Skip to content

Commit

Permalink
Snipe watch secrets - remove adoption system
Browse files Browse the repository at this point in the history
As we no longer rely on `Owns` facilities we can then remove the adpotion system
to simplify the controller.

Change-Id: Ib4b4f47e8fce32efeb956098f8035c9e6d9fa68a
  • Loading branch information
morucci committed Nov 13, 2023
1 parent d790154 commit a4e4178
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 50 deletions.
56 changes: 23 additions & 33 deletions controllers/nodepool.go
Original file line number Diff line number Diff line change
Expand Up @@ -290,40 +290,30 @@ func (r *SFController) ensureNodepoolPromRule(cloudsYaml map[string]interface{})
return true
}

func (r *SFController) setProviderSecrets(volumeMount []apiv1.VolumeMount) (apiv1.Secret, []apiv1.VolumeMount, bool) {
// We set a place holder secret to ensure that the Secret is owned by the SoftwareFactory instance (ControllerReference)
func (r *SFController) setProviderSecretsVolumeMounts(volumeMount []apiv1.VolumeMount) (apiv1.Secret, []apiv1.VolumeMount, bool) {
var nodepoolProvidersSecrets apiv1.Secret
if !r.GetM(NodepoolProvidersSecretsName, &nodepoolProvidersSecrets) {
r.CreateR(&apiv1.Secret{
Data: map[string][]byte{},
ObjectMeta: metav1.ObjectMeta{Name: NodepoolProvidersSecretsName, Namespace: r.ns}})
} else {
if len(nodepoolProvidersSecrets.GetOwnerReferences()) == 0 {
r.log.V(1).Info("Adopting the providers secret to set the owner reference", "secret", NodepoolProvidersSecretsName)
if !r.UpdateR(&nodepoolProvidersSecrets) {
return nodepoolProvidersSecrets, volumeMount, false
}
if r.GetM(NodepoolProvidersSecretsName, &nodepoolProvidersSecrets) {
if data, ok := nodepoolProvidersSecrets.Data["clouds.yaml"]; ok && len(data) > 0 {
volumeMount = append(volumeMount, apiv1.VolumeMount{
Name: "nodepool-providers-secrets",
SubPath: "clouds.yaml",
MountPath: "/var/lib/nodepool/.config/openstack/clouds.yaml",
ReadOnly: true,
})
}
}

if data, ok := nodepoolProvidersSecrets.Data["clouds.yaml"]; ok && len(data) > 0 {
volumeMount = append(volumeMount, apiv1.VolumeMount{
Name: "nodepool-providers-secrets",
SubPath: "clouds.yaml",
MountPath: "/var/lib/nodepool/.config/openstack/clouds.yaml",
ReadOnly: true,
})
}

if data, ok := nodepoolProvidersSecrets.Data["kube.config"]; ok && len(data) > 0 {
volumeMount = append(volumeMount, apiv1.VolumeMount{
Name: "nodepool-providers-secrets",
SubPath: "kube.config",
MountPath: "/var/lib/nodepool/.kube/config",
ReadOnly: true,
})
if data, ok := nodepoolProvidersSecrets.Data["kube.config"]; ok && len(data) > 0 {
volumeMount = append(volumeMount, apiv1.VolumeMount{
Name: "nodepool-providers-secrets",
SubPath: "kube.config",
MountPath: "/var/lib/nodepool/.kube/config",
ReadOnly: true,
})
}
return nodepoolProvidersSecrets, volumeMount, true
} else {
return nodepoolProvidersSecrets, volumeMount, false
}
return nodepoolProvidersSecrets, volumeMount, true
}

func (r *SFController) DeployNodepoolBuilder(statsdExporterVolume apiv1.Volume, nodepoolStatsdMappingConfig string) bool {
Expand Down Expand Up @@ -423,7 +413,7 @@ func (r *SFController) DeployNodepoolBuilder(statsdExporterVolume apiv1.Volume,
},
}

