From 7f9695addc45f82d49b0b2804385368ce325db65 Mon Sep 17 00:00:00 2001 From: nasark Date: Mon, 18 Sep 2023 11:54:51 -0400 Subject: [PATCH] move util.go to subpackage --- .../helpers/miq-components/app-secret.go | 5 +- .../helpers/miq-components/application.go | 19 ++--- .../api/v1alpha1/helpers/miq-components/cr.go | 3 +- .../v1alpha1/helpers/miq-components/httpd.go | 71 ++++++++++--------- .../v1alpha1/helpers/miq-components/kafka.go | 47 ++++++------ .../helpers/miq-components/memcached.go | 17 ++--- .../miq-components/network_policies.go | 19 ++--- .../helpers/miq-components/operator.go | 21 +++--- .../helpers/miq-components/orchestrator.go | 69 +++++++++--------- .../helpers/miq-components/postgresql.go | 37 +++++----- .../v1alpha1/helpers/miq-components/rbac.go | 3 +- .../miq-components/{ => utils}/util.go | 24 +++---- .../controller/manageiq_controller.go | 3 +- 13 files changed, 175 insertions(+), 163 deletions(-) rename manageiq-operator/api/v1alpha1/helpers/miq-components/{ => utils}/util.go (85%) diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/app-secret.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/app-secret.go index 7445348c0..99ee2b8f4 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/app-secret.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/app-secret.go @@ -4,6 +4,7 @@ import ( "context" miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -27,8 +28,8 @@ func ManageAppSecret(cr *miqv1alpha1.ManageIQ, client client.Client, scheme *run return err } - addAppLabel(cr.Spec.AppName, &secret.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &secret.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) return nil } diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/application.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/application.go index f6e0730e4..f6f7636d0 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/application.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/application.go @@ -2,6 +2,7 @@ package miqtools import ( miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -22,12 +23,12 @@ func ApplicationUiHttpdConfigMap(cr *miqv1alpha1.ManageIQ, scheme *runtime.Schem if err := controllerutil.SetControllerReference(cr, configMap, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &configMap.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &configMap.ObjectMeta) protocol := "http" - if certSecret := InternalCertificatesSecret(cr, client); certSecret.Data["ui_crt"] != nil && certSecret.Data["ui_key"] != nil { + if certSecret := miqutils.InternalCertificatesSecret(cr, client); certSecret.Data["ui_crt"] != nil && certSecret.Data["ui_key"] != nil { protocol = "https" configMap.Data["ssl_config"] = appHttpdSslConfig() } @@ -53,12 +54,12 @@ func ApplicationApiHttpdConfigMap(cr *miqv1alpha1.ManageIQ, scheme *runtime.Sche if err := controllerutil.SetControllerReference(cr, configMap, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &configMap.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &configMap.ObjectMeta) protocol := "http" - if certSecret := InternalCertificatesSecret(cr, client); certSecret.Data["api_crt"] != nil && certSecret.Data["api_key"] != nil { + if certSecret := miqutils.InternalCertificatesSecret(cr, client); certSecret.Data["api_crt"] != nil && certSecret.Data["api_key"] != nil { protocol = "https" configMap.Data["ssl_config"] = appHttpdSslConfig() } @@ -84,12 +85,12 @@ func ApplicationRemoteConsoleHttpdConfigMap(cr *miqv1alpha1.ManageIQ, scheme *ru if err := controllerutil.SetControllerReference(cr, configMap, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &configMap.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &configMap.ObjectMeta) protocol := "ws" - if certSecret := InternalCertificatesSecret(cr, client); certSecret.Data["remote_console_crt"] != nil && certSecret.Data["remote_console_key"] != nil { + if certSecret := miqutils.InternalCertificatesSecret(cr, client); certSecret.Data["remote_console_crt"] != nil && certSecret.Data["remote_console_key"] != nil { protocol = "wss" configMap.Data["ssl_config"] = appHttpdSslConfig() } diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/cr.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/cr.go index 3ae7ef115..e53c6525c 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/cr.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/cr.go @@ -3,6 +3,7 @@ package miqtools import ( "context" miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" @@ -379,7 +380,7 @@ func ManageCR(cr *miqv1alpha1.ManageIQ, c *client.Client) (*miqv1alpha1.ManageIQ cr.Spec.ZookeeperImage = zookeeperImage(cr) cr.Spec.ZookeeperVolumeCapacity = zookeeperVolumeCapacity(cr) - addBackupLabel(backupLabelName(cr), &cr.ObjectMeta) + miqutils.AddBackupLabel(backupLabelName(cr), &cr.ObjectMeta) return nil } diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/httpd.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/httpd.go index 6cc50db3c..5146636a1 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/httpd.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/httpd.go @@ -7,6 +7,7 @@ import ( "fmt" miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" tlstools "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/tlstools" routev1 "github.com/openshift/api/route/v1" appsv1 "k8s.io/api/apps/v1" @@ -77,7 +78,7 @@ func Route(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, client client.Clien route.Spec.TLS.Certificate = string(public.Data["tls.crt"]) route.Spec.TLS.Key = string(public.Data["tls.key"]) - internalCerts := InternalCertificatesSecret(cr, client) + internalCerts := miqutils.InternalCertificatesSecret(cr, client) route.Spec.TLS.DestinationCACertificate = string(internalCerts.Data["root_crt"]) return nil @@ -140,7 +141,7 @@ func Ingress(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*networkingv1.In }, }, } - addAppLabel(cr.Spec.AppName, &ingress.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &ingress.ObjectMeta) return nil } @@ -168,26 +169,26 @@ func HttpdConfigMap(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, client cli if err := controllerutil.SetControllerReference(cr, configMap, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) uiHttpProtocol, uiWebSocketProtocol := "http", "ws" - if certSecret := InternalCertificatesSecret(cr, client); certSecret.Data["ui_crt"] != nil && certSecret.Data["ui_key"] != nil { + if certSecret := miqutils.InternalCertificatesSecret(cr, client); certSecret.Data["ui_crt"] != nil && certSecret.Data["ui_key"] != nil { uiHttpProtocol, uiWebSocketProtocol = "https", "wss" } apiHttpProtocol := "http" - if certSecret := InternalCertificatesSecret(cr, client); certSecret.Data["api_crt"] != nil && certSecret.Data["api_key"] != nil { + if certSecret := miqutils.InternalCertificatesSecret(cr, client); certSecret.Data["api_crt"] != nil && certSecret.Data["api_key"] != nil { apiHttpProtocol = "https" } configMap.Data["application.conf"] = httpdApplicationConf(cr.Spec.ApplicationDomain, uiHttpProtocol, uiWebSocketProtocol, apiHttpProtocol) configMap.Data["authentication.conf"] = httpdAuthenticationConf(&cr.Spec) - if certSecret := InternalCertificatesSecret(cr, client); certSecret.Data["httpd_crt"] != nil && certSecret.Data["httpd_key"] != nil { + if certSecret := miqutils.InternalCertificatesSecret(cr, client); certSecret.Data["httpd_crt"] != nil && certSecret.Data["httpd_key"] != nil { configMap.Data["ssl_config"] = httpdSslConfig() } - if certSecret := InternalCertificatesSecret(cr, client); certSecret.Data["ui_crt"] != nil && certSecret.Data["ui_key"] != nil { + if certSecret := miqutils.InternalCertificatesSecret(cr, client); certSecret.Data["ui_crt"] != nil && certSecret.Data["ui_key"] != nil { configMap.Data["ssl_proxy_config"] = httpdSslProxyConfig() } @@ -210,8 +211,8 @@ func HttpdAuthConfigMap(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*core if err := controllerutil.SetControllerReference(cr, configMap, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &configMap.