forked from openshift/cluster-logging-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request openshift#351 from ewolinetz/kibana_cert_restart
Bug 1781492: Updating so Kibana properly handles cert redeploys
- Loading branch information
Showing
5 changed files
with
158 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
package kibanasecret | ||
|
||
import ( | ||
"time" | ||
|
||
"github.com/openshift/cluster-logging-operator/pkg/constants" | ||
"github.com/openshift/cluster-logging-operator/pkg/k8shandler" | ||
"github.com/openshift/cluster-logging-operator/pkg/utils" | ||
corev1 "k8s.io/api/core/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
|
||
"k8s.io/apimachinery/pkg/runtime" | ||
"sigs.k8s.io/controller-runtime/pkg/client" | ||
"sigs.k8s.io/controller-runtime/pkg/controller" | ||
"sigs.k8s.io/controller-runtime/pkg/event" | ||
"sigs.k8s.io/controller-runtime/pkg/handler" | ||
"sigs.k8s.io/controller-runtime/pkg/manager" | ||
"sigs.k8s.io/controller-runtime/pkg/predicate" | ||
"sigs.k8s.io/controller-runtime/pkg/reconcile" | ||
"sigs.k8s.io/controller-runtime/pkg/source" | ||
) | ||
|
||
// Add creates a new KibanaSecret Controller and adds it to the Manager. The Manager will set fields on the Controller | ||
// and Start it when the Manager is Started. | ||
func Add(mgr manager.Manager) error { | ||
return add(mgr, newReconciler(mgr)) | ||
} | ||
|
||
// newReconciler returns a new reconcile.Reconciler | ||
func newReconciler(mgr manager.Manager) reconcile.Reconciler { | ||
return &ReconcileKibanaSecret{client: mgr.GetClient(), scheme: mgr.GetScheme()} | ||
} | ||
|
||
// add adds a new Controller to mgr with r as the reconcile.Reconciler | ||
func add(mgr manager.Manager, r reconcile.Reconciler) error { | ||
// Create a new controller | ||
c, err := controller.New("kibanasecret-controller", mgr, controller.Options{Reconciler: r}) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
// Watch for updates to the kibana secret in "openshift-logging". | ||
pred := predicate.Funcs{ | ||
UpdateFunc: func(e event.UpdateEvent) bool { return handleSecret(e.MetaNew) }, | ||
CreateFunc: func(e event.CreateEvent) bool { return false }, | ||
DeleteFunc: func(e event.DeleteEvent) bool { return false }, | ||
GenericFunc: func(e event.GenericEvent) bool { return false }, | ||
} | ||
if err = c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForObject{}, pred); err != nil { | ||
return err | ||
} | ||
|
||
return nil | ||
} | ||
|
||
var _ reconcile.Reconciler = &ReconcileKibanaSecret{} | ||
|
||
// ReconcileKibanaSecret reconciles a KibanaSecret object | ||
type ReconcileKibanaSecret struct { | ||
// This client, initialized using mgr.Client() above, is a split client | ||
// that reads objects from the cache and writes to the apiserver | ||
client client.Client | ||
scheme *runtime.Scheme | ||
} | ||
|
||
var ( | ||
reconcilePeriod = 30 * time.Second | ||
reconcileResult = reconcile.Result{RequeueAfter: reconcilePeriod} | ||
) | ||
|
||
// Reconcile reads that state of the cluster for a KibanaSecret object and makes changes based on the state read | ||
// and what is in the KibanaSecret.Spec | ||
func (r *ReconcileKibanaSecret) Reconcile(request reconcile.Request) (reconcile.Result, error) { | ||
|
||
err := k8shandler.ReconcileForKibanaSecret(r.client) | ||
if err != nil { | ||
return reconcileResult, err | ||
} | ||
|
||
return reconcile.Result{}, nil | ||
} | ||
|
||
// handleSecret returns true if meta namespace is "openshift-logging" and name is "kibana" or "kibana-proxy". | ||
func handleSecret(meta metav1.Object) bool { | ||
return meta.GetNamespace() == constants.OpenshiftNS && utils.ContainsString([]string{"kibana", "kibana-proxy"}, meta.GetName()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters