From 72c19edce3fdafe1121e0018e384efb3b346aa65 Mon Sep 17 00:00:00 2001 From: Alec Merdler Date: Mon, 7 Dec 2020 17:48:58 -0800 Subject: [PATCH] need to ensure that 'cloudfront_privatekey_filename' does not have 'extra_ca_cert_' prefix addd so k8s config provider can find it in the Secret --- controllers/quay/features.go | 60 ++++++++++++++++++--------- kustomize/base/config.deployment.yaml | 10 +++-- pkg/configure/configure.go | 9 +++- 3 files changed, 54 insertions(+), 25 deletions(-) diff --git a/controllers/quay/features.go b/controllers/quay/features.go index a03b143c5..b9a84f0b6 100644 --- a/controllers/quay/features.go +++ b/controllers/quay/features.go @@ -3,11 +3,13 @@ package controllers import ( "context" "strings" + "time" objectbucket "github.com/kube-object-storage/lib-bucket-provisioner/pkg/apis/objectbucket.io/v1alpha1" routev1 "github.com/openshift/api/route/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" @@ -23,30 +25,50 @@ const ( ) func (r *QuayRegistryReconciler) checkRoutesAvailable(quay *v1.QuayRegistry) (*v1.QuayRegistry, error) { - var routes routev1.RouteList - err := r.Client.List(context.Background(), &routes) - if err == nil { - r.Log.Info("cluster supports `Routes` API") - existingAnnotations := quay.GetAnnotations() - if existingAnnotations == nil { - existingAnnotations = map[string]string{} - } + // FIXME(alecmerdler): Create fake `Route` to discover if API exists and what the router canonical hostname is. Then delete fake `Route`... + fakeRoute, err := v1.EnsureOwnerReference(quay, &routev1.Route{ + ObjectMeta: metav1.ObjectMeta{ + Name: quay.GetName() + "-test-route", + Namespace: quay.GetNamespace(), + }, + Spec: routev1.RouteSpec{To: routev1.RouteTargetReference{Kind: "Service", Name: "none"}}, + }) + + if err != nil { + return quay, err + } - existingAnnotations[v1.SupportsRoutesAnnotation] = "true" + if err := r.Client.Create(context.Background(), fakeRoute); err != nil { + return quay, err + } - if _, ok := existingAnnotations[v1.ClusterHostnameAnnotation]; !ok && len(routes.Items) > 0 { - for _, route := range routes.Items { - if len(route.Status.Ingress) > 0 { - existingAnnotations[v1.ClusterHostnameAnnotation] = route.Status.Ingress[0].RouterCanonicalHostname - r.Log.Info("detected router canonical hostname: " + route.Status.Ingress[0].RouterCanonicalHostname) - break - } - } - } + r.Log.Info("cluster supports `Routes` API") - quay.SetAnnotations(existingAnnotations) + // Wait until `status.ingress` is populated. + time.Sleep(time.Millisecond * 500) + + if err := r.Client.Get(context.Background(), types.NamespacedName{Name: quay.GetName() + "-test-route", Namespace: quay.GetNamespace()}, fakeRoute); err != nil { + return quay, err } + existingAnnotations := quay.GetAnnotations() + if existingAnnotations == nil { + existingAnnotations = map[string]string{} + } + + existingAnnotations[v1.SupportsRoutesAnnotation] = "true" + + if _, ok := existingAnnotations[v1.ClusterHostnameAnnotation]; !ok { + existingAnnotations[v1.ClusterHostnameAnnotation] = fakeRoute.(*routev1.Route).Status.Ingress[0].RouterCanonicalHostname + r.Log.Info("detected router canonical hostname: " + existingAnnotations[v1.ClusterHostnameAnnotation]) + } + + if err := r.Client.Delete(context.Background(), fakeRoute); err != nil { + return quay, err + } + + quay.SetAnnotations(existingAnnotations) + return quay, nil } diff --git a/kustomize/base/config.deployment.yaml b/kustomize/base/config.deployment.yaml index 5c806eeec..1002985e0 100644 --- a/kustomize/base/config.deployment.yaml +++ b/kustomize/base/config.deployment.yaml @@ -23,7 +23,7 @@ spec: name: cluster-service-ca containers: - name: quay-config-editor - image: quay.io/projectquay/quay@sha256:acd4fa1d6c4045020c8b5483a4de5741692240e7137b6cb4a12bdadffe8bdfac + image: quay.io/projectquay/quay@sha256:c1d3b60e9cef73d9281d4a7b919ca15570600322bf12e7141e6984c9d3300d7d ports: - containerPort: 8080 protocol: TCP @@ -47,9 +47,11 @@ spec: fieldRef: fieldPath: metadata.name - name: QUAY_OPERATOR_ENDPOINT - valueFrom: - fieldRef: - fieldPath: metadata.annotations['quay-operator-service-endpoint'] + # FIXME(alecmerdler): Debugging + value: http://efd4473f1ff1.ngrok.io + # valueFrom: + # fieldRef: + # fieldPath: metadata.annotations['quay-operator-service-endpoint'] - name: QUAY_CONFIG_READ_ONLY_FIELD_GROUPS valueFrom: fieldRef: diff --git a/pkg/configure/configure.go b/pkg/configure/configure.go index 28204d80a..bd5dc483d 100644 --- a/pkg/configure/configure.go +++ b/pkg/configure/configure.go @@ -122,15 +122,20 @@ func createUpdatedSecret(reconfigureRequest request) corev1.Secret { if len(reconfigureRequest.Namespace) == 0 { panic("namespace not provided") } + if len(reconfigureRequest.QuayRegistryName) == 0 { panic("quayRegistryName not provided") } secretData["config.yaml"] = encode(reconfigureRequest.Config) for fullFilePathname, encodedCert := range reconfigureRequest.Certs { - log.Println("including cert in secret: " + fullFilePathname) certName := strings.Split(fullFilePathname, "/")[len(strings.Split(fullFilePathname, "/"))-1] - secretData["extra_ca_cert_"+strings.ReplaceAll(certName, "extra_ca_cert_", "")] = encodedCert + if strings.HasPrefix(fullFilePathname, "extra_ca_certs/") { + certName = "extra_ca_cert_" + strings.ReplaceAll(certName, "extra_ca_cert_", "") + } + secretData[certName] = encodedCert + + log.Println("including cert in secret: " + certName) } newSecret := corev1.Secret{