From 3cbebfd852bf4e67d10ce7e7761cef9e1937fdce Mon Sep 17 00:00:00 2001 From: Nasar Khan Date: Thu, 11 Jan 2024 11:43:33 -0500 Subject: [PATCH] move internal root cert to projected volume source --- .../helpers/miq-components/orchestrator.go | 10 ++++++-- .../v1alpha1/helpers/miq-components/util.go | 17 +++++++++++++ .../api/v1alpha1/miqutils/find.go | 24 +++++++++++++++++++ 3 files changed, 49 insertions(+), 2 deletions(-) diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go index 518c7111a..95415378a 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/orchestrator.go @@ -353,8 +353,14 @@ func addInternalRootCertificate(cr *miqv1alpha1.ManageIQ, d *appsv1.Deployment, volumeMount := corev1.VolumeMount{Name: "internal-root-certificate", MountPath: "/etc/pki/ca-trust/source/anchors", ReadOnly: true} d.Spec.Template.Spec.Containers[0].VolumeMounts = addOrUpdateVolumeMount(d.Spec.Template.Spec.Containers[0].VolumeMounts, volumeMount) - secretVolumeSource := corev1.SecretVolumeSource{SecretName: secret.Name, Items: []corev1.KeyToPath{corev1.KeyToPath{Key: "root_crt", Path: "root.crt"}}} - d.Spec.Template.Spec.Volumes = addOrUpdateVolume(d.Spec.Template.Spec.Volumes, corev1.Volume{Name: "internal-root-certificate", VolumeSource: corev1.VolumeSource{Secret: &secretVolumeSource}}) + volumeProjection := &corev1.VolumeProjection{ + Secret: &corev1.SecretProjection{ + LocalObjectReference: corev1.LocalObjectReference{Name: cr.Spec.InternalCertificatesSecret}, + Items: []corev1.KeyToPath{corev1.KeyToPath{Key: "root_crt", Path: "root.crt"}}, + }, + } + projectedSecretVolumeSource := addOrUpdateProjectedSecretVolumeSource("internal-root-certificate", d.Spec.Template.Spec.Volumes, volumeProjection) + d.Spec.Template.Spec.Volumes = addOrUpdateVolume(d.Spec.Template.Spec.Volumes, corev1.Volume{Name: "internal-root-certificate", VolumeSource: corev1.VolumeSource{Projected: &projectedSecretVolumeSource}}) d.Spec.Template.Spec.Containers[0].Env = addOrUpdateEnvVar(d.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{Name: "SSL_SECRET_NAME", Value: cr.Spec.InternalCertificatesSecret}) diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/util.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/util.go index b523852bf..a99e2ad0e 100644 --- a/manageiq-operator/api/v1alpha1/helpers/miq-components/util.go +++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/util.go @@ -5,6 +5,7 @@ import ( "fmt" miqv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1" + miqutilsv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/miqutils" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -144,6 +145,22 @@ func addOrUpdateEnvVar(environment []corev1.EnvVar, variable corev1.EnvVar) []co return environment } +func addOrUpdateProjectedSecretVolumeSource(volumeName string, volumes []corev1.Volume, volumeProjection *corev1.VolumeProjection) corev1.ProjectedVolumeSource { + projectedVolumeSource := corev1.ProjectedVolumeSource{} + + if volume := miqutilsv1alpha1.FindVolume(volumeName, volumes); volume.VolumeSource.Projected != nil { + if foundVolumeProjection := miqutilsv1alpha1.FindVolumeProjection((*volumeProjection).Secret.LocalObjectReference.Name, volume.VolumeSource.Projected.Sources); foundVolumeProjection.Secret != nil { + projectedVolumeSource.Sources = volume.VolumeSource.Projected.Sources + } else { + projectedVolumeSource.Sources = append(volume.VolumeSource.Projected.Sources, *volumeProjection) + } + } else { + projectedVolumeSource.Sources = []corev1.VolumeProjection{*volumeProjection} + } + + return projectedVolumeSource +} + func addOrUpdateVolumeMount(volumeMounts []corev1.VolumeMount, volumeMount corev1.VolumeMount) []corev1.VolumeMount { if volumeMounts == nil { volumeMounts = []corev1.VolumeMount{} diff --git a/manageiq-operator/api/v1alpha1/miqutils/find.go b/manageiq-operator/api/v1alpha1/miqutils/find.go index f420d9e6b..6333ecbe1 100644 --- a/manageiq-operator/api/v1alpha1/miqutils/find.go +++ b/manageiq-operator/api/v1alpha1/miqutils/find.go @@ -64,3 +64,27 @@ func FindCatalogSourceByName(client client.Client, namespace string, name string return catalogSource } + +func FindVolume(volumeName string, volumes []corev1.Volume) corev1.Volume { + volume := corev1.Volume{} + for i := 0; i < len(volumes); i++ { + if volumes[i].Name == volumeName { + volume = volumes[i] + } + } + + return volume +} + +func FindVolumeProjection(volumeProjectionName string, volumeProjections []corev1.VolumeProjection) corev1.VolumeProjection { + volumeProjection := corev1.VolumeProjection{} + for i := 0; i < len(volumeProjections); i++ { + if volumeProjections[i].Secret != nil && volumeProjections[i].Secret.LocalObjectReference.Name == volumeProjectionName { + volumeProjection = volumeProjections[i] + } else if volumeProjections[i].ConfigMap != nil && volumeProjections[i].ConfigMap.LocalObjectReference.Name == volumeProjectionName { + volumeProjection = volumeProjections[i] + } + } + + return volumeProjection +}