diff --git a/.prow_ci.env b/.prow_ci.env index 2606e6b..ce722ac 100644 --- a/.prow_ci.env +++ b/.prow_ci.env @@ -1 +1,2 @@ export USE_IMAGE_DIGESTS=true +export FAIL_FIPS_CHECK=true diff --git a/Dockerfile b/Dockerfile index f0378c5..9e6391d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -ARG GOLANG_BUILDER=golang:1.19 -ARG OPERATOR_BASE_IMAGE=gcr.io/distroless/static:nonroot +ARG GOLANG_BUILDER=registry.access.redhat.com/ubi9/go-toolset:1.19 +ARG OPERATOR_BASE_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal:latest # Build the manager binary FROM $GOLANG_BUILDER AS builder @@ -12,11 +12,13 @@ ARG REMOTE_SOURCE_DIR=/remote-source ARG REMOTE_SOURCE_SUBDIR= ARG DEST_ROOT=/dest-root -ARG GO_BUILD_EXTRA_ARGS= +ARG GO_BUILD_EXTRA_ARGS="-tags strictfipsruntime" +ARG GO_BUILD_EXTRA_ENV_ARGS="CGO_ENABLED=1 GO111MODULE=on" COPY $REMOTE_SOURCE $REMOTE_SOURCE_DIR WORKDIR $REMOTE_SOURCE_DIR/$REMOTE_SOURCE_SUBDIR +USER root RUN mkdir -p ${DEST_ROOT}/usr/local/bin/ # cache deps before building and copying source so that we don't need to re-download as much @@ -24,7 +26,7 @@ RUN mkdir -p ${DEST_ROOT}/usr/local/bin/ RUN if [ ! -f $CACHITO_ENV_FILE ]; then go mod download ; fi # Build manager -RUN if [ -f $CACHITO_ENV_FILE ] ; then source $CACHITO_ENV_FILE ; fi ; CGO_ENABLED=0 GO111MODULE=on go build ${GO_BUILD_EXTRA_ARGS} -a -o ${DEST_ROOT}/manager main.go +RUN if [ -f $CACHITO_ENV_FILE ] ; then source $CACHITO_ENV_FILE ; fi ; env ${GO_BUILD_EXTRA_ENV_ARGS} go build ${GO_BUILD_EXTRA_ARGS} -a -o ${DEST_ROOT}/manager main.go RUN cp -r templates ${DEST_ROOT}/templates @@ -49,16 +51,16 @@ ARG IMAGE_TAGS="cn-openstack openstack" # Labels required by upstream and osbs build system LABEL com.redhat.component="${IMAGE_COMPONENT}" \ - name="${IMAGE_NAME}" \ - version="${IMAGE_VERSION}" \ - summary="${IMAGE_SUMMARY}" \ - io.k8s.name="${IMAGE_NAME}" \ - io.k8s.description="${IMAGE_DESC}" \ - io.openshift.tags="${IMAGE_TAGS}" + name="${IMAGE_NAME}" \ + version="${IMAGE_VERSION}" \ + summary="${IMAGE_SUMMARY}" \ + io.k8s.name="${IMAGE_NAME}" \ + io.k8s.description="${IMAGE_DESC}" \ + io.openshift.tags="${IMAGE_TAGS}" ### DO NOT EDIT LINES ABOVE ENV USER_UID=$USER_ID \ - OPERATOR_TEMPLATES=/usr/share/barbican-operator/templates/ + OPERATOR_TEMPLATES=/usr/share/barbican-operator/templates/ WORKDIR / diff --git a/Makefile b/Makefile index 3a9b04c..1f3cb75 100644 --- a/Makefile +++ b/Makefile @@ -68,6 +68,9 @@ endif SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec +# Extra vars which will be passed to the Docker-build + DOCKER_BUILD_ARGS ?= + .PHONY: all all: build @@ -138,7 +141,7 @@ run: manifests generate fmt vet ## Run a controller from your host. # More info: https://docs.docker.com/develop/develop-images/build_enhancements/ .PHONY: docker-build docker-build: test ## Build docker image with the manager. - podman build -t ${IMG} . + podman build -t ${IMG} . ${DOCKER_BUILD_ARGS} .PHONY: docker-push docker-push: ## Push docker image with the manager. diff --git a/api/bases/barbican.openstack.org_barbicanapis.yaml b/api/bases/barbican.openstack.org_barbicanapis.yaml index 0a75ff8..58018c2 100644 --- a/api/bases/barbican.openstack.org_barbicanapis.yaml +++ b/api/bases/barbican.openstack.org_barbicanapis.yaml @@ -67,30 +67,6 @@ spec: description: DatabaseUser - optional username used for barbican DB, defaults to barbican type: string - debug: - description: 'Debug - enable debug for different deploy stages. If - an init container is used, it runs and the actual action pod gets - started with sleep infinity TODO(dmendiza): Do we need this?' - properties: - dbInitContainer: - default: false - description: dbInitContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - dbSync: - default: false - description: dbSync