Merge pull request openshift#351 from ewolinetz/kibana_cert_restart

Bug 1781492: Updating so Kibana properly handles cert redeploys
pmoogi-redhat · Feb 4, 2020 · 8fbb19e · 8fbb19e
2 parents c2cd5e6 + c72f728
commit 8fbb19e
Show file tree

Hide file tree

Showing 5 changed files with 158 additions and 4 deletions.
diff --git a/pkg/controller/add_controllers.go b/pkg/controller/add_controllers.go
@@ -4,10 +4,11 @@ import (
 	"github.com/openshift/cluster-logging-operator/pkg/controller/clusterlogging"
 	"github.com/openshift/cluster-logging-operator/pkg/controller/collector"
 	"github.com/openshift/cluster-logging-operator/pkg/controller/forwarding"
+	"github.com/openshift/cluster-logging-operator/pkg/controller/kibanasecret"
 	"github.com/openshift/cluster-logging-operator/pkg/controller/proxyconfig"
 )
 
 func init() {
 	// AddToManagerFuncs is a list of functions to create controllers and add them to a manager.
-	AddToManagerFuncs = append(AddToManagerFuncs, clusterlogging.Add, forwarding.Add, collector.Add, proxyconfig.Add)
+	AddToManagerFuncs = append(AddToManagerFuncs, clusterlogging.Add, forwarding.Add, collector.Add, proxyconfig.Add, kibanasecret.Add)
 }
diff --git a/pkg/controller/kibanasecret/kibanasecret_controller.go b/pkg/controller/kibanasecret/kibanasecret_controller.go
@@ -0,0 +1,86 @@
+package kibanasecret
+
+import (
+	"time"
+
+	"github.com/openshift/cluster-logging-operator/pkg/constants"
+	"github.com/openshift/cluster-logging-operator/pkg/k8shandler"
+	"github.com/openshift/cluster-logging-operator/pkg/utils"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+	"sigs.k8s.io/controller-runtime/pkg/source"
+)
+
+// Add creates a new KibanaSecret Controller and adds it to the Manager. The Manager will set fields on the Controller
+// and Start it when the Manager is Started.
+func Add(mgr manager.Manager) error {
+	return add(mgr, newReconciler(mgr))
+}
+
+// newReconciler returns a new reconcile.Reconciler
+func newReconciler(mgr manager.Manager) reconcile.Reconciler {
+	return &ReconcileKibanaSecret{client: mgr.GetClient(), scheme: mgr.GetScheme()}
+}
+
+// add adds a new Controller to mgr with r as the reconcile.Reconciler
+func add(mgr manager.Manager, r reconcile.Reconciler) error {
+	// Create a new controller
+	c, err := controller.New("kibanasecret-controller", mgr, controller.Options{Reconciler: r})
+	if err != nil {
+		return err
+	}
+
+	// Watch for updates to the kibana secret in "openshift-logging".
+	pred := predicate.Funcs{
+		UpdateFunc:  func(e event.UpdateEvent) bool { return handleSecret(e.MetaNew) },
+		CreateFunc:  func(e event.CreateEvent) bool { return false },
+		DeleteFunc:  func(e event.DeleteEvent) bool { return false },
+		GenericFunc: func(e event.GenericEvent) bool { return false },
+	}
+	if err = c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForObject{}, pred); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+var _ reconcile.Reconciler = &ReconcileKibanaSecret{}
+
+// ReconcileKibanaSecret reconciles a KibanaSecret object
+type ReconcileKibanaSecret struct {
+	// This client, initialized using mgr.Client() above, is a split client
+	// that reads objects from the cache and writes to the apiserver
+	client client.Client
+	scheme *runtime.Scheme
+}
+
+var (
+	reconcilePeriod = 30 * time.Second
+	reconcileResult = reconcile.Result{RequeueAfter: reconcilePeriod}
+)
+
+// Reconcile reads that state of the cluster for a KibanaSecret object and makes changes based on the state read
+// and what is in the KibanaSecret.Spec
+func (r *ReconcileKibanaSecret) Reconcile(request reconcile.Request) (reconcile.Result, error) {
+
+	err := k8shandler.ReconcileForKibanaSecret(r.client)
+	if err != nil {
+		return reconcileResult, err
+	}
+
+	return reconcile.Result{}, nil
+}
+
+// handleSecret returns true if meta namespace is "openshift-logging" and name is "kibana" or "kibana-proxy".
+func handleSecret(meta metav1.Object) bool {
+	return meta.GetNamespace() == constants.OpenshiftNS && utils.ContainsString([]string{"kibana", "kibana-proxy"}, meta.GetName())
+}
diff --git a/pkg/k8shandler/reconciler.go b/pkg/k8shandler/reconciler.go
@@ -116,6 +116,23 @@ func ReconcileForGlobalProxy(proxyConfig *configv1.Proxy, requestClient client.C
 	return nil
 }
 
