Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature][Add] Secrets generation by the Operator #391

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
Open

[Feature][Add] Secrets generation by the Operator #391

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
37d804b
add Generated Secrets - api+manifest+deepcopy
shubham-cmyk Nov 30, 2022
e3d2e80
Merge branch 'master' into secretsGen
shubham-cmyk Nov 30, 2022
d59c594
add Generated Secrets - generateSecrets()
shubham-cmyk Nov 30, 2022
6d134bb
go Mod tidy
shubham-cmyk Nov 30, 2022
3e1a383
add Requeue time
shubham-cmyk Dec 2, 2022
1aea3c0
update generated secrets
shubham-cmyk Dec 8, 2022
033f01d
Merge branch 'master' into secretsGen
shubham-cmyk Dec 31, 2022
12181cb
add owner Reference
shubham-cmyk Jan 17, 2023
3498d19
temp commit
shubham-cmyk Jan 17, 2023
ac36a0a
make code modular
shubham-cmyk Jan 17, 2023
c1476d2
add Examples
shubham-cmyk Jan 17, 2023
05e6fdf
secrets
shubham-cmyk Jan 17, 2023
f55f2a8
update
shubham-cmyk Jan 17, 2023
d5458ec
change encoding
shubham-cmyk Jan 17, 2023
84dff5a
update example
shubham-cmyk Jan 17, 2023
75c3e4c
refactor code
shubham-cmyk Jan 18, 2023
1707146
add default key
shubham-cmyk Jan 18, 2023
8f19e61
Merge branch 'master' into secretsGen
shubham-cmyk Jan 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 19 additions & 7 deletions api/v1beta1/common_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,19 @@ import (

// KubernetesConfig will be the JSON struct for Basic Redis Config
type KubernetesConfig struct {
Image string `json:"image"`
ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
ExistingPasswordSecret *ExistingPasswordSecret `json:"redisSecret,omitempty"`
ImagePullSecrets *[]corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
UpdateStrategy appsv1.StatefulSetUpdateStrategy `json:"updateStrategy,omitempty"`
Service *ServiceConfig `json:"service,omitempty"`
Image string `json:"image"`
ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
ExistOrGenerateSecret *ExistOrGenerateSecrets `json:"redisSecret,omitempty"`
ImagePullSecrets *[]corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
shubham-cmyk marked this conversation as resolved.
Show resolved Hide resolved
UpdateStrategy appsv1.StatefulSetUpdateStrategy `json:"updateStrategy,omitempty"`
Service *ServiceConfig `json:"service,omitempty"`
}

// +kubebuilder:validation:MaxProperties=1
type ExistOrGenerateSecrets struct {
ExistingPasswordSecret *ExistingPasswordSecret `json:"existRedisSecret,omitempty"`
GeneratePasswordSecret *GeneratePassword `json:"generatePasswordSecret,omitempty"`
}

// ServiceConfig define the type of service to be created and its annotations
Expand All @@ -50,6 +56,12 @@ type ExistingPasswordSecret struct {
Key *string `json:"key,omitempty"`
}

type GeneratePassword struct {
Name *string `json:"name"`
Key *string `json:"key,omitempty"`
NameSpace []string `json:"namespace,omitempty"`
}

// Storage is the inteface to add pvc and pv support in redis
type Storage struct {
VolumeClaimTemplate corev1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"`
Expand Down
61 changes: 58 additions & 3 deletions api/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

