Copy custom CA config map to additional namespaces (#4953)

replicatedhq · Oct 16, 2024 · 5cc9f72 · 5cc9f72
1 parent d20730a
commit 5cc9f72
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 0 deletions.
diff --git a/pkg/operator/client/client.go b/pkg/operator/client/client.go
@@ -137,6 +137,10 @@ func (c *Client) ApplyNamespacesInformer(namespaces []string, imagePullSecrets [
 			// we don't fail here...
 			log.Printf("error ensuring image pull secrets for namespace %s: %s", ns, err.Error())
 		}
+		if err := c.ensureEmbeddedClusterCAPresent(ns); err != nil {
+			// we don't fail here...
+			log.Printf("error ensuring cluster ca present for namespace %s: %s", ns, err.Error())
+		}
 	}
 
 	c.imagePullSecrets = imagePullSecrets

diff --git a/pkg/operator/client/deploy.go b/pkg/operator/client/deploy.go
@@ -116,6 +116,63 @@ func (c *Client) ensureImagePullSecretsPresent(namespace string, imagePullSecret
 	return nil
 }
 
+func (c *Client) ensureEmbeddedClusterCAPresent(namespace string) error {
+	if !util.IsEmbeddedCluster() {
+		return nil
+	}
+
+	logger.Debugf("ensuring embedded cluster ca present in namespace %s", namespace)
+
+	clientset, err := k8sutil.GetClientset()
+	if err != nil {
+		return errors.Wrap(err, "failed to get clientset")
+	}
+
+	configMapName := os.Getenv("SSL_CERT_CONFIGMAP")
+	sourceConfigMap, err := clientset.CoreV1().ConfigMaps(util.AppNamespace()).Get(context.TODO(), configMapName, metav1.GetOptions{})
+	if err != nil {
+		if !kuberneteserrors.IsNotFound(err) {
+			return errors.Wrap(err, "failed to get source configmap")
+		}
+		// This would happen in older EC releases
+		return nil
+	}
+
+	destConfigMap := &corev1.ConfigMap{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ConfigMap",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        configMapName,
+			Labels:      sourceConfigMap.DeepCopy().Labels,
+			Annotations: sourceConfigMap.DeepCopy().Annotations,
+			Namespace:   namespace,
+		},
+		Data: sourceConfigMap.DeepCopy().Data,
+	}
+
+	_, err = clientset.CoreV1().ConfigMaps(namespace).Get(context.TODO(), configMapName, metav1.GetOptions{})
+	if err != nil {
+		if !kuberneteserrors.IsNotFound(err) {
+			return errors.Wrap(err, "failed to get destination configmap")
+		}
+
+		_, err = clientset.CoreV1().ConfigMaps(namespace).Create(context.TODO(), destConfigMap, metav1.CreateOptions{})
+		if err != nil {
+			return errors.Wrap(err, "failed to create configmap")
+		}
+		return nil
+	}
+
+	_, err = clientset.CoreV1().ConfigMaps(namespace).Update(context.TODO(), destConfigMap, metav1.UpdateOptions{})
+	if err != nil {
+		return errors.Wrap(err, "failed to update configmap")
+	}
+
+	return nil
+}
+
 func (c *Client) ensureResourcesPresent(deployArgs operatortypes.DeployAppArgs) (*deployResult, error) {
 	var deployRes deployResult
 

diff --git a/pkg/operator/client/namespaces.go b/pkg/operator/client/namespaces.go
@@ -45,6 +45,11 @@ func (c *Client) runNamespacesInformer() error {
 					log.Printf("error ensuring image pull secrets for namespace %s: %s", addedNamespace.Name, err.Error())
 				}
 
+				if err := c.ensureEmbeddedClusterCAPresent(addedNamespace.Name); err != nil {
+					// we don't fail here...
+					log.Printf("error ensuring cluster ca present for namespace %s: %s", addedNamespace.Name, err.Error())
+				}
+
 				c.ApplyHooksInformer([]string{addedNamespace.Name})
 			}
 		},