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &configMap.ObjectMeta) configMap.Data["auth-configuration.conf"] = httpdAuthConfigurationConf() @@ -232,7 +233,7 @@ func HttpdAuthConfig(client client.Client, cr *miqv1alpha1.ManageIQ, scheme *run } f := func() error { - addBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) return nil } @@ -269,8 +270,8 @@ func addOIDCEnv(secretName string, podSpec *corev1.PodSpec) { }, } - podSpec.Containers[0].Env = addOrUpdateEnvVar(podSpec.Containers[0].Env, clientId) - podSpec.Containers[0].Env = addOrUpdateEnvVar(podSpec.Containers[0].Env, clientSecret) + podSpec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(podSpec.Containers[0].Env, clientId) + podSpec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(podSpec.Containers[0].Env, clientSecret) } func getHttpdAuthConfigVersion(client client.Client, namespace string, spec *miqv1alpha1.ManageIQSpec) string { @@ -287,26 +288,26 @@ func getHttpdAuthConfigVersion(client client.Client, namespace string, spec *miq func addAuthConfigVolume(podSpec *corev1.PodSpec) { volumeMount := corev1.VolumeMount{Name: "httpd-auth-config", MountPath: "/etc/httpd/auth-conf.d"} - podSpec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(podSpec.Containers[0].VolumeMounts, volumeMount) + podSpec.Containers[0].VolumeMounts = miqutils.AddOrUpdateVolumeMount(podSpec.Containers[0].VolumeMounts, volumeMount) configMapVolumeSource := corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: "httpd-auth-configs"}} - podSpec.Volumes = addOrUpdateVolume(podSpec.Volumes, corev1.Volume{Name: "httpd-auth-config", VolumeSource: corev1.VolumeSource{ConfigMap: &configMapVolumeSource}}) + podSpec.Volumes = miqutils.AddOrUpdateVolume(podSpec.Volumes, corev1.Volume{Name: "httpd-auth-config", VolumeSource: corev1.VolumeSource{ConfigMap: &configMapVolumeSource}}) } func addUserAuthVolume(secretName string, podSpec *corev1.PodSpec) { volumeMount := corev1.VolumeMount{Name: "user-auth-config", MountPath: "/etc/httpd/user-conf.d"} - podSpec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(podSpec.Containers[0].VolumeMounts, volumeMount) + podSpec.Containers[0].VolumeMounts = miqutils.AddOrUpdateVolumeMount(podSpec.Containers[0].VolumeMounts, volumeMount) secretVolumeSource := corev1.SecretVolumeSource{SecretName: secretName} - podSpec.Volumes = addOrUpdateVolume(podSpec.Volumes, corev1.Volume{Name: "user-auth-config", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) + podSpec.Volumes = miqutils.AddOrUpdateVolume(podSpec.Volumes, corev1.Volume{Name: "user-auth-config", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) } func addOIDCCACertVolume(secretName string, podSpec *corev1.PodSpec) { volumeMount := corev1.VolumeMount{Name: "oidc-ca-cert", MountPath: "/etc/pki/ca-trust/source/anchors"} - podSpec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(podSpec.Containers[0].VolumeMounts, volumeMount) + podSpec.Containers[0].VolumeMounts = miqutils.AddOrUpdateVolumeMount(podSpec.Containers[0].VolumeMounts, volumeMount) secretVolumeSource := corev1.SecretVolumeSource{SecretName: secretName} - podSpec.Volumes = addOrUpdateVolume(podSpec.Volumes, corev1.Volume{Name: "oidc-ca-cert", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) + podSpec.Volumes = miqutils.AddOrUpdateVolume(podSpec.Volumes, corev1.Volume{Name: "oidc-ca-cert", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) } func configureHttpdAuth(spec *miqv1alpha1.ManageIQSpec, podSpec *corev1.PodSpec) { @@ -388,7 +389,7 @@ func initializeHttpdContainer(spec *miqv1alpha1.ManageIQSpec, privileged bool, c assignHttpdPorts(privileged, c) - err := addResourceReqs(spec.HttpdMemoryLimit, spec.HttpdMemoryRequest, spec.HttpdCpuLimit, spec.HttpdCpuRequest, c) + err := miqutils.AddResourceReqs(spec.HttpdMemoryLimit, spec.HttpdMemoryRequest, spec.HttpdCpuLimit, spec.HttpdCpuRequest, c) if err != nil { return err } @@ -432,18 +433,18 @@ func HttpdDeployment(client client.Client, cr *miqv1alpha1.ManageIQ, scheme *run if err := controllerutil.SetControllerReference(cr, deployment, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) var repNum int32 = 1 deployment.Spec.Replicas = &repNum deployment.Spec.Strategy = appsv1.DeploymentStrategy{ Type: "Recreate", } - addAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) + miqutils.AddAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) deployment.Spec.Template.Spec.Containers = []corev1.Container{container} - deployment.Spec.Template.Spec.Containers[0].SecurityContext = DefaultSecurityContext() + deployment.Spec.Template.Spec.Containers[0].SecurityContext = miqutils.DefaultSecurityContext() configMapVolumeSource := corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: "httpd-configs"}} - deployment.Spec.Template.Spec.Volumes = addOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: "httpd-config", VolumeSource: corev1.VolumeSource{ConfigMap: &configMapVolumeSource}}) + deployment.Spec.Template.Spec.Volumes = miqutils.AddOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: "httpd-config", VolumeSource: corev1.VolumeSource{ConfigMap: &configMapVolumeSource}}) // Only assign the service account if we need additional privileges if privileged { @@ -456,18 +457,18 @@ func HttpdDeployment(client client.Client, cr *miqv1alpha1.ManageIQ, scheme *run // This is not used by the pod, it is defined to trigger a redeployment if the secret was updated httpdAuthConfigVersion := getHttpdAuthConfigVersion(client, cr.Namespace, &cr.Spec) - deployment.