From 2d9c31ea6d4b491f5febc946851487b2dc781d93 Mon Sep 17 00:00:00 2001
From: Miles Garnsey <miles.garnsey@datastax.com>
Date: Thu, 5 Oct 2023 07:20:28 +1100
Subject: [PATCH] Add settings to configure reaper HTTP management interface.

---
 apis/reaper/v1alpha1/reaper_types.go          | 11 +++
 pkg/reaper/deployment.go                      |  9 ++-
 pkg/reaper/deployment_test.go                 |  5 ++
 test/e2e/suite_test.go                        |  6 ++
 .../reaper-http-management/cassdc.yaml        | 67 +++++++++++++++++++
 .../reaper-http-management/kustomization.yaml |  7 ++
 .../reaper-cql-secret.yaml                    |  9 +++
 .../reaper-ui-secret.yaml                     |  9 +++
 .../reaper-http-management/reaper.yaml        | 25 +++++++
 9 files changed, 147 insertions(+), 1 deletion(-)
 create mode 100644 test/testdata/fixtures/reaper-http-management/cassdc.yaml
 create mode 100644 test/testdata/fixtures/reaper-http-management/kustomization.yaml
 create mode 100644 test/testdata/fixtures/reaper-http-management/reaper-cql-secret.yaml
 create mode 100644 test/testdata/fixtures/reaper-http-management/reaper-ui-secret.yaml
 create mode 100644 test/testdata/fixtures/reaper-http-management/reaper.yaml

diff --git a/apis/reaper/v1alpha1/reaper_types.go b/apis/reaper/v1alpha1/reaper_types.go
index 12276cad4..64e1420c8 100644
--- a/apis/reaper/v1alpha1/reaper_types.go
+++ b/apis/reaper/v1alpha1/reaper_types.go
@@ -139,6 +139,9 @@ type ReaperTemplate struct {
 	// labels and annotations for Reaper resources
 	// +optional
 	ResourceMeta *meta.ResourceMeta `json:"metadata,omitempty"`
+
+	// +kubebuilder:default={enabled: "false"}
+	HttpManagement HttpManagement `json:"httpManagement"`
 }
 
 // UseExternalSecrets defines whether the user has specified if credentials and
@@ -367,6 +370,14 @@ type Reaper struct {
 	Status ReaperStatus `json:"status,omitempty"`
 }
 
+type HttpManagement struct {
+	// Enable/disable the HTTP management connection between Reaper and Cassandra.
+	// When enabled, HTTP will be used instead of JMX for management connectivity between Cassandra
+	// and Reaper. In future, this will be true by default
+	// +kubebuilder:default=false
+	Enabled bool `json:"enabled"`
+}
+
 // +kubebuilder:object:root=true
 
 // ReaperList contains a list of Reaper
diff --git a/pkg/reaper/deployment.go b/pkg/reaper/deployment.go
index eff0caae4..0dd4ef051 100644
--- a/pkg/reaper/deployment.go
+++ b/pkg/reaper/deployment.go
@@ -24,7 +24,7 @@ import (
 const (
 	DefaultImageRepository = "thelastpickle"
 	DefaultImageName       = "cassandra-reaper"
-	DefaultVersion         = "3.2.1"
+	DefaultVersion         = "3.2.1" // TODO: ensure that this is updated to reflect the latest version with HTTP management proxy.
 	// When changing the default version above, please also change the kubebuilder markers in
 	// apis/reaper/v1alpha1/reaper_types.go accordingly.
 
