Fix olm-based deployments on openshift (grafana#96)

periklis · Oct 18, 2021 · ea71e0d · ea71e0d
1 parent 361ba12
commit ea71e0d
Show file tree

Hide file tree

Showing 22 changed files with 246 additions and 114 deletions.
diff --git a/api/v1beta1/lokistack_types.go b/api/v1beta1/lokistack_types.go
@@ -564,6 +564,8 @@ const (
 	ReasonInvalidGatewayTenantSecret LokiStackConditionReason = "InvalidGatewayTenantSecret"
 	// ReasonInvalidTenantsConfiguration when the tenant configuration provided is invalid.
 	ReasonInvalidTenantsConfiguration LokiStackConditionReason = "InvalidTenantsConfiguration"
+	// ReasonMissingGatewayOpenShiftBaseDomain when the reconciler cannot lookup the OpenShift DNS base domain.
+	ReasonMissingGatewayOpenShiftBaseDomain LokiStackConditionReason = "MissingGatewayOpenShiftBaseDomain"
 )
 
 // PodStatusMap defines the type for mapping pod status to pod name.
@@ -600,12 +602,19 @@ type LokiStackComponentStatus struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors="urn:alm:descriptor:com.tectonic.ui:podStatuses",displayName="Querier",order=3
 	Querier PodStatusMap `json:"querier,omitempty"`
 
-	// QueryFrontend is a mpa to the per pod status of the query frontend deployment.
+	// QueryFrontend is a map to the per pod status of the query frontend deployment.
 	//
 	// +optional
 	// +kubebuilder:validation:Optional
 	// +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors="urn:alm:descriptor:com.tectonic.ui:podStatuses",displayName="Query Frontend",order=4
 	QueryFrontend PodStatusMap `json:"queryFrontend,omitempty"`
+
+	// Gateway is a map to the per pod status of the lokistack gateway deployment.
+	//
+	// +optional
+	// +kubebuilder:validation:Optional
+	// +operator-sdk:csv:customresourcedefinitions:type=status,xDescriptors="urn:alm:descriptor:com.tectonic.ui:podStatuses",displayName="Gateway",order=5
+	Gateway PodStatusMap `json:"gateway,omitempty"`
 }
 
 // LokiStackStatus defines the observed state of LokiStack
@@ -631,7 +640,7 @@ type LokiStackStatus struct {
 
 // LokiStack is the Schema for the lokistacks API
 //
-// +operator-sdk:csv:customresourcedefinitions:displayName="LokiStack",resources={{Deployment,v1},{StatefulSet,v1},{ConfigMap,v1},{Service,v1},{PersistentVolumeClaims,v1},{ServiceMonitor,v1}}
+// +operator-sdk:csv:customresourcedefinitions:displayName="LokiStack",resources={{Deployment,v1},{StatefulSet,v1},{ConfigMap,v1},{Ingress,v1},{Service,v1},{ServiceAccount,v1},{PersistentVolumeClaims,v1},{Route,v1},{ServiceMonitor,v1}}
 type LokiStack struct {
 	Spec              LokiStackSpec   `json:"spec,omitempty"`
 	Status            LokiStackStatus `json:"status,omitempty"`

