diff --git a/api/v1beta1/cryostat_conversion.go b/api/v1beta1/cryostat_conversion.go index bb56a27cd..26389f574 100644 --- a/api/v1beta1/cryostat_conversion.go +++ b/api/v1beta1/cryostat_conversion.go @@ -42,7 +42,6 @@ func (src *Cryostat) ConvertTo(dstRaw conversion.Hub) error { } func convertSpecTo(src *CryostatSpec, dst *operatorv1beta2.CryostatSpec) { - dst.Minimal = src.Minimal dst.EnableCertManager = src.EnableCertManager dst.TrustedCertSecrets = convertCertSecretsTo(src.TrustedCertSecrets) dst.EventTemplates = convertEventTemplatesTo(src.EventTemplates) @@ -327,7 +326,6 @@ func (dst *Cryostat) ConvertFrom(srcRaw conversion.Hub) error { } func convertSpecFrom(src *operatorv1beta2.CryostatSpec, dst *CryostatSpec) { - dst.Minimal = src.Minimal dst.EnableCertManager = src.EnableCertManager dst.TrustedCertSecrets = convertCertSecretsFrom(src.TrustedCertSecrets) dst.EventTemplates = convertEventTemplatesFrom(src.EventTemplates) diff --git a/api/v1beta1/cryostat_conversion_test.go b/api/v1beta1/cryostat_conversion_test.go index 80a7dc41b..b1c2c0a8a 100644 --- a/api/v1beta1/cryostat_conversion_test.go +++ b/api/v1beta1/cryostat_conversion_test.go @@ -77,8 +77,12 @@ var _ = Describe("Cryostat", func() { }) func tableEntriesTo() []TableEntry { - return append(tableEntries(), Entry("WS connections", (*test.TestResources).NewCryostatWithWsConnectionsSpecV1Beta1, - (*test.TestResources).NewCryostat)) + return append(tableEntries(), + Entry("WS connections", (*test.TestResources).NewCryostatWithWsConnectionsSpecV1Beta1, + (*test.TestResources).NewCryostat), + Entry("minimal mode", (*test.TestResources).NewCryostatWithMinimalModeV1Beta1, + (*test.TestResources).NewCryostat), + ) } func tableEntriesFrom() []TableEntry { diff --git a/api/v1beta2/cryostat_types.go b/api/v1beta2/cryostat_types.go index 5bd3a8584..ed1966fae 100644 --- a/api/v1beta2/cryostat_types.go +++ b/api/v1beta2/cryostat_types.go @@ -31,9 +31,6 @@ type CryostatSpec struct { // +optional // +operator-sdk:csv:customresourcedefinitions:type=spec,order=2 TargetNamespaces []string `json:"targetNamespaces,omitempty"` - // Deploy a pared-down Cryostat instance with no Grafana Dashboard or JFR Data Source. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=4,displayName="Minimal Deployment",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"} - Minimal bool `json:"minimal"` // List of TLS certificates to trust when connecting to targets. // +optional // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Trusted TLS Certificates" diff --git a/bundle/manifests/cryostat-operator.clusterserviceversion.yaml b/bundle/manifests/cryostat-operator.clusterserviceversion.yaml index 04a0f5f58..252fca6ca 100644 --- a/bundle/manifests/cryostat-operator.clusterserviceversion.yaml +++ b/bundle/manifests/cryostat-operator.clusterserviceversion.yaml @@ -36,7 +36,6 @@ metadata: "spec": { "enableCertManager": true, "eventTemplates": [], - "minimal": false, "reportOptions": { "replicas": 0 }, @@ -54,7 +53,7 @@ metadata: capabilities: Seamless Upgrades categories: Monitoring, Developer Tools containerImage: quay.io/cryostat/cryostat-operator:2.5.0-dev - createdAt: "2024-03-06T21:13:39Z" + createdAt: "2024-03-07T00:24:24Z" description: JVM monitoring and profiling tool operatorframework.io/initialization-resource: |- { @@ -65,7 +64,6 @@ metadata: }, "spec": { "enableCertManager": true, - "minimal": false, "reportOptions": { "replicas": 0 } @@ -527,12 +525,6 @@ spec: path: enableCertManager x-descriptors: - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - description: Deploy a pared-down Cryostat instance with no Grafana Dashboard - or JFR Data Source. - displayName: Minimal Deployment - path: minimal - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - description: Override default authorization properties for Cryostat on OpenShift. displayName: Authorization Properties