@@ -151,6 +151,13 @@ func NewDeployment(reaper *api.Reaper, dc *cassdcapi.CassandraDatacenter, keysto
 		})
 	}
 
+	if reaper.Spec.HttpManagement.Enabled {
+		envVars = append(envVars, corev1.EnvVar{
+			Name:  "REAPER_HTTP_MANAGEMENT_ENABLE",
+			Value: "true",
+		})
+	}
+
 	volumeMounts := []corev1.VolumeMount{}
 	volumes := []corev1.Volume{}
 	// if client encryption is turned on, we need to mount the keystore and truststore volumes
diff --git a/pkg/reaper/deployment_test.go b/pkg/reaper/deployment_test.go
index c2a4a9a53..da2e95710 100644
--- a/pkg/reaper/deployment_test.go
+++ b/pkg/reaper/deployment_test.go
@@ -28,6 +28,7 @@ func TestNewDeployment(t *testing.T) {
 	reaper.Spec.AutoScheduling = reaperapi.AutoScheduling{Enabled: false}
 	reaper.Spec.ServiceAccountName = "reaper"
 	reaper.Spec.DatacenterAvailability = DatacenterAvailabilityAll
+	reaper.Spec.HttpManagement.Enabled = true
 	reaper.Spec.ClientEncryptionStores = &encryption.Stores{
 		KeystoreSecretRef: &encryption.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{
 			Name: "keystore-secret",
@@ -116,6 +117,10 @@ func TestNewDeployment(t *testing.T) {
 			Name:  "REAPER_CASS_NATIVE_PROTOCOL_SSL_ENCRYPTION_ENABLED",
 			Value: "true",
 		},
+		{
+			Name:  "REAPER_HTTP_MANAGEMENT_ENABLE",
+			Value: "true",
+		},
 	})
 