29 changes: 23 additions & 6 deletions config/crd/bases/redis.redis.opstreelabs.in_redis.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -957,13 +957,30 @@ spec:
type: object
type: array
redisSecret:
description: ExistingPasswordSecret is the struct to access the
existing secret
maxProperties: 1
properties:
key:
type: string
name:
type: string
existRedisSecret:
description: ExistingPasswordSecret is the struct to access
the existing secret
properties:
key:
type: string
name:
type: string
type: object
generatePasswordSecret:
properties:
key:
type: string
name:
type: string
namespace:
items:
type: string
type: array
required:
- name
type: object
type: object
resources:
description: ResourceRequirements describes the compute resource
Expand Down
29 changes: 23 additions & 6 deletions config/crd/bases/redis.redis.opstreelabs.in_redisclusters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,13 +155,30 @@ spec:
type: object
type: array
redisSecret:
description: ExistingPasswordSecret is the struct to access the
existing secret
maxProperties: 1
properties:
key:
type: string
name:
type: string
existRedisSecret:
description: ExistingPasswordSecret is the struct to access
the existing secret
properties:
key:
type: string
name:
type: string
type: object
generatePasswordSecret:
properties:
key:
type: string
name:
type: string
namespace:
items:
type: string
type: array
required:
- name
type: object
type: object
resources:
description: ResourceRequirements describes the compute resource
Expand Down
8 changes: 8 additions & 0 deletions controllers/redis_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,14 @@ func (r *RedisReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
return ctrl.Result{}, err
}

if instance.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret != nil {
err = k8sutils.GenerateSecrets(*instance.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.Name, instance.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.NameSpace, instance.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.Key)
if err != nil {
reqLogger.Error(err, "Failed to create the Secrets")
return ctrl.Result{RequeueAfter: time.Second * 10}, err
}
}

err = k8sutils.CreateStandaloneRedis(instance)
if err != nil {
return ctrl.Result{}, err
Expand Down
8 changes: 8 additions & 0 deletions controllers/rediscluster_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,14 @@ func (r *RedisClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request
return ctrl.Result{RequeueAfter: time.Second * 60}, err
}

if instance.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret != nil {
err = k8sutils.GenerateSecrets(*instance.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.Name, instance.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.NameSpace, instance.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.Key)
if err != nil {
reqLogger.Error(err, "Failed to create the Secrets")
return ctrl.Result{RequeueAfter: time.Second * 10}, err
}
}

err = k8sutils.CreateRedisLeader(instance)
if err != nil {
return ctrl.Result{RequeueAfter: time.Second * 60}, err
Expand Down
44 changes: 44 additions & 0 deletions example/generated_secrets/redis-cluster.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
apiVersion: redis.redis.opstreelabs.in/v1beta1
kind: RedisCluster
metadata:
name: shubham
shubham-cmyk marked this conversation as resolved.
Show resolved Hide resolved
spec:
clusterSize: 3
clusterVersion: v7
persistenceEnabled: true
securityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v7.0.5
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 101m
memory: 128Mi
limits:
cpu: 101m
memory: 128Mi
# redisSecret:
# name: shubham
# key: random
redisExporter:
enabled: false
image: quay.io/opstree/redis-exporter:v1.44.0
imagePullPolicy: Always
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 100m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
# storageClassName: standard
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ require (
github.com/banzaicloud/k8s-objectmatcher v1.7.0
github.com/go-logr/logr v1.2.2
github.com/go-redis/redis v6.15.9+incompatible
github.com/google/uuid v1.3.0
github.com/onsi/ginkgo v1.16.5
github.com/onsi/gomega v1.17.0
k8s.io/api v0.23.0
Expand Down Expand Up @@ -35,7 +36,6 @@ require (
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-cmp v0.5.5 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/google/uuid v1.1.2 // indirect
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/json-iterator/go v1.1.12 // indirect
Expand Down
3 changes: 2 additions & 1 deletion go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,8 +260,9 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
Expand Down
15 changes: 11 additions & 4 deletions k8sutils/redis-cluster.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,18 @@ func generateRedisClusterContainerParams(cr *redisv1beta1.RedisCluster, readines
AdditionalVolume: cr.Spec.Storage.VolumeMount.Volume,
AdditionalMountPath: cr.Spec.Storage.VolumeMount.MountPath,
}
if cr.Spec.KubernetesConfig.ExistingPasswordSecret != nil {
switch true {
case cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret != nil:
containerProp.EnabledPassword = &trueProperty
containerProp.SecretName = cr.Spec.KubernetesConfig.ExistingPasswordSecret.Name
containerProp.SecretKey = cr.Spec.KubernetesConfig.ExistingPasswordSecret.Key
} else {
containerProp.SecretName = cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Name
containerProp.SecretKey = cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Key

case cr.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret != nil:
containerProp.EnabledPassword = &trueProperty
containerProp.SecretName = cr.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.Name
containerProp.SecretKey = cr.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.Key

default:
containerProp.EnabledPassword = &falseProperty
}
if cr.Spec.RedisExporter != nil {
Expand Down
15 changes: 11 additions & 4 deletions k8sutils/redis-standalone.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,11 +108,18 @@ func generateRedisStandaloneContainerParams(cr *redisv1beta1.Redis) containerPar
AdditionalVolume: cr.Spec.Storage.VolumeMount.Volume,
AdditionalMountPath: cr.Spec.Storage.VolumeMount.MountPath,
}
if cr.Spec.KubernetesConfig.ExistingPasswordSecret != nil {
switch true {
case cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret != nil:
containerProp.EnabledPassword = &trueProperty
containerProp.SecretName = cr.Spec.KubernetesConfig.ExistingPasswordSecret.Name
containerProp.SecretKey = cr.Spec.KubernetesConfig.ExistingPasswordSecret.Key
} else {
containerProp.SecretName = cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Name
containerProp.SecretKey = cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Key

case cr.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret != nil:
containerProp.EnabledPassword = &trueProperty
containerProp.SecretName = cr.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.Name
containerProp.SecretKey = cr.Spec.KubernetesConfig.ExistOrGenerateSecret.GeneratePasswordSecret.Key

default:
containerProp.EnabledPassword = &falseProperty
}
if cr.Spec.RedisExporter != nil {
Expand Down
12 changes: 6 additions & 6 deletions k8sutils/redis.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,8 +103,8 @@ func ExecuteRedisClusterCommand(cr *redisv1beta1.RedisCluster) {
cmd = CreateMultipleLeaderRedisCommand(cr)
}

if cr.Spec.KubernetesConfig.ExistingPasswordSecret != nil {
pass, err := getRedisPassword(cr.Namespace, *cr.Spec.KubernetesConfig.ExistingPasswordSecret.Name, *cr.Spec.KubernetesConfig.ExistingPasswordSecret.Key)
if cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret != nil {
pass, err := getRedisPassword(cr.Namespace, *cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Name, *cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Key)
if err != nil {
logger.Error(err, "Error in getting redis password")
}
Expand Down Expand Up @@ -141,8 +141,8 @@ func createRedisReplicationCommand(cr *redisv1beta1.RedisCluster, leaderPod Redi
}
cmd = append(cmd, "--cluster-slave")

if cr.Spec.KubernetesConfig.ExistingPasswordSecret != nil {
pass, err := getRedisPassword(cr.Namespace, *cr.Spec.KubernetesConfig.ExistingPasswordSecret.Name, *cr.Spec.KubernetesConfig.ExistingPasswordSecret.Key)
if cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret != nil {
pass, err := getRedisPassword(cr.Namespace, *cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Name, *cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Key)
if err != nil {
logger.Error(err, "Error in getting redis password")
}
Expand Down Expand Up @@ -313,8 +313,8 @@ func configureRedisClient(cr *redisv1beta1.RedisCluster, podName string) *redis.
}
var client *redis.Client

if cr.Spec.KubernetesConfig.ExistingPasswordSecret != nil {
pass, err := getRedisPassword(cr.Namespace, *cr.Spec.KubernetesConfig.ExistingPasswordSecret.Name, *cr.Spec.KubernetesConfig.ExistingPasswordSecret.Key)
if cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret != nil {
pass, err := getRedisPassword(cr.Namespace, *cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Name, *cr.Spec.KubernetesConfig.ExistOrGenerateSecret.ExistingPasswordSecret.Key)
if err != nil {
logger.Error(err, "Error in getting redis password")
}
Expand Down
Loading