logjuicer: setup the corporate-ca-certs

Change-Id: I8738b30c8d7b444704cb4dfcfc4de70180acbfbe

controllers/logjuicer.go

@@ -5,43 +5,74 @@ package controllers
 
 import (
 	"github.com/softwarefactory-project/sf-operator/controllers/libs/base"
+	"github.com/softwarefactory-project/sf-operator/controllers/libs/utils"
 	appsv1 "k8s.io/api/apps/v1"
 	apiv1 "k8s.io/api/core/v1"
 )
 
+func (r *SFController) AddCorporateCA(spec *apiv1.PodSpec) string {
+	// Inject into the spec the necessary option to setup the corporate-ca-certs, returns the current version
+	corporateCM, corporateCMExists := r.CorporateCAConfigMapExists()
+	if corporateCMExists {
+		for fileName := range corporateCM.Data {
+			spec.Volumes = append(spec.Volumes, base.MkVolumeCM("certs", CorporateCACerts))
+			spec.Containers[0].VolumeMounts = append(spec.Containers[0].VolumeMounts, apiv1.VolumeMount{
+				Name:      "certs",
+				MountPath: "/certs",
+			})
+			spec.Containers[0].Env = append(spec.Containers[0].Env, base.MkEnvVar("LOGJUICER_CA_EXTRA", "/certs/"+fileName))
+			// TODO: remove the next line after merging https://github.com/logjuicer/logjuicer/pull/144
+			spec.Containers[0].Env = append(spec.Containers[0].Env, base.MkEnvVar("LOGJUICER_CA_BUNDLE", "/certs/"+fileName))
+			break
+		}
+		return string(corporateCM.ResourceVersion)
+	} else {
+		return "0"
+	}
+}
+
 func (r *SFController) EnsureLogJuicer() bool {
 	const (
 		ident = "logjuicer"
 		port  = 3000
 	)
+
+	srv := base.MkService(ident, r.ns, ident, []int32{port}, ident, r.cr.Spec.ExtraLabels)
+	r.GetOrCreate(&srv)
+
+	dep := base.MkDeployment(ident, r.ns, "ghcr.io/logjuicer/logjuicer:latest", r.cr.Spec.ExtraLabels)
+	dep.Spec.Template.Spec.Containers[0].ImagePullPolicy = "Always"
+	dep.Spec.Template.Spec.Volumes = []apiv1.Volume{
+		// TODO: make this persistent
+		base.MkEmptyDirVolume("logjuicer-data"),
+	}
+	dep.Spec.Template.Spec.Containers[0].VolumeMounts = []apiv1.VolumeMount{
+		{
+			Name:      "logjuicer-data",
+			MountPath: "/data",
+		},
+	}
+	dep.Spec.Template.Spec.Containers[0].Env = []apiv1.EnvVar{
+		base.MkEnvVar("LOGJUICER_BASE_URL", "/logjuicer/"),
+	}
+	dep.Spec.Template.Spec.Containers[0].Ports = []apiv1.ContainerPort{
+		base.MkContainerPort(port, ident),
+	}
+	dep.Spec.Template.Spec.Containers[0].ReadinessProbe = base.MkReadinessHTTPProbe("/ready", port)
+
+	dep.Spec.Template.ObjectMeta.Annotations = map[string]string{
+		"certs": r.AddCorporateCA(&dep.Spec.Template.Spec),
+	}
+
 	current := appsv1.Deployment{}
 	if r.GetM(ident, &current) {
-		return r.IsDeploymentReady(&current)
-	} else {
-		srv := base.MkService(ident, r.ns, ident, []int32{port}, ident, r.cr.Spec.ExtraLabels)
-		r.GetOrCreate(&srv)
-
-		dep := base.MkDeployment(ident, r.ns, "ghcr.io/logjuicer/logjuicer:latest", r.cr.Spec.ExtraLabels)
-		dep.Spec.Template.Spec.Containers[0].ImagePullPolicy = "Always"
-		dep.Spec.Template.Spec.Volumes = []apiv1.Volume{
-			// TODO: make this persistent
-			base.MkEmptyDirVolume("logjuicer-data"),
+		if utils.MapEquals(&current.Spec.Template.ObjectMeta.Annotations, &dep.Spec.Template.ObjectMeta.Annotations) {
+			return r.IsDeploymentReady(&current)
 		}
-		dep.Spec.Template.Spec.Containers[0].VolumeMounts = []apiv1.VolumeMount{
-			{
-				Name:      "logjuicer-data",
-				MountPath: "/data",
-			},
-		}
-		dep.Spec.Template.Spec.Containers[0].Env = []apiv1.EnvVar{
-			base.MkEnvVar("LOGJUICER_BASE_URL", "/logjuicer/"),
-		}
-		dep.Spec.Template.Spec.Containers[0].Ports = []apiv1.ContainerPort{
-			base.MkContainerPort(port, ident),
-		}
-		dep.Spec.Template.Spec.Containers[0].ReadinessProbe = base.MkReadinessHTTPProbe("/ready", port)
-
+		current.Spec = dep.Spec
+		r.UpdateR(&current)
+	} else {
 		r.CreateR(&dep)
-		return false
 	}
+	return false
 }

controllers/nodepool.go

@@ -453,7 +453,7 @@ func (r *SFController) DeployNodepoolBuilder(statsdExporterVolume apiv1.Volume,
 
 	// Create the corporate CM based Volume when the Corporate CM exists
 	if corporateCMExists {
-		volumes = append(volumes, base.MkVolumeCM("nodepool-builder-corporate-ca-certs", "corporate-ca-certs"))
+		volumes = append(volumes, base.MkVolumeCM("nodepool-builder-corporate-ca-certs", CorporateCACerts))
 	}
 
 	nodeExporterVolumeMount := []apiv1.VolumeMount{
@@ -679,7 +679,7 @@ func (r *SFController) DeployNodepoolLauncher(statsdExporterVolume apiv1.Volume,
 	corporateCM, corporateCMExists := r.CorporateCAConfigMapExists()
 
 	if corporateCMExists {
-		volumes = append(volumes, base.MkVolumeCM("nodepool-launcher-corporate-ca-certs", "corporate-ca-certs"))
+		volumes = append(volumes, base.MkVolumeCM("nodepool-launcher-corporate-ca-certs", CorporateCACerts))
 	}
 
 	volumeMounts := append(initialVolumeMounts, []apiv1.VolumeMount{

controllers/zuul.go

@@ -327,7 +327,7 @@ func mkZuulVolumes(service string, r *SFController, corporateCMExists bool) []ap
 	volumes = append(volumes, mkZuulConnectionSecretsVolumes(r)...)
 
 	if corporateCMExists {
-		volumes = append(volumes, base.MkVolumeCM(service+"-corporate-ca-certs", "corporate-ca-certs"))
+		volumes = append(volumes, base.MkVolumeCM(service+"-corporate-ca-certs", CorporateCACerts))
 	}
 
 	return volumes

doc/reference/CHANGELOG.md

@@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
 ### Changed
 
 - zookeeper - increase certificate validity duration to 25 years to avoid renewal burden
+- logjuicer: install corporate-ca-certs to support external SF.
 
 ### Fixed
 ### Security