 	assert.Len(t, podSpec.InitContainers, 1)
diff --git a/test/e2e/suite_test.go b/test/e2e/suite_test.go
index a34a8e09f..5f1294dcf 100644
--- a/test/e2e/suite_test.go
+++ b/test/e2e/suite_test.go
@@ -252,6 +252,12 @@ func TestOperator(t *testing.T) {
 		skipK8ssandraClusterCleanup:  true,
 		doCassandraDatacenterCleanup: true,
 	}))
+	t.Run("CreateReaperHttpManagement", e2eTest(ctx, &e2eTestOpts{
+		testFunc:                     createReaperAndDatacenter, // same as above, ensure we can trigger repair. Only difference is that we use a fixture which enabled the HTTP management interface.
+		fixture:                      framework.NewTestFixture("reaper-http-management", dataPlanes[0]),
+		skipK8ssandraClusterCleanup:  true,
+		doCassandraDatacenterCleanup: true,
+	}))
 	t.Run("ClusterScoped", func(t *testing.T) {
 		t.Run("MultiDcMultiCluster", e2eTest(ctx, &e2eTestOpts{
 			testFunc:             multiDcMultiCluster,
diff --git a/test/testdata/fixtures/reaper-http-management/cassdc.yaml b/test/testdata/fixtures/reaper-http-management/cassdc.yaml
new file mode 100644
index 000000000..995d41b82
--- /dev/null
+++ b/test/testdata/fixtures/reaper-http-management/cassdc.yaml
@@ -0,0 +1,67 @@
+apiVersion: cassandra.datastax.com/v1beta1
+kind: CassandraDatacenter
+metadata:
+  name: dc1
+spec:
+  clusterName: test
+  config:
+    cassandra-yaml:
+      auto_snapshot: false
+      commitlog_segment_size_in_mb: 2
+      compaction_throughput_mb_per_sec: 0
+      concurrent_compactors: 1
+      concurrent_counter_writes: 2
+      concurrent_reads: 2
+      concurrent_writes: 2
+      counter_cache_size_in_mb: 0
+      key_cache_size_in_mb: 0
+      memtable_flush_writers: 1
+      prepared_statements_cache_size_mb: 1
+      slow_query_log_timeout_in_ms: 0
+      sstable_preemptive_open_interval_in_mb: 0
+      thrift_prepared_statements_cache_size_mb: 1
+      authenticator: PasswordAuthenticator
+      authorizer: CassandraAuthorizer
+      role_manager: CassandraRoleManager
+    jvm-options:
+      additional-jvm-opts:
+        - -Dcassandra.system_distributed_replication_dc_names=dc1
+        - -Dcassandra.system_distributed_replication_per_dc=1
+        - -Dcassandra.jmx.remote.login.config=CassandraLogin
+        - -Djava.security.auth.login.config=/etc/cassandra/cassandra-jaas.config
+        - -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy
+      initial_heap_size: 512m
+      max_heap_size: 512m
+  users:
+    - secretName: reaper-cql-secret
+      superuser: true
+  serverType: cassandra
+  serverVersion: 3.11.14
+  networking:
+    hostNetwork: false
+  size: 3
+  racks:
+    - name: rack1
+      nodeAffinityLabels:
+        "topology.kubernetes.io/zone": region1-zone1
+    - name: rack2
+      nodeAffinityLabels:
+        "topology.kubernetes.io/zone": region1-zone2
+    - name: rack3
+      nodeAffinityLabels:
+        "topology.kubernetes.io/zone": region1-zone3
+  storageConfig:
+    cassandraDataVolumeClaimSpec:
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 5Gi
+      storageClassName: standard
+  podTemplateSpec:
+    spec:
+      containers:
+        - name: cassandra
+          env:
+            - name: "LOCAL_JMX"
+              value: "no"
diff --git a/test/testdata/fixtures/reaper-http-management/kustomization.yaml b/test/testdata/fixtures/reaper-http-management/kustomization.yaml
new file mode 100644
index 000000000..d9a67628b
--- /dev/null
+++ b/test/testdata/fixtures/reaper-http-management/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cassdc.yaml
+  - reaper.yaml
+  - reaper-cql-secret.yaml
+  - reaper-ui-secret.yaml
diff --git a/test/testdata/fixtures/reaper-http-management/reaper-cql-secret.yaml b/test/testdata/fixtures/reaper-http-management/reaper-cql-secret.yaml
new file mode 100644
index 000000000..8a7f3cd48
--- /dev/null
+++ b/test/testdata/fixtures/reaper-http-management/reaper-cql-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: reaper-cql-secret
+data:
+  # username: reaper-cql
+  username: cmVhcGVyLWNxbA==
+  # password: R3ap3r
+  password: UjNhcDNy
diff --git a/test/testdata/fixtures/reaper-http-management/reaper-ui-secret.yaml b/test/testdata/fixtures/reaper-http-management/reaper-ui-secret.yaml
new file mode 100644
index 000000000..ce834f56e
--- /dev/null
+++ b/test/testdata/fixtures/reaper-http-management/reaper-ui-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: reaper-ui-secret
+data:
+  # username: reaper-ui
+  username: cmVhcGVyLWpteA==
+  # password: R3ap3r
+  password: UjNhcDNy
diff --git a/test/testdata/fixtures/reaper-http-management/reaper.yaml b/test/testdata/fixtures/reaper-http-management/reaper.yaml
new file mode 100644
index 000000000..d12e21c2a
--- /dev/null
+++ b/test/testdata/fixtures/reaper-http-management/reaper.yaml
@@ -0,0 +1,25 @@
+apiVersion: reaper.k8ssandra.io/v1alpha1
+kind: Reaper
+metadata:
+  name: reaper1
+spec:
+  httpManagement:
+    enabled: true
+  datacenterRef:
+    # TODO check multi-namespace when cluster-scope is ready
+    name: dc1
+  cassandraUserSecretRef:
+    name: reaper-cql-secret
+  uiUserSecretRef:
+    name: reaper-ui-secret
+  containerImage:
+    repository: thelastpickle
+    name: cassandra-reaper
+    tag: "3.0.0"
+    pullPolicy: Always
+  initContainerImage:
+    repository: thelastpickle
+    name: cassandra-reaper
+    tag: "3.0.0"
+    pullPolicy: IfNotPresent
+  heapSize: 256Mi