From f4bcf293eb9ccd8cb13bc58d8cbe08d1a8b83ee0 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Mon, 11 Mar 2024 15:37:47 -0400 Subject: [PATCH 1/2] Add owner to cert requests An owner field has been added to the cert requests in certmanager. We need to update the current code accordingly. Depends-On: https://github.com/openstack-k8s-operators/lib-common/pull/476 --- pkg/openstack/ca.go | 2 +- pkg/openstack/common.go | 9 ++++++--- pkg/openstack/galera.go | 3 ++- pkg/openstack/neutron.go | 3 ++- pkg/openstack/nova.go | 6 ++++-- pkg/openstack/ovn.go | 9 ++++++--- pkg/openstack/rabbitmq.go | 3 ++- 7 files changed, 23 insertions(+), 12 deletions(-) diff --git a/pkg/openstack/ca.go b/pkg/openstack/ca.go index d2beedb48..39acac239 100644 --- a/pkg/openstack/ca.go +++ b/pkg/openstack/ca.go @@ -325,7 +325,7 @@ func createRootCACertAndIssuer( }) cert := certmanager.NewCertificate(caCertReq, 5) - ctrlResult, err := cert.CreateOrPatch(ctx, helper) + ctrlResult, err := cert.CreateOrPatch(ctx, helper, nil) if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( corev1.OpenStackControlPlaneCAReadyCondition, diff --git a/pkg/openstack/common.go b/pkg/openstack/common.go index e0b79431f..202d50ff7 100644 --- a/pkg/openstack/common.go +++ b/pkg/openstack/common.go @@ -286,7 +286,8 @@ func EnsureEndpointConfig( certSecret, ctrlResult, err := certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return endpoints, ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { @@ -327,7 +328,8 @@ func EnsureEndpointConfig( certSecret, ctrlResult, err := certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return endpoints, ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { @@ -545,7 +547,8 @@ func (ed *EndpointDetail) CreateRoute( certSecret, ctrlResult, err = certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { diff --git a/pkg/openstack/galera.go b/pkg/openstack/galera.go index 9dc056d3d..d17bd829d 100644 --- a/pkg/openstack/galera.go +++ b/pkg/openstack/galera.go @@ -67,7 +67,8 @@ func ReconcileGaleras( certSecret, ctrlResult, err := certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { diff --git a/pkg/openstack/neutron.go b/pkg/openstack/neutron.go index 41cae2bb9..a7e68477d 100644 --- a/pkg/openstack/neutron.go +++ b/pkg/openstack/neutron.go @@ -82,7 +82,8 @@ func ReconcileNeutron(ctx context.Context, instance *corev1beta1.OpenStackContro certSecret, ctrlResult, err := certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return ctrl.Result{}, err } else if (ctrlResult != ctrl.Result{}) { diff --git a/pkg/openstack/nova.go b/pkg/openstack/nova.go index dc971d5ff..ff77cc560 100644 --- a/pkg/openstack/nova.go +++ b/pkg/openstack/nova.go @@ -173,7 +173,8 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl helper, nova.Namespace, instance.Spec.Nova.Template.MetadataServiceTemplate.Override.Service.Labels, - tls.DefaultCAPrefix+string(service.EndpointInternal)) + tls.DefaultCAPrefix+string(service.EndpointInternal), + nil) if err != nil && !k8s_errors.IsNotFound(err) { return ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { @@ -195,7 +196,8 @@ func ReconcileNova(ctx context.Context, instance *corev1beta1.OpenStackControlPl helper, nova.Namespace, cellTemplate.MetadataServiceTemplate.Override.Service.Labels, - tls.DefaultCAPrefix+string(service.EndpointInternal)) + tls.DefaultCAPrefix+string(service.EndpointInternal), + nil) if err != nil && !k8s_errors.IsNotFound(err) { return ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { diff --git a/pkg/openstack/ovn.go b/pkg/openstack/ovn.go index 20e8a9d74..7cef80d08 100644 --- a/pkg/openstack/ovn.go +++ b/pkg/openstack/ovn.go @@ -113,7 +113,8 @@ func ReconcileOVNDbClusters(ctx context.Context, instance *corev1beta1.OpenStack certSecret, ctrlResult, err := certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return false, err } else if (ctrlResult != ctrl.Result{}) { @@ -204,7 +205,8 @@ func ReconcileOVNNorthd(ctx context.Context, instance *corev1beta1.OpenStackCont certSecret, ctrlResult, err := certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return false, err } else if (ctrlResult != ctrl.Result{}) { @@ -295,7 +297,8 @@ func ReconcileOVNController(ctx context.Context, instance *corev1beta1.OpenStack certSecret, ctrlResult, err := certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return false, err } else if (ctrlResult != ctrl.Result{}) { diff --git a/pkg/openstack/rabbitmq.go b/pkg/openstack/rabbitmq.go index