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/loki-operator.clusterserviceversion.yaml b/bundle/manifests/loki-operator.clusterserviceversion.yaml
@@ -62,12 +62,21 @@ spec:
       - kind: Deployment
         name: ""
         version: v1
+      - kind: Ingress
+        name: ""
+        version: v1
       - kind: PersistentVolumeClaims
         name: ""
         version: v1
+      - kind: Route
+        name: ""
+        version: v1
       - kind: Service
         name: ""
         version: v1
+      - kind: ServiceAccount
+        name: ""
+        version: v1
       - kind: ServiceMonitor
         name: ""
         version: v1
@@ -370,7 +379,7 @@ spec:
         path: components.querier
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:podStatuses
-      - description: QueryFrontend is a mpa to the per pod status of the query frontend
+      - description: QueryFrontend is a map to the per pod status of the query frontend
           deployment.
         displayName: Query Frontend
         path: components.queryFrontend
@@ -381,6 +390,12 @@ spec:
         path: components.compactor
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:podStatuses
+      - description: Gateway is a map to the per pod status of the lokistack gateway
+          deployment.
+        displayName: Gateway
+        path: components.gateway
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:podStatuses
       - description: Conditions of the Loki deployment health.
         displayName: Conditions
         path: conditions
@@ -411,6 +426,7 @@ spec:
           - endpoints
           - nodes
           - pods
+          - serviceaccounts
           - services
           verbs:
           - create
@@ -441,6 +457,14 @@ spec:
           - patch
           - update
           - watch
+        - apiGroups:
+          - config.openshift.io
+          resources:
+          - dnses
+          verbs:
+          - get
+          - list
+          - watch
         - apiGroups:
           - coordination.k8s.io
           resources:
@@ -485,6 +509,16 @@ spec:
           - list
           - update
           - watch
+        - apiGroups:
+          - networking.k8s.io
+          resources:
+          - ingresses
+          verbs:
+          - create
+          - get
+          - list
+          - update
+          - watch
         - apiGroups:
           - rbac.authorization.k8s.io
           resources:
@@ -498,6 +532,16 @@ spec:
           - patch
           - update
           - watch
+        - apiGroups:
+          - route.openshift.io
+          resources:
+          - routes
+          verbs:
+          - create
+          - get
+          - list
+          - update
+          - watch
         - apiGroups:
           - authentication.k8s.io
           resources:

diff --git a/bundle/manifests/loki.openshift.io_lokistacks.yaml b/bundle/manifests/loki.openshift.io_lokistacks.yaml
@@ -767,6 +767,14 @@ spec:
                     description: Distributor is a map to the per pod status of the
                       distributor deployment
                     type: object
+                  gateway:
+                    additionalProperties:
+                      items:
+                        type: string
+                      type: array
+                    description: Gateway is a map to the per pod status of the lokistack
+                      gateway deployment.
+                    type: object
                   ingester:
                     additionalProperties:
                       items:
@@ -788,7 +796,7 @@ spec:
                       items:
                         type: string
                       type: array
-                    description: QueryFrontend is a mpa to the per pod status of the
+                    description: QueryFrontend is a map to the per pod status of the
                       query frontend deployment.
                     type: object
                 type: object

diff --git a/config/crd/bases/loki.openshift.io_lokistacks.yaml b/config/crd/bases/loki.openshift.io_lokistacks.yaml
@@ -565,6 +565,13 @@ spec:
                       type: array
                     description: Distributor is a map to the per pod status of the distributor deployment
                     type: object
+                  gateway:
+                    additionalProperties:
+                      items:
+                        type: string
+                      type: array
+                    description: Gateway is a map to the per pod status of the lokistack gateway deployment.
+                    type: object
                   ingester:
                     additionalProperties:
                       items:
@@ -584,7 +591,7 @@ spec:
                       items:
                         type: string
                       type: array
-                    description: QueryFrontend is a mpa to the per pod status of the query frontend deployment.
+                    description: QueryFrontend is a map to the per pod status of the query frontend deployment.
                     type: object
                 type: object
               conditions:

diff --git a/config/manifests/bases/loki-operator.clusterserviceversion.yaml b/config/manifests/bases/loki-operator.clusterserviceversion.yaml
@@ -41,12 +41,21 @@ spec:
       - kind: Deployment
         name: ""
         version: v1
+      - kind: Ingress
+        name: ""
+        version: v1
       - kind: PersistentVolumeClaims
         name: ""
         version: v1
+      - kind: Route
+        name: ""
+        version: v1
       - kind: Service
         name: ""
         version: v1
+      - kind: ServiceAccount
+        name: ""
+        version: v1
       - kind: ServiceMonitor
         name: ""
         version: v1
@@ -349,7 +358,7 @@ spec:
         path: components.querier
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:podStatuses
-      - description: QueryFrontend is a mpa to the per pod status of the query frontend
+      - description: QueryFrontend is a map to the per pod status of the query frontend
           deployment.
         displayName: Query Frontend
         path: components.queryFrontend
@@ -360,6 +369,12 @@ spec:
         path: components.compactor
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:podStatuses
+      - description: Gateway is a map to the per pod status of the lokistack gateway
+          deployment.
+        displayName: Gateway
+        path: components.gateway
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:podStatuses
       - description: Conditions of the Loki deployment health.
         displayName: Conditions
         path: conditions