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "MANAGED_HTTPD_CFG_VERSION", Value: httpdAuthConfigVersion}) + deployment.Spec.Template.Spec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "MANAGED_HTTPD_CFG_VERSION", Value: httpdAuthConfigVersion}) - addInternalCertificate(cr, deployment, client, "httpd", "/root") + miqutils.AddInternalCertificate(cr, deployment, client, "httpd", "/root") - secret := InternalCertificatesSecret(cr, client) + secret := miqutils.InternalCertificatesSecret(cr, client) if secret.Data["root_crt"] != nil { volumeName := "internal-root-certificate" volumeMount := corev1.VolumeMount{Name: volumeName, MountPath: "/etc/pki/ca-trust/source/anchors", ReadOnly: true} - deployment.Spec.Template.Spec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) + deployment.Spec.Template.Spec.Containers[0].VolumeMounts = miqutils.AddOrUpdateVolumeMount(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) secretVolumeSource := corev1.SecretVolumeSource{SecretName: secret.Name, Items: []corev1.KeyToPath{corev1.KeyToPath{Key: "root_crt", Path: "root.crt"}}} - deployment.Spec.Template.Spec.Volumes = addOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: volumeName, VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) + deployment.Spec.Template.Spec.Volumes = miqutils.AddOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: volumeName, VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) } return nil @@ -488,7 +489,7 @@ func UIService(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev1.Servic if err := controllerutil.SetControllerReference(cr, service, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &service.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &service.ObjectMeta) if len(service.Spec.Ports) == 0 { service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{}) } @@ -513,7 +514,7 @@ func WebService(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev1.Servi if err := controllerutil.SetControllerReference(cr, service, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &service.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &service.ObjectMeta) if len(service.Spec.Ports) == 0 { service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{}) } @@ -538,7 +539,7 @@ func RemoteConsoleService(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*co if err := controllerutil.SetControllerReference(cr, service, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &service.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &service.ObjectMeta) if len(service.Spec.Ports) == 0 { service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{}) } @@ -563,7 +564,7 @@ func HttpdService(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev1.Ser if err := controllerutil.SetControllerReference(cr, service, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &service.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &service.ObjectMeta) if len(service.Spec.Ports) == 0 { service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{}) } @@ -588,7 +589,7 @@ func HttpdDbusAPIService(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*cor if err := controllerutil.SetControllerReference(cr, service, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &service.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &service.ObjectMeta) if len(service.Spec.Ports) == 0 { service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{}) } @@ -615,8 +616,8 @@ func ManageTlsSecret(cr *miqv1alpha1.ManageIQ, client client.Client, scheme *run return err } - addAppLabel(cr.Spec.AppName, &secret.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &secret.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) return nil } diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/kafka.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/kafka.go index ba023c96e..d4ffc863a 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/kafka.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/kafka.go @@ -4,6 +4,7 @@ import ( "context" miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" resource "k8s.io/apimachinery/pkg/api/resource" @@ -28,8 +29,8 @@ func ManageKafkaSecret(cr *miqv1alpha1.ManageIQ, client client.Client, scheme *r return err } - addAppLabel(cr.Spec.AppName, &secret.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &secret.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) return nil } @@ -52,8 +53,8 @@ func defaultKafkaSecret(cr *miqv1alpha1.ManageIQ) *corev1.Secret { StringData: secretData, } - addAppLabel(cr.Spec.AppName, &secret.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &secret.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) return secret } @@ -92,8 +93,8 @@ func KafkaPVC(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev1.Persist return err } - addAppLabel(cr.Spec.AppName, &pvc.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &pvc.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &pvc.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &pvc.ObjectMeta) pvc.Spec.AccessModes = accessModes pvc.Spec.Resources = resources @@ -131,8 +132,8 @@ func ZookeeperPVC(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev1.Per return err } - addAppLabel(cr.Spec.AppName, &pvc.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &pvc.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &pvc.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &pvc.ObjectMeta) pvc.Spec.AccessModes = accessModes pvc.Spec.Resources = resources @@ -158,7 +159,7 @@ func KafkaService(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev1.Ser return err } - addAppLabel(cr.Spec.AppName, &service.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &service.ObjectMeta) if len(service.Spec.Ports) == 0 { service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{}) } @@ -184,7 +185,7 @@ func ZookeeperService(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev1 return err } - addAppLabel(cr.Spec.AppName, &service.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &service.ObjectMeta) if len(service.Spec.Ports) == 0 { service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{}) } @@ -263,7 +264,7 @@ func KafkaDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*appsv1. }, } - err := addResourceReqs(cr.Spec.KafkaMemoryLimit, cr.Spec.KafkaMemoryRequest, cr.Spec.KafkaCpuLimit, cr.Spec.KafkaCpuRequest, &container) + err := miqutils.AddResourceReqs(cr.Spec.KafkaMemoryLimit, cr.Spec.KafkaMemoryRequest, cr.Spec.KafkaCpuLimit, cr.Spec.KafkaCpuRequest, &container) if err != nil { return nil, nil, err } @@ -291,17 +292,17 @@ func KafkaDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*appsv1. if err := controllerutil.SetControllerReference(cr, deployment, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) - addBackupAnnotation("kafka-data", &deployment.Spec.Template.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &deployment.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &deployment.Spec.Template.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) + miqutils.AddBackupAnnotation("kafka-data", &deployment.Spec.Template.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &deployment.