path: authProperties diff --git a/bundle/manifests/operator.cryostat.io_cryostats.yaml b/bundle/manifests/operator.cryostat.io_cryostats.yaml index 13918ffcc..d4bef9167 100644 --- a/bundle/manifests/operator.cryostat.io_cryostats.yaml +++ b/bundle/manifests/operator.cryostat.io_cryostats.yaml @@ -4844,10 +4844,6 @@ spec: credentials database. type: string type: object - minimal: - description: Deploy a pared-down Cryostat instance with no Grafana - Dashboard or JFR Data Source. - type: boolean networkOptions: description: Options to control how the operator exposes the application outside of the cluster, such as using an Ingress or Route. @@ -9371,8 +9367,6 @@ spec: - secretName type: object type: array - required: - - minimal type: object status: description: CryostatStatus defines the observed state of Cryostat. diff --git a/config/crd/bases/operator.cryostat.io_cryostats.yaml b/config/crd/bases/operator.cryostat.io_cryostats.yaml index afa2befdd..62a06a778 100644 --- a/config/crd/bases/operator.cryostat.io_cryostats.yaml +++ b/config/crd/bases/operator.cryostat.io_cryostats.yaml @@ -4834,10 +4834,6 @@ spec: credentials database. type: string type: object - minimal: - description: Deploy a pared-down Cryostat instance with no Grafana - Dashboard or JFR Data Source. - type: boolean networkOptions: description: Options to control how the operator exposes the application outside of the cluster, such as using an Ingress or Route. @@ -9361,8 +9357,6 @@ spec: - secretName type: object type: array - required: - - minimal type: object status: description: CryostatStatus defines the observed state of Cryostat. diff --git a/config/manifests/bases/cryostat-operator.clusterserviceversion.yaml b/config/manifests/bases/cryostat-operator.clusterserviceversion.yaml index 17d9dda93..cc02a4e6c 100644 --- a/config/manifests/bases/cryostat-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/cryostat-operator.clusterserviceversion.yaml @@ -15,7 +15,6 @@ metadata: }, "spec": { "enableCertManager": true, - "minimal": false, "reportOptions": { "replicas": 0 } @@ -77,12 +76,6 @@ spec: path: enableCertManager x-descriptors: - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - description: Deploy a pared-down Cryostat instance with no Grafana Dashboard - or JFR Data Source. - displayName: Minimal Deployment - path: minimal - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - description: Override default authorization properties for Cryostat on OpenShift. displayName: Authorization Properties path: authProperties diff --git a/config/samples/operator_v1beta2_cryostat.yaml b/config/samples/operator_v1beta2_cryostat.yaml index 69cc3b956..8f014f31d 100644 --- a/config/samples/operator_v1beta2_cryostat.yaml +++ b/config/samples/operator_v1beta2_cryostat.yaml @@ -3,7 +3,6 @@ kind: Cryostat metadata: name: cryostat-sample spec: - minimal: false enableCertManager: true trustedCertSecrets: [] eventTemplates: [] diff --git a/docs/config.md b/docs/config.md index afb374637..1633b3f95 100644 --- a/docs/config.md +++ b/docs/config.md @@ -20,17 +20,6 @@ When installed in a multi-namespace manner, all users with access to a Cryostat For now, all authorization checks are done against the namespace where Cryostat is installed. For a user to use Cryostat with workloads in a target namespace, that user must have the necessary Kubernetes permissions in the namespace where Cryostat is installed. -### Minimal Deployment -The `spec.minimal` property determines what is deployed alongside Cryostat. This value is set to `false` by default, which tells the operator to deploy Cryostat, with a [customized Grafana](https://github.com/cryostatio/cryostat-grafana-dashboard) and a [Grafana Data Source for JFR files](https://github.com/cryostatio/jfr-datasource) as 3 containers within a Pod. When `minimal` is set to `true`, the Deployment consists of only the Cryostat