Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(deploy): separate -storage and -db pods #923

Open
wants to merge 19 commits into
base: split-deployment
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions api/v1beta2/cryostat_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,18 @@ const (
ConditionTypeMainDeploymentProgressing CryostatConditionType = "MainDeploymentProgressing"
// If pods within the main Cryostat deployment failed to be created or destroyed.
ConditionTypeMainDeploymentReplicaFailure CryostatConditionType = "MainDeploymentReplicaFailure"
// If enabled, whether the database deployment is available.
ConditionTypeDatabaseDeploymentAvailable CryostatConditionType = "DatabaseDeploymentAvailable"
// If enabled, whether the database deployment is progressing.
ConditionTypeDatabaseDeploymentProgressing CryostatConditionType = "DatabaseDeploymentProgressing"
// If enabled, whether pods in the database deployment failed to be created or destroyed.
ConditionTypeDatabaseDeploymentReplicaFailure CryostatConditionType = "DatabaseDeploymentReplicaFailure"
// If enabled, whether the storage deployment is available.
ConditionTypeStorageDeploymentAvailable CryostatConditionType = "StorageDeploymentAvailable"
// If enabled, whether the storage deployment is progressing.
ConditionTypeStorageDeploymentProgressing CryostatConditionType = "StorageDeploymentProgressing"
// If enabled, whether pods in the storage deployment failed to be created or destroyed.
ConditionTypeStorageDeploymentReplicaFailure CryostatConditionType = "StorageDeploymentReplicaFailure"
// If enabled, whether the reports deployment is available.
ConditionTypeReportsDeploymentAvailable CryostatConditionType = "ReportsDeploymentAvailable"
// If enabled, whether the reports deployment is progressing.
Expand Down Expand Up @@ -310,6 +322,26 @@ type ReportsServiceConfig struct {
ServiceConfig `json:",inline"`
}

// DatabaseServiceConfig provides customization for the service handling
// traffic for the cryostat application's database.
type DatabaseServiceConfig struct {
// HTTP port number for the cryostat application's database.
// Defaults to 5432.
// +optional
HTTPPort *int32 `json:"httpPort,omitempty"`
ServiceConfig `json:",inline"`
}

// DatabaseServiceConfig provides customization for the service handling
// traffic for the storage to be created by the operator.
type StorageServiceConfig struct {
// HTTP port number for the storage to be created by the operator.
// Defaults to 8333.
// +optional
HTTPPort *int32 `json:"httpPort,omitempty"`
ServiceConfig `json:",inline"`
}

// AgentServiceConfig provides customization for the service handling
// traffic from Cryostat agents to the Cryostat application.
type AgentServiceConfig struct {
Expand All @@ -329,6 +361,12 @@ type ServiceConfigList struct {
// Specification for the service responsible for the cryostat-reports sidecars.
// +optional
ReportsConfig *ReportsServiceConfig `json:"reportsConfig,omitempty"`
// Specification for the service responsible for the cryostat application's database.
// +optional
DatabaseConfig *DatabaseServiceConfig `json:"databaseConfig,omitempty"`
// Specification for the service responsible for the storage to be created by the operator.
// +optional
StorageConfig *StorageServiceConfig `json:"storageConfig,omitempty"`
// Specification for the service responsible for agents to communicate with Cryostat.
// +optional
AgentConfig *AgentServiceConfig `json:"agentConfig,omitempty"`
Expand Down
52 changes: 52 additions & 0 deletions api/v1beta2/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ metadata:
capabilities: Seamless Upgrades
categories: Monitoring, Developer Tools
containerImage: quay.io/cryostat/cryostat-operator:4.0.0-dev
createdAt: "2024-10-10T18:16:26Z"
createdAt: "2024-11-05T19:41:16Z"
description: JVM monitoring and profiling tool
operatorframework.io/initialization-resource: |-
{
Expand Down Expand Up @@ -1024,6 +1024,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.annotations['olm.targetNamespaces']
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/cryostat/cryostat-operator:4.0.0-dev
imagePullPolicy: Always
livenessProbe:
Expand Down
56 changes: 56 additions & 0 deletions bundle/manifests/operator.cryostat.io_cryostats.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9185,6 +9185,34 @@ spec:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
databaseConfig:
description: Specification for the service responsible for the
cryostat application's database.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to add to the service during its
creation.
type: object
httpPort:
description: |-
HTTP port number for the cryostat application's database.
Defaults to 5432.
format: int32
type: integer
labels:
additionalProperties:
type: string
description: |-
Labels to add to the service during its creation.
The labels with keys "app" and "component" are reserved
for use by the operator.
type: object
serviceType:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
reportsConfig:
description: Specification for the service responsible for the
cryostat-reports sidecars.
Expand Down Expand Up @@ -9213,6 +9241,34 @@ spec:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
storageConfig:
description: Specification for the service responsible for the
storage to be created by the operator.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to add to the service during its
creation.
type: object
httpPort:
description: |-
HTTP port number for the storage to be created by the operator.
Defaults to 8333.
format: int32
type: integer
labels:
additionalProperties:
type: string
description: |-
Labels to add to the service during its creation.
The labels with keys "app" and "component" are reserved
for use by the operator.
type: object
serviceType:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
type: object
storageOptions:
description: Options to customize the storage provisioned for the
Expand Down
56 changes: 56 additions & 0 deletions config/crd/bases/operator.cryostat.io_cryostats.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9172,6 +9172,34 @@ spec:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
databaseConfig:
description: Specification for the service responsible for the
cryostat application's database.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to add to the service during its
creation.
type: object
httpPort:
description: |-
HTTP port number for the cryostat application's database.
Defaults to 5432.
format: int32
type: integer
labels:
additionalProperties:
type: string
description: |-
Labels to add to the service during its creation.
The labels with keys "app" and "component" are reserved
for use by the operator.
type: object
serviceType:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
reportsConfig:
description: Specification for the service responsible for the
cryostat-reports sidecars.
Expand Down Expand Up @@ -9200,6 +9228,34 @@ spec:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
storageConfig:
description: Specification for the service responsible for the
storage to be created by the operator.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to add to the service during its
creation.
type: object
httpPort:
description: |-
HTTP port number for the storage to be created by the operator.
Defaults to 8333.
format: int32
type: integer
labels:
additionalProperties:
type: string
description: |-
Labels to add to the service during its creation.
The labels with keys "app" and "component" are reserved
for use by the operator.
type: object
serviceType:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
type: object
storageOptions:
description: Options to customize the storage provisioned for the
Expand Down
2 changes: 1 addition & 1 deletion config/manager/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: quay.io/cryostat/cryostat-operator
newName: quay.io/miwan/cryostat-operator
newTag: 4.0.0-dev
41 changes: 38 additions & 3 deletions internal/controllers/certmanager.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"github.com/cryostatio/cryostat-operator/internal/controllers/common"
resources "github.com/cryostatio/cryostat-operator/internal/controllers/common/resource_definitions"
"github.com/cryostatio/cryostat-operator/internal/controllers/model"
"github.com/google/go-cmp/cmp"
corev1 "k8s.io/api/core/v1"
kerrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
Expand Down Expand Up @@ -91,6 +92,20 @@ func (r *Reconciler) setupTLS(ctx context.Context, cr *model.CryostatInstance) (
return nil, err
}