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &deployment.Spec.Template.ObjectMeta) var repNum int32 = 1 deployment.Spec.Replicas = &repNum deployment.Spec.Strategy = appsv1.DeploymentStrategy{ Type: "Recreate", } deployment.Spec.Template.Spec.Containers = []corev1.Container{container} - deployment.Spec.Template.Spec.Containers[0].SecurityContext = DefaultSecurityContext() + deployment.Spec.Template.Spec.Containers[0].SecurityContext = miqutils.DefaultSecurityContext() deployment.Spec.Template.Spec.ServiceAccountName = defaultServiceAccountName(cr.Spec.AppName) var termSecs int64 = 10 deployment.Spec.Template.Spec.TerminationGracePeriodSeconds = &termSecs @@ -347,7 +348,7 @@ func ZookeeperDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*app }, } - err := addResourceReqs(cr.Spec.ZookeeperMemoryLimit, cr.Spec.ZookeeperMemoryRequest, cr.Spec.ZookeeperCpuLimit, cr.Spec.ZookeeperCpuRequest, &container) + err := miqutils.AddResourceReqs(cr.Spec.ZookeeperMemoryLimit, cr.Spec.ZookeeperMemoryRequest, cr.Spec.ZookeeperCpuLimit, cr.Spec.ZookeeperCpuRequest, &container) if err != nil { return nil, nil, err } @@ -375,18 +376,18 @@ func ZookeeperDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*app if err := controllerutil.SetControllerReference(cr, deployment, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) - addBackupAnnotation("zookeeper-data", &deployment.Spec.Template.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &deployment.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &deployment.Spec.Template.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) + miqutils.AddBackupAnnotation("zookeeper-data", &deployment.Spec.Template.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &deployment.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &deployment.Spec.Template.ObjectMeta) var repNum int32 = 1 deployment.Spec.Replicas = &repNum deployment.Spec.Strategy = appsv1.DeploymentStrategy{ Type: "Recreate", } - addAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) + miqutils.AddAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) deployment.Spec.Template.Spec.Containers = []corev1.Container{container} - deployment.Spec.Template.Spec.Containers[0].SecurityContext = DefaultSecurityContext() + deployment.Spec.Template.Spec.Containers[0].SecurityContext = miqutils.DefaultSecurityContext() deployment.Spec.Template.Spec.ServiceAccountName = defaultServiceAccountName(cr.Spec.AppName) deployment.Spec.Template.Spec.Volumes = []corev1.Volume{ corev1.Volume{ diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/memcached.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/memcached.go index 3d369567a..e7981703e 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/memcached.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/memcached.go @@ -2,6 +2,7 @@ package miqtools import ( miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -52,7 +53,7 @@ func NewMemcachedDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, cl }, } - err := addResourceReqs(cr.Spec.MemcachedMemoryLimit, cr.Spec.MemcachedMemoryRequest, cr.Spec.MemcachedCpuLimit, cr.Spec.MemcachedCpuRequest, &container) + err := miqutils.AddResourceReqs(cr.Spec.MemcachedMemoryLimit, cr.Spec.MemcachedMemoryRequest, cr.Spec.MemcachedCpuLimit, cr.Spec.MemcachedCpuRequest, &container) if err != nil { return nil, nil, err } @@ -86,21 +87,21 @@ func NewMemcachedDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, cl if err := controllerutil.SetControllerReference(cr, deployment, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) var repNum int32 = 1 deployment.Spec.Replicas = &repNum deployment.Spec.Strategy = appsv1.DeploymentStrategy{ Type: "Recreate", } - addAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) + miqutils.AddAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) deployment.Spec.Template.Spec.Containers = []corev1.Container{container} - deployment.Spec.Template.Spec.Containers[0].SecurityContext = DefaultSecurityContext() + deployment.Spec.Template.Spec.Containers[0].SecurityContext = miqutils.DefaultSecurityContext() deployment.Spec.Template.Spec.ServiceAccountName = defaultServiceAccountName(cr.Spec.AppName) - addInternalCertificate(cr, deployment, client, "memcached", "/root") + miqutils.AddInternalCertificate(cr, deployment, client, "memcached", "/root") - if secret := InternalCertificatesSecret(cr, client); secret.Data["memcached_crt"] != nil && secret.Data["memcached_key"] != nil { - deployment.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "MEMCACHED_EXTRA_PARAMETERS", Value: "-Z -o ssl_chain_cert=/root/server.crt -o ssl_key=/root/server.key -p 11211"}) + if secret := miqutils.InternalCertificatesSecret(cr, client); secret.Data["memcached_crt"] != nil && secret.Data["memcached_key"] != nil { + deployment.Spec.Template.Spec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "MEMCACHED_EXTRA_PARAMETERS", Value: "-Z -o ssl_chain_cert=/root/server.crt -o ssl_key=/root/server.key -p 11211"}) } return nil @@ -121,7 +122,7 @@ func NewMemcachedService(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*cor if err := controllerutil.SetControllerReference(cr, service, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &service.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &service.ObjectMeta) if len(service.Spec.Ports) == 0 { service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{}) } diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/network_policies.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/network_policies.go index 44aba3488..53f8b3ca0 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/network_policies.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/network_policies.go @@ -2,6 +2,7 @@ package miqtools import ( miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -18,7 +19,7 @@ func NetworkPolicyDefaultDeny(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) if err := controllerutil.SetControllerReference(cr, networkPolicy, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) setIngressPolicyType(networkPolicy) networkPolicy.Spec.PodSelector.MatchLabels = map[string]string{"app": cr.Spec.AppName} @@ -36,7 +37,7 @@ func NetworkPolicyAllowInboundHttpd(cr *miqv1alpha1.ManageIQ, scheme *runtime.Sc if err := controllerutil.SetControllerReference(cr, networkPolicy, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) setIngressPolicyType(networkPolicy) networkPolicy.Spec.PodSelector.MatchLabels = map[string]string{"name": "httpd"} @@ -64,7 +65,7 @@ func NetworkPolicyAllowHttpdApi(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme if err := controllerutil.SetControllerReference(cr, networkPolicy, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) setIngressPolicyType(networkPolicy) networkPolicy.Spec.PodSelector.MatchLabels = map[string]string{"service": "web-service"} @@ -92,7 +93,7 @@ func NetworkPolicyAllowHttpdUi(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) if err := controllerutil.SetControllerReference(cr, networkPolicy, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) setIngressPolicyType(networkPolicy) networkPolicy.Spec.PodSelector.MatchLabels = map[string]string{"service": "ui"} @@ -120,7 +121,7 @@ func NetworkPolicyAllowHttpdRemoteConsole(cr *miqv1alpha1.ManageIQ, scheme *runt if err := controllerutil.SetControllerReference(cr, networkPolicy, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) setIngressPolicyType(networkPolicy) networkPolicy.Spec.PodSelector.MatchLabels = map[string]string{"service": "remote-console"} @@ -148,7 +149,7 @@ func NetworkPolicyAllowMemcached(cr *miqv1alpha1.ManageIQ, scheme *runtime.Schem if err := controllerutil.SetControllerReference(cr, networkPolicy, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) setIngressPolicyType(networkPolicy) networkPolicy.Spec.PodSelector.MatchLabels = map[string]string{"name": "memcached"} @@ -186,7 +187,7 @@ func NetworkPolicyAllowPostgres(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme if err := controllerutil.SetControllerReference(cr, networkPolicy, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) setIngressPolicyType(networkPolicy) networkPolicy.Spec.PodSelector.MatchLabels = map[string]string{"name": "postgresql"} @@ -224,7 +225,7 @@ func NetworkPolicyAllowKafka(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, c if err := controllerutil.SetControllerReference(cr, networkPolicy, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) setIngressPolicyType(networkPolicy) networkPolicy.Spec.PodSelector.MatchLabels = map[string]string{"name": "kafka"} @@ -262,7 +263,7 @@ func NetworkPolicyAllowZookeeper(cr *miqv1alpha1.ManageIQ, scheme *runtime.Schem if err := controllerutil.SetControllerReference(cr, networkPolicy, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &networkPolicy.ObjectMeta) setIngressPolicyType(networkPolicy) networkPolicy.Spec.PodSelector.MatchLabels = map[string]string{"name": "zookeeper"} diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/operator.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/operator.go index 341fce21f..c14ab4be7 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/operator.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/operator.go @@ -4,6 +4,7 @@ import ( "context" miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" @@ -17,10 +18,10 @@ func ManageOperator(cr *miqv1alpha1.ManageIQ, client client.Client) (*appsv1.Dep deployment := operatorDeployment(cr, client) f := func() error { - addAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) - addAppLabel(cr.Spec.AppName, &deployment.Spec.Template.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &deployment.ObjectMeta) - deployment.Spec.Template.Spec.Containers[0].SecurityContext = DefaultSecurityContext() + miqutils.AddAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &deployment.Spec.Template.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &deployment.ObjectMeta) + deployment.Spec.Template.Spec.Containers[0].SecurityContext = miqutils.DefaultSecurityContext() return nil } @@ -34,7 +35,7 @@ func ImagePullSecret(cr *miqv1alpha1.ManageIQ, client client.Client) (*corev1.Se client.Get(context.TODO(), secretKey, secret) f := func() error { - addBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) return nil } @@ -48,7 +49,7 @@ func OidcClientSecret(cr *miqv1alpha1.ManageIQ, client client.Client) (*corev1.S client.Get(context.TODO(), secretKey, secret) f := func() error { - addBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) return nil } @@ -62,7 +63,7 @@ func OidcCaCertSecret(cr *miqv1alpha1.ManageIQ, client client.Client) (*corev1.S client.Get(context.TODO(), secretKey, secret) f := func() error { - addBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) return nil } @@ -74,7 +75,7 @@ func ManageOperatorServiceAccount(cr *miqv1alpha1.ManageIQ, client client.Client serviceAccount := operatorServiceAccount(cr, client) f := func() error { - addBackupLabel(cr.Spec.BackupLabelName, &serviceAccount.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &serviceAccount.ObjectMeta) return nil } @@ -86,7 +87,7 @@ func ManageOperatorRole(cr *miqv1alpha1.ManageIQ, client client.Client) (*rbacv1 operatorRole := operatorRole(cr, client) f := func() error { - addBackupLabel(cr.Spec.BackupLabelName, &operatorRole.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &operatorRole.ObjectMeta) return nil } @@ -98,7 +99,7 @@ func ManageOperatorRoleBinding(cr *miqv1alpha1.ManageIQ, client client.Client) ( operatorRoleBinding := operatorRoleBinding(cr, client) f := func() error { - addBackupLabel(cr.Spec.BackupLabelName, &operatorRoleBinding.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &operatorRoleBinding.ObjectMeta) return nil } diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go index 099ccb60a..01203ef34 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go @@ -4,6 +4,7 @@ import ( "context" miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" @@ -161,37 +162,37 @@ func addMessagingEnv(cr *miqv1alpha1.ManageIQ, c *corev1.Container) { } func addPostgresConfig(cr *miqv1alpha1.ManageIQ, d *appsv1.Deployment, client client.Client) { - d.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "DATABASE_REGION", Value: cr.Spec.DatabaseRegion}) + d.Spec.Template.Spec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "DATABASE_REGION", Value: cr.Spec.DatabaseRegion}) } func updateOrchestratorEnv(cr *miqv1alpha1.ManageIQ, c *corev1.Container) { - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "ADMIN_GROUP", Value: cr.Spec.InitialAdminGroupName}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "APP_NAME", Value: cr.Spec.AppName}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "APPLICATION_DOMAIN", Value: cr.Spec.ApplicationDomain}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "AUTH_SSO", Value: strconv.FormatBool(*cr.Spec.EnableSSO)}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "AUTH_TYPE", Value: cr.Spec.HttpdAuthenticationType}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "GUID", Value: cr.Spec.ServerGuid}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "LOCAL_LOGIN_ENABLED", Value: strconv.FormatBool(*cr.Spec.EnableApplicationLocalLogin)}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "MEMCACHED_SERVER", Value: "memcached:11211"}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "WORKER_RESOURCES", Value: strconv.FormatBool(*cr.Spec.EnforceWorkerResourceConstraints)}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "WORKER_SERVICE_ACCOUNT", Value: defaultServiceAccountName(cr.Spec.AppName)}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "ADMIN_GROUP", Value: cr.Spec.InitialAdminGroupName}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "APP_NAME", Value: cr.Spec.AppName}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "APPLICATION_DOMAIN", Value: cr.Spec.ApplicationDomain}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "AUTH_SSO", Value: strconv.FormatBool(*cr.Spec.EnableSSO)}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "AUTH_TYPE", Value: cr.Spec.HttpdAuthenticationType}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "GUID", Value: cr.Spec.ServerGuid}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "LOCAL_LOGIN_ENABLED", Value: strconv.FormatBool(*cr.Spec.EnableApplicationLocalLogin)}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "MEMCACHED_SERVER", Value: "memcached:11211"}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "WORKER_RESOURCES", Value: strconv.FormatBool(*cr.Spec.EnforceWorkerResourceConstraints)}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "WORKER_SERVICE_ACCOUNT", Value: defaultServiceAccountName(cr.Spec.AppName)}) // If any of the images were not provided, add the orchestrator namespace and tag if cr.Spec.BaseWorkerImage == "" || cr.Spec.WebserverWorkerImage == "" || cr.Spec.UIWorkerImage == "" { string1 := strings.Split(cr.Spec.OrchestratorImage, ":") string2 := strings.Split(string1[0], "/") - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "CONTAINER_IMAGE_NAMESPACE", Value: string2[0]}) - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "CONTAINER_IMAGE_TAG", Value: string1[1]}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "CONTAINER_IMAGE_NAMESPACE", Value: string2[0]}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "CONTAINER_IMAGE_TAG", Value: string1[1]}) } if cr.Spec.BaseWorkerImage != "" { - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "BASE_WORKER_IMAGE", Value: cr.Spec.BaseWorkerImage}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "BASE_WORKER_IMAGE", Value: cr.Spec.BaseWorkerImage}) } if cr.Spec.WebserverWorkerImage != "" { - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "WEBSERVER_WORKER_IMAGE", Value: cr.Spec.WebserverWorkerImage}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "WEBSERVER_WORKER_IMAGE", Value: cr.Spec.WebserverWorkerImage}) } if cr.Spec.UIWorkerImage != "" { - c.Env = addOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "UI_WORKER_IMAGE", Value: cr.Spec.UIWorkerImage}) + c.Env = miqutils.AddOrUpdateEnvVar(c.Env, corev1.EnvVar{Name: "UI_WORKER_IMAGE", Value: cr.Spec.UIWorkerImage}) } } @@ -245,7 +246,7 @@ func OrchestratorDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, cl } addMessagingEnv(cr, &container) - err = addResourceReqs(cr.Spec.OrchestratorMemoryLimit, cr.Spec.OrchestratorMemoryRequest, cr.Spec.OrchestratorCpuLimit, cr.Spec.OrchestratorCpuRequest, &container) + err = miqutils.AddResourceReqs(cr.Spec.OrchestratorMemoryLimit, cr.Spec.OrchestratorMemoryRequest, cr.Spec.OrchestratorCpuLimit, cr.Spec.OrchestratorCpuRequest, &container) if err != nil { return nil, nil, err } @@ -275,13 +276,13 @@ func OrchestratorDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, cl if err := controllerutil.SetControllerReference(cr, deployment, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) var repNum int32 = 1 deployment.Spec.Replicas = &repNum deployment.Spec.Strategy = appsv1.DeploymentStrategy{ Type: "Recreate", } - addAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) + miqutils.AddAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) var termSecs int64 = 90 deployment.Spec.Template.Spec.ServiceAccountName = cr.Spec.AppName + "-orchestrator" deployment.Spec.Template.Spec.TerminationGracePeriodSeconds = &termSecs @@ -289,29 +290,29 @@ func OrchestratorDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, cl addPostgresConfig(cr, deployment, client) updateOrchestratorEnv(cr, &deployment.Spec.Template.Spec.Containers[0]) deployment.Spec.Template.Spec.Containers[0].Image = cr.Spec.OrchestratorImage - deployment.Spec.Template.Spec.Containers[0].SecurityContext = DefaultSecurityContext() + deployment.Spec.Template.Spec.Containers[0].SecurityContext = miqutils.DefaultSecurityContext() addInternalRootCertificate(cr, deployment, client) - certSecret := InternalCertificatesSecret(cr, client) + certSecret := miqutils.InternalCertificatesSecret(cr, client) if certSecret.Data["api_crt"] != nil && certSecret.Data["api_key"] != nil { - deployment.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "API_SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret}) + deployment.Spec.Template.Spec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "API_SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret}) } if certSecret.Data["remote_console_crt"] != nil && certSecret.Data["remote_console_key"] != nil { - deployment.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "REMOTE_CONSOLE_SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret}) + deployment.Spec.Template.Spec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "REMOTE_CONSOLE_SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret}) } if certSecret.Data["ui_crt"] != nil && certSecret.Data["ui_key"] != nil { - deployment.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "UI_SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret}) + deployment.Spec.Template.Spec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(deployment.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "UI_SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret}) } volumeMount := corev1.VolumeMount{Name: "encryption-key", MountPath: "/run/secrets/manageiq/application", ReadOnly: true} - deployment.Spec.Template.Spec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) + deployment.Spec.Template.Spec.Containers[0].VolumeMounts = miqutils.AddOrUpdateVolumeMount(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) secretVolumeSource := corev1.SecretVolumeSource{SecretName: "app-secrets", Items: []corev1.KeyToPath{corev1.KeyToPath{Key: "encryption-key", Path: "encryption_key"}}} - deployment.Spec.Template.Spec.Volumes = addOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: "encryption-key", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) + deployment.Spec.Template.Spec.Volumes = miqutils.AddOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: "encryption-key", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) databaseVolumeMount := corev1.VolumeMount{Name: "database-secret", MountPath: "/run/secrets/postgresql", ReadOnly: true} - deployment.Spec.Template.Spec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, databaseVolumeMount) + deployment.Spec.Template.Spec.Containers[0].VolumeMounts = miqutils.AddOrUpdateVolumeMount(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, databaseVolumeMount) databaseSecretVolumeSource := corev1.SecretVolumeSource{SecretName: cr.Spec.DatabaseSecret, Items: []corev1.KeyToPath{ corev1.KeyToPath{Key: "dbname", Path: "POSTGRESQL_DATABASE"}, @@ -320,7 +321,7 @@ func OrchestratorDeployment(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, cl corev1.KeyToPath{Key: "port", Path: "POSTGRESQL_PORT"}, corev1.KeyToPath{Key: "username", Path: "POSTGRESQL_USER"}, }} - deployment.Spec.Template.Spec.Volumes = addOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: "database-secret", VolumeSource: corev1.VolumeSource{Secret: &databaseSecretVolumeSource}}) + deployment.Spec.Template.Spec.Volumes = miqutils.AddOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: "database-secret", VolumeSource: corev1.VolumeSource{Secret: &databaseSecretVolumeSource}}) return nil } @@ -342,19 +343,19 @@ func orchestratorPod(c client.Client) *corev1.Pod { } func addInternalRootCertificate(cr *miqv1alpha1.ManageIQ, d *appsv1.Deployment, client client.Client) { - secret := InternalCertificatesSecret(cr, client) + secret := miqutils.InternalCertificatesSecret(cr, client) if secret.Data["root_crt"] != nil { volumeMount := corev1.VolumeMount{Name: "internal-root-certificate", MountPath: "/etc/pki/ca-trust/source/anchors", ReadOnly: true} - d.Spec.Template.Spec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(d.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) + d.Spec.Template.Spec.Containers[0].VolumeMounts = miqutils.AddOrUpdateVolumeMount(d.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) secretVolumeSource := corev1.SecretVolumeSource{SecretName: secret.Name, Items: []corev1.KeyToPath{corev1.KeyToPath{Key: "root_crt", Path: "root.crt"}}} - d.Spec.Template.Spec.Volumes = addOrUpdateVolume(d.Spec.Template.Spec.Volumes, corev1.Volume{Name: "internal-root-certificate", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) + d.Spec.Template.Spec.Volumes = miqutils.AddOrUpdateVolume(d.Spec.Template.Spec.Volumes, corev1.Volume{Name: "internal-root-certificate", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) - d.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret}) + d.Spec.Template.Spec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret}) if secret.Data["memcached_crt"] != nil && secret.Data["memcached_key"] != nil { - d.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "MEMCACHED_ENABLE_SSL", Value: "true"}) - d.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "MEMCACHED_SSL_CA", Value: "/etc/pki/ca-trust/source/anchors/root.crt"}) + d.Spec.Template.Spec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "MEMCACHED_ENABLE_SSL", Value: "true"}) + d.Spec.Template.Spec.Containers[0].Env = miqutils.AddOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "MEMCACHED_SSL_CA", Value: "/etc/pki/ca-trust/source/anchors/root.crt"}) } } } diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/postgresql.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/postgresql.go index 0b21ff303..072ff73a4 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/postgresql.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/postgresql.go @@ -4,6 +4,7 @@ import ( "context" miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" resource "k8s.io/apimachinery/pkg/api/resource" @@ -28,10 +29,10 @@ func ManagePostgresqlSecret(cr *miqv1alpha1.ManageIQ, client client.Client, sche return err } - addAppLabel(cr.Spec.AppName, &secret.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &secret.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &secret.ObjectMeta) - if certSecret := InternalCertificatesSecret(cr, client); certSecret.Data["postgresql_crt"] != nil && certSecret.Data["postgresql_key"] != nil && string(secret.Data["hostname"]) == "postgresql" { + if certSecret := miqutils.InternalCertificatesSecret(cr, client); certSecret.Data["postgresql_crt"] != nil && certSecret.Data["postgresql_key"] != nil && string(secret.Data["hostname"]) == "postgresql" { d := map[string]string{ "rootcertificate": string(certSecret.Data["root_crt"]), "sslmode": "verify-full", @@ -87,14 +88,14 @@ func PostgresqlConfigMap(cr *miqv1alpha1.ManageIQ, client client.Client, scheme if err := controllerutil.SetControllerReference(cr, configMap, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &configMap.ObjectMeta) if configMap.Data == nil { configMap.Data = map[string]string{} } configMap.Data["01_miq_overrides.conf"] = postgresOverrideConfig - if secret := InternalCertificatesSecret(cr, client); secret.Data["postgresql_crt"] != nil && secret.Data["postgresql_key"] != nil { + if secret := miqutils.InternalCertificatesSecret(cr, client); secret.Data["postgresql_crt"] != nil && secret.Data["postgresql_key"] != nil { configMap.Data["02_ssl.conf"] = postgresqlSslConf() } else { delete(configMap.Data, "02_ssl.conf") @@ -131,8 +132,8 @@ func PostgresqlPVC(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev1.Pe return err } - addAppLabel(cr.Spec.AppName, &pvc.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &pvc.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &pvc.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &pvc.ObjectMeta) pvc.Spec.AccessModes = accessModes pvc.Spec.Resources = resources @@ -158,7 +159,7 @@ func PostgresqlService(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*corev return err } - addAppLabel(cr.Spec.AppName, &service.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &service.ObjectMeta) if len(service.Spec.Ports) == 0 { service.Spec.Ports = append(service.Spec.Ports, corev1.ServicePort{}) } @@ -212,7 +213,7 @@ func PostgresqlDeployment(cr *miqv1alpha1.ManageIQ, client client.Client, scheme }, } - err := addResourceReqs(cr.Spec.PostgresqlMemoryLimit, cr.Spec.PostgresqlMemoryRequest, cr.Spec.PostgresqlCpuLimit, cr.Spec.PostgresqlCpuRequest, &container) + err := miqutils.AddResourceReqs(cr.Spec.PostgresqlMemoryLimit, cr.Spec.PostgresqlMemoryRequest, cr.Spec.PostgresqlCpuLimit, cr.Spec.PostgresqlCpuRequest, &container) if err != nil { return nil, nil, err } @@ -240,18 +241,18 @@ func PostgresqlDeployment(cr *miqv1alpha1.ManageIQ, client client.Client, scheme if err := controllerutil.SetControllerReference(cr, deployment, scheme); err != nil { return err } - addAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &deployment.ObjectMeta) - addBackupLabel(cr.Spec.BackupLabelName, &deployment.Spec.Template.ObjectMeta) - addBackupAnnotation("miq-pgdb-volume", &deployment.Spec.Template.ObjectMeta) + miqutils.AddAppLabel(cr.Spec.AppName, &deployment.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &deployment.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &deployment.Spec.Template.ObjectMeta) + miqutils.AddBackupAnnotation("miq-pgdb-volume", &deployment.Spec.Template.ObjectMeta) var repNum int32 = 1 deployment.Spec.Replicas = &repNum deployment.Spec.Strategy = appsv1.DeploymentStrategy{ Type: "Recreate", } - addAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) + miqutils.AddAnnotations(cr.Spec.AppAnnotations, &deployment.Spec.Template.ObjectMeta) deployment.Spec.Template.Spec.Containers = []corev1.Container{container} - deployment.Spec.Template.Spec.Containers[0].SecurityContext = DefaultSecurityContext() + deployment.Spec.Template.Spec.Containers[0].SecurityContext = miqutils.DefaultSecurityContext() deployment.Spec.Template.Spec.ServiceAccountName = defaultServiceAccountName(cr.Spec.AppName) deployment.Spec.Template.Spec.Volumes = []corev1.Volume{ corev1.Volume{ @@ -273,7 +274,7 @@ func PostgresqlDeployment(cr *miqv1alpha1.ManageIQ, client client.Client, scheme } volumeMount := corev1.VolumeMount{Name: "env-file", MountPath: "/run/secrets/postgresql", ReadOnly: true} - deployment.Spec.Template.Spec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) + deployment.Spec.Template.Spec.Containers[0].VolumeMounts = miqutils.AddOrUpdateVolumeMount(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) secret := corev1.SecretVolumeSource{ SecretName: cr.Spec.DatabaseSecret, Items: []corev1.KeyToPath{ @@ -282,9 +283,9 @@ func PostgresqlDeployment(cr *miqv1alpha1.ManageIQ, client client.Client, scheme corev1.KeyToPath{Key: "username", Path: "POSTGRESQL_USER"}, }, } - deployment.Spec.Template.Spec.Volumes = addOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: "env-file", VolumeSource: corev1.VolumeSource{Secret: &secret}}) + deployment.Spec.Template.Spec.Volumes = miqutils.AddOrUpdateVolume(deployment.Spec.Template.Spec.Volumes, corev1.Volume{Name: "env-file", VolumeSource: corev1.VolumeSource{Secret: &secret}}) - addInternalCertificate(cr, deployment, client, "postgresql", "/opt/app-root/src/certificates") + miqutils.AddInternalCertificate(cr, deployment, client, "postgresql", "/opt/app-root/src/certificates") return nil } diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/rbac.