Skip to content

Commit

Permalink
Adopt docker registry kyma module
Browse files Browse the repository at this point in the history
- the container registry installed and used by the module, twuni,
  is replaced with a container registry installed by docker
  registry kyma module
  • Loading branch information
rrashidov committed Aug 7, 2024
1 parent 15c456c commit 72bd82c
Show file tree
Hide file tree
Showing 8 changed files with 62 additions and 378 deletions.
8 changes: 7 additions & 1 deletion config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -236,4 +236,10 @@ rules:
resources:
- apiservices
verbs:
- "*"
- "*"
- apiGroups:
- operator.kyma-project.io
resources:
- dockerregistries
verbs:
- "*"
89 changes: 46 additions & 43 deletions controllers/cfapi_controller_rendered_resources.go
Original file line number Diff line number Diff line change
Expand Up @@ -315,14 +315,22 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
cfDomain := wildCardDomain[2:]
appsDomain := "apps." + cfDomain
korifiApiDomain := "cfapi." + cfDomain
twuniDomain := "cr." + cfDomain

logger.Info("wildcard domain retrieved : " + wildCardDomain)
logger.Info("cf domain calculated : " + cfDomain)
logger.Info("apps domain calculated : " + appsDomain)
logger.Info("korifi api domain calculated : " + korifiApiDomain)

containerRegistry, err := r.getAppContainerRegistry(ctx, cfAPI, twuniDomain)
// ensure docker registry
logger.Info("Start ensuring docker registry ...")
err = r.ensureDockerRegistry(ctx)
if err != nil {
logger.Error(err, "error ensuring docker registry")
return "", err
}
logger.Info("docker registry ensured")

containerRegistry, err := r.getAppContainerRegistry(ctx)
if err != nil {
logger.Error(err, "error getting app container registry")
return "", err
Expand Down Expand Up @@ -362,15 +370,6 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
}
logger.Info("namespaces created")

// install twuni
logger.Info("Start installing twuni ...")
err = r.installTwuni(ctx, cfAPI, cfDomain, twuniDomain)
if err != nil {
logger.Error(err, "error installing twuni")
return "", err
}
logger.Info("twuni installed")

// generate ingress certificates
logger.Info("Start generating ingress certificates ...")
err = r.generateIngressCertificates(ctx, cfDomain, appsDomain, korifiApiDomain)
Expand Down Expand Up @@ -428,15 +427,6 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
}
logger.Info("dns entries created")

// create twuni dns entries
logger.Info("Start creating twuni dns entries ...")
err = r.createTwuniDNSEntry(ctx, cfAPI, twuniDomain)
if err != nil {
logger.Error(err, "error creating twuni dns entries")
return "", err
}
logger.Info("twuni dns entries created")

var subjects = toSubjectList(cfAPI.Spec.CFAdmins)
err = r.assignCfAdministrators(ctx, subjects, cfAPI.Spec.RootNamespace)
if err != nil {
Expand All @@ -449,6 +439,29 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
return "https://" + korifiApiDomain, nil
}

func (r *CFAPIReconciler) ensureDockerRegistry(ctx context.Context) error {
logger := log.FromContext(ctx)

if !r.crdExists(ctx, "DockerRegistry") {
logger.Info("DockerRegistry CRD does not exist")
return errors.New("DockerRegistry CRD does not exist. Create it by enablib docker registry Kyma module")
}

err := r.installOneGlob(ctx, "./module-data/docker-registry/docker-registry.yaml")
if err != nil {
logger.Error(err, "error installing docker registry")
return err
}

err = r.waitForSecret("cfapi-system", "dockerregistry-config-external")
if err != nil {
logger.Error(err, "error waiting for secret dockerregistry-config-external")
return err
}

return nil
}

func (r *CFAPIReconciler) createOIDCConfig(ctx context.Context, cfAPI *v1alpha1.CFAPI) error {
logger := log.FromContext(ctx)

Expand Down Expand Up @@ -501,36 +514,26 @@ func (r *CFAPIReconciler) createOIDCConfig(ctx context.Context, cfAPI *v1alpha1.
return nil
}

func (r *CFAPIReconciler) getAppContainerRegistry(ctx context.Context, cfAPI *v1alpha1.CFAPI,
twuniDomain string) (ContainerRegistry, error) {
func (r *CFAPIReconciler) getAppContainerRegistry(ctx context.Context) (ContainerRegistry, error) {
logger := log.FromContext(ctx)

if cfAPI.Spec.AppImagePullSecret != "" {
logger.Info("App Container Img Reg Secret is set, using it")
// extract container registry from secret
secret := corev1.Secret{}
err := r.Client.Get(context.Background(), client.ObjectKey{
Namespace: "korifi",
Name: cfAPI.Spec.AppImagePullSecret,
}, &secret)
logger.Info("Constructing app container registry from dockerregistry-config-external secret ")

if err != nil {
logger.Error(err, "error getting app container registry secret")
return ContainerRegistry{}, err
}
secret := corev1.Secret{}
err := r.Client.Get(context.Background(), client.ObjectKey{
Namespace: "cfapi-system",
Name: "dockerregistry-config-external",
}, &secret)

return ContainerRegistry{
Server: string(secret.Data["server"]),
User: string(secret.Data["username"]),
Pass: string(secret.Data["password"]),
}, nil
if err != nil {
logger.Error(err, "error getting app container registry secret")
return ContainerRegistry{}, err
}

logger.Info("App Container Img Reg Secret is not set, using twuni")
return ContainerRegistry{
Server: twuniDomain,
User: DefaultTwuniUser,
Pass: DefaultTwuniPass,
Server: string(secret.Data["pushRegAddr"]),
User: string(secret.Data["username"]),
Pass: string(secret.Data["password"]),
}, nil
}

Expand Down
Loading

0 comments on commit 72bd82c

Please sign in to comment.