container. -```yaml -apiVersion: operator.cryostat.io/v1beta1 -kind: Cryostat -metadata: - name: cryostat-sample -spec: - minimal: true -``` - ### Disabling cert-manager Integration By default, the operator expects [cert-manager](https://cert-manager.io/) to be available in the cluster. The operator uses cert-manager to generate a self-signed CA to allow traffic between Cryostat components within the cluster to use HTTPS. If cert-manager is not available in the cluster, this integration can be disabled with the `spec.enableCertManager` property. ```yaml diff --git a/internal/controllers/certmanager.go b/internal/controllers/certmanager.go index 45b305b7a..294a47eea 100644 --- a/internal/controllers/certmanager.go +++ b/internal/controllers/certmanager.go @@ -24,7 +24,6 @@ import ( resources "github.com/cryostatio/cryostat-operator/internal/controllers/common/resource_definitions" "github.com/cryostatio/cryostat-operator/internal/controllers/model" corev1 "k8s.io/api/core/v1" - kerrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" @@ -95,26 +94,13 @@ func (r *Reconciler) setupTLS(ctx context.Context, cr *model.CryostatInstance) ( } certificates := []*certv1.Certificate{caCert, cryostatCert, reportsCert} // Create a certificate for Grafana signed by the Cryostat CA - if !cr.Spec.Minimal { - grafanaCert := resources.NewGrafanaCert(cr) - err = r.createOrUpdateCertificate(ctx, grafanaCert, cr.Object) - if err != nil { - return nil, err - } - certificates = append(certificates, grafanaCert) - tlsConfig.GrafanaSecret = grafanaCert.Spec.SecretName - } else { - grafanaCert := resources.NewGrafanaCert(cr) - secret := secretForCertificate(grafanaCert) - err = r.deleteSecret(ctx, secret) - if err != nil { - return nil, err - } - err = r.deleteCert(ctx, grafanaCert) - if err != nil { - return nil, err - } + grafanaCert := resources.NewGrafanaCert(cr) + err = r.createOrUpdateCertificate(ctx, grafanaCert, cr.Object) + if err != nil { + return nil, err } + certificates = append(certificates, grafanaCert) + tlsConfig.GrafanaSecret = grafanaCert.Spec.SecretName // Update owner references of TLS secrets created by cert-manager to ensure proper cleanup err = r.setCertSecretOwner(ctx, cr.Object, certificates...) @@ -211,15 +197,6 @@ func (r *Reconciler) setCertSecretOwner(ctx context.Context, owner metav1.Object return nil } -func secretForCertificate(cert *certv1.Certificate) *corev1.Secret { - return &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: cert.Spec.SecretName, - Namespace: cert.Namespace, - }, - } -} - func (r *Reconciler) certManagerAvailable() (bool, error) { // Check if cert-manager API is available. Checking just one should be enough. _, err := r.RESTMapper.RESTMapping(schema.GroupKind{ @@ -316,16 +293,6 @@ func (r *Reconciler) createOrUpdateCertSecret(ctx context.Context, secret *corev return nil } -func (r *Reconciler) deleteCert(ctx context.Context, cert *certv1.Certificate) error { - err := r.Client.Delete(ctx, cert) - if err != nil && !kerrors.IsNotFound(err) { - r.Log.Error(err, "Could not delete certificate", "name", cert.Name, "namespace", cert.Namespace) - return err - } - r.Log.Info("Cert deleted", "name", cert.Name, "namespace", cert.Namespace) - return nil -} - func (r *Reconciler) getCertficateBytes(ctx context.Context, cert *certv1.Certificate) ([]byte, error) { secret, err := r.GetCertificateSecret(ctx, cert) if err != nil { diff --git a/internal/controllers/common/resource_definitions/resource_definitions.go b/internal/controllers/common/resource_definitions/resource_definitions.go index 06c1a9d65..a3cf2bf43 100644 --- a/internal/controllers/common/resource_definitions/resource_definitions.go +++ b/internal/controllers/common/resource_definitions/resource_definitions.go @@ -237,17 +237,10 @@ func NewDeploymentForReports(cr *model.CryostatInstance, imageTags *ImageTags, t func NewPodForCR(cr *model.CryostatInstance, specs *ServiceSpecs, imageTags *ImageTags, tls *TLSConfig, fsGroup int64, openshift bool) *corev1.PodSpec { - var containers []corev1.Container - if cr.Spec.Minimal { - containers = []corev1.Container{ - NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls, openshift), - } - } else { - containers = []corev1.Container{ - NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls, openshift), - NewGrafanaContainer(cr, imageTags.GrafanaImageTag, tls), - NewJfrDatasourceContainer(cr, imageTags.DatasourceImageTag), - } + containers := []corev1.Container{ + NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls, openshift), + NewGrafanaContainer(cr, imageTags.GrafanaImageTag, tls), + NewJfrDatasourceContainer(cr, imageTags.DatasourceImageTag), } volumes := newVolumeForCR(cr) @@ -296,35 +289,31 @@ func NewPodForCR(cr *model.CryostatInstance, specs *ServiceSpecs, imageTags *Ima }, }) - keyVolume := corev1.Volume{ - Name: "keystore", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: tls.CryostatSecret, - Items: []corev1.KeyToPath{ - { - Key: "keystore.p12", - Path: "keystore.p12", - Mode: &readOnlyMode, + volumes = append(volumes, + corev1.Volume{ + Name: "keystore", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: tls.CryostatSecret, + Items: []corev1.KeyToPath{ + { + Key: "keystore.p12", + Path: "keystore.p12", + Mode: &readOnlyMode, + }, }, }, }, }, - } - - volumes = append(volumes, keyVolume) - - if !cr.Spec.Minimal { - grafanaSecretVolume := corev1.Volume{ + corev1.Volume{ Name: "grafana-tls-secret", VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: tls.GrafanaSecret, }, }, - } - volumes = append(volumes, grafanaSecretVolume) - } + }, + ) } // Project certificate secrets into deployment @@ -886,26 +875,24 @@ func NewCoreContainer(cr *model.CryostatInstance, specs *ServiceSpecs, imageTag }, }) - if !cr.Spec.Minimal { - grafanaVars := []corev1.EnvVar{ - { - Name: "GRAFANA_DATASOURCE_URL", - Value: datasourceURL, + grafanaVars := []corev1.EnvVar{ + { + Name: "GRAFANA_DATASOURCE_URL", + Value: datasourceURL, + }, + } + if specs.GrafanaURL != nil { + grafanaVars = append(grafanaVars, + corev1.EnvVar{ + Name: "GRAFANA_DASHBOARD_EXT_URL", + Value: specs.GrafanaURL.String(), }, - } - if specs.GrafanaURL != nil { - grafanaVars = append(grafanaVars, - corev1.EnvVar{ - Name: "GRAFANA_DASHBOARD_EXT_URL", - Value: specs.GrafanaURL.String(), - }, - corev1.EnvVar{ - Name: "GRAFANA_DASHBOARD_URL", - Value: getInternalDashboardURL(tls), - }) - } - envs = append(envs, grafanaVars...) + corev1.EnvVar{ + Name: "GRAFANA_DASHBOARD_URL", + Value: getInternalDashboardURL(tls), + }) } + envs = append(envs, grafanaVars...) livenessProbeScheme := corev1.URISchemeHTTP if tls == nil { diff --git a/internal/controllers/ingresses.go b/internal/controllers/ingresses.go index 33cde225a..307307875 100644 --- a/internal/controllers/ingresses.go +++ b/internal/controllers/ingresses.go @@ -61,10 +61,9 @@ func (r *Reconciler) reconcileGrafanaIngress(ctx context.Context, cr *model.Cryo }, } - if cr.Spec.Minimal || cr.Spec.NetworkOptions == nil || cr.Spec.NetworkOptions.GrafanaConfig == nil || + if cr.Spec.NetworkOptions == nil || cr.Spec.NetworkOptions.GrafanaConfig == nil || cr.Spec.NetworkOptions.GrafanaConfig.IngressSpec == nil { - // User has either chosen a minimal deployment or not requested - // an Ingress, delete if it exists + // User has not requested an Ingress, delete if it exists return r.deleteIngress(ctx, ingress) } grafanaConfig := configureGrafanaIngress(cr) diff --git a/internal/controllers/reconciler.go b/internal/controllers/reconciler.go index 812da566f..2973af1ef 100644 --- a/internal/controllers/reconciler.go +++ b/internal/controllers/reconciler.go @@ -176,8 +176,6 @@ func (r *Reconciler) reconcileCryostat(ctx context.Context, cr *model.CryostatIn } } - reqLogger.Info("Spec", "Minimal", cr.Spec.Minimal) - // Create