// Create a certificate for the Cryostat database signed by the Cryostat CA
databaseCert := resources.NewDatabaseCert(cr)
err = r.createOrUpdateCertificate(ctx, databaseCert, cr.Object)
if err != nil {
return nil, err
}

// Create a certificate for Cryostat storage signed by the Cryostat CA
storageCert := resources.NewStorageCert(cr)
err = r.createOrUpdateCertificate(ctx, storageCert, cr.Object)
if err != nil {
return nil, err
}

// Create a certificate for the agent proxy signed by the Cryostat CA
agentProxyCert := resources.NewAgentProxyCert(cr)
err = r.createOrUpdateCertificate(ctx, agentProxyCert, cr.Object)
Expand All @@ -109,6 +124,8 @@ func (r *Reconciler) setupTLS(ctx context.Context, cr *model.CryostatInstance) (

tlsConfig := &resources.TLSConfig{
CryostatSecret: cryostatCert.Spec.SecretName,
DatabaseSecret: databaseCert.Spec.SecretName,
StorageSecret: storageCert.Spec.SecretName,
ReportsSecret: reportsCert.Spec.SecretName,
AgentProxySecret: agentProxyCert.Spec.SecretName,
KeystorePassSecret: cryostatCert.Spec.Keystores.PKCS12.PasswordSecretRef.Name,
Expand Down Expand Up @@ -398,25 +415,43 @@ func (r *Reconciler) reconcileAgentCertificate(ctx context.Context, cert *certv1
return nil
}

var errCertificateModified error = errors.New("certificate has been modified")

func (r *Reconciler) createOrUpdateCertificate(ctx context.Context, cert *certv1.Certificate, owner metav1.Object) error {
certSpec := cert.Spec.DeepCopy()
certCopy := cert.DeepCopy()
op, err := controllerutil.CreateOrUpdate(ctx, r.Client, cert, func() error {
if owner != nil {
if err := controllerutil.SetControllerReference(owner, cert, r.Scheme); err != nil {
return err
}
}
// Update Certificate spec
cert.Spec = *certSpec

if cert.CreationTimestamp.IsZero() {
cert.Spec = certCopy.Spec
} else if !cmp.Equal(cert.Spec, certCopy.Spec) {
return errCertificateModified
}

return nil
})
if err != nil {
if err == errCertificateModified {
return r.recreateCertificate(ctx, certCopy, owner)
}
return err
}
r.Log.Info(fmt.Sprintf("Certificate %s", op), "name", cert.Name, "namespace", cert.Namespace)
return nil
}

func (r *Reconciler) recreateCertificate(ctx context.Context, cert *certv1.Certificate, owner metav1.Object) error {
err := r.deleteCertWithSecret(ctx, cert)
if err != nil {
return err
}
return r.createOrUpdateCertificate(ctx, cert, owner)
}

func newKeystoreSecret(cr *model.CryostatInstance) *corev1.Secret {
return &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Expand Down
Loading
Loading