From 5cc9f72c16fcbe5212d26c2e68ae3788ee8b2797 Mon Sep 17 00:00:00 2001 From: Dmitriy Ivolgin Date: Wed, 16 Oct 2024 13:11:40 -0700 Subject: [PATCH] Copy custom CA config map to additional namespaces (#4953) --- pkg/operator/client/client.go | 4 +++ pkg/operator/client/deploy.go | 57 +++++++++++++++++++++++++++++++ pkg/operator/client/namespaces.go | 5 +++ 3 files changed, 66 insertions(+) diff --git a/pkg/operator/client/client.go b/pkg/operator/client/client.go index a89507bb09..0c3f4613b8 100644 --- a/pkg/operator/client/client.go +++ b/pkg/operator/client/client.go @@ -137,6 +137,10 @@ func (c *Client) ApplyNamespacesInformer(namespaces []string, imagePullSecrets [ // we don't fail here... log.Printf("error ensuring image pull secrets for namespace %s: %s", ns, err.Error()) } + if err := c.ensureEmbeddedClusterCAPresent(ns); err != nil { + // we don't fail here... + log.Printf("error ensuring cluster ca present for namespace %s: %s", ns, err.Error()) + } } c.imagePullSecrets = imagePullSecrets diff --git a/pkg/operator/client/deploy.go b/pkg/operator/client/deploy.go index 7a8c0610e6..f54674c3e2 100644 --- a/pkg/operator/client/deploy.go +++ b/pkg/operator/client/deploy.go @@ -116,6 +116,63 @@ func (c *Client) ensureImagePullSecretsPresent(namespace string, imagePullSecret return nil } +func (c *Client) ensureEmbeddedClusterCAPresent(namespace string) error { + if !util.IsEmbeddedCluster() { + return nil + } + + logger.Debugf("ensuring embedded cluster ca present in namespace %s", namespace) + + clientset, err := k8sutil.GetClientset() + if err != nil { + return errors.Wrap(err, "failed to get clientset") + } + + configMapName := os.Getenv("SSL_CERT_CONFIGMAP") + sourceConfigMap, err := clientset.CoreV1().ConfigMaps(util.AppNamespace()).Get(context.TODO(), configMapName, metav1.GetOptions{}) + if err != nil { + if !kuberneteserrors.IsNotFound(err) { + return errors.Wrap(err, "failed to get source configmap") + } + // This would happen in older EC releases + return nil + } + + destConfigMap := &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "ConfigMap", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: configMapName, + Labels: sourceConfigMap.DeepCopy().Labels, + Annotations: sourceConfigMap.DeepCopy().Annotations, + Namespace: namespace, + }, + Data: sourceConfigMap.DeepCopy().Data, + } + + _, err = clientset.CoreV1().ConfigMaps(namespace).Get(context.TODO(), configMapName, metav1.GetOptions{}) + if err != nil { + if !kuberneteserrors.IsNotFound(err) { + return errors.Wrap(err, "failed to get destination configmap") + } + + _, err = clientset.CoreV1().ConfigMaps(namespace).Create(context.TODO(), destConfigMap, metav1.CreateOptions{}) + if err != nil { + return errors.Wrap(err, "failed to create configmap") + } + return nil + } + + _, err = clientset.CoreV1().ConfigMaps(namespace).Update(context.TODO(), destConfigMap, metav1.UpdateOptions{}) + if err != nil { + return errors.Wrap(err, "failed to update configmap") + } + + return nil +} + func (c *Client) ensureResourcesPresent(deployArgs operatortypes.DeployAppArgs) (*deployResult, error) { var deployRes deployResult diff --git a/pkg/operator/client/namespaces.go b/pkg/operator/client/namespaces.go index 7e6f16394c..ef09321718 100644 --- a/pkg/operator/client/namespaces.go +++ b/pkg/operator/client/namespaces.go @@ -45,6 +45,11 @@ func (c *Client) runNamespacesInformer() error { log.Printf("error ensuring image pull secrets for namespace %s: %s", addedNamespace.Name, err.Error()) } + if err := c.ensureEmbeddedClusterCAPresent(addedNamespace.Name); err != nil { + // we don't fail here... + log.Printf("error ensuring cluster ca present for namespace %s: %s", addedNamespace.Name, err.Error()) + } + c.ApplyHooksInformer([]string{addedNamespace.Name}) } },