From 15af7d5c73b8bd6cc2f4f0806c4220a639c5f1a1 Mon Sep 17 00:00:00 2001 From: Olivier Cazade Date: Thu, 8 Jun 2023 09:39:39 +0200 Subject: [PATCH] Fix reconcile from DISABLED to AUTO configuration (#365) --- .../flowlogspipeline/flp_common_objects.go | 21 +++++++++++++++++++ controllers/flowlogspipeline/flp_test.go | 21 +++++++++++++++++++ controllers/reconcilers/common.go | 1 + 3 files changed, 43 insertions(+) diff --git a/controllers/flowlogspipeline/flp_common_objects.go b/controllers/flowlogspipeline/flp_common_objects.go index c02b41031..8c8303902 100644 --- a/controllers/flowlogspipeline/flp_common_objects.go +++ b/controllers/flowlogspipeline/flp_common_objects.go @@ -683,6 +683,7 @@ func (b *builder) clusterRoleBinding(ck ConfKind, mono bool) *rbacv1.ClusterRole } func (b *builder) serviceMonitor() *monitoringv1.ServiceMonitor { + serverName := fmt.Sprintf("%s.%s.svc", b.promServiceName(), b.info.Namespace) flpServiceMonitorObject := monitoringv1.ServiceMonitor{ ObjectMeta: metav1.ObjectMeta{ Name: b.serviceMonitorName(), @@ -707,6 +708,26 @@ func (b *builder) serviceMonitor() *monitoringv1.ServiceMonitor { }, }, } + if b.desired.Processor.Metrics.Server.TLS.Type == flowslatest.ServerTLSAuto { + flpServiceMonitorObject.Spec.Endpoints[0].Scheme = "https" + flpServiceMonitorObject.Spec.Endpoints[0].TLSConfig = &monitoringv1.TLSConfig{ + SafeTLSConfig: monitoringv1.SafeTLSConfig{ + ServerName: serverName, + }, + CAFile: "/etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt", + } + } + + if b.desired.Processor.Metrics.Server.TLS.Type == flowslatest.ServerTLSProvided { + flpServiceMonitorObject.Spec.Endpoints[0].Scheme = "https" + flpServiceMonitorObject.Spec.Endpoints[0].TLSConfig = &monitoringv1.TLSConfig{ + SafeTLSConfig: monitoringv1.SafeTLSConfig{ + ServerName: serverName, + InsecureSkipVerify: true, + }, + } + } + return &flpServiceMonitorObject } diff --git a/controllers/flowlogspipeline/flp_test.go b/controllers/flowlogspipeline/flp_test.go index ed45ffd84..23da349d7 100644 --- a/controllers/flowlogspipeline/flp_test.go +++ b/controllers/flowlogspipeline/flp_test.go @@ -482,6 +482,18 @@ func TestServiceChanged(t *testing.T) { report = helper.NewChangeReport("") assert.False(helper.ServiceChanged(second, third, &report)) assert.Contains(report.String(), "no change") + + // Check annotations change + cfg.Processor.LogLevel = "error" + b = monoBuilder(ns, &cfg) + fourth := b.promService() + fourth.ObjectMeta.Annotations = map[string]string{ + "name": "value", + } + + report = helper.NewChangeReport("") + assert.True(helper.ServiceChanged(third, fourth, &report)) + assert.Contains(report.String(), "Service annotations changed") } func TestServiceMonitorNoChange(t *testing.T) { @@ -526,6 +538,15 @@ func TestServiceMonitorChanged(t *testing.T) { report = helper.NewChangeReport("") assert.True(helper.ServiceMonitorChanged(second, third, &report)) assert.Contains(report.String(), "ServiceMonitor labels changed") + + // Check scheme changed + b = newMonolithBuilder(info.NewInstance(image2), &cfg) + fourth := b.generic.serviceMonitor() + fourth.Spec.Endpoints[0].Scheme = "https" + + report = helper.NewChangeReport("") + assert.True(helper.ServiceMonitorChanged(third, fourth, &report)) + assert.Contains(report.String(), "ServiceMonitor spec changed") } func TestPrometheusRuleNoChange(t *testing.T) { diff --git a/controllers/reconcilers/common.go b/controllers/reconcilers/common.go index 4c415da61..ebe7f9612 100644 --- a/controllers/reconcilers/common.go +++ b/controllers/reconcilers/common.go @@ -166,6 +166,7 @@ func (i *Instance) ReconcileService(ctx context.Context, old, new *corev1.Servic // In case we're updating an existing service, we need to build from the old one to keep immutable fields such as clusterIP newSVC := old.DeepCopy() newSVC.Spec.Ports = new.Spec.Ports + newSVC.ObjectMeta.Annotations = new.ObjectMeta.Annotations if err := i.UpdateOwned(ctx, old, newSVC); err != nil { return err }