Merge pull request #32 from kyma-project/adop-docker-registry-kyma-mo…

…dule Adopt docker registry kyma module
kyma-project · Aug 7, 2024 · 586ffe5 · 586ffe5
2 parents 15c456c + c2630ce
commit 586ffe5
Show file tree

Hide file tree

Showing 8 changed files with 72 additions and 361 deletions.
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -236,4 +236,10 @@ rules:
   resources:
   - apiservices
   verbs:
-  - "*"
+  - "*"
+- apiGroups:
+  - operator.kyma-project.io
+  resources:
+  - dockerregistries
+  verbs:
+  - "*"
diff --git a/controllers/cfapi_controller_rendered_resources.go b/controllers/cfapi_controller_rendered_resources.go
@@ -315,14 +315,23 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
 	cfDomain := wildCardDomain[2:]
 	appsDomain := "apps." + cfDomain
 	korifiApiDomain := "cfapi." + cfDomain
-	twuniDomain := "cr." + cfDomain
 
 	logger.Info("wildcard domain retrieved : " + wildCardDomain)
 	logger.Info("cf domain calculated : " + cfDomain)
 	logger.Info("apps domain calculated : " + appsDomain)
 	logger.Info("korifi api domain calculated : " + korifiApiDomain)
 
-	containerRegistry, err := r.getAppContainerRegistry(ctx, cfAPI, twuniDomain)
+	// ensure docker registry
+	logger.Info("Start ensuring docker registry ...")
+	err = r.ensureDockerRegistry(ctx, cfAPI)
+	if err != nil {
+		logger.Error(err, "error ensuring docker registry")
+		return "", err
+	}
+	logger.Info("docker registry ensured")
+
+	// get app container registry
+	containerRegistry, err := r.getAppContainerRegistry(ctx, cfAPI)
 	if err != nil {
 		logger.Error(err, "error getting app container registry")
 		return "", err
@@ -362,15 +371,6 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
 	}
 	logger.Info("namespaces created")
 
-	// install twuni
-	logger.Info("Start installing twuni ...")
-	err = r.installTwuni(ctx, cfAPI, cfDomain, twuniDomain)
-	if err != nil {
-		logger.Error(err, "error installing twuni")
-		return "", err
-	}
-	logger.Info("twuni installed")
-
 	// generate ingress certificates
 	logger.Info("Start generating ingress certificates ...")
 	err = r.generateIngressCertificates(ctx, cfDomain, appsDomain, korifiApiDomain)
@@ -428,15 +428,6 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
 	}
 	logger.Info("dns entries created")
 
-	// create twuni dns entries
-	logger.Info("Start creating twuni dns entries ...")
-	err = r.createTwuniDNSEntry(ctx, cfAPI, twuniDomain)
-	if err != nil {
-		logger.Error(err, "error creating twuni dns entries")
-		return "", err
-	}
-	logger.Info("twuni dns entries created")
-
 	var subjects = toSubjectList(cfAPI.Spec.CFAdmins)
 	err = r.assignCfAdministrators(ctx, subjects, cfAPI.Spec.RootNamespace)
 	if err != nil {
@@ -449,6 +440,34 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
 	return "https://" + korifiApiDomain, nil
 }
 
+func (r *CFAPIReconciler) ensureDockerRegistry(ctx context.Context, cfAPI *v1alpha1.CFAPI) error {
+	logger := log.FromContext(ctx)
+
+	if cfAPI.Spec.AppImagePullSecret != "" {
+		logger.Info("App Container Img Reg Secret is set, using it")
+		return nil
+	}
+
+	if !r.crdExists(ctx, "DockerRegistry") {
+		logger.Info("DockerRegistry CRD does not exist")
+		return errors.New("DockerRegistry CRD does not exist. Create it by enablib docker registry Kyma module")
+	}
+
+	err := r.installOneGlob(ctx, "./module-data/docker-registry/docker-registry.yaml")
+	if err != nil {
+		logger.Error(err, "error installing docker registry")
+		return err
+	}
+
+	err = r.waitForSecret("cfapi-system", "dockerregistry-config-external")
+	if err != nil {
+		logger.Error(err, "error waiting for secret dockerregistry-config-external")
+		return err
+	}
+
+	return nil
+}
+
 func (r *CFAPIReconciler) createOIDCConfig(ctx context.Context, cfAPI *v1alpha1.CFAPI) error {
 	logger := log.FromContext(ctx)
 
@@ -501,8 +520,7 @@ func (r *CFAPIReconciler) createOIDCConfig(ctx context.Context, cfAPI *v1alpha1.
 	return nil
 }
 
-func (r *CFAPIReconciler) getAppContainerRegistry(ctx context.Context, cfAPI *v1alpha1.CFAPI,
-	twuniDomain string) (ContainerRegistry, error) {
+func (r *CFAPIReconciler) getAppContainerRegistry(ctx context.Context, cfAPI *v1alpha1.CFAPI) (ContainerRegistry, error) {
 	logger := log.FromContext(ctx)
 
 	if cfAPI.Spec.AppImagePullSecret != "" {
@@ -526,11 +544,23 @@ func (r *CFAPIReconciler) getAppContainerRegistry(ctx context.Context, cfAPI *v1
 		}, nil
 	}
 
-	logger.Info("App Container Img Reg Secret is not set, using twuni")
+	logger.Info("Constructing app container registry from dockerregistry-config-external secret ")
+
+	secret := corev1.Secret{}
+	err := r.Client.Get(context.Background(), client.ObjectKey{
+		Namespace: "cfapi-system",
+		Name:      "dockerregistry-config-external",
+	}, &secret)
+
+	if err != nil {
+		logger.Error(err, "error getting app container registry secret")
+		return ContainerRegistry{}, err
+	}
+
 	return ContainerRegistry{
-		Server: twuniDomain,
-		User:   DefaultTwuniUser,
-		Pass:   DefaultTwuniPass,
+		Server: string(secret.Data["pushRegAddr"]),
+		User:   string(secret.Data["username"]),
+		Pass:   string(secret.Data["password"]),
 	}, nil
 }