lock config map or fail if owned by another CR err := r.reconcileLockConfigMap(ctx, cr) if err != nil { diff --git a/internal/controllers/reconciler_test.go b/internal/controllers/reconciler_test.go index b6e2657ba..57c7402ef 100644 --- a/internal/controllers/reconciler_test.go +++ b/internal/controllers/reconciler_test.go @@ -275,46 +275,6 @@ func (c *controllerTest) commonTests() { }) } }) - Context("succesfully creates required resources for minimal deployment", func() { - BeforeEach(func() { - t.Minimal = true - t.GeneratedPasswords = []string{"credentials_database", "jmx", "keystore"} - t.objs = append(t.objs, t.NewCryostat().Object) - }) - JustBeforeEach(func() { - t.reconcileCryostatFully() - }) - It("should create certificates", func() { - t.expectCertificates() - }) - It("should create RBAC", func() { - t.expectRBAC() - }) - It("should create routes", func() { - t.expectRoutes() - }) - It("should create persistent volume claim and set owner", func() { - t.expectPVC(t.NewDefaultPVC()) - }) - It("should create Credentials Database secret and set owner", func() { - t.expectCredentialsDatabaseSecret() - }) - It("should create JMX secret and set owner", func() { - t.expectJMXSecret() - }) - It("should create core service and set owner", func() { - t.expectCoreService() - }) - It("should set ApplicationURL in CR Status", func() { - t.expectStatusApplicationURL() - }) - It("should not set GrafanaSecret in CR Status", func() { - t.expectStatusGrafanaSecretName("") - }) - It("should create deployment and set owner", func() { - t.expectMainDeployment() - }) - }) Context("after cryostat reconciled successfully", func() { BeforeEach(func() { t.objs = append(t.objs, t.NewCryostat().Object) @@ -326,18 +286,6 @@ func (c *controllerTest) commonTests() { t.expectIdempotence() }) }) - Context("After a minimal cryostat reconciled successfully", func() { - BeforeEach(func() { - t.Minimal = true - t.objs = append(t.objs, t.NewCryostat().Object) - }) - JustBeforeEach(func() { - t.reconcileCryostatFully() - }) - It("should be idempotent", func() { - t.expectIdempotence() - }) - }) Context("Cryostat does not exist", func() { It("should do nothing", func() { result, err := t.reconcileWithName("does-not-exist") @@ -609,88 +557,17 @@ func (c *controllerTest) commonTests() { t.reconcileCryostatFully() }) It("should update the Routes", func() { - if !t.Minimal { - expected := t.NewGrafanaRoute() - metav1.SetMetaDataAnnotation(&expected.ObjectMeta, "grafana", "annotation") - metav1.SetMetaDataLabel(&expected.ObjectMeta, "grafana", "label") - t.checkRoute(expected) - } - expected := t.NewCoreRoute() + expected := t.NewGrafanaRoute() + metav1.SetMetaDataAnnotation(&expected.ObjectMeta, "grafana", "annotation") + metav1.SetMetaDataLabel(&expected.ObjectMeta, "grafana", "label") + t.checkRoute(expected) + + expected = t.NewCoreRoute() metav1.SetMetaDataAnnotation(&expected.ObjectMeta, "custom", "annotation") metav1.SetMetaDataLabel(&expected.ObjectMeta, "custom", "label") t.checkRoute(expected) }) }) - Context("Switching from a minimal to a non-minimal deployment", func() { - BeforeEach(func() { - t.Minimal = true - t.GeneratedPasswords = []string{"credentials_database", "jmx", "keystore", "grafana"} - t.objs = append(t.objs, t.NewCryostat().Object) - }) - JustBeforeEach(func() { - t.reconcileCryostatFully() - - cryostat := t.getCryostatInstance() - - t.Minimal = false - cryostat.Spec.Minimal = false - t.updateCryostatInstance(cryostat) - - t.reconcileCryostatFully() - }) - It("should create Grafana network resources", func() { - t.expectGrafanaService() - }) - It("should create the Grafana secret", func() { - t.expectGrafanaSecret() - t.expectStatusGrafanaSecretName(t.NewGrafanaSecret().Name) - }) - It("should configure deployment appropriately", func() { - t.expectMainDeployment() - }) - It("should create