Skip to content

Commit

Permalink
Add watcher for cert changes
Browse files Browse the repository at this point in the history 
The deployment manages certs and needs to watch them for changes during
the initial deployment.

Also made sure to sort the ips before requesting the certs to prevent
unneeded cert updates

(cherry picked from commit d484c31)
  • Loading branch information
@vakwetu @stuggi
vakwetu authored and stuggi committed Aug 5, 2024
1 parent a439369 commit c9cfb28
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 0 deletions.
46 changes: 46 additions & 0 deletions controllers/dataplane/openstackdataplanedeployment_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,11 @@ import (
"k8s.io/client-go/kubernetes"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/handler"
"sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/reconcile"

certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
"github.com/go-logr/logr"
condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
Expand Down Expand Up @@ -433,8 +436,51 @@ func (r *OpenStackDataPlaneDeploymentReconciler) setHashes(

// SetupWithManager sets up the controller with the Manager.
func (r *OpenStackDataPlaneDeploymentReconciler) SetupWithManager(mgr ctrl.Manager) error {
// watch for changes in certificates
certFn := func(ctx context.Context, obj client.Object) []reconcile.Request {
Log := r.GetLogger(ctx)
result := []reconcile.Request{}

objectLabelValue, ok := obj.GetLabels()[deployment.NodeSetLabel]
if !ok {
// cert doesn't have a nodeset label
return nil
}

// get all deployments in namespace
deployments := &dataplanev1.OpenStackDataPlaneDeploymentList{}
listOpts := []client.ListOption{
client.InNamespace(obj.GetNamespace()),
}
if err := r.Client.List(context.Background(), deployments, listOpts...); err != nil {
Log.Error(err, "Unable to retrieve deployments %w")
return nil
}

for _, dep := range deployments.Items {
if dep.Status.Deployed {
continue
}
if util.StringInSlice(objectLabelValue, dep.Spec.NodeSets) {
name := client.ObjectKey{
Namespace: dep.GetNamespace(),
Name: dep.GetName(),
}
Log.Info(fmt.Sprintf("Cert %s is used by deployment %s", obj.GetName(), dep.GetName()))
result = append(result, reconcile.Request{NamespacedName: name})
}
}

if len(result) > 0 {
return result
}
return nil
}

return ctrl.NewControllerManagedBy(mgr).
For(&dataplanev1.OpenStackDataPlaneDeployment{}).
Owns(&ansibleeev1.OpenStackAnsibleEE{}).
Watches(&certmgrv1.Certificate{},
handler.EnqueueRequestsFromMapFunc(certFn)).
Complete(r)
}
1 change: 1 addition & 0 deletions pkg/dataplane/cert.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ func EnsureTLSCerts(ctx context.Context, helper *helper.Helper,
}
}
}
sort.Strings(ips)

if service.Spec.TLSCerts[certKey].Issuer == "" {
// by default, use the internal root CA
Expand Down
7 changes: 7 additions & 0 deletions tests/functional/dataplane/suite_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ import (
dataplanev1 "github.com/openstack-k8s-operators/openstack-operator/apis/dataplane/v1beta1"
dataplanecontrollers "github.com/openstack-k8s-operators/openstack-operator/controllers/dataplane"

certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"

//revive:disable-next-line:dot-imports
. "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers"
test "github.com/openstack-k8s-operators/lib-common/modules/test"
Expand Down Expand Up @@ -98,6 +100,8 @@ var _ = BeforeSuite(func() {
infraCRDs, err := test.GetCRDDirFromModule(
"github.com/openstack-k8s-operators/infra-operator/apis", gomod, "bases")
Expect(err).ShouldNot(HaveOccurred())
certmgrv1CRDs, err := test.GetOpenShiftCRDDir("cert-manager/v1", gomod)
Expect(err).ShouldNot(HaveOccurred())

By("bootstrapping test environment")
testEnv = &envtest.Environment{
Expand All @@ -106,6 +110,7 @@ var _ = BeforeSuite(func() {
aeeCRDs,
baremetalCRDs,
infraCRDs,
certmgrv1CRDs,
},
WebhookInstallOptions: envtest.WebhookInstallOptions{
Paths: []string{filepath.Join("..", "..", "..", "config", "webhook")},
Expand Down Expand Up @@ -141,6 +146,8 @@ var _ = BeforeSuite(func() {
Expect(err).NotTo(HaveOccurred())
err = openstackv1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
err = certmgrv1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
//+kubebuilder:scaffold:scheme

logger = ctrl.Log.WithName("---DataPlane Test---")
Expand Down

0 comments on commit c9cfb28

Please sign in to comment.