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/rbac.go index 74e88a70d..25ff50d5d 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/rbac.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/rbac.go @@ -4,6 +4,7 @@ import ( "fmt" miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -45,7 +46,7 @@ func DefaultServiceAccount(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme) (*c addSAPullSecret(sa, cr.Spec.ImagePullSecret) } - addBackupLabel(cr.Spec.BackupLabelName, &sa.ObjectMeta) + miqutils.AddBackupLabel(cr.Spec.BackupLabelName, &sa.ObjectMeta) return nil } diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/util.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/utils/util.go similarity index 85% rename from manageiq-operator/api/v1alpha1/helpers/miq-components/util.go rename to manageiq-operator/api/v1alpha1/helpers/miq-components/utils/util.go index 12e93f341..eab5dbaf5 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/util.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/utils/util.go @@ -1,4 +1,4 @@ -package miqtools +package miqutils import ( "context" @@ -13,7 +13,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -func addResourceReqs(memLimit, memReq, cpuLimit, cpuReq string, c *corev1.Container) error { +func AddResourceReqs(memLimit, memReq, cpuLimit, cpuReq string, c *corev1.Container) error { if memLimit == "" && memReq == "" && cpuLimit == "" && cpuReq == "" { return nil } @@ -61,28 +61,28 @@ func addResourceReqs(memLimit, memReq, cpuLimit, cpuReq string, c *corev1.Contai return nil } -func addAppLabel(appName string, meta *metav1.ObjectMeta) { +func AddAppLabel(appName string, meta *metav1.ObjectMeta) { if meta.Labels == nil { meta.Labels = make(map[string]string) } meta.Labels["app"] = appName } -func addBackupLabel(backupLabel string, meta *metav1.ObjectMeta) { +func AddBackupLabel(backupLabel string, meta *metav1.ObjectMeta) { if meta.Labels == nil { meta.Labels = make(map[string]string) } meta.Labels[backupLabel] = "t" } -func addBackupAnnotation(volumesToBackup string, meta *metav1.ObjectMeta) { +func AddBackupAnnotation(volumesToBackup string, meta *metav1.ObjectMeta) { if meta.Annotations == nil { meta.Annotations = make(map[string]string) } meta.Annotations["backup.velero.io/backup-volumes"] = volumesToBackup } -func addAnnotations(annotations map[string]string, meta *metav1.ObjectMeta) { +func AddAnnotations(annotations map[string]string, meta *metav1.ObjectMeta) { if len(annotations) > 0 { if meta.Annotations == nil { meta.Annotations = make(map[string]string) @@ -103,20 +103,20 @@ func InternalCertificatesSecret(cr *miqv1alpha1.ManageIQ, client client.Client) return secret } -func addInternalCertificate(cr *miqv1alpha1.ManageIQ, d *appsv1.Deployment, client client.Client, name string, mountPoint string) { +func AddInternalCertificate(cr *miqv1alpha1.ManageIQ, d *appsv1.Deployment, client client.Client, name string, mountPoint string) { secret := InternalCertificatesSecret(cr, client) if secret.Data[fmt.Sprintf("%s_crt", name)] != nil && secret.Data[fmt.Sprintf("%s_key", name)] != nil { volumeName := fmt.Sprintf("%s-certificate", name) volumeMount := corev1.VolumeMount{Name: volumeName, MountPath: mountPoint, ReadOnly: true} - d.Spec.Template.Spec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(d.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) + d.Spec.Template.Spec.Containers[0].VolumeMounts = AddOrUpdateVolumeMount(d.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) secretVolumeSource := corev1.SecretVolumeSource{SecretName: secret.Name, Items: []corev1.KeyToPath{corev1.KeyToPath{Key: fmt.Sprintf("%s_crt", name), Path: "server.crt"}, corev1.KeyToPath{Key: fmt.Sprintf("%s_key", name), Path: "server.key"}}} - d.Spec.Template.Spec.Volumes = addOrUpdateVolume(d.Spec.Template.Spec.Volumes, corev1.Volume{Name: volumeName, VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) + d.Spec.Template.Spec.Volumes = AddOrUpdateVolume(d.Spec.Template.Spec.Volumes, corev1.Volume{Name: volumeName, VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) } } -func addOrUpdateEnvVar(environment []corev1.EnvVar, variable corev1.EnvVar) []corev1.EnvVar { +func AddOrUpdateEnvVar(environment []corev1.EnvVar, variable corev1.EnvVar) []corev1.EnvVar { index := -1 for i, env := range environment { if env.Name == variable.Name { @@ -133,7 +133,7 @@ func addOrUpdateEnvVar(environment []corev1.EnvVar, variable corev1.EnvVar) []co return environment } -func addOrUpdateVolumeMount(volumeMounts []corev1.VolumeMount, volumeMount corev1.VolumeMount) []corev1.VolumeMount { +func AddOrUpdateVolumeMount(volumeMounts []corev1.VolumeMount, volumeMount corev1.VolumeMount) []corev1.VolumeMount { if volumeMounts == nil { volumeMounts = []corev1.VolumeMount{} } @@ -154,7 +154,7 @@ func addOrUpdateVolumeMount(volumeMounts []corev1.VolumeMount, volumeMount corev return volumeMounts } -func addOrUpdateVolume(volumes []corev1.Volume, volume corev1.Volume) []corev1.Volume { +func AddOrUpdateVolume(volumes []corev1.Volume, volume corev1.Volume) []corev1.Volume { if volumes == nil { volumes = []corev1.Volume{} } diff --git a/manageiq-operator/internal/controller/manageiq_controller.go b/manageiq-operator/internal/controller/manageiq_controller.go index 213094f59..87cc011ca 100644 --- a/manageiq-operator/internal/controller/manageiq_controller.go +++ b/manageiq-operator/internal/controller/manageiq_controller.go @@ -36,6 +36,7 @@ import ( miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" cr_migration "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/cr_migration" miqtool "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components" + miqutils "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/utils" apimeta "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -414,7 +415,7 @@ func (r *ManageIQReconciler) generateHttpdResources(cr *miqv1alpha1.ManageIQ) er return err } - if internalCerts := miqtool.InternalCertificatesSecret(cr, r.Client); internalCerts.Data["httpd_crt"] != nil { + if internalCerts := miqutils.InternalCertificatesSecret(cr, r.Client); internalCerts.Data["httpd_crt"] != nil { httpdRoute, mutateFunc := miqtool.Route(cr, r.Scheme, r.Client) if result, err := controllerutil.CreateOrUpdate(context.TODO(), r.Client, httpdRoute, mutateFunc); err != nil { return err