Skip to content

Commit

Permalink
fix: handle multiple imagePullSecrets
Browse files Browse the repository at this point in the history
Signed-off-by: Todd Baert <todd.baert@dynatrace.com>
  • Loading branch information
toddbaert committed Jun 5, 2024
1 parent 2d7b30c commit 724fad4
Show file tree
Hide file tree
Showing 14 changed files with 94 additions and 43 deletions.
18 changes: 18 additions & 0 deletions .github/scripts/strip-kustomize-helm.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/bash

# This script is a hack to support helm flow control in kustomize overlays, which would otherwise break them.
# It allows us to render helm template bindings and add newlines.
# For instance, it transforms "__{{ .Value.myValue }}__" to {{ .Value.myValue }}.
# It also adds newlines wherever __newline__ is found.

CHARTS_DIR='./chart/open-feature-operator/templates';

echo 'Running strip-kustomize-helm.sh script'
filenames=`find $CHARTS_DIR -name "*.yaml"`
for file in $filenames; do
sed -i "s/__newline__/\\n/g" $file
sed -i "s/\"__//g" $file
sed -i "s/__\"//g" $file
sed -i "s/__//g" $file
done
echo 'Done running strip-kustomize-helm.sh script'
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,7 @@ set-helm-overlay:
helm-package: set-helm-overlay generate release-manifests helm
mkdir -p chart/open-feature-operator/templates/crds
mv chart/open-feature-operator/templates/*customresourcedefinition* chart/open-feature-operator/templates/crds
sh .github/scripts/strip-kustomize-helm.sh
$(HELM) package --version $(CHART_VERSION) chart/open-feature-operator
mkdir -p charts && mv open-feature-operator-*.tgz charts
$(HELM) repo index --url https://open-feature.github.io/open-feature-operator/charts charts
Expand Down
4 changes: 2 additions & 2 deletions chart/open-feature-operator/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
## @section Global
## @param defaultNamespace To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag.
defaultNamespace: open-feature-operator-system
## @param imagePullSecret Secret containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image).
imagePullSecret: ""
## @param imagePullSecrets Secret containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image).
imagePullSecrets: []

## @section Sidecar configuration
sidecarConfiguration:
Expand Down
Binary file added charts/open-feature-operator-v0.6.0.tgz
Binary file not shown.
10 changes: 5 additions & 5 deletions common/flagdproxy/flagdproxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,10 @@ type FlagdProxyConfiguration struct {
Tag string
Namespace string
OperatorDeploymentName string
ImagePullSecret string
ImagePullSecrets []string
}

func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecret string) *FlagdProxyConfiguration {
func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string) *FlagdProxyConfiguration {
return &FlagdProxyConfiguration{
Image: env.FlagdProxyImage,
Tag: env.FlagdProxyTag,
Expand All @@ -50,7 +50,7 @@ func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecret string) *Fl
Port: env.FlagdProxyPort,
ManagementPort: env.FlagdProxyManagementPort,
DebugLogging: env.FlagdProxyDebugLogging,
ImagePullSecret: imagePullSecret,
ImagePullSecrets: imagePullSecrets,
}
}

Expand Down Expand Up @@ -146,9 +146,9 @@ func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerRe
args = append(args, "--debug")
}
imagePullSecrets := []corev1.LocalObjectReference{}
if f.config.ImagePullSecret != "" {
for _, secret := range f.config.ImagePullSecrets {
imagePullSecrets = append(imagePullSecrets, corev1.LocalObjectReference{
Name: f.config.ImagePullSecret,
Name: secret,
})
}

Expand Down
24 changes: 12 additions & 12 deletions common/flagdproxy/flagdproxy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,22 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client/fake"
)

const pullSecret = "test-pullSecret"
var pullSecrets = []string{"test-pullSecret"}

func TestNewFlagdProxyConfiguration(t *testing.T) {

kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{
FlagdProxyPort: 8015,
FlagdProxyManagementPort: 8016,
}, pullSecret)
}, pullSecrets)

require.NotNil(t, kpConfig)
require.Equal(t, &FlagdProxyConfiguration{
Port: 8015,
ManagementPort: 8016,
DebugLogging: false,
OperatorDeploymentName: common.OperatorDeploymentName,
ImagePullSecret: pullSecret,
ImagePullSecrets: pullSecrets,
}, kpConfig)
}

Expand All @@ -48,7 +48,7 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
FlagdProxyDebugLogging: true,
}

kpConfig := NewFlagdProxyConfiguration(env, pullSecret)
kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

require.NotNil(t, kpConfig)
require.Equal(t, &FlagdProxyConfiguration{
Expand All @@ -59,12 +59,12 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
Tag: "my-tag",
Namespace: "my-namespace",
OperatorDeploymentName: common.OperatorDeploymentName,
ImagePullSecret: pullSecret,
ImagePullSecrets: pullSecrets,
}, kpConfig)
}

func TestNewFlagdProxyHandler(t *testing.T) {
kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecret)
kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets)

require.NotNil(t, kpConfig)

