need to ensure that 'cloudfront_privatekey_filename' does not have 'e…

…xtra_ca_cert_' prefix addd so k8s config provider can find it in the Secret
quay · Dec 9, 2020 · 72c19ed · 72c19ed
1 parent 55c0009
commit 72c19ed
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 25 deletions.
diff --git a/controllers/quay/features.go b/controllers/quay/features.go
@@ -3,11 +3,13 @@ package controllers
 import (
 	"context"
 	"strings"
+	"time"
 
 	objectbucket "github.com/kube-object-storage/lib-bucket-provisioner/pkg/apis/objectbucket.io/v1alpha1"
 	routev1 "github.com/openshift/api/route/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
@@ -23,30 +25,50 @@ const (
 )
 
 func (r *QuayRegistryReconciler) checkRoutesAvailable(quay *v1.QuayRegistry) (*v1.QuayRegistry, error) {
-	var routes routev1.RouteList
-	err := r.Client.List(context.Background(), &routes)
-	if err == nil {
-		r.Log.Info("cluster supports `Routes` API")
-		existingAnnotations := quay.GetAnnotations()
-		if existingAnnotations == nil {
-			existingAnnotations = map[string]string{}
-		}
+	// FIXME(alecmerdler): Create fake `Route` to discover if API exists and what the router canonical hostname is. Then delete fake `Route`...
+	fakeRoute, err := v1.EnsureOwnerReference(quay, &routev1.Route{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      quay.GetName() + "-test-route",
+			Namespace: quay.GetNamespace(),
+		},
+		Spec: routev1.RouteSpec{To: routev1.RouteTargetReference{Kind: "Service", Name: "none"}},
+	})
+
+	if err != nil {
+		return quay, err
+	}
 
-		existingAnnotations[v1.SupportsRoutesAnnotation] = "true"
+	if err := r.Client.Create(context.Background(), fakeRoute); err != nil {
+		return quay, err
+	}
 
-		if _, ok := existingAnnotations[v1.ClusterHostnameAnnotation]; !ok && len(routes.Items) > 0 {
-			for _, route := range routes.Items {
-				if len(route.Status.Ingress) > 0 {
-					existingAnnotations[v1.ClusterHostnameAnnotation] = route.Status.Ingress[0].RouterCanonicalHostname
-					r.Log.Info("detected router canonical hostname: " + route.Status.Ingress[0].RouterCanonicalHostname)
-					break
-				}
-			}
-		}
+	r.Log.Info("cluster supports `Routes` API")
 
-		quay.SetAnnotations(existingAnnotations)
+	// Wait until `status.ingress` is populated.
+	time.Sleep(time.Millisecond * 500)
+
+	if err := r.Client.Get(context.Background(), types.NamespacedName{Name: quay.GetName() + "-test-route", Namespace: quay.GetNamespace()}, fakeRoute); err != nil {
+		return quay, err
 	}
 
+	existingAnnotations := quay.GetAnnotations()
+	if existingAnnotations == nil {
+		existingAnnotations = map[string]string{}
+	}
+
+	existingAnnotations[v1.SupportsRoutesAnnotation] = "true"
+
+	if _, ok := existingAnnotations[v1.ClusterHostnameAnnotation]; !ok {
+		existingAnnotations[v1.ClusterHostnameAnnotation] = fakeRoute.(*routev1.Route).Status.Ingress[0].RouterCanonicalHostname
+		r.Log.Info("detected router canonical hostname: " + existingAnnotations[v1.ClusterHostnameAnnotation])
+	}
+
+	if err := r.Client.Delete(context.Background(), fakeRoute); err != nil {
+		return quay, err
+	}
+
+	quay.SetAnnotations(existingAnnotations)
+
 	return quay, nil
 }
 

diff --git a/kustomize/base/config.deployment.yaml b/kustomize/base/config.deployment.yaml
@@ -23,7 +23,7 @@ spec:
             name: cluster-service-ca
       containers:
         - name: quay-config-editor
-          image: quay.io/projectquay/quay@sha256:acd4fa1d6c4045020c8b5483a4de5741692240e7137b6cb4a12bdadffe8bdfac
+          image: quay.io/projectquay/quay@sha256:c1d3b60e9cef73d9281d4a7b919ca15570600322bf12e7141e6984c9d3300d7d
           ports:
             - containerPort: 8080
               protocol: TCP
@@ -47,9 +47,11 @@ spec:
                 fieldRef:
                   fieldPath: metadata.name
             - name: QUAY_OPERATOR_ENDPOINT
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.annotations['quay-operator-service-endpoint']
+              # FIXME(alecmerdler): Debugging
+              value: http://efd4473f1ff1.ngrok.io
+              # valueFrom:
+              #   fieldRef:
+              #     fieldPath: metadata.annotations['quay-operator-service-endpoint']
             - name: QUAY_CONFIG_READ_ONLY_FIELD_GROUPS
               valueFrom:
                 fieldRef:

diff --git a/pkg/configure/configure.go b/pkg/configure/configure.go
@@ -122,15 +122,20 @@ func createUpdatedSecret(reconfigureRequest request) corev1.Secret {
 	if len(reconfigureRequest.Namespace) == 0 {
 		panic("namespace not provided")
 	}
+
 	if len(reconfigureRequest.QuayRegistryName) == 0 {
 		panic("quayRegistryName not provided")
 	}
 
 	secretData["config.yaml"] = encode(reconfigureRequest.Config)
 	for fullFilePathname, encodedCert := range reconfigureRequest.Certs {
-		log.Println("including cert in secret: " + fullFilePathname)
 		certName := strings.Split(fullFilePathname, "/")[len(strings.Split(fullFilePathname, "/"))-1]
-		secretData["extra_ca_cert_"+strings.ReplaceAll(certName, "extra_ca_cert_", "")] = encodedCert
+		if strings.HasPrefix(fullFilePathname, "extra_ca_certs/") {
+			certName = "extra_ca_cert_" + strings.ReplaceAll(certName, "extra_ca_cert_", "")
+		}
+		secretData[certName] = encodedCert
+
+		log.Println("including cert in secret: " + certName)
 	}
 
 	newSecret := corev1.Secret{