diff --git a/controllers/logjuicer.go b/controllers/logjuicer.go index 1341170..31a6464 100644 --- a/controllers/logjuicer.go +++ b/controllers/logjuicer.go @@ -5,43 +5,74 @@ package controllers import ( "github.com/softwarefactory-project/sf-operator/controllers/libs/base" + "github.com/softwarefactory-project/sf-operator/controllers/libs/utils" appsv1 "k8s.io/api/apps/v1" apiv1 "k8s.io/api/core/v1" ) +func (r *SFController) AddCorporateCA(spec *apiv1.PodSpec) string { + // Inject into the spec the necessary option to setup the corporate-ca-certs, returns the current version + corporateCM, corporateCMExists := r.CorporateCAConfigMapExists() + if corporateCMExists { + for fileName := range corporateCM.Data { + spec.Volumes = append(spec.Volumes, base.MkVolumeCM("certs", CorporateCACerts)) + spec.Containers[0].VolumeMounts = append(spec.Containers[0].VolumeMounts, apiv1.VolumeMount{ + Name: "certs", + MountPath: "/certs", + }) + spec.Containers[0].Env = append(spec.Containers[0].Env, base.MkEnvVar("LOGJUICER_CA_EXTRA", "/certs/"+fileName)) + // TODO: remove the next line after merging https://github.com/logjuicer/logjuicer/pull/144 + spec.Containers[0].Env = append(spec.Containers[0].Env, base.MkEnvVar("LOGJUICER_CA_BUNDLE", "/certs/"+fileName)) + break + } + return string(corporateCM.ResourceVersion) + } else { + return "0" + } +} + func (r *SFController) EnsureLogJuicer() bool { const ( ident = "logjuicer" port = 3000 ) + + srv := base.MkService(ident, r.ns, ident, []int32{port}, ident, r.cr.Spec.ExtraLabels) + r.GetOrCreate(&srv) + + dep := base.MkDeployment(ident, r.ns, "ghcr.io/logjuicer/logjuicer:latest", r.cr.Spec.ExtraLabels) + dep.Spec.Template.Spec.Containers[0].ImagePullPolicy = "Always" + dep.Spec.Template.Spec.Volumes = []apiv1.Volume{ + // TODO: make this persistent + base.MkEmptyDirVolume("logjuicer-data"), + } + dep.Spec.Template.Spec.Containers[0].VolumeMounts = []apiv1.VolumeMount{ + { + Name: "logjuicer-data", + MountPath: "/data", + }, + } + dep.Spec.Template.Spec.Containers[0].Env = []apiv1.EnvVar{ + base.MkEnvVar("LOGJUICER_BASE_URL", "/logjuicer/"), + } + dep.Spec.Template.Spec.Containers[0].Ports = []apiv1.ContainerPort{ + base.MkContainerPort(port, ident), + } + dep.Spec.Template.Spec.Containers[0].ReadinessProbe = base.MkReadinessHTTPProbe("/ready", port) + + dep.Spec.Template.ObjectMeta.Annotations = map[string]string{ + "certs": r.AddCorporateCA(&dep.Spec.Template.Spec), + } + current := appsv1.Deployment{} if r.GetM(ident, ¤t) { - return r.IsDeploymentReady(¤t) - } else { - srv := base.MkService(ident, r.ns, ident, []int32{port}, ident, r.cr.Spec.ExtraLabels) - r.GetOrCreate(&srv) - - dep := base.MkDeployment(ident, r.ns, "ghcr.io/logjuicer/logjuicer:latest", r.cr.Spec.ExtraLabels) - dep.Spec.Template.Spec.Containers[0].ImagePullPolicy = "Always" - dep.Spec.Template.Spec.Volumes = []apiv1.Volume{ - // TODO: make this persistent - base.MkEmptyDirVolume("logjuicer-data"), + if utils.MapEquals(¤t.Spec.Template.ObjectMeta.Annotations, &dep.Spec.Template.ObjectMeta.Annotations) { + return r.IsDeploymentReady(¤t) } - dep.Spec.Template.Spec.Containers[0].VolumeMounts = []apiv1.VolumeMount{ - { - Name: "logjuicer-data", - MountPath: "/data", - }, - } - dep.Spec.Template.Spec.Containers[0].Env = []apiv1.EnvVar{ - base.MkEnvVar("LOGJUICER_BASE_URL", "/logjuicer/"), - } - dep.Spec.Template.Spec.Containers[0].Ports = []apiv1.ContainerPort{ - base.MkContainerPort(port, ident), - } - dep.Spec.Template.Spec.Containers[0].ReadinessProbe = base.MkReadinessHTTPProbe("/ready", port) - + current.Spec = dep.Spec + r.UpdateR(¤t) + } else { r.CreateR(&dep) - return false } + return false } diff --git a/controllers/nodepool.go b/controllers/nodepool.go index 4178a8b..746e215 100644 --- a/controllers/nodepool.go +++ b/controllers/nodepool.go @@ -453,7 +453,7 @@ func (r *SFController) DeployNodepoolBuilder(statsdExporterVolume apiv1.Volume, // Create the corporate CM based Volume when the Corporate CM exists if corporateCMExists { - volumes = append(volumes, base.MkVolumeCM("nodepool-builder-corporate-ca-certs", "corporate-ca-certs")) + volumes = append(volumes, base.MkVolumeCM("nodepool-builder-corporate-ca-certs", CorporateCACerts)) } nodeExporterVolumeMount := []apiv1.VolumeMount{ @@ -679,7 +679,7 @@ func (r *SFController) DeployNodepoolLauncher(statsdExporterVolume apiv1.Volume, corporateCM, corporateCMExists := r.CorporateCAConfigMapExists() if corporateCMExists { - volumes = append(volumes, base.MkVolumeCM("nodepool-launcher-corporate-ca-certs", "corporate-ca-certs")) + volumes = append(volumes, base.MkVolumeCM("nodepool-launcher-corporate-ca-certs", CorporateCACerts)) } volumeMounts := append(initialVolumeMounts, []apiv1.VolumeMount{ diff --git a/controllers/zuul.go b/controllers/zuul.go index 6964906..0c6cf54 100644 --- a/controllers/zuul.go +++ b/controllers/zuul.go @@ -327,7 +327,7 @@ func mkZuulVolumes(service string, r *SFController, corporateCMExists bool) []ap volumes = append(volumes, mkZuulConnectionSecretsVolumes(r)...) if corporateCMExists { - volumes = append(volumes, base.MkVolumeCM(service+"-corporate-ca-certs", "corporate-ca-certs")) + volumes = append(volumes, base.MkVolumeCM(service+"-corporate-ca-certs", CorporateCACerts)) } return volumes diff --git a/doc/reference/CHANGELOG.md b/doc/reference/CHANGELOG.md index 8145186..699035e 100644 --- a/doc/reference/CHANGELOG.md +++ b/doc/reference/CHANGELOG.md @@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file. ### Changed - zookeeper - increase certificate validity duration to 25 years to avoid renewal burden +- logjuicer: install corporate-ca-certs to support external SF. ### Fixed ### Security