Expand Down Expand Up @@ -100,7 +100,7 @@ func TestDoesFlagdProxyExist(t *testing.T) {
},
}

kpConfig := NewFlagdProxyConfiguration(env, pullSecret)
kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

require.NotNil(t, kpConfig)

Expand Down Expand Up @@ -128,7 +128,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithBadVersion(t *testing
env := types.EnvConfig{
PodNamespace: "ns",
}
kpConfig := NewFlagdProxyConfiguration(env, pullSecret)
kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

require.NotNil(t, kpConfig)

Expand Down Expand Up @@ -187,7 +187,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithoutLabel(t *testing.T
env := types.EnvConfig{
PodNamespace: "ns",
}
kpConfig := NewFlagdProxyConfiguration(env, pullSecret)
kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

require.NotNil(t, kpConfig)

Expand Down Expand Up @@ -236,7 +236,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithNewestVersion(t *test
env := types.EnvConfig{
PodNamespace: "ns",
}
kpConfig := NewFlagdProxyConfiguration(env, pullSecret)
kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

require.NotNil(t, kpConfig)

Expand Down Expand Up @@ -280,7 +280,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
FlagdProxyManagementPort: 90,
FlagdProxyDebugLogging: true,
}
kpConfig := NewFlagdProxyConfiguration(env, pullSecret)
kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

require.NotNil(t, kpConfig)

Expand Down Expand Up @@ -362,7 +362,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
Spec: corev1.PodSpec{
ServiceAccountName: FlagdProxyServiceAccountName,
ImagePullSecrets: []corev1.LocalObjectReference{
{Name: pullSecret},
{Name: pullSecrets[0]},
},
Containers: []corev1.Container{
{
Expand Down
2 changes: 1 addition & 1 deletion config/manager/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: controller
newName: ghcr.io/openfeature/operator
newTag: latest
6 changes: 3 additions & 3 deletions config/overlays/helm/manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ spec:
replicas: 0{{ .Values.controllerManager.replicas }}
template:
spec:
imagePullSecrets:
- name: "{{ .Values.imagePullSecret }}"
# this is transformed by .github/scripts/strip-kustomize-helm.sh
__imagePullSecrets__: "__ __newline__{{ toYaml .Values.imagePullSecrets | indent 8 }}__"
containers:
- name: manager
image: "{{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag }}"
Expand Down Expand Up @@ -92,7 +92,7 @@ spec:
- --sidecar-ram-limit={{ .Values.sidecarConfiguration.resources.limits.memory }}
- --sidecar-cpu-request={{ .Values.sidecarConfiguration.resources.requests.cpu }}
- --sidecar-ram-request={{ .Values.sidecarConfiguration.resources.requests.memory }}
- --image-pull-secret={{ .Values.imagePullSecret }}
- --image-pull-secret={{ range .Values.imagePullSecrets }}{{ .name }},{{- end }}
- name: kube-rbac-proxy
image: "{{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag }}"
resources:
Expand Down
4 changes: 2 additions & 2 deletions controllers/core/featureflagsource/controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
testNamespace = "test-namespace"
fsConfigName = "test-config"
deploymentName = "test-deploy"
pullSecret = "test-pullsecret"
)
var pullSecrets = []string{"test-pullsecret"}

tests := []struct {
name string
Expand Down Expand Up @@ -93,7 +93,7 @@ func TestFeatureFlagSourceReconciler_Reconcile(t *testing.T) {
kpConfig := flagdproxy.NewFlagdProxyConfiguration(commontypes.EnvConfig{
FlagdProxyImage: "ghcr.io/open-feature/flagd-proxy",
FlagdProxyTag: flagdProxyTag,
}, pullSecret)
}, pullSecrets)

kpConfig.Namespace = testNamespace
kph := flagdproxy.NewFlagdProxyHandler(
Expand Down
16 changes: 8 additions & 8 deletions controllers/core/flagd/common/common.go
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
package resources

type FlagdConfiguration struct {
FlagdPort int
OFREPPort int
SyncPort int
ManagementPort int
DebugLogging bool
Image string
Tag string
ImagePullSecret string
FlagdPort int
OFREPPort int
SyncPort int
ManagementPort int
DebugLogging bool
Image string
Tag string
ImagePullSecrets []string

