Skip to content

Commit

Permalink
Automate certificate creation for observability (#494)
Browse files Browse the repository at this point in the history 
* add cert creation for observability

* Create selfsigned-cert.yaml

* add automatic self-signed cert creation

* add imports

* add custom cert for observability

* add certificate and private key types

* add certificate and privatekey to obs sample file

* move IssuerCertService into common

* issuer cert service

* OtelCollector constant

* add custom cert logic

* Update types.go

* Update types.go

* base64-encode certificate and private key

* add print to test to figure things out

* fix compilation errors

* compilation errors

* println to printf

* add logging to understand function

* Update csm_controller.go

* handle each component cert separately

* I think i fixed something

* Create otel-collector-custom-cert.yaml

* Update custom-cert

* make custom cert generic

* make component generic

* move to obs directory and edit obs component placeholder name

* move to obs folder and adjust placeholder names

* update placeholder name

* update placeholder name

* Update observability.go

* fix error check

* remove comma

* update map declaration

* fix map declaration

* compilation issues

* compilation error

* compilation errors

* compilation errors + code cleanup

* add error check

* add retry logic in applyobject

* add import

* bruh

* added unit test coverage to controllers

* generate/manifests/install

* added full unit test coverage of added code

* get rid of misc unneeded changes

* add cert and privatekey to obs

* add cert and privatekey

* add sample files

* add new e2e test scenarios

* add e2e test files

* fix lint

* fix linting

* update samples based on review
  • Loading branch information
@jooseppi-luna
jooseppi-luna authored Feb 23, 2024
1 parent a352688 commit edecb7a
Show file tree
Hide file tree
Showing 35 changed files with 2,377 additions and 82 deletions.
11 changes: 11 additions & 0 deletions api/v1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,9 @@ const (
// Topology - placeholder for constant topology
Topology ObservabilityComponentType = "topology"

// OtelCollector - placeholder for constant otel-collector
OtelCollector ObservabilityComponentType = "otel-collector"

// PowerFlex - placeholder for constant powerflex
PowerFlex DriverType = "powerflex"

Expand Down Expand Up @@ -364,6 +367,14 @@ type ContainerTemplate struct {
// DeployNodeAgent is to enable/disable node-agent services
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deploy node-agent for Application Mobility"
DeployNodeAgent bool `json:"deployNodeAgent,omitempty" yaml:"deployNodeAgent,omitempty"`

// Certificate is a certificate used for a certificate/private-key pair
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Certificate for certificate/private-key pair"
Certificate string `json:"certificate,omitempty" yaml:"certificate,omitempty"`

// PrivateKey is a private key used for a certificate/private-key pair
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Private key for certificate/private-key pair"
PrivateKey string `json:"privateKey,omitempty" yaml:"privateKey,omitempty"`
}

// SnapshotClass struct
Expand Down
24 changes: 24 additions & 0 deletions config/crd/bases/storage.dell.com_apexconnectivityclients.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -252,6 +256,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down Expand Up @@ -348,6 +356,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -535,6 +547,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down Expand Up @@ -617,6 +633,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -804,6 +824,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down
56 changes: 56 additions & 0 deletions config/crd/bases/storage.dell.com_containerstoragemodules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -256,6 +260,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down Expand Up @@ -339,6 +347,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -524,6 +536,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down Expand Up @@ -628,6 +644,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -815,6 +835,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down Expand Up @@ -895,6 +919,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -1080,6 +1108,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down Expand Up @@ -1165,6 +1197,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -1352,6 +1388,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down Expand Up @@ -1461,6 +1501,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -1650,6 +1694,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down Expand Up @@ -1746,6 +1794,10 @@ spec:
items:
type: string
type: array
certificate:
description: Certificate is a certificate used for a certificate/private-key
pair
type: string
commander:
description: Commander is the image tag for the Container
type: string
Expand Down Expand Up @@ -1935,6 +1987,10 @@ spec:
opaKubeMgmt:
description: OpaKubeMgmt is the image tag for the Container
type: string
privateKey:
description: PrivateKey is a private key used for a certificate/private-key
pair
type: string
proxyService:
description: ProxyService is the image tag for the Container
type: string
Expand Down
5 changes: 5 additions & 0 deletions controllers/csm_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -914,6 +914,11 @@ func (r *ContainerStorageModuleReconciler) reconcileObservability(ctx context.Co
}
}

// We are doing this separately after creating other components because the certificates rely on cert-manager being up
if err := modules.IssuerCertServiceObs(ctx, isDeleting, op, cr, ctrlClient); err != nil {
return fmt.Errorf("unable to deploy Certificate & Issuer for Observability: %v", err)
}

return nil
}

Expand Down
27 changes: 27 additions & 0 deletions controllers/csm_controller_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1396,6 +1396,7 @@ func (suite *CSMControllerTestSuite) TestReconcileObservabilityError() {
assert.NotNil(suite.T(), err)

for i := range csm.Spec.Modules[0].Components {
fmt.Printf("Component name: %s\n", csm.Spec.Modules[0].Components[i].Name)
csm.Spec.Modules[0].Components[i].Enabled = &[]bool{false}[0]
err = reconciler.reconcileObservability(ctx, false, badOperatorConfig, csm, nil, suite.fakeClient, suite.k8sClient)
if i < len(csm.Spec.Modules[0].Components)-1 {
Expand Down Expand Up @@ -1438,6 +1439,32 @@ func (suite *CSMControllerTestSuite) TestReconcileObservabilityErrorBadComponent
csm.Spec.Modules[0].Components = goodModules
}

func (suite *CSMControllerTestSuite) TestReconcileObservabilityErrorBadCert() {
csm := shared.MakeCSM(csmName, suite.namespace, configVersion)
csm.Spec.Modules = getObservabilityModule()
reconciler := suite.createReconciler()

goodModules := csm.Spec.Modules[0].Components
for index, component := range csm.Spec.Modules[0].Components {
if component.Name == "topology" {
csm.Spec.Modules[0].Components[index].Certificate = "bad-cert"
}
if component.Name == "metrics-powerscale" {
csm.Spec.Modules[0].Components[index].Enabled = &[]bool{false}[0]
}
if component.Name == "metrics-powerflex" {
csm.Spec.Modules[0].Components[index].Enabled = &[]bool{false}[0]
}
}

fmt.Printf("[TestReconcileObservabilityErrorBadCert] module components: %+v\n", csm.Spec.Modules[0].Components)

err := reconciler.reconcileObservability(ctx, false, operatorConfig, csm, nil, suite.fakeClient, suite.k8sClient)
assert.NotNil(suite.T(), err)

csm.Spec.Modules[0].Components = goodModules
}

func (suite *CSMControllerTestSuite) TestReconcileAuthorization() {
csm := shared.MakeCSM(csmName, suite.namespace, configVersion)
csm.Spec.Modules = getAuthProxyServer()
Expand Down
Loading

0 comments on commit edecb7a

Please sign in to comment.