get rid of mtp in favor of an ingress

main.go

@@ -49,6 +49,7 @@ import (
 	loggingcredentials "github.com/giantswarm/logging-operator/pkg/resource/logging-credentials"
 	loggingsecret "github.com/giantswarm/logging-operator/pkg/resource/logging-secret"
 	loggingwiring "github.com/giantswarm/logging-operator/pkg/resource/logging-wiring"
+	lokiingressauthsecret "github.com/giantswarm/logging-operator/pkg/resource/loki-ingress-auth-secret"
 	proxyauth "github.com/giantswarm/logging-operator/pkg/resource/proxy-auth"
 	//+kubebuilder:scaffold:imports
 )
@@ -158,6 +159,10 @@ func main() {
 		Client: mgr.GetClient(),
 	}
 
+	lokiIngressAuthSecret := lokiingressauthsecret.Reconciler{
+		Client: mgr.GetClient(),
+	}
+
 	loggingSecret := loggingsecret.Reconciler{
 		Client: mgr.GetClient(),
 	}
@@ -191,6 +196,7 @@ func main() {
 			&loggingWiring,
 			&loggingSecrets,
 			&grafanaDatasource,
+			&lokiIngressAuthSecret,
 			&proxyAuth,
 			&loggingSecret,
 			&loggingConfig,

pkg/resource/loki-ingress-auth-secret/ingress-auth-secret.go

@@ -51,8 +51,8 @@ func listWriteUsers(credentialsSecret *v1.Secret) []string {
 }
 
 // generateLokiIngressAuthSecret returns a secret for the loki ingress auth
-func generateLokiIngressAuthSecret(lc loggedcluster.Interface, credentialsSecret *v1.Secret) (map[string][]byte, error) {
-	users := make(map[string][]byte)
+func generateLokiIngressAuthSecret(lc loggedcluster.Interface, credentialsSecret *v1.Secret) (map[string]string, error) {
+	users := make(map[string]string)
 	// Loop on write users
 	for _, writeUser := range listWriteUsers(credentialsSecret) {
 		writePassword, err := loggingcredentials.GetPassword(lc, credentialsSecret, writeUser)
@@ -63,7 +63,7 @@ func generateLokiIngressAuthSecret(lc loggedcluster.Interface, credentialsSecret
 		if err != nil {
 			return nil, errors.WithStack(err)
 		}
-		users[writeUser] = password
+		users[writeUser] = string(password)
 	}
 
 	return users, nil

pkg/resource/loki-ingress-auth-secret/reconciler.go

@@ -64,7 +64,7 @@ func (r *Reconciler) createOrUpdateSecret(ctx context.Context, lc loggedcluster.
 			logger.Error(err, "failed to generate loki ingress auth secret")
 			return errors.WithStack(err)
 		}
-		secret.Data = data
+		secret.StringData = data
 
 		return nil
 	})

pkg/resource/proxy-auth/proxy-auth.go

@@ -24,7 +24,7 @@ const (
 )
 
 // ProxyConfigSecretMeta returns metadata for the grafana-multi-tenant-proxy secret
-func ProxyAuthSecretMeta(lc loggedcluster.Interface) metav1.ObjectMeta {
+func proxyAuthSecretMeta(lc loggedcluster.Interface) metav1.ObjectMeta {
 	metadata := metav1.ObjectMeta{
 		Name:      proxyauthSecretName,
 		Namespace: proxyauthSecretNamespace,
@@ -96,13 +96,15 @@ func GenerateProxyAuthSecret(lc loggedcluster.Interface, credentialsSecret *v1.S
 	if err != nil {
 		return v1.Secret{}, errors.WithStack(err)
 	}
-
-	secret := v1.Secret{
-		ObjectMeta: ProxyAuthSecretMeta(lc),
-		Data: map[string][]byte{
-			"authn.yaml": []byte(v),
-		},
-	}
+	secret := secret()
+	secret.Data["authn.yaml"] = []byte(v)
 
 	return secret, nil
 }
+
+func secret() v1.Secret {
+	return v1.Secret{
+		ObjectMeta: proxyAuthSecretMeta(nil),
+		Data:       map[string][]byte{},
+	}
+}

pkg/resource/proxy-auth/reconciler.go

@@ -83,10 +83,7 @@ func (r *Reconciler) ReconcileDelete(ctx context.Context, lc loggedcluster.Inter
 	logger := log.FromContext(ctx)
 	logger.Info("deleting multi-tenant-proxy auth secret")
 
-	secret := v1.Secret{
-		ObjectMeta: loggingcredentials.LoggingCredentialsSecretMeta(),
-	}
-
+	secret := secret()
 	// Delete secret.
 	err := r.Client.Delete(ctx, &secret)
 	if err != nil {