Fix reconcile from DISABLED to AUTO configuration (#365)

netobserv · Jun 8, 2023 · 15af7d5 · 15af7d5
1 parent 1183794
commit 15af7d5
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 0 deletions.
diff --git a/controllers/flowlogspipeline/flp_common_objects.go b/controllers/flowlogspipeline/flp_common_objects.go
@@ -683,6 +683,7 @@ func (b *builder) clusterRoleBinding(ck ConfKind, mono bool) *rbacv1.ClusterRole
 }
 
 func (b *builder) serviceMonitor() *monitoringv1.ServiceMonitor {
+	serverName := fmt.Sprintf("%s.%s.svc", b.promServiceName(), b.info.Namespace)
 	flpServiceMonitorObject := monitoringv1.ServiceMonitor{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      b.serviceMonitorName(),
@@ -707,6 +708,26 @@ func (b *builder) serviceMonitor() *monitoringv1.ServiceMonitor {
 			},
 		},
 	}
+	if b.desired.Processor.Metrics.Server.TLS.Type == flowslatest.ServerTLSAuto {
+		flpServiceMonitorObject.Spec.Endpoints[0].Scheme = "https"
+		flpServiceMonitorObject.Spec.Endpoints[0].TLSConfig = &monitoringv1.TLSConfig{
+			SafeTLSConfig: monitoringv1.SafeTLSConfig{
+				ServerName: serverName,
+			},
+			CAFile: "/etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt",
+		}
+	}
+
+	if b.desired.Processor.Metrics.Server.TLS.Type == flowslatest.ServerTLSProvided {
+		flpServiceMonitorObject.Spec.Endpoints[0].Scheme = "https"
+		flpServiceMonitorObject.Spec.Endpoints[0].TLSConfig = &monitoringv1.TLSConfig{
+			SafeTLSConfig: monitoringv1.SafeTLSConfig{
+				ServerName:         serverName,
+				InsecureSkipVerify: true,
+			},
+		}
+	}
+
 	return &flpServiceMonitorObject
 }
 

diff --git a/controllers/flowlogspipeline/flp_test.go b/controllers/flowlogspipeline/flp_test.go
@@ -482,6 +482,18 @@ func TestServiceChanged(t *testing.T) {
 	report = helper.NewChangeReport("")
 	assert.False(helper.ServiceChanged(second, third, &report))
 	assert.Contains(report.String(), "no change")
+
+	// Check annotations change
+	cfg.Processor.LogLevel = "error"
+	b = monoBuilder(ns, &cfg)
+	fourth := b.promService()
+	fourth.ObjectMeta.Annotations = map[string]string{
+		"name": "value",
+	}
+
+	report = helper.NewChangeReport("")
+	assert.True(helper.ServiceChanged(third, fourth, &report))
+	assert.Contains(report.String(), "Service annotations changed")
 }
 
 func TestServiceMonitorNoChange(t *testing.T) {
@@ -526,6 +538,15 @@ func TestServiceMonitorChanged(t *testing.T) {
 	report = helper.NewChangeReport("")
 	assert.True(helper.ServiceMonitorChanged(second, third, &report))
 	assert.Contains(report.String(), "ServiceMonitor labels changed")
+
+	// Check scheme changed
+	b = newMonolithBuilder(info.NewInstance(image2), &cfg)
+	fourth := b.generic.serviceMonitor()
+	fourth.Spec.Endpoints[0].Scheme = "https"
+
+	report = helper.NewChangeReport("")
+	assert.True(helper.ServiceMonitorChanged(third, fourth, &report))
+	assert.Contains(report.String(), "ServiceMonitor spec changed")
 }
 
 func TestPrometheusRuleNoChange(t *testing.T) {

diff --git a/controllers/reconcilers/common.go b/controllers/reconcilers/common.go
@@ -166,6 +166,7 @@ func (i *Instance) ReconcileService(ctx context.Context, old, new *corev1.Servic
 		// In case we're updating an existing service, we need to build from the old one to keep immutable fields such as clusterIP
 		newSVC := old.DeepCopy()
 		newSVC.Spec.Ports = new.Spec.Ports
+		newSVC.ObjectMeta.Annotations = new.ObjectMeta.Annotations
 		if err := i.UpdateOwned(ctx, old, newSVC); err != nil {
 			return err
 		}