Conversation
pvsune
force-pushed
the
pvsune/rp-console
branch
17 times, most recently
from
2e1c170 to
cf8a364
Compare
pvsune
requested review from
0xdiba,
RafalKorepta,
alenkacz,
nicolaferraro and
vladoschreiner
pvsune
force-pushed
the
pvsune/rp-console
branch
2 times, most recently
from
f726677 to
bb4c8ee
Compare
|
this is cool! Let's make sure that the user should be able to pass all console configuration options somehow @weeco has really good product intuition here, i'd make him a required reviewer on this. |
|
I opened the conversation about the missing configuration for the external access. Please resolve before finishing the review. |
Don't watch Cluster events because we only need SchemaRegistry URL and it cannot be modified. Requeue if Cluster is not configured instead.
… in any Namespace.
Don't admit creation, update of Console if: - Referenced Cluster is not found - Console is in different namespace and --allow-console-any-ns=false
- Test that SASL user Secret is created - Other resources created need to be mocked before we can test
- Check that Cluster status for Condition ClusterConfigured is not nil - Check that Cluster ExternalListener is not nil
…tantiating KafkaAdmin.
…ation of ConfigMaps. Check count of attached ConfigMap to the Console before creating a new one
…in client. Need to mock calling Kafka Admin in envtests
Test that: - Secret for SASL is created - ConfigMap is created - Deployment is created - Service is created - Console object has the internal URL in status
Running make test formats the code via crlfmt
pvsune
force-pushed
the
pvsune/rp-console
branch
from
490dae0 to
85ac138
Compare
CreateACLs, DeleteACLs don't return error Use error Aggregate and specifically check for errors in the result
Cluster domain is set in the operator flag
pvsune
force-pushed
the
pvsune/rp-console
branch
from
85ac138 to
3767640
Compare
alenkacz
left a comment
alenkacz
left a comment
There was a problem hiding this comment.
Last round of small comments, now I am ready to approve :)
| // Users shouldn't check logs of operator to know this | ||
| // Adding Conditions in Console status might not be apt, record Event instead | ||
| // Alternatively, we can have this validation via Webhook | ||
| r.EventRecorder.Eventf( |
There was a problem hiding this comment.
this is actually not true, events are in etcd kubernetes/kubernetes#4432 (comment)
| if ex := cluster.ExternalListener(); ex != nil && ex.GetExternal().Subdomain != "" { | ||
| subdomain = fmt.Sprintf("console.%s", ex.GetExternal().Subdomain) | ||
| } else { | ||
| r.EventRecorder.Event( |
There was a problem hiding this comment.
again I think this will flood events, no? 🤔 I would personally just log this
| } | ||
|
|
||
| var ( | ||
| // Currently issuing TLS certs through LetsEncrypt |
There was a problem hiding this comment.
I am not sure we can state this in a generally available operator when ppl can inject any cert they want, right? 🤔
There was a problem hiding this comment.
I think ideally this should be checked if IssuerRef is set since it identifies the cert-manager Issuer used to issue certificate. But this isn't the case in v1 - NodeSecretRef is set but the certificates are signed by LetsEncrypt. Is there a way to get this dynamically? :thinking_face:
| ) | ||
|
|
||
| // ConsoleConfig is the config passed to the Redpanda Console app | ||
| type ConsoleConfig struct { |
There was a problem hiding this comment.
isn't there version of this config inside console so we can just import it as we do for redpanda via rpk?
There was a problem hiding this comment.
As discussed, I've added a comment about it - the config types in Console don't have Enterprise fields and we don't support all fields yet
alenkacz
left a comment
alenkacz
left a comment
There was a problem hiding this comment.
If the CI passes - LGTM
|
This fails on the entrypoint test because I mistakenly pushed this directly to upstream instead of in my fork. As discussed, I will create another PR on my fork, close this, and reference this PR on the new one so we can refer the conversations |
6 participants
Cover letter
Support installing Redpanda Console via the operator.
This PR supports the minimum configuration needed to install Console. The PR is huge to review already; other features (see below) will be done in follow up PRs to help in reviewing.
A minimal Console CR might look like:
This PR supports Console configs listed here. The following configs though will be supported in a follow up PR:
Redpandawhich enables Console to get exact Redpanda/Kafka versionConsolewhich enables topic documentation through gitKafka.ProtobufKafka.MessagepackSupport for mTLS Kafka API will also be in a follow up PR.
The Console controller will create the following resources:
And they all will be
ownedby the Console object. It also adds the following finalizers for cleanup:consoles.redpanda.vectorized.io/service-accountconsoles.redpanda.vectorized.io/aclThe controller implements a ThreadSafeStore which synchronize resources (mostly Secrets for TLS certs) across namespaces. This enables the controller to reference a
Clusterin different namespace from theConsoleCR.Updating the Console spec should change the ConfigMap mounted to Console Deployment. But K8s doesn't do a hot-reload of the Deployment. In order to recreate the Pods when spec changes, we are creating a new ConfigMap and applying it in the Deployment which should trigger a rollout. ConfigMaps are now set to immutable and old ones are deleted on the Console controller reconciliation.
Most of the controller logic are found at
pkg/consoledirectory.Ref