nodepoolProvidersSecrets, volumeMount, ready := r.setProviderSecrets(volumeMount)
nodepoolProvidersSecrets, volumeMount, ready := r.setProviderSecretsVolumeMounts(volumeMount)
if !ready {
return false
}
Expand Down Expand Up @@ -578,7 +568,7 @@ func (r *SFController) DeployNodepoolLauncher(statsdExporterVolume apiv1.Volume,
configScriptVolumeMount,
}

nodepoolProvidersSecrets, volumeMount, ready := r.setProviderSecrets(volumeMount)
nodepoolProvidersSecrets, volumeMount, ready := r.setProviderSecretsVolumeMounts(volumeMount)
if !ready {
return false
}
Expand Down Expand Up @@ -665,7 +655,7 @@ func (r *SFController) DeployNodepool() map[string]bool {

// We need to initialize the providers secrets early
var v []apiv1.VolumeMount
var nodepoolProvidersSecrets, _, ready = r.setProviderSecrets(v)
var nodepoolProvidersSecrets, _, ready = r.setProviderSecretsVolumeMounts(v)
if !ready {
deployments[launcherIdent] = false
deployments[builderIdent] = false
Expand Down
23 changes: 6 additions & 17 deletions controllers/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -296,13 +296,13 @@ func (r *SFUtilContext) ensureHTTPSRoute(
name string, host string, serviceName string, path string,
port int, annotations map[string]string, fqdn string, le *sfv1.LetsEncryptSpec) bool {

var tlsDataReady bool
tlsDataReady := true
var sslCA, sslCrt, sslKey []byte

if le == nil {
// Letsencrypt config has not been set so we check the `customSSLSecretName` Secret
// for any custom TLS data to setup the Route
tlsDataReady, sslCA, sslCrt, sslKey = r.extractStaticTLSFromSecret(name, host)
sslCA, sslCrt, sslKey = r.extractStaticTLSFromSecret(name, host)
} else {
// Letsencrypt config has been set so we ensure we set a Certificate via the
// cert-manager Issuer and then we'll setup the Route based on the Certificate's Secret
Expand Down Expand Up @@ -471,27 +471,16 @@ func GetCustomRouteSSLSecretName(host string) string {
return host + "-ssl-cert"
}

func (r *SFUtilContext) extractStaticTLSFromSecret(name string, host string) (bool, []byte, []byte, []byte) {
func (r *SFUtilContext) extractStaticTLSFromSecret(name string, host string) ([]byte, []byte, []byte) {
var customSSLSecret apiv1.Secret
customSSLSecretName := GetCustomRouteSSLSecretName(host)

// We set a place holder secret to ensure that the Secret is owned (ControllerReference)
// Or we adopt the existing secret
if !r.GetM(customSSLSecretName, &customSSLSecret) {
r.CreateR(&apiv1.Secret{
Data: map[string][]byte{},
ObjectMeta: metav1.ObjectMeta{Name: customSSLSecretName, Namespace: r.ns}})
return false, nil, nil, nil
return nil, nil, nil
} else {
if len(customSSLSecret.GetOwnerReferences()) == 0 {
r.log.V(1).Info("Adopting the route secret to set the owner reference", "secret", customSSLSecretName, "route name", name)
if !r.UpdateR(&customSSLSecret) {
return false, nil, nil, nil
}
}
// Fetching secret expected TLS Keys content
return customSSLSecret.Data["CA"], customSSLSecret.Data["crt"], customSSLSecret.Data["key"]
}
// Fetching secret expected TLS Keys content
return true, customSSLSecret.Data["CA"], customSSLSecret.Data["crt"], customSSLSecret.Data["key"]
}

func (r *SFUtilContext) extractTLSFromLECertificateSecret(name string, host string, fqdn string, le sfv1.LetsEncryptSpec) (bool, []byte, []byte, []byte) {
Expand Down

0 comments on commit a4e4178

Please sign in to comment.