Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adopt docker registry kyma module #32

Merged
merged 2 commits into from
Aug 7, 2024
Merged

Adopt docker registry kyma module #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
72bd82c
Adopt docker registry kyma module
rrashidov Aug 7, 2024
c2630ce
Restore usage of customer-provided container registry
rrashidov Aug 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion config/rbac/role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,4 +236,10 @@ rules:
resources:
- apiservices
verbs:
- "*"
- "*"
- apiGroups:
- operator.kyma-project.io
resources:
- dockerregistries
verbs:
- "*"
82 changes: 56 additions & 26 deletions controllers/cfapi_controller_rendered_resources.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -315,14 +315,23 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
cfDomain := wildCardDomain[2:]
appsDomain := "apps." + cfDomain
korifiApiDomain := "cfapi." + cfDomain
twuniDomain := "cr." + cfDomain

logger.Info("wildcard domain retrieved : " + wildCardDomain)
logger.Info("cf domain calculated : " + cfDomain)
logger.Info("apps domain calculated : " + appsDomain)
logger.Info("korifi api domain calculated : " + korifiApiDomain)

containerRegistry, err := r.getAppContainerRegistry(ctx, cfAPI, twuniDomain)
// ensure docker registry
logger.Info("Start ensuring docker registry ...")
err = r.ensureDockerRegistry(ctx, cfAPI)
if err != nil {
logger.Error(err, "error ensuring docker registry")
return "", err
}
logger.Info("docker registry ensured")

// get app container registry
containerRegistry, err := r.getAppContainerRegistry(ctx, cfAPI)
if err != nil {
logger.Error(err, "error getting app container registry")
return "", err
Expand Down Expand Up @@ -362,15 +371,6 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
}
logger.Info("namespaces created")

// install twuni
logger.Info("Start installing twuni ...")
err = r.installTwuni(ctx, cfAPI, cfDomain, twuniDomain)
if err != nil {
logger.Error(err, "error installing twuni")
return "", err
}
logger.Info("twuni installed")

// generate ingress certificates
logger.Info("Start generating ingress certificates ...")
err = r.generateIngressCertificates(ctx, cfDomain, appsDomain, korifiApiDomain)
Expand Down Expand Up @@ -428,15 +428,6 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
}
logger.Info("dns entries created")

// create twuni dns entries
logger.Info("Start creating twuni dns entries ...")
err = r.createTwuniDNSEntry(ctx, cfAPI, twuniDomain)
if err != nil {
logger.Error(err, "error creating twuni dns entries")
return "", err
}
logger.Info("twuni dns entries created")

var subjects = toSubjectList(cfAPI.Spec.CFAdmins)
err = r.assignCfAdministrators(ctx, subjects, cfAPI.Spec.RootNamespace)
if err != nil {
Expand All @@ -449,6 +440,34 @@ func (r *CFAPIReconciler) processResources(ctx context.Context, cfAPI *v1alpha1.
return "https://" + korifiApiDomain, nil
}

func (r *CFAPIReconciler) ensureDockerRegistry(ctx context.Context, cfAPI *v1alpha1.CFAPI) error {
logger := log.FromContext(ctx)

if cfAPI.Spec.AppImagePullSecret != "" {
logger.Info("App Container Img Reg Secret is set, using it")
return nil
}

if !r.crdExists(ctx, "DockerRegistry") {
logger.Info("DockerRegistry CRD does not exist")
return errors.New("DockerRegistry CRD does not exist. Create it by enablib docker registry Kyma module")
}

err := r.installOneGlob(ctx, "./module-data/docker-registry/docker-registry.yaml")
if err != nil {
logger.Error(err, "error installing docker registry")
return err
}

err = r.waitForSecret("cfapi-system", "dockerregistry-config-external")
if err != nil {
logger.Error(err, "error waiting for secret dockerregistry-config-external")
return err
}

return nil
}

func (r *CFAPIReconciler) createOIDCConfig(ctx context.Context, cfAPI *v1alpha1.CFAPI) error {
logger := log.FromContext(ctx)

Expand Down Expand Up @@ -501,8 +520,7 @@ func (r *CFAPIReconciler) createOIDCConfig(ctx context.Context, cfAPI *v1alpha1.
return nil
}

func (r *CFAPIReconciler) getAppContainerRegistry(ctx context.Context, cfAPI *v1alpha1.CFAPI,
twuniDomain string) (ContainerRegistry, error) {
func (r *CFAPIReconciler) getAppContainerRegistry(ctx context.Context, cfAPI *v1alpha1.CFAPI) (ContainerRegistry, error) {
logger := log.FromContext(ctx)

if cfAPI.Spec.AppImagePullSecret != "" {
Expand All @@ -526,11 +544,23 @@ func (r *CFAPIReconciler) getAppContainerRegistry(ctx context.Context, cfAPI *v1
}, nil
}

logger.Info("App Container Img Reg Secret is not set, using twuni")
logger.Info("Constructing app container registry from dockerregistry-config-external secret ")

secret := corev1.Secret{}
err := r.Client.Get(context.Background(), client.ObjectKey{
Namespace: "cfapi-system",
Name: "dockerregistry-config-external",
}, &secret)

if err != nil {
logger.Error(err, "error getting app container registry secret")
return ContainerRegistry{}, err
}

return ContainerRegistry{
Server: twuniDomain,
User: DefaultTwuniUser,
Pass: DefaultTwuniPass,
Server: string(secret.Data["pushRegAddr"]),
User: string(secret.Data["username"]),
Pass: string(secret.Data["password"]),
}, nil
}

Expand Down
Loading
Loading