certificates", func() { - t.expectCertificates() - }) - }) - Context("Switching from a non-minimal to a minimal deployment", func() { - BeforeEach(func() { - t.objs = append(t.objs, t.NewCryostat().Object) - }) - JustBeforeEach(func() { - t.reconcileCryostatFully() - - cryostat := t.getCryostatInstance() - - t.Minimal = true - cryostat.Spec.Minimal = true - t.updateCryostatInstance(cryostat) - - t.reconcileCryostatFully() - }) - It("should delete Grafana network resources", func() { - service := &corev1.Service{} - err := t.Client.Get(context.Background(), types.NamespacedName{Name: t.Name + "-grafana", Namespace: t.Namespace}, service) - Expect(kerrors.IsNotFound(err)).To(BeTrue()) - - route := &openshiftv1.Route{} - err = t.Client.Get(context.Background(), types.NamespacedName{Name: t.Name + "-grafana", Namespace: t.Namespace}, route) - Expect(kerrors.IsNotFound(err)).To(BeTrue()) - }) - It("should delete the Grafana secret", func() { - secret := &corev1.Secret{} - notExpected := t.NewGrafanaSecret() - err := t.Client.Get(context.Background(), types.NamespacedName{Name: notExpected.Name, Namespace: notExpected.Namespace}, secret) - Expect(kerrors.IsNotFound(err)).To(BeTrue()) - - t.expectStatusGrafanaSecretName("") - }) - It("should configure deployment appropriately", func() { - t.expectMainDeployment() - }) - It("should create certificates", func() { - t.expectCertificates() - }) - }) Context("with report generator service", func() { var cr *model.CryostatInstance BeforeEach(func() { @@ -2323,9 +2200,7 @@ func (c *controllerTest) commonTests() { } func (t *cryostatTestInput) expectRoutes() { - if !t.Minimal { - t.checkRoute(t.NewGrafanaRoute()) - } + t.checkRoute(t.NewGrafanaRoute()) t.checkRoute(t.NewCoreRoute()) } @@ -2420,16 +2295,7 @@ func (t *cryostatTestInput) expectWaitingForCertificate() { func (t *cryostatTestInput) expectCertificates() { // Check certificates - certs := []*certv1.Certificate{t.NewCryostatCert(), t.NewCACert(), t.NewReportsCert()} - if !t.Minimal { - certs = append(certs, t.NewGrafanaCert()) - } else { - actual := &certv1.Certificate{} - expected := t.NewGrafanaCert() - err := t.Client.Get(context.Background(), types.NamespacedName{Name: expected.Name, Namespace: expected.Namespace}, actual) - Expect(err).To(HaveOccurred()) - Expect(kerrors.IsNotFound(err)) - } + certs := []*certv1.Certificate{t.NewCryostatCert(), t.NewCACert(), t.NewReportsCert(), t.NewGrafanaCert()} for _, expected := range certs { actual := &certv1.Certificate{} err := t.Client.Get(context.Background(), types.NamespacedName{Name: expected.Name, Namespace: expected.Namespace}, actual) @@ -2867,15 +2733,13 @@ func (t *cryostatTestInput) checkMainPodTemplate(deployment *appsv1.Deployment, dbSecretProvided, t.NewCoreContainerResource(cr), t.NewCoreSecurityContext(cr)) - if !t.Minimal { - // Check that Grafana is configured properly, depending on the environment - grafanaContainer := template.Spec.Containers[1] - t.checkGrafanaContainer(&grafanaContainer, t.NewGrafanaContainerResource(cr), t.NewGrafanaSecurityContext(cr)) + // Check that Grafana is configured properly, depending on the environment + grafanaContainer := template.Spec.Containers[1] + t.checkGrafanaContainer(&grafanaContainer, t.NewGrafanaContainerResource(cr), t.NewGrafanaSecurityContext(cr)) - // Check that JFR Datasource is configured properly - datasourceContainer := template.Spec.Containers[2] - t.checkDatasourceContainer(&datasourceContainer, t.NewDatasourceContainerResource(cr), t.NewDatasourceSecurityContext(cr)) - } + // Check that JFR Datasource is configured properly + datasourceContainer := template.Spec.Containers[2] + t.checkDatasourceContainer(&datasourceContainer, t.NewDatasourceContainerResource(cr), t.NewDatasourceSecurityContext(cr)) // Check that the proper Service Account is set Expect(template.Spec.ServiceAccountName).To(Equal(t.Name)) diff --git a/internal/controllers/routes.go b/internal/controllers/routes.go index 6f2a6145d..ef0b3920d 100644 --- a/internal/controllers/routes.go +++ b/internal/controllers/routes.go @@ -27,7 +27,6 @@ import ( "github.com/cryostatio/cryostat-operator/internal/controllers/model" routev1 "github.com/openshift/api/route/v1" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" ) @@ -61,10 +60,7 @@ func (r *Reconciler) reconcileGrafanaRoute(ctx context.Context, svc *corev1.Serv Namespace: cr.InstallNamespace, }, } - if cr.Spec.Minimal { - // Delete route if it exists - return r.deleteRoute(ctx, route) - } + grafanaConfig := configureGrafanaRoute(cr) url, err := r.reconcileRoute(ctx, route, svc, cr, tls, grafanaConfig) if err != nil { @@ -145,16 +141,6 @@ func getProtocol(route *routev1.Route) string { return "https" } -func (r *Reconciler) deleteRoute(ctx context.Context, route *routev1.Route) error { - err := r.Client.Delete(ctx, route) - if err != nil && !errors.IsNotFound(err) { - r.Log.Error(err, "Could not delete route", "name", route.Name, "namespace", route.Namespace) - return err - } - r.Log.Info("Route deleted", "name", route.Name, "namespace", route.Namespace) - return nil -} - func getHTTPPort(svc *corev1.Service) (*corev1.ServicePort, error) { for _, port := range svc.Spec.Ports { if port.Name == constants.HttpPortName { diff --git a/internal/controllers/secrets.go b/internal/controllers/secrets.go index 66ff48c49..278ff5813 100644 --- a/internal/controllers/secrets.go +++ b/internal/controllers/secrets.go @@ -43,34 +43,24 @@ func (r *Reconciler) reconcileGrafanaSecret(ctx context.Context, cr *model.Cryos }, } - var secretName string - if cr.Spec.Minimal { - err := r.deleteSecret(ctx, secret) - if err != nil { - return err + err := r.createOrUpdateSecret(ctx, secret, cr.Object, func() error { + if secret.StringData == nil { + secret.StringData = map[string]string{} } - secretName = "" - } else { - err := r.createOrUpdateSecret(ctx, secret, cr.Object, func() error { - if secret.StringData == nil { - secret.StringData = map[string]string{} - } - secret.StringData["GF_SECURITY_ADMIN_USER"] = "admin" - - // Password is generated, so don't regenerate it when updating - if secret.CreationTimestamp.IsZero() { - secret.StringData["GF_SECURITY_ADMIN_PASSWORD"] = r.GenPasswd(20) - } - return nil - }) - if err != nil { - return err + secret.StringData["GF_SECURITY_ADMIN_USER"] = "admin" + + // Password is generated, so don't regenerate it when updating + if secret.CreationTimestamp.IsZero() { + secret.StringData["GF_SECURITY_ADMIN_PASSWORD"] = r.GenPasswd(20) } - secretName = secret.Name + return nil + }) + if err != nil { + return err } // Set the Grafana secret in the CR status - cr.Status.GrafanaSecret = secretName + cr.Status.GrafanaSecret = secret.Name return r.Client.Status().Update(ctx, cr.Object) } diff --git a/internal/controllers/services.go b/internal/controllers/services.go index 6718c2d2f..9a4c87408 100644 --- a/internal/controllers/services.go +++ b/internal/controllers/services.go @@ -81,31 +81,23 @@ func (r *Reconciler) reconcileGrafanaService(ctx context.Context, cr *model.Cryo }, } - if cr.Spec.Minimal { - // Delete service if it exists - err := r.deleteService(ctx, svc) - if err != nil { - return err + config := configureGrafanaService(cr) + err := r.createOrUpdateService(ctx, svc, cr.Object, &config.ServiceConfig, func() error { + svc.Spec.Selector = map[string]string{ + "app": cr.Name, + "component": "cryostat", } - } else { - config := configureGrafanaService(cr) - err := r.createOrUpdateService(ctx, svc, cr.Object, &config.ServiceConfig, func() error { - svc.Spec.Selector = map[string]string{ - "app": cr.Name, - "component": "cryostat", - } - svc.Spec.Ports = []corev1.ServicePort{ - { - Name: "http", - Port: *config.HTTPPort, - TargetPort: intstr.IntOrString{IntVal: 3000}, - }, - } - return nil - }) - if