+func ReconcileForKibanaSecret(requestClient client.Client) (err error) {
+
+	clusterLoggingRequest := ClusterLoggingRequest{
+		client: requestClient,
+	}
+
+	clusterLogging := clusterLoggingRequest.getClusterLogging()
+	clusterLoggingRequest.cluster = clusterLogging
+
+	if clusterLogging.Spec.ManagementState == logging.ManagementStateUnmanaged {
+		return nil
+	}
+
+	// call for Kibana to restart itself (e.g. delete its pods)
+	return clusterLoggingRequest.RestartKibana()
+}
+
 func (clusterRequest *ClusterLoggingRequest) getClusterLogging() *logging.ClusterLogging {
 	clusterLoggingNamespacedName := types.NamespacedName{Name: constants.SingletonName, Namespace: constants.OpenshiftNS}
 	clusterLogging := &logging.ClusterLogging{}

diff --git a/pkg/k8shandler/route.go b/pkg/k8shandler/route.go
@@ -2,10 +2,12 @@ package k8shandler
 
 import (
 	"fmt"
+	"reflect"
 
 	"github.com/openshift/cluster-logging-operator/pkg/utils"
 	"github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/client-go/util/retry"
 
 	route "github.com/openshift/api/route/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -42,6 +44,34 @@ func NewRoute(routeName, namespace, serviceName, cafilePath string) *route.Route
 	}
 }
 
+func (clusterRequest *ClusterLoggingRequest) CreateOrUpdateRoute(newRoute *route.Route) error {
+
+	err := clusterRequest.Create(newRoute)
+	if err != nil {
+		if !errors.IsAlreadyExists(err) {
+			return fmt.Errorf("Failure creating route for %q: %v", clusterRequest.cluster.Name, err)
+		}
+
+		// else -- try to update it if its a valid change (e.g. spec.tls)
+		current := &route.Route{}
+
+		return retry.RetryOnConflict(retry.DefaultRetry, func() error {
+			if err := clusterRequest.Get(newRoute.Name, current); err != nil {
+				return fmt.Errorf("Failed to get route: %v", err)
+			}
+
+			if !reflect.DeepEqual(current.Spec.TLS, newRoute.Spec.TLS) {
+				current.Spec.TLS = newRoute.Spec.TLS
+				return clusterRequest.Update(current)
+			}
+
+			return nil
+		})
+	}
+
+	return nil
+}
+
 //GetRouteURL retrieves the route URL from a given route and namespace
 func (clusterRequest *ClusterLoggingRequest) GetRouteURL(routeName string) (string, error) {
 

diff --git a/pkg/k8shandler/visualization.go b/pkg/k8shandler/visualization.go
@@ -153,6 +153,25 @@ func compareKibanaStatus(lhs, rhs []logging.KibanaStatus) bool {
 	return true
 }
 
+func (clusterRequest *ClusterLoggingRequest) RestartKibana() (err error) {
+
+	// get kibana pods
+	kibanaPods, err := clusterRequest.GetPodList(
+		map[string]string{
+			"component": "kibana",
+		})
+
+	// delete kibana pods
+	for _, pod := range kibanaPods.Items {
+		err := clusterRequest.Delete(&pod)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (clusterRequest *ClusterLoggingRequest) removeKibana() (err error) {
 	if clusterRequest.isManaged() {
 		name := "kibana"
@@ -368,9 +387,10 @@ func (clusterRequest *ClusterLoggingRequest) createOrUpdateKibanaRoute() error {
 
 	utils.AddOwnerRefToObject(kibanaRoute, utils.AsOwner(cluster))
 
-	err := clusterRequest.Create(kibanaRoute)
-	if err != nil && !errors.IsAlreadyExists(err) {
-		return fmt.Errorf("Failure creating Kibana route for %q: %v", cluster.Name, err)
+	if err := clusterRequest.CreateOrUpdateRoute(kibanaRoute); err != nil {
+		if !errors.IsAlreadyExists(err) {
+			return err
+		}
 	}
 
 	kibanaURL, err := clusterRequest.GetRouteURL("kibana")