NETOBSERV-1647: Do not load loki cert when loki disabled (#669)

* Do not load loki cert when loki disabled * Remove duplicated code adding volumes
netobserv · Jun 6, 2024 · bc0bcef · bc0bcef
1 parent bf5f147
commit bc0bcef
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 20 deletions.
diff --git a/controllers/consoleplugin/consoleplugin_objects.go b/controllers/consoleplugin/consoleplugin_objects.go
@@ -208,18 +208,6 @@ func (b *builder) podTemplate(cmDigest string) *corev1.PodTemplateSpec {
 		})
 	}
 
-	// ensure volumes are up to date
-	loki := b.info.Loki
-	if loki.TLS.Enable && !loki.TLS.InsecureSkipVerify {
-		b.volumes.AddCACertificate(&loki.TLS, "loki-certs")
-	}
-	if loki.StatusTLS.Enable && !loki.StatusTLS.InsecureSkipVerify {
-		b.volumes.AddMutualTLSCertificates(&loki.StatusTLS, "loki-status-certs")
-	}
-	if loki.UseHostToken() {
-		b.volumes.AddToken(constants.PluginName)
-	}
-
 	return &corev1.PodTemplateSpec{
 		ObjectMeta: metav1.ObjectMeta{
 			Labels: b.labels,

diff --git a/controllers/consoleplugin/consoleplugin_reconciler.go b/controllers/consoleplugin/consoleplugin_reconciler.go
@@ -104,13 +104,15 @@ func (r *CPReconciler) Reconcile(ctx context.Context, desired *flowslatest.FlowC
 			return err
 		}
 
-		// Watch for Loki certificates if necessary; we'll ignore in that case the returned digest, as we don't need to restart pods on cert rotation
-		// because certificate is always reloaded from file
-		if _, err = r.Watcher.ProcessCACert(ctx, r.Client, &r.Loki.TLS, r.Namespace); err != nil {
-			return err
-		}
-		if _, _, err = r.Watcher.ProcessMTLSCerts(ctx, r.Client, &r.Loki.StatusTLS, r.Namespace); err != nil {
-			return err
+		if helper.UseLoki(&desired.Spec) {
+			// Watch for Loki certificates if necessary; we'll ignore in that case the returned digest, as we don't need to restart pods on cert rotation
+			// because certificate is always reloaded from file
+			if _, err = r.Watcher.ProcessCACert(ctx, r.Client, &r.Loki.TLS, r.Namespace); err != nil {
+				return err
+			}
+			if _, _, err = r.Watcher.ProcessMTLSCerts(ctx, r.Client, &r.Loki.StatusTLS, r.Namespace); err != nil {
+				return err
+			}
 		}
 	} else {
 		// delete any existing owned object

diff --git a/controllers/consoleplugin/consoleplugin_test.go b/controllers/consoleplugin/consoleplugin_test.go
@@ -111,7 +111,9 @@ func getAutoScalerSpecs() (ascv2.HorizontalPodAutoscaler, flowslatest.FlowCollec
 
 func getBuilder(spec *flowslatest.FlowCollectorSpec, lk *helper.LokiConfig) builder {
 	info := reconcilers.Common{Namespace: testNamespace, Loki: lk}
-	return newBuilder(info.NewInstance(testImage, status.Instance{}), spec)
+	b := newBuilder(info.NewInstance(testImage, status.Instance{}), spec)
+	_, _, _ = b.configMap(context.Background()) // build configmap to update builder's volumes
+	return b
 }
 
 func TestContainerUpdateCheck(t *testing.T) {