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -13,6 +13,7 @@ rules:
   - endpoints
   - nodes
   - pods
+  - serviceaccounts
   - services
   verbs:
   - create
@@ -43,6 +44,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - dnses
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -87,6 +96,16 @@ rules:
   - list
   - update
   - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:
@@ -100,3 +119,13 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
diff --git a/controllers/lokistack_controller.go b/controllers/lokistack_controller.go
@@ -76,30 +76,26 @@ var (
 	})
 )
 
-// LokiStackReconcilerConfig represents a set of
-// configuration options to setup the reconciler.
-type LokiStackReconcilerConfig struct {
-	Host  string
-	Flags manifests.FeatureFlags
-}
-
 // LokiStackReconciler reconciles a LokiStack object
 type LokiStackReconciler struct {
 	client.Client
 	Log    logr.Logger
 	Scheme *runtime.Scheme
-	Config LokiStackReconcilerConfig
+	Flags  manifests.FeatureFlags
 }
 
 // +kubebuilder:rbac:groups=loki.openshift.io,resources=lokistacks,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=loki.openshift.io,resources=lokistacks/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=loki.openshift.io,resources=lokistacks/finalizers,verbs=update
-// +kubebuilder:rbac:groups="",resources=pods;nodes;services;endpoints;configmaps,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=pods;nodes;services;endpoints;configmaps;serviceaccounts,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 // +kubebuilder:rbac:groups=apps,resources=deployments;statefulsets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings;clusterroles,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;list;watch;create;update
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;create;update
+// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update
+// +kubebuilder:rbac:groups=config.openshift.io,resources=dnses,verbs=get;list;watch
+// +kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=get;list;watch;create;update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
@@ -123,7 +119,7 @@ func (r *LokiStackReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		return ctrl.Result{}, nil
 	}
 
-	err = handlers.CreateOrUpdateLokiStack(ctx, req, r.Client, r.Scheme, r.Config.Host, r.Config.Flags)
+	err = handlers.CreateOrUpdateLokiStack(ctx, req, r.Client, r.Scheme, r.Flags)
 	if err != nil {
 		return ctrl.Result{
 			Requeue:      true,

diff --git a/internal/handlers/internal/gateway/base_domain.go b/internal/handlers/internal/gateway/base_domain.go
@@ -0,0 +1,36 @@
+package gateway
+
+import (
+	"context"
+
+	"github.com/ViaQ/logerr/kverrors"
+	lokiv1beta1 "github.com/ViaQ/loki-operator/api/v1beta1"
+	"github.com/ViaQ/loki-operator/internal/external/k8s"
+	"github.com/ViaQ/loki-operator/internal/status"
+	configv1 "github.com/openshift/api/config/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// GetOpenShiftBaseDomain returns the cluster DNS base domain on OpenShift
+// clusters to auto-create redirect URLs for OpenShift Auth or an error.
+// If the config.openshift.io/DNS object is not found the whole lokistack
+// resoure is set to a degraded state.
+func GetOpenShiftBaseDomain(ctx context.Context, k k8s.Client, req ctrl.Request) (string, error) {
+	var cluster configv1.DNS
+	key := client.ObjectKey{Name: "cluster"}
+	if err := k.Get(ctx, key, &cluster); err != nil {
+
+		if apierrors.IsNotFound(err) {
+			return "", status.SetDegradedCondition(ctx, k, req,
+				"Missing cluster DNS configuration to read base domain",
+				lokiv1beta1.ReasonMissingGatewayOpenShiftBaseDomain,
+			)
+		}
+		return "", kverrors.Wrap(err, "failed to lookup lokistack gateway base domain",
+			"name", key)
+	}
+
+	return cluster.Spec.BaseDomain, nil
+}