generated from giantswarm/template-operator
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow changes in remote write api endpoint secret (#1209)
- Loading branch information
1 parent
ae202a0
commit ab265d8
Showing
11 changed files
with
227 additions
and
173 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 0 additions & 26 deletions
26
service/controller/resource/monitoring/remotewriteapiendpointconfigsecret/client.go
This file was deleted.
Oops, something went wrong.
103 changes: 103 additions & 0 deletions
103
service/controller/resource/monitoring/remotewriteapiendpointconfigsecret/create.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
package remotewriteapiendpointconfigsecret | ||
|
||
import ( | ||
"context" | ||
"reflect" | ||
|
||
"github.com/giantswarm/microerror" | ||
corev1 "k8s.io/api/core/v1" | ||
apierrors "k8s.io/apimachinery/pkg/api/errors" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
"sigs.k8s.io/yaml" | ||
|
||
"github.com/giantswarm/prometheus-meta-operator/v2/service/key" | ||
) | ||
|
||
func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { | ||
r.logger.Debugf(ctx, "ensuring prometheus remote write api endpoint secret") | ||
{ | ||
|
||
cluster, err := key.ToCluster(obj) | ||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
|
||
name, namespace := key.RemoteWriteAPIEndpointConfigSecretNameAndNamespace(cluster, r.Installation, r.Provider) | ||
|
||
// Get the current secret if it exists. | ||
current, err := r.k8sClient.K8sClient().CoreV1().Secrets(namespace).Get(ctx, name, metav1.GetOptions{}) | ||
if apierrors.IsNotFound(err) { | ||
err = r.createSecret(ctx, cluster, name, namespace) | ||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
} else if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
|
||
if current != nil { | ||
// We thought that having an immutable secret would be a good thing as the remote write password cannot be changed (causing remote write errors) | ||
// However, this causes a lot of issues if we want to update the other configurations like the queue config. | ||
// Hence if the secret is immutable, we force delete it to create a non-immutable one | ||
if current.Immutable != nil && *current.Immutable { | ||
err = r.deleteSecret(ctx, current) | ||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
err = r.createSecret(ctx, cluster, name, namespace) | ||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
} | ||
|
||
// As it takes a long time to apply the new password to the agent due to a built-in delay in the app-platform, | ||
// we keep the already generated remote write password. | ||
password, err := readRemoteWritePasswordFromSecret(*current) | ||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
|
||
desired, err := r.desiredSecret(cluster, name, namespace, password) | ||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
if !reflect.DeepEqual(current.Data, desired.Data) { | ||
updateMeta(current, desired) | ||
_, err := r.k8sClient.K8sClient().CoreV1().Secrets(namespace).Update(ctx, desired, metav1.UpdateOptions{}) | ||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
} | ||
} | ||
} | ||
|
||
r.logger.Debugf(ctx, "ensured prometheus remote write api endpoint secret") | ||
|
||
return nil | ||
} | ||
|
||
func readRemoteWritePasswordFromSecret(secret corev1.Secret) (string, error) { | ||
secretValues := GlobalRemoteWriteValues{} | ||
err := yaml.Unmarshal(secret.Data["values"], &secretValues) | ||
if err != nil { | ||
return "", microerror.Mask(err) | ||
} | ||
|
||
return secretValues.Global.RemoteWrite[0].Password, nil | ||
} | ||
|
||
func updateMeta(c, d metav1.Object) { | ||
d.SetGenerateName(c.GetGenerateName()) | ||
d.SetUID(c.GetUID()) | ||
d.SetResourceVersion(c.GetResourceVersion()) | ||
d.SetGeneration(c.GetGeneration()) | ||
d.SetSelfLink(c.GetSelfLink()) | ||
d.SetCreationTimestamp(c.GetCreationTimestamp()) | ||
d.SetDeletionTimestamp(c.GetDeletionTimestamp()) | ||
d.SetDeletionGracePeriodSeconds(c.GetDeletionGracePeriodSeconds()) | ||
d.SetLabels(c.GetLabels()) | ||
d.SetAnnotations(c.GetAnnotations()) | ||
d.SetFinalizers(c.GetFinalizers()) | ||
d.SetOwnerReferences(c.GetOwnerReferences()) | ||
d.SetManagedFields(c.GetManagedFields()) | ||
} |
37 changes: 37 additions & 0 deletions
37
service/controller/resource/monitoring/remotewriteapiendpointconfigsecret/delete.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package remotewriteapiendpointconfigsecret | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/giantswarm/microerror" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
|
||
"github.com/giantswarm/prometheus-meta-operator/v2/service/key" | ||
) | ||
|
||
func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { | ||
r.logger.Debugf(ctx, "deleting prometheus remote write api endpoint secret") | ||
{ | ||
cluster, err := key.ToCluster(obj) | ||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
|
||
name, namespace := key.RemoteWriteAPIEndpointConfigSecretNameAndNamespace(cluster, r.Installation, r.Provider) | ||
|
||
current, err := r.k8sClient.K8sClient().CoreV1().Secrets(namespace).Get(ctx, name, metav1.GetOptions{}) | ||
|
||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
|
||
err = r.deleteSecret(ctx, current) | ||
if err != nil { | ||
return microerror.Mask(err) | ||
} | ||
|
||
} | ||
r.logger.Debugf(ctx, "deleted prometheus remote write api endpoint secret") | ||
|
||
return nil | ||
} |
Oops, something went wrong.