OperatorNamespace string
OperatorDeploymentName string
Expand Down
4 changes: 2 additions & 2 deletions controllers/core/flagd/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
resources "github.com/open-feature/open-feature-operator/controllers/core/flagd/common"
)

func NewFlagdConfiguration(env types.EnvConfig, imagePullSecret string) resources.FlagdConfiguration {
func NewFlagdConfiguration(env types.EnvConfig, imagePullSecrets []string) resources.FlagdConfiguration {
return resources.FlagdConfiguration{
Image: env.FlagdImage,
Tag: env.FlagdTag,
Expand All @@ -16,6 +16,6 @@ func NewFlagdConfiguration(env types.EnvConfig, imagePullSecret string) resource
SyncPort: env.FlagdSyncPort,
ManagementPort: env.FlagdManagementPort,
DebugLogging: env.FlagdDebugLogging,
ImagePullSecret: imagePullSecret,
ImagePullSecrets: imagePullSecrets,
}
}
4 changes: 2 additions & 2 deletions controllers/core/flagd/resources/deployment.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,9 @@ func (r *FlagdDeployment) GetResource(ctx context.Context, flagd *api.Flagd) (cl

featureFlagSource := &api.FeatureFlagSource{}
imagePullSecrets := []corev1.LocalObjectReference{}
if r.FlagdConfig.ImagePullSecret != "" {
for _, secret := range r.FlagdConfig.ImagePullSecrets {
imagePullSecrets = append(imagePullSecrets, corev1.LocalObjectReference{
Name: r.FlagdConfig.ImagePullSecret,
Name: secret,
})
}

Expand Down
32 changes: 32 additions & 0 deletions index.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
apiVersion: v1
entries:
open-feature-operator:
- annotations:
artifacthub.io/category: integration-delivery
artifacthub.io/links: |
- name: support
url: https://github.com/open-feature/open-feature-operator/issues
artifacthub.io/operator: "true"
apiVersion: v2
appVersion: v0.6.0
created: "2024-06-05T15:06:34.18946423-04:00"
description: A feature flag operator for Kubernetes
digest: 29b466e707892cfbc443377859117d9420c16b6c5deca4f5d8061797cb812622
home: https://openfeature.dev
icon: https://open-feature.github.io/open-feature-operator/chart/open-feature-operator/openfeature-logo.png
keywords:
- OpenFeature
- feature flags
- feature toggles
- OpenFeature Operator
- open feature
- open feature operator
- OFO
name: open-feature-operator
sources:
- https://github.com/open-feature/open-feature-operator
type: application
urls:
- https://open-feature.github.io/open-feature-operator/charts/open-feature-operator-v0.6.0.tgz
version: v0.6.0
generated: "2024-06-05T15:06:34.188535112-04:00"
12 changes: 6 additions & 6 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"fmt"
"log"
"os"
"strings"

"github.com/kelseyhightower/envconfig"
corev1beta1 "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
Expand Down Expand Up @@ -66,7 +67,7 @@ const (
sidecarCpuRequestDefault = "0.2"
sidecarRamRequestDefault = "32M"
imagePullSecretFlagName = "image-pull-secret"
imagePullSecretDefault = ""
imagePullSecretFlagDefault = ""
)

var (
Expand All @@ -77,7 +78,7 @@ var (
probeAddr string
verbose bool
sidecarCpuLimit, sidecarRamLimit, sidecarCpuRequest, sidecarRamRequest string
imagePullSecret string
imagePullSecrets string
)

func init() {
Expand Down Expand Up @@ -105,8 +106,7 @@ func main() {
flag.StringVar(&sidecarRamLimit, sidecarRamLimitFlagName, sidecarRamLimitDefault, "sidecar memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)")
flag.StringVar(&sidecarCpuRequest, sidecarCpuRequestFlagName, sidecarCpuRequestDefault, "sidecar CPU minimum, in cores. (500m = .5 cores)")
flag.StringVar(&sidecarRamRequest, sidecarRamRequestFlagName, sidecarRamRequestDefault, "sidecar memory minimum, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)")

flag.StringVar(&imagePullSecret, imagePullSecretFlagName, imagePullSecretDefault, "secret containing credentials to pull images.")
flag.StringVar(&imagePullSecrets, imagePullSecretFlagName, imagePullSecretFlagDefault, "Secrets containing credentials to pull images.")

flag.Parse()

Expand Down Expand Up @@ -183,7 +183,7 @@ func main() {
}

kph := flagdproxy.NewFlagdProxyHandler(
flagdproxy.NewFlagdProxyConfiguration(env, imagePullSecret),
flagdproxy.NewFlagdProxyConfiguration(env, strings.Split(imagePullSecrets, ",")),
mgr.GetClient(),
ctrl.Log.WithName("FeatureFlagSource FlagdProxyHandler"),
)
Expand Down Expand Up @@ -215,7 +215,7 @@ func main() {
Scheme: mgr.GetScheme(),
Log: flagdControllerLogger,
}
flagdConfig := flagd.NewFlagdConfiguration(env, imagePullSecret)
flagdConfig := flagd.NewFlagdConfiguration(env, strings.Split(imagePullSecrets, ","))

if err = (&flagd.FlagdReconciler{
Client: mgr.GetClient(),
Expand Down

0 comments on commit 724fad4

Please sign in to comment.