e0bfd5453..32fe9ffa5 100644 --- a/pkg/openstack/rabbitmq.go +++ b/pkg/openstack/rabbitmq.go @@ -190,7 +190,8 @@ func reconcileRabbitMQ( certSecret, ctrlResult, err := certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return mqFailed, ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { From 74919cdd1aee615cce0c1d32eb97a6b3b80ed640 Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Wed, 13 Mar 2024 11:04:35 +0100 Subject: [PATCH 2/2] bump lib-common certmanager module --- apis/go.mod | 2 +- apis/go.sum | 4 ++-- go.mod | 4 ++-- go.sum | 8 ++++---- pkg/openstack/memcached.go | 3 ++- 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/apis/go.mod b/apis/go.mod index 0f64626c5..53941bb27 100644 --- a/apis/go.mod +++ b/apis/go.mod @@ -93,7 +93,7 @@ require ( k8s.io/component-base v0.28.7 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/apis/go.sum b/apis/go.sum index 28af2c1a3..9610589c5 100644 --- a/apis/go.sum +++ b/apis/go.sum @@ -241,8 +241,8 @@ k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-runtime v0.16.5 h1:yr1cEJbX08xsTW6XEIzT13KHHmIyX8Umvme2cULvFZw= sigs.k8s.io/controller-runtime v0.16.5/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/go.mod b/go.mod index 108939e51..db3f83c8a 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240308113717-eaf5876d69c3 github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240229174131-28e3aee56d91 github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240310093110-b4b2614f40ba - github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.0.0-20240306153230-dc65ab49ebc0 + github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.0.0-20240313084555-12e3d33d7a2d github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240306153230-dc65ab49ebc0 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240306153230-dc65ab49ebc0 github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240305194401-0fda28a84acb @@ -44,7 +44,7 @@ require ( k8s.io/api v0.28.7 k8s.io/apimachinery v0.28.7 k8s.io/client-go v0.28.7 - k8s.io/utils v0.0.0-20240102154912-e7106e64919e + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 sigs.k8s.io/controller-runtime v0.16.5 ) diff --git a/go.sum b/go.sum index 21119329f..9e8d62d4d 100644 --- a/go.sum +++ b/go.sum @@ -105,8 +105,8 @@ github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240229174131-2 github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240229174131-28e3aee56d91/go.mod h1:Yac7wRClzl1/a7uBso4w8wq6Rjm+JLIouEsLre7VSDE= github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240310093110-b4b2614f40ba h1:0wfKrQMGwjh/kKTH/UpZGKk91HrnReYieHFG73OC+Vg= github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240310093110-b4b2614f40ba/go.mod h1:gB/IeXuvocAv0yNSf79U1lBHhbx6fdWUB501xFJ0l+A= -github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.0.0-20240306153230-dc65ab49ebc0 h1:5uv4LtcThS4hcfuecTJj+rXifbsPGcKRiyTvFXyDgNU= -github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.0.0-20240306153230-dc65ab49ebc0/go.mod h1:GGbtUK5VQ/BHIT3n0ia31bzNJaQIAANhzT/nC6pygbQ= +github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.0.0-20240313084555-12e3d33d7a2d h1:IjMM7Ci7JkrefHtuMGkiB/A+xWKPMxJHG9yjr2SGH08= +github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.0.0-20240313084555-12e3d33d7a2d/go.mod h1:RV+rktKvegjYBQLuBKt8ax29UMqsU/D/sfSjQPr6XIs= github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240306153230-dc65ab49ebc0 h1:1Q/9F3SAKvLN9vX+YxwaEB0WvBekj9eakQPoQbI1K6w= github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240306153230-dc65ab49ebc0/go.mod h1:R2plZL2JdwDMJwv9+pkPmCB1Mww81J75G0MxRzi2Kug= github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240306153230-dc65ab49ebc0 h1:HRoVOnK5nOSvYKU3Y2N8Ed2SikuRQYSRESeo/ILv0vM= @@ -271,8 +271,8 @@ k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/controller-runtime v0.16.5 h1:yr1cEJbX08xsTW6XEIzT13KHHmIyX8Umvme2cULvFZw= sigs.k8s.io/controller-runtime v0.16.5/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/gateway-api v0.8.0 h1:isQQ3Jx2qFP7vaA3ls0846F0Amp9Eq14P08xbSwVbQg= diff --git a/pkg/openstack/memcached.go b/pkg/openstack/memcached.go index 3c1d839c2..8ddffef3d 100644 --- a/pkg/openstack/memcached.go +++ b/pkg/openstack/memcached.go @@ -176,7 +176,8 @@ func reconcileMemcached( certSecret, ctrlResult, err := certmanager.EnsureCert( ctx, helper, - certRequest) + certRequest, + nil) if err != nil { return memcachedFailed, ctrlResult, err } else if (ctrlResult != ctrl.Result{}) {