/
override.go
193 lines (172 loc) · 6.63 KB
/
override.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
// Copyright (c) 2022, 2023, Oracle and/or its affiliates.
// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
package fluentd
import (
"crypto/sha256"
"fmt"
"io/fs"
"os"
"github.com/verrazzano/verrazzano/pkg/bom"
globalconst "github.com/verrazzano/verrazzano/pkg/constants"
vzos "github.com/verrazzano/verrazzano/pkg/os"
"github.com/verrazzano/verrazzano/pkg/vzcr"
vzapi "github.com/verrazzano/verrazzano/platform-operator/apis/verrazzano/v1alpha1"
vzconst "github.com/verrazzano/verrazzano/platform-operator/constants"
"github.com/verrazzano/verrazzano/platform-operator/controllers/verrazzano/component/common"
"github.com/verrazzano/verrazzano/platform-operator/controllers/verrazzano/component/spi"
clipkg "sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/yaml"
)
const (
tmpFilePrefix = "verrazzano-fluentd-overrides-"
tmpSuffix = "yaml"
tmpFileCreatePattern = tmpFilePrefix + "*." + tmpSuffix
tmpFileCleanPattern = tmpFilePrefix + ".*\\." + tmpSuffix
)
type fluentdComponentValues struct {
Logging *loggingValues `json:"logging,omitempty"`
Fluentd *fluentdValues `json:"fluentd,omitempty"`
Monitoring *Monitoring `json:"monitoring,omitempty"`
}
type loggingValues struct {
Name string `json:"name,omitempty"`
OpenSearchURL string `json:"osURL,omitempty"`
CredentialsSecret string `json:"credentialsSecret,omitempty"`
ClusterName string `json:"clusterName"`
ConfigHash string `json:"configHash,omitempty"`
}
type fluentdValues struct {
Enabled bool `json:"enabled"` // Always write
ExtraVolumeMounts []volumeMount `json:"extraVolumeMounts,omitempty"`
OCI *ociLoggingSettings `json:"oci,omitempty"`
}
type volumeMount struct {
Source string `json:"source,omitempty"`
Destination string `json:"destination,omitempty"`
ReadOnly bool `json:"readOnly,omitempty"`
}
type ociLoggingSettings struct {
DefaultAppLogID string `json:"defaultAppLogId"`
SystemLogID string `json:"systemLogId"`
APISecret string `json:"apiSecret,omitempty"`
}
type Monitoring struct {
Enabled bool `json:"enabled,omitempty"`
UseIstioCerts bool `json:"useIstioCerts,omitempty"`
}
// appendOverrides appends the overrides for the component
func appendOverrides(ctx spi.ComponentContext, _ string, _ string, _ string, kvs []bom.KeyValue) ([]bom.KeyValue, error) {
effectiveCR := ctx.EffectiveCR()
// Overrides object to store any user overrides
overrides := fluentdComponentValues{}
// append any fluentd overrides
if err := appendFluentdOverrides(ctx.Client(), effectiveCR, &overrides); err != nil {
return kvs, err
}
// Write the overrides file to a temp dir and add a helm file override argument
overridesFileName, err := generateOverridesFile(ctx, &overrides)
if err != nil {
return kvs, ctx.Log().ErrorfNewErr("Failed generating Verrazzano overrides file: %v", err)
}
kvs = append(kvs, bom.KeyValue{Value: overridesFileName, IsFile: true})
return kvs, nil
}
func appendFluentdLogging(client clipkg.Client, fluentd *vzapi.FluentdComponent, overrides *fluentdComponentValues) error {
overrides.Logging = &loggingValues{}
registrationSecret, err := common.GetManagedClusterRegistrationSecret(client)
if err != nil {
return err
}
if registrationSecret == nil {
overrides.Logging.ConfigHash = HashSum(fluentd)
overrides.Logging.ClusterName = vzconst.MCLocalCluster
if len(fluentd.ElasticsearchURL) > 0 {
overrides.Logging.OpenSearchURL = fluentd.ElasticsearchURL
}
if len(fluentd.ElasticsearchSecret) > 0 {
overrides.Logging.CredentialsSecret = fluentd.ElasticsearchSecret
}
return nil
}
overrides.Logging.ConfigHash = HashSum(registrationSecret)
overrides.Logging.OpenSearchURL = string(registrationSecret.Data[vzconst.OpensearchURLData])
overrides.Logging.ClusterName = string(registrationSecret.Data[vzconst.ClusterNameData])
overrides.Logging.CredentialsSecret = vzconst.MCRegistrationSecret
return nil
}
func appendFluentdOverrides(client clipkg.Client, effectiveCR *vzapi.Verrazzano, overrides *fluentdComponentValues) error {
overrides.Fluentd = &fluentdValues{
Enabled: vzcr.IsFluentdEnabled(effectiveCR),
}
fluentd := effectiveCR.Spec.Components.Fluentd
if fluentd != nil {
if err := appendFluentdLogging(client, fluentd, overrides); err != nil {
return err
}
if len(fluentd.ExtraVolumeMounts) > 0 {
for _, vm := range fluentd.ExtraVolumeMounts {
dest := vm.Source
if vm.Destination != "" {
dest = vm.Destination
}
readOnly := true
if vm.ReadOnly != nil {
readOnly = *vm.ReadOnly
}
overrides.Fluentd.ExtraVolumeMounts = append(overrides.Fluentd.ExtraVolumeMounts,
volumeMount{Source: vm.Source, Destination: dest, ReadOnly: readOnly})
}
}
// Overrides for OCI Logging integration
if fluentd.OCI != nil {
overrides.Fluentd.OCI = &ociLoggingSettings{
DefaultAppLogID: fluentd.OCI.DefaultAppLogID,
SystemLogID: fluentd.OCI.SystemLogID,
APISecret: fluentd.OCI.APISecret,
}
}
}
// Force the override to be the internal ES secret if the legacy ES secret is being used.
// This may be the case during an upgrade from a version that was not using the ES internal password for Fluentd.
if overrides.Logging != nil {
if overrides.Logging.OpenSearchURL == globalconst.LegacyOpensearchSecretName {
overrides.Logging.CredentialsSecret = globalconst.VerrazzanoESInternal
}
}
overrides.Monitoring = &Monitoring{
Enabled: vzcr.IsPrometheusOperatorEnabled(effectiveCR),
UseIstioCerts: vzcr.IsIstioEnabled(effectiveCR),
}
return nil
}
func generateOverridesFile(ctx spi.ComponentContext, overrides *fluentdComponentValues) (string, error) {
bytes, err := yaml.Marshal(overrides)
if err != nil {
return "", err
}
file, err := os.CreateTemp(os.TempDir(), tmpFileCreatePattern)
if err != nil {
return "", err
}
overridesFileName := file.Name()
if err := writeFileFunc(overridesFileName, bytes, fs.ModeAppend); err != nil {
return "", err
}
ctx.Log().Debugf("Verrazzano install overrides file %s contents: %s", overridesFileName, string(bytes))
return overridesFileName, nil
}
// cleanTempFiles - Clean up the override temp files in the temp dir
func cleanTempFiles(ctx spi.ComponentContext) {
if err := vzos.RemoveTempFiles(ctx.Log().GetZapLogger(), tmpFileCleanPattern); err != nil {
ctx.Log().Errorf("Failed deleting temp files: %v", err)
}
}
// HashSum returns the hash sum of the config object
func HashSum(config interface{}) string {
sha := sha256.New()
if data, err := yaml.Marshal(config); err == nil {
sha.Write(data)
return fmt.Sprintf("%x", sha.Sum(nil))
}
return ""
}