From f4cb97cec06e8ae353a91e3d2ff53e2dee85e118 Mon Sep 17 00:00:00 2001 From: "Ben B." Date: Fri, 27 Sep 2024 16:36:04 +0200 Subject: [PATCH] manifestutils: configure CA and ServicePKI by name (#1039) Signed-off-by: Benedikt Bongartz --- internal/manifests/manifestutils/service.go | 30 +++++++++++++++++++ .../manifests/queryfrontend/query_frontend.go | 15 ++-------- 2 files changed, 33 insertions(+), 12 deletions(-) diff --git a/internal/manifests/manifestutils/service.go b/internal/manifests/manifestutils/service.go index 505d77283..3f53d5f7c 100644 --- a/internal/manifests/manifestutils/service.go +++ b/internal/manifests/manifestutils/service.go @@ -8,6 +8,21 @@ import ( "github.com/grafana/tempo-operator/internal/manifests/naming" ) +// ConfigureServiceCAByContainerName modify the PodSpec adding the volumes and volumeMounts to the specified containers. +func ConfigureServiceCAByContainerName(podSpec *corev1.PodSpec, caBundleName string, containers ...string) error { + targetContainers := map[string]struct{}{} + for _, name := range containers { + targetContainers[name] = struct{}{} + } + ids := []int{} + for id, c := range podSpec.Containers { + if _, exists := targetContainers[c.Name]; exists { + ids = append(ids, id) + } + } + return ConfigureServiceCA(podSpec, caBundleName, ids...) +} + // ConfigureServiceCA modify the PodSpec adding the volumes and volumeMounts to the specified containers. func ConfigureServiceCA(podSpec *corev1.PodSpec, caBundleName string, containers ...int) error { secretVolumeSpec := corev1.PodSpec{ @@ -58,6 +73,21 @@ func ConfigureServiceCA(podSpec *corev1.PodSpec, caBundleName string, containers return nil } +// ConfigureServicePKIByContainerName modify the PodSpec adding cert the volumes and volumeMounts to the specified containers. +func ConfigureServicePKIByContainerName(tempoStackName string, component string, podSpec *corev1.PodSpec, containers ...string) error { + targetContainers := map[string]struct{}{} + for _, name := range containers { + targetContainers[name] = struct{}{} + } + ids := []int{} + for id, c := range podSpec.Containers { + if _, exists := targetContainers[c.Name]; exists { + ids = append(ids, id) + } + } + return ConfigureServicePKI(tempoStackName, component, podSpec, ids...) +} + // ConfigureServicePKI modify the PodSpec adding cert the volumes and volumeMounts to the specified containers. func ConfigureServicePKI(tempoStackName string, component string, podSpec *corev1.PodSpec, containers ...int) error { serviceName := naming.TLSSecretName(component, tempoStackName) diff --git a/internal/manifests/queryfrontend/query_frontend.go b/internal/manifests/queryfrontend/query_frontend.go index e5c9a4f91..f457135df 100644 --- a/internal/manifests/queryfrontend/query_frontend.go +++ b/internal/manifests/queryfrontend/query_frontend.go @@ -54,21 +54,12 @@ func BuildQueryFrontend(params manifestutils.Params) ([]client.Object, error) { if gates.HTTPEncryption || gates.GRPCEncryption { caBundleName := naming.SigningCABundleName(tempo.Name) - targetContainers := map[string]struct{}{ - containerNameTempo: {}, - containerNameTempoQuery: {}, - } - targets := []int{} - for i, c := range d.Spec.Template.Spec.Containers { - if _, exists := targetContainers[c.Name]; exists { - targets = append(targets, i) - } - } - if err := manifestutils.ConfigureServiceCA(&d.Spec.Template.Spec, caBundleName, targets...); err != nil { + targets := []string{containerNameTempo, containerNameTempoQuery} + if err := manifestutils.ConfigureServiceCAByContainerName(&d.Spec.Template.Spec, caBundleName, targets...); err != nil { return nil, err } - err := manifestutils.ConfigureServicePKI(tempo.Name, manifestutils.QueryFrontendComponentName, &d.Spec.Template.Spec, targets...) + err := manifestutils.ConfigureServicePKIByContainerName(tempo.Name, manifestutils.QueryFrontendComponentName, &d.Spec.Template.Spec, targets...) if err != nil { return nil, err }