ -169,7 +166,7 @@ service: cm := &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ - Name: OtelConfigName, + Name: settings.OtelConfigMapName(resources.Name), Namespace: resources.Namespace, }, Data: otelConfig, @@ -184,14 +181,14 @@ func ServiceOtel(resources FunctionResources) client.Object { ipFamilyPolicyType := corev1.IPFamilyPolicyType("SingleStack") serviceAffinity := corev1.ServiceAffinity("None") servicePortProto := corev1.Protocol("TCP") - targetPort := intstr.IntOrString{IntVal: otelContainerPort} + targetPort := intstr.IntOrString{IntVal: settings.OtelContainerPort} serviceType := corev1.ServiceType("ClusterIP") deployment_type := resources.Pulp.Spec.DeploymentType name := resources.Name svc := &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ - Name: OtelServiceName, + Name: settings.OtelServiceName(name), Namespace: resources.Namespace, Labels: map[string]string{ "otel": "", @@ -202,8 +199,8 @@ func ServiceOtel(resources FunctionResources) client.Object { IPFamilies: []corev1.IPFamily{"IPv4"}, IPFamilyPolicy: &ipFamilyPolicyType, Ports: []corev1.ServicePort{{ - Name: "otel-" + strconv.Itoa(otelContainerPort), - Port: otelContainerPort, + Name: "otel-" + strconv.Itoa(settings.OtelContainerPort), + Port: settings.OtelContainerPort, Protocol: servicePortProto, TargetPort: targetPort, }}, @@ -234,13 +231,13 @@ func RemoveTelemetryResources(resources FunctionResources) { // remove otel configmap otelConfigMap := &corev1.ConfigMap{} - if err := client.Get(ctx, types.NamespacedName{Name: OtelConfigName, Namespace: pulp.Namespace}, otelConfigMap); err == nil { + if err := client.Get(ctx, types.NamespacedName{Name: settings.OtelConfigMapName(pulp.Name), Namespace: pulp.Namespace}, otelConfigMap); err == nil { client.Delete(ctx, otelConfigMap) } // remove otel service otelService := &corev1.Service{} - if err := client.Get(ctx, types.NamespacedName{Name: OtelServiceName, Namespace: pulp.Namespace}, otelService); err == nil { + if err := client.Get(ctx, types.NamespacedName{Name: settings.OtelServiceName(pulp.Name), Namespace: pulp.Namespace}, otelService); err == nil { client.Delete(ctx, otelService) } diff --git a/controllers/utils.go b/controllers/utils.go index de58c61d7..0e16ca068 100644 --- a/controllers/utils.go +++ b/controllers/utils.go @@ -31,6 +31,7 @@ import ( "github.com/go-logr/logr" routev1 "github.com/openshift/api/route/v1" repomanagerpulpprojectorgv1beta2 "github.com/pulp/pulp-operator/apis/repo-manager.pulpproject.org/v1beta2" + "github.com/pulp/pulp-operator/controllers/settings" "go.uber.org/zap" "go.uber.org/zap/zapcore" "golang.org/x/crypto/openpgp" @@ -90,14 +91,6 @@ type FunctionResources struct { logr.Logger } -// Deployer is an interface for the several deployment types: -// - api deployment in vanilla k8s or ocp -// - content deployment in vanilla k8s or ocp -// - worker deployment in vanilla k8s or ocp -type Deployer interface { - deploy() client.Object -} - // IgnoreUpdateCRStatusPredicate filters update events on pulpbackup CR status func IgnoreUpdateCRStatusPredicate() predicate.Predicate { return predicate.Funcs{ @@ -687,7 +680,7 @@ func ReconcileObject(funcResources FunctionResources, expectedState, currentStat // kubernetes will define a new nodeport automatically // we need to do this check only for pulp-web-svc service because it is // the only nodePort svc (this is an edge case) - if expectedState.GetName() == funcResources.Pulp.Name+"-web-svc" && funcResources.Pulp.Spec.NodePort == 0 { + if expectedState.GetName() == settings.PulpWebService(funcResources.Pulp.Name) && funcResources.Pulp.Spec.NodePort == 0 { return false, nil } @@ -757,14 +750,14 @@ func RemovePulpWebResources(resources FunctionResources) error { // remove pulp-web components webDeployment := &appsv1.Deployment{} - if err := resources.Get(ctx, types.NamespacedName{Name: pulp.Name + "-web", Namespace: pulp.Namespace}, webDeployment); err == nil { + if err := resources.Get(ctx, types.NamespacedName{Name: settings.WEB.DeploymentName(pulp.Name), Namespace: pulp.Namespace}, webDeployment); err == nil { resources.Delete(ctx, webDeployment) } else { return err } webSvc := &corev1.Service{} - if err := resources.Get(ctx, types.NamespacedName{Name: pulp.Name + "-web-svc", Namespace: pulp.Namespace}, webSvc); err == nil { + if err := resources.Get(ctx, types.NamespacedName{Name: settings.PulpWebService(pulp.Name), Namespace: pulp.Namespace}, webSvc); err == nil { resources.Delete(ctx, webSvc) } else { return err diff --git a/main.go b/main.go index d538bb66b..bc3daf76f 100644 --- a/main.go +++ b/main.go @@ -170,7 +170,7 @@ func main() { os.Exit(1) } - setupLog.Info("pulp-operator version: 1.0.2-beta.2") + setupLog.Info("pulp-operator version: 1.0.3-beta.2") setupLog.Info("starting manager") if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { setupLog.Error(err, "problem running manager")