Skip to content

Commit f0c2db4

Browse files
committed
config: retain project.apiKeys secrets
1 parent 34f8106 commit f0c2db4

File tree

4 files changed

+30
-32
lines changed

4 files changed

+30
-32
lines changed

controller/clickhouse.go

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,15 @@ import (
1313
"k8s.io/apimachinery/pkg/util/intstr"
1414
)
1515

16+
func clickhousePasswordSecret(cr *corootv1.Coroot) *corev1.SecretKeySelector {
17+
return &corev1.SecretKeySelector{
18+
LocalObjectReference: corev1.LocalObjectReference{
19+
Name: fmt.Sprintf("%s-clickhouse", cr.Name),
20+
},
21+
Key: "password",
22+
}
23+
}
24+
1625
func (r *CorootReconciler) clickhouseService(cr *corootv1.Coroot) *corev1.Service {
1726
ls := Labels(cr, "clickhouse")
1827
s := &corev1.Service{
@@ -204,9 +213,7 @@ func (r *CorootReconciler) clickhouseStatefulSets(cr *corootv1.Coroot) []*appsv1
204213
FieldPath: "metadata.name",
205214
},
206215
}},
207-
{Name: "CLICKHOUSE_PASSWORD", ValueFrom: &corev1.EnvVarSource{
208-
SecretKeyRef: secretKeySelector(fmt.Sprintf("%s-clickhouse", cr.Name), "password"),
209-
}},
216+
{Name: "CLICKHOUSE_PASSWORD", ValueFrom: &corev1.EnvVarSource{SecretKeyRef: clickhousePasswordSecret(cr)}},
210217
},
211218
ReadinessProbe: &corev1.Probe{
212219
ProbeHandler: corev1.ProbeHandler{

controller/controller.go

Lines changed: 13 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -153,8 +153,8 @@ func (r *CorootReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
153153
}
154154

155155
if cr.Spec.ExternalClickhouse == nil {
156-
r.CreateOrUpdateSecret(ctx, cr, "clickhouse", fmt.Sprintf("%s-clickhouse", cr.Name), "password", 16)
157-
156+
passwordSecret := clickhousePasswordSecret(cr)
157+
r.CreateOrUpdateSecret(ctx, cr, passwordSecret.Name, []string{passwordSecret.Key}, 16, false)
158158
r.CreateOrUpdateServiceAccount(ctx, cr, "clickhouse-keeper", sccNonroot)
159159
r.CreateOrUpdateService(ctx, cr, r.clickhouseKeeperServiceHeadless(cr))
160160
for _, pvc := range r.clickhouseKeeperPVCs(cr) {
@@ -230,28 +230,24 @@ func (r *CorootReconciler) GetSecret(ctx context.Context, cr *corootv1.Coroot, s
230230
return string(data), nil
231231
}
232232

233-
func (r *CorootReconciler) CreateOrUpdateSecret(ctx context.Context, cr *corootv1.Coroot, component, name, key string, length int) string {
234-
s := &corev1.Secret{
235-
ObjectMeta: metav1.ObjectMeta{
236-
Name: name,
237-
Namespace: cr.Namespace,
238-
Labels: Labels(cr, component),
239-
},
233+
func (r *CorootReconciler) CreateOrUpdateSecret(ctx context.Context, cr *corootv1.Coroot, name string, keys []string, length int, retain bool) {
234+
if len(keys) == 0 {
235+
return
240236
}
241-
var data string
242-
r.CreateOrUpdate(ctx, cr, s, false, false, func() error {
237+
s := &corev1.Secret{}
238+
s.Name = name
239+
s.Namespace = cr.Namespace
240+
r.CreateOrUpdate(ctx, cr, s, false, retain, func() error {
243241
if s.Data == nil {
244242
s.Data = map[string][]byte{}
245243
}
246-
if d, ok := s.Data[key]; ok {
247-
data = string(d)
248-
} else {
249-
data = RandomString(length)
250-
s.Data[key] = []byte(data)
244+
for _, key := range keys {
245+
if _, ok := s.Data[key]; !ok {
246+
s.Data[key] = []byte(RandomString(length))
247+
}
251248
}
252249
return nil
253250
})
254-
return data
255251
}
256252

257253
func (r *CorootReconciler) CreateOrUpdateConfigMap(ctx context.Context, cr *corootv1.Coroot, cm *corev1.ConfigMap) {

controller/coroot.go

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -48,10 +48,11 @@ func (r *CorootReconciler) validateCoroot(ctx context.Context, cr *corootv1.Coro
4848
}
4949
}
5050

51+
apiKeySecrets := map[string][]string{}
5152
for _, p := range cr.Spec.Projects {
5253
for i, k := range p.ApiKeys {
5354
if k.KeySecret != nil {
54-
r.CreateOrUpdateSecret(ctx, cr, "coroot", k.KeySecret.Name, k.KeySecret.Key, 32)
55+
apiKeySecrets[k.KeySecret.Name] = append(apiKeySecrets[k.KeySecret.Name], k.KeySecret.Key)
5556
p.ApiKeys[i].Key = configEnvs.Add(k.KeySecret)
5657
p.ApiKeys[i].KeySecret = nil
5758
}
@@ -136,6 +137,10 @@ func (r *CorootReconciler) validateCoroot(ctx context.Context, cr *corootv1.Coro
136137
}
137138
}
138139

140+
for name, keys := range apiKeySecrets {
141+
r.CreateOrUpdateSecret(ctx, cr, name, keys, 32, true)
142+
}
143+
139144
if ee := cr.Spec.EnterpriseEdition; ee != nil {
140145
if ee.LicenseKeySecret != nil {
141146
if _, err = r.GetSecret(ctx, cr, ee.LicenseKeySecret); err != nil {
@@ -431,8 +436,7 @@ func (r *CorootReconciler) corootStatefulSet(cr *corootv1.Coroot, configEnvs Con
431436
Value: fmt.Sprintf("%s-clickhouse.%s:9000", cr.Name, cr.Namespace),
432437
},
433438
corev1.EnvVar{Name: "GLOBAL_CLICKHOUSE_USER", Value: "default"},
434-
corev1.EnvVar{Name: "GLOBAL_CLICKHOUSE_PASSWORD", ValueFrom: &corev1.EnvVarSource{
435-
SecretKeyRef: secretKeySelector(fmt.Sprintf("%s-clickhouse", cr.Name), "password")}},
439+
corev1.EnvVar{Name: "GLOBAL_CLICKHOUSE_PASSWORD", ValueFrom: &corev1.EnvVarSource{SecretKeyRef: clickhousePasswordSecret(cr)}},
436440
corev1.EnvVar{Name: "GLOBAL_CLICKHOUSE_INITIAL_DATABASE", Value: "default"},
437441
)
438442
}

controller/utils.go

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -109,15 +109,6 @@ func envVarFromSecret(name string, secret *corev1.SecretKeySelector, plainTextVa
109109
return corev1.EnvVar{Name: name, ValueFrom: &corev1.EnvVarSource{SecretKeyRef: secret}}
110110
}
111111

112-
func secretKeySelector(name, key string) *corev1.SecretKeySelector {
113-
return &corev1.SecretKeySelector{
114-
LocalObjectReference: corev1.LocalObjectReference{
115-
Name: name,
116-
},
117-
Key: key,
118-
}
119-
}
120-
121112
func ValidateSamlIdentityProviderMetadata(metadata string) error {
122113
_, err := samlsp.ParseMetadata([]byte(metadata))
123114
return err

0 commit comments

Comments
 (0)