enable debug - type: boolean - initContainer: - default: false - description: initContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - service: - default: false - description: Service enable debug - type: boolean - type: object defaultConfigOverwrite: additionalProperties: type: string diff --git a/api/bases/barbican.openstack.org_barbicankeystonelisteners.yaml b/api/bases/barbican.openstack.org_barbicankeystonelisteners.yaml index 0bc5887..2fa8aaa 100644 --- a/api/bases/barbican.openstack.org_barbicankeystonelisteners.yaml +++ b/api/bases/barbican.openstack.org_barbicankeystonelisteners.yaml @@ -68,30 +68,6 @@ spec: description: DatabaseUser - optional username used for barbican DB, defaults to barbican type: string - debug: - description: 'Debug - enable debug for different deploy stages. If - an init container is used, it runs and the actual action pod gets - started with sleep infinity TODO(dmendiza): Do we need this?' - properties: - dbInitContainer: - default: false - description: dbInitContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - dbSync: - default: false - description: dbSync enable debug - type: boolean - initContainer: - default: false - description: initContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - service: - default: false - description: Service enable debug - type: boolean - type: object defaultConfigOverwrite: additionalProperties: type: string diff --git a/api/bases/barbican.openstack.org_barbicans.yaml b/api/bases/barbican.openstack.org_barbicans.yaml index 9877816..e52b1b4 100644 --- a/api/bases/barbican.openstack.org_barbicans.yaml +++ b/api/bases/barbican.openstack.org_barbicans.yaml @@ -581,30 +581,6 @@ spec: description: DatabaseUser - optional username used for barbican DB, defaults to barbican type: string - debug: - description: 'Debug - enable debug for different deploy stages. If - an init container is used, it runs and the actual action pod gets - started with sleep infinity TODO(dmendiza): Do we need this?' - properties: - dbInitContainer: - default: false - description: dbInitContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - dbSync: - default: false - description: dbSync enable debug - type: boolean - initContainer: - default: false - description: initContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - service: - default: false - description: Service enable debug - type: boolean - type: object defaultConfigOverwrite: additionalProperties: type: string diff --git a/api/bases/barbican.openstack.org_barbicanworkers.yaml b/api/bases/barbican.openstack.org_barbicanworkers.yaml index 3a794c1..21d6b57 100644 --- a/api/bases/barbican.openstack.org_barbicanworkers.yaml +++ b/api/bases/barbican.openstack.org_barbicanworkers.yaml @@ -66,30 +66,6 @@ spec: description: DatabaseUser - optional username used for barbican DB, defaults to barbican type: string - debug: - description: 'Debug - enable debug for different deploy stages. If - an init container is used, it runs and the actual action pod gets - started with sleep infinity TODO(dmendiza): Do we need this?' - properties: - dbInitContainer: - default: false - description: dbInitContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - dbSync: - default: false - description: dbSync enable debug - type: boolean - initContainer: - default: false - description: initContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - service: - default: false - description: Service enable debug - type: boolean - type: object defaultConfigOverwrite: additionalProperties: type: string diff --git a/api/v1beta1/common_types.go b/api/v1beta1/common_types.go index 877d8da..b9ad1c9 100644 --- a/api/v1beta1/common_types.go +++ b/api/v1beta1/common_types.go @@ -45,12 +45,6 @@ type BarbicanTemplate struct { // PasswordSelectors - Selectors to identify the DB and ServiceUser password from the Secret PasswordSelectors PasswordSelector `json:"passwordSelectors"` - // +kubebuilder:validation:Optional - // Debug - enable debug for different deploy stages. If an init container is used, it runs and the - // actual action pod gets started with sleep infinity - // TODO(dmendiza): Do we need this? - Debug BarbicanDebug `json:"debug,omitempty"` - // +kubebuilder:validation:Optional // CustomServiceConfig - customize the service config using this parameter to change service defaults, // or overwrite rendered information using raw OpenStack config format. The content gets added to @@ -121,26 +115,3 @@ type PasswordSelector struct { // Service - Selector to get the barbican service user password from the Secret Service string `json:"service"` } - -// BarbicanDebug indicates whether certain stages of deployment should be paused -type BarbicanDebug struct { - // +kubebuilder:validation:Optional - // +kubebuilder:default=false - // dbInitContainer enable debug (waits until /tmp/stop-init-container disappears) - DBInitContainer bool `json:"dbInitContainer"` - - // +kubebuilder:validation:Optional - // +kubebuilder:default=false - // dbSync enable debug - DBSync bool `json:"dbSync"` - - // +kubebuilder:validation:Optional - // +kubebuilder:default=false - // initContainer enable debug (waits until /tmp/stop-init-container disappears) - InitContainer bool `json:"initContainer"` - - // +kubebuilder:validation:Optional - // +kubebuilder:default=false - // Service enable debug - Service bool `json:"service"` -} diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index eade7e5..4d6f2de 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -266,21 +266,6 @@ func (in *BarbicanComponentTemplate) DeepCopy() *BarbicanComponentTemplate { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BarbicanDebug) DeepCopyInto(out *BarbicanDebug) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BarbicanDebug. -func (in *BarbicanDebug) DeepCopy() *BarbicanDebug { - if in == nil { - return nil - } - out := new(BarbicanDebug) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BarbicanDefaults) DeepCopyInto(out *BarbicanDefaults) { *out = *in @@ -531,7 +516,6 @@ func (in *BarbicanStatus) DeepCopy() *BarbicanStatus { func (in *BarbicanTemplate) DeepCopyInto(out *BarbicanTemplate) { *out = *in out.PasswordSelectors = in.PasswordSelectors - out.Debug = in.Debug } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BarbicanTemplate. diff --git a/config/crd/bases/barbican.openstack.org_barbicanapis.yaml b/config/crd/bases/barbican.openstack.org_barbicanapis.yaml index 0a75ff8..58018c2 100644 --- a/config/crd/bases/barbican.openstack.org_barbicanapis.yaml +++ b/config/crd/bases/barbican.openstack.org_barbicanapis.yaml @@ -67,30 +67,6 @@ spec: description: DatabaseUser - optional username used for barbican DB, defaults to barbican type: string - debug: - description: 'Debug - enable debug for different deploy stages. If - an init container is used, it runs and the actual action pod gets - started with sleep infinity TODO(dmendiza): Do we need this?' - properties: - dbInitContainer: - default: false - description: dbInitContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - dbSync: - default: false - description: dbSync enable debug - type: boolean - initContainer: - default: false - description: initContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - service: - default: false - description: Service enable debug - type: boolean - type: object defaultConfigOverwrite: additionalProperties: type: string diff --git a/config/crd/bases/barbican.openstack.org_barbicankeystonelisteners.yaml b/config/crd/bases/barbican.openstack.org_barbicankeystonelisteners.yaml index 0bc5887..2fa8aaa 100644 --- a/config/crd/bases/barbican.openstack.org_barbicankeystonelisteners.yaml +++ b/config/crd/bases/barbican.openstack.org_barbicankeystonelisteners.yaml @@ -68,30 +68,6 @@ spec: description: DatabaseUser - optional username used for barbican DB, defaults to barbican type: string - debug: - description: 'Debug - enable debug for different deploy stages. If - an init container is used, it runs and the actual action pod gets - started with sleep infinity TODO(dmendiza): Do we need this?' - properties: - dbInitContainer: - default: false - description: dbInitContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - dbSync: - default: false - description: dbSync enable debug - type: boolean - initContainer: - default: false - description: initContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - service: - default: false - description: Service enable debug - type: boolean - type: object defaultConfigOverwrite: additionalProperties: type: string diff --git a/config/crd/bases/barbican.openstack.org_barbicans.yaml b/config/crd/bases/barbican.openstack.org_barbicans.yaml index 9877816..e52b1b4 100644 --- a/config/crd/bases/barbican.openstack.org_barbicans.yaml +++ b/config/crd/bases/barbican.openstack.org_barbicans.yaml @@ -581,30 +581,6 @@ spec: description: DatabaseUser - optional username used for barbican DB, defaults to barbican type: string - debug: - description: 'Debug - enable debug for different deploy stages. If - an init container is used, it runs and the actual action pod gets - started with sleep infinity TODO(dmendiza): Do we need this?' - properties: - dbInitContainer: - default: false - description: dbInitContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - dbSync: - default: false - description: dbSync enable debug - type: boolean - initContainer: - default: false - description: initContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - service: - default: false - description: Service enable debug - type: boolean - type: object defaultConfigOverwrite: additionalProperties: type: string diff --git a/config/crd/bases/barbican.openstack.org_barbicanworkers.yaml b/config/crd/bases/barbican.openstack.org_barbicanworkers.yaml index 3a794c1..21d6b57 100644 --- a/config/crd/bases/barbican.openstack.org_barbicanworkers.yaml +++ b/config/crd/bases/barbican.openstack.org_barbicanworkers.yaml @@ -66,30 +66,6 @@ spec: description: DatabaseUser - optional username used for barbican DB, defaults to barbican type: string - debug: - description: 'Debug - enable debug for different deploy stages. If - an init container is used, it runs and the actual action pod gets - started with sleep infinity TODO(dmendiza): Do we need this?' - properties: - dbInitContainer: - default: false - description: dbInitContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - dbSync: - default: false - description: dbSync enable debug - type: boolean - initContainer: - default: false - description: initContainer enable debug (waits until /tmp/stop-init-container - disappears) - type: boolean - service: - default: false - description: Service enable debug - type: boolean - type: object defaultConfigOverwrite: additionalProperties: type: string diff --git a/config/manifests/bases/barbican-operator.clusterserviceversion.yaml b/config/manifests/bases/barbican-operator.clusterserviceversion.yaml index d827ff1..27d60b6 100644 --- a/config/manifests/bases/barbican-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/barbican-operator.clusterserviceversion.yaml @@ -5,6 +5,7 @@ metadata: alm-examples: '[]' capabilities: Basic Install features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "true" operators.openshift.io/infrastructure-features: '["disconnected"]' operators.operatorframework.io/operator-type: non-standalone name: barbican-operator.v0.0.0 diff --git a/config/samples/barbican_v1beta1_barbican.yaml b/config/samples/barbican_v1beta1_barbican.yaml index 433da7c..2cdae12 100644 --- a/config/samples/barbican_v1beta1_barbican.yaml +++ b/config/samples/barbican_v1beta1_barbican.yaml @@ -18,11 +18,6 @@ spec: passwordSelectors: database: BarbicanDatabasePassword service: BarbicanPassword - debug: - dbInitContainer: false - dbSync: false - initContainer: false - service: false preserveJobs: true nodeSelector: node: controller diff --git a/go.mod b/go.mod index 9b3db5d..a99e4e9 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240117103205-2bd91a3da216 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240117103205-2bd91a3da216 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240117103205-2bd91a3da216 - github.com/openstack-k8s-operators/mariadb-operator/api v0.3.0 + github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240124160436-36095347284f go.uber.org/zap v1.26.0 k8s.io/api v0.26.13 k8s.io/apimachinery v0.27.1 diff --git a/go.sum b/go.sum index 2626399..7faf820 100644 --- a/go.sum +++ b/go.sum @@ -246,8 +246,8 @@ github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.202401171 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240117103205-2bd91a3da216/go.mod h1:Z8oPtR/G1ukNwJoD75I8Ew+8Ibt4vqtK+XoaiKK3gXk= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240117103205-2bd91a3da216 h1:VTlhT+Epr3YY/I9NKKCv4MWITnNgBUXv684FB7YQT+E= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240117103205-2bd91a3da216/go.mod h1:ni4mvKeubWsTjKmcToJ+hIo7pJipM9hwiUv8qhm1R6Y= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.0 h1:FB0xB6whYM6W4XIncYo2mPiOJWkFsIOWtCT+UOtvOaQ= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.0/go.mod h1:xhiz5wFdKWwVM7BF/VYon4TT3NuUPXp/Pyn2hWcp0CE= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240124160436-36095347284f h1:01HrDX32rjFdvbSOMfz0fBCfxK6Kqthv0BgvimWL7Vc= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240124160436-36095347284f/go.mod h1:gAIo5SMvTTgUomxGC51T3PHIyremhe8xUvz2xpbuCsI= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= diff --git a/pkg/barbican/dbsync.go b/pkg/barbican/dbsync.go index e310a8e..f24f9e7 100644 --- a/pkg/barbican/dbsync.go +++ b/pkg/barbican/dbsync.go @@ -3,7 +3,6 @@ package barbican import ( barbicanv1beta1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" - "github.com/openstack-k8s-operators/lib-common/modules/common" "github.com/openstack-k8s-operators/lib-common/modules/common/env" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" @@ -61,18 +60,13 @@ func DbSyncJob(instance *barbicanv1beta1.Barbican, labels map[string]string, ann ReadOnly: true, }, } - + // add CA cert if defined if instance.Spec.BarbicanAPI.TLS.CaBundleSecretName != "" { dbSyncVolume = append(dbSyncVolume, instance.Spec.BarbicanAPI.TLS.CreateVolume()) dbSyncMounts = append(dbSyncMounts, instance.Spec.BarbicanAPI.TLS.CreateVolumeMounts(nil)...) } - args := []string{"-c"} - if instance.Spec.Debug.DBSync { - args = append(args, common.DebugCommand) - } else { - args = append(args, DBSyncCommand) - } + args := []string{"-c", DBSyncCommand} runAsUser := int64(0) envVars := map[string]env.Setter{} diff --git a/pkg/barbicanapi/deployment.go b/pkg/barbicanapi/deployment.go index 191d48c..f4a154f 100644 --- a/pkg/barbicanapi/deployment.go +++ b/pkg/barbicanapi/deployment.go @@ -3,7 +3,6 @@ package barbicanapi import ( "fmt" - "github.com/openstack-k8s-operators/lib-common/modules/common" "github.com/openstack-k8s-operators/lib-common/modules/common/env" "github.com/openstack-k8s-operators/lib-common/modules/common/service" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" @@ -45,32 +44,22 @@ func Deployment( PeriodSeconds: 5, InitialDelaySeconds: 5, } - args := []string{"-c"} - if instance.Spec.Debug.Service { - args = append(args, common.DebugCommand) - livenessProbe.Exec = &corev1.ExecAction{ - Command: []string{ - "/bin/true", - }, - } - readinessProbe.Exec = livenessProbe.Exec - } else { - args = append(args, ServiceCommand) - // - // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - // - livenessProbe.HTTPGet = &corev1.HTTPGetAction{ - Path: "/healthcheck", - Port: intstr.IntOrString{Type: intstr.Int, IntVal: int32(barbican.BarbicanPublicPort)}, - } - readinessProbe.HTTPGet = livenessProbe.HTTPGet + args := []string{"-c", ServiceCommand} + // + // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + // + livenessProbe.HTTPGet = &corev1.HTTPGetAction{ + Path: "/healthcheck", + Port: intstr.IntOrString{Type: intstr.Int, IntVal: int32(barbican.BarbicanPublicPort)}, + } - if instance.Spec.TLS.API.Enabled(service.EndpointPublic) { - livenessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS - readinessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS - } + if instance.Spec.TLS.API.Enabled(service.EndpointPublic) { + livenessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS + readinessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS } + readinessProbe.HTTPGet = livenessProbe.HTTPGet + apiVolumes := []corev1.Volume{ { Name: "config-data-custom", diff --git a/pkg/barbicankeystonelistener/deployment.go b/pkg/barbicankeystonelistener/deployment.go index 8c312f8..ecdb8c8 100644 --- a/pkg/barbicankeystonelistener/deployment.go +++ b/pkg/barbicankeystonelistener/deployment.go @@ -3,7 +3,6 @@ package barbicankeystonelistener import ( "fmt" - "github.com/openstack-k8s-operators/lib-common/modules/common" "github.com/openstack-k8s-operators/lib-common/modules/common/env" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -30,12 +29,7 @@ func Deployment( envVars := map[string]env.Setter{} envVars["KOLLA_CONFIG_STRATEGY"] = env.SetValue("COPY_ALWAYS") envVars["CONFIG_HASH"] = env.SetValue(configHash) - args := []string{"-c"} - if instance.Spec.Debug.Service { - args = append(args, common.DebugCommand) - } else { - args = append(args, ServiceCommand) - } + args := []string{"-c", ServiceCommand} keystoneListenerVolumes := []corev1.Volume{ { diff --git a/pkg/barbicanworker/deployment.go b/pkg/barbicanworker/deployment.go index 1c0621b..0f1e4a6 100644 --- a/pkg/barbicanworker/deployment.go +++ b/pkg/barbicanworker/deployment.go @@ -3,7 +3,6 @@ package barbicanworker import ( "fmt" - "github.com/openstack-k8s-operators/lib-common/modules/common" "github.com/openstack-k8s-operators/lib-common/modules/common/env" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -46,26 +45,15 @@ func Deployment( InitialDelaySeconds: 5, } */ - args := []string{"-c"} - if instance.Spec.Debug.Service { - args = append(args, common.DebugCommand) - //livenessProbe.Exec = &corev1.ExecAction{ - // Command: []string{ - // "/bin/true", - // }, - //} - //readinessProbe.Exec = livenessProbe.Exec - } else { - args = append(args, ServiceCommand) - // - // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - // - //livenessProbe.HTTPGet = &corev1.HTTPGetAction{ - // Path: "/healthcheck", - // Port: intstr.IntOrString{Type: intstr.Int, IntVal: int32(barbican.BarbicanPublicPort)}, - //} - //readinessProbe.HTTPGet = livenessProbe.HTTPGet - } + args := []string{"-c", ServiceCommand} + // + // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + // + //livenessProbe.HTTPGet = &corev1.HTTPGetAction{ + // Path: "/healthcheck", + // Port: intstr.IntOrString{Type: intstr.Int, IntVal: int32(barbican.BarbicanPublicPort)}, + //} + //readinessProbe.HTTPGet = livenessProbe.HTTPGet workerVolumes := []corev1.Volume{ {