err != nil { - return err + svc.Spec.Ports = []corev1.ServicePort{ + { + Name: "http", + Port: *config.HTTPPort, + TargetPort: intstr.IntOrString{IntVal: 3000}, + }, } + return nil + }) + if err != nil { + return err } if r.IsOpenShift { diff --git a/internal/test/conversion.go b/internal/test/conversion.go index ab123ddd3..2d670b449 100644 --- a/internal/test/conversion.go +++ b/internal/test/conversion.go @@ -43,12 +43,23 @@ func (r *TestResources) newCryostatSpecV1Beta1() operatorv1beta1.CryostatSpec { } } return operatorv1beta1.CryostatSpec{ - Minimal: r.Minimal, EnableCertManager: &certManager, ReportOptions: reportOptions, } } +func (r *TestResources) NewCryostatWithMinimalModeV1Beta1() *operatorv1beta1.Cryostat { + spec := r.newCryostatSpecV1Beta1() + spec.Minimal = true + return &operatorv1beta1.Cryostat{ + ObjectMeta: metav1.ObjectMeta{ + Name: r.Name, + Namespace: r.Namespace, + }, + Spec: spec, + } +} + func (r *TestResources) NewCryostatWithSecretsV1Beta1() *operatorv1beta1.Cryostat { cr := r.NewCryostatV1Beta1() key := "test.crt" diff --git a/internal/test/resources.go b/internal/test/resources.go index d94ac5403..54b88f288 100644 --- a/internal/test/resources.go +++ b/internal/test/resources.go @@ -44,7 +44,6 @@ import ( type TestResources struct { Name string Namespace string - Minimal bool TLS bool ExternalTLS bool OpenShift bool @@ -106,7 +105,6 @@ func (r *TestResources) newCryostatSpec() operatorv1beta2.CryostatSpec { } return operatorv1beta2.CryostatSpec{ TargetNamespaces: r.TargetNamespaces, - Minimal: r.Minimal, EnableCertManager: &certManager, ReportOptions: reportOptions, } @@ -1303,15 +1301,13 @@ func (r *TestResources) NewCoreEnvironmentVariables(reportsUrl string, authProps Optional: &optional, }, }, - }) + }, + corev1.EnvVar{ + Name: "GRAFANA_DATASOURCE_URL", + Value: "http://127.0.0.1:8080", + }, + ) - if !r.Minimal { - envs = append(envs, - corev1.EnvVar{ - Name: "GRAFANA_DATASOURCE_URL", - Value: "http://127.0.0.1:8080", - }) - } if !r.TLS { envs = append(envs, corev1.EnvVar{ @@ -1435,33 +1431,31 @@ func (r *TestResources) newNetworkEnvironmentVariables() []corev1.EnvVar { Value: "80", }) } - if !r.Minimal { - if r.ExternalTLS { - envs = append(envs, - corev1.EnvVar{ - Name: "GRAFANA_DASHBOARD_EXT_URL", - Value: fmt.Sprintf("https://%s-grafana.example.com", r.Name), - }) - } else { - envs = append(envs, - corev1.EnvVar{ - Name: "GRAFANA_DASHBOARD_EXT_URL", - Value: fmt.Sprintf("http://%s-grafana.example.com", r.Name), - }) - } - if r.TLS { - envs = append(envs, - corev1.EnvVar{ - Name: "GRAFANA_DASHBOARD_URL", - Value: "https://cryostat-health.local:3000", - }) - } else { - envs = append(envs, - corev1.EnvVar{ - Name: "GRAFANA_DASHBOARD_URL", - Value: "http://cryostat-health.local:3000", - }) - } + if r.ExternalTLS { + envs = append(envs, + corev1.EnvVar{ + Name: "GRAFANA_DASHBOARD_EXT_URL", + Value: fmt.Sprintf("https://%s-grafana.example.com", r.Name), + }) + } else { + envs = append(envs, + corev1.EnvVar{ + Name: "GRAFANA_DASHBOARD_EXT_URL", + Value: fmt.Sprintf("http://%s-grafana.example.com", r.Name), + }) + } + if r.TLS { + envs = append(envs, + corev1.EnvVar{ + Name: "GRAFANA_DASHBOARD_URL", + Value: "https://cryostat-health.local:3000", + }) + } else { + envs = append(envs, + corev1.EnvVar{ + Name: "GRAFANA_DASHBOARD_URL", + Value: "http://cryostat-health.local:3000", + }) } return envs } @@ -2021,18 +2015,16 @@ func (r *TestResources) newVolumes(certProjections []corev1.VolumeProjection) [] }, }, }, - }) - if !r.Minimal { - volumes = append(volumes, - corev1.Volume{ - Name: "grafana-tls-secret", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ - SecretName: r.Name + "-grafana-tls", - }, + }, + corev1.Volume{ + Name: "grafana-tls-secret", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: r.Name + "-grafana-tls", }, - }) - } + }, + }, + ) } volumes = append(volumes,