Allow customize http vhost config using HttpdCustomization.CustomConfigSecret

api/bases/swift.openstack.org_swiftproxies.yaml

@@ -71,6 +71,20 @@ spec:
                 default: false
                 description: Encrypts new objects at rest
                 type: boolean
+              httpdCustomization:
+                description: HttpdCustomization - customize the httpd service
+                properties:
+                  customConfigSecret:
+                    description: |-
+                      CustomConfigSecret - customize the httpd vhost config using this parameter to specify
+                      a secret that contains service config data. The content of each provided snippet gets
+                      rendered as a go template and placed into /etc/httpd/conf/httpd_custom_<key> .
+                      In the default httpd template at the end of the vhost those custom configs get
+                      included using `Include conf/httpd_custom_<endpoint>_*`.
+                      For information on how sections in httpd configuration get merged, check section
+                      "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
+                    type: string
+                type: object
               memcachedInstance:
                 default: memcached
                 description: Memcached instance name.

api/bases/swift.openstack.org_swifts.yaml

@@ -97,6 +97,20 @@ spec:
                     default: false
                     description: Encrypts new objects at rest
                     type: boolean
+                  httpdCustomization:
+                    description: HttpdCustomization - customize the httpd service
+                    properties:
+                      customConfigSecret:
+                        description: |-
+                          CustomConfigSecret - customize the httpd vhost config using this parameter to specify
+                          a secret that contains service config data. The content of each provided snippet gets
+                          rendered as a go template and placed into /etc/httpd/conf/httpd_custom_<key> .
+                          In the default httpd template at the end of the vhost those custom configs get
+                          included using `Include conf/httpd_custom_<endpoint>_*`.
+                          For information on how sections in httpd configuration get merged, check section
+                          "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
+                        type: string
+                    type: object
                   memcachedInstance:
                     default: memcached
                     description: Memcached instance name.

api/go.mod

@@ -5,7 +5,7 @@ go 1.21
 require (
 	github.com/onsi/ginkgo/v2 v2.20.1
 	github.com/onsi/gomega v1.34.1
-	github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250124131400-f604bec9afd2
+	github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250116145727-01a8948d5dd7
 	k8s.io/api v0.29.12
 	k8s.io/apimachinery v0.29.12
 	k8s.io/client-go v0.29.12

api/go.sum

@@ -72,8 +72,8 @@ github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo
 github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
 github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
 github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250124131400-f604bec9afd2 h1:hN6XaJS6UPGjB/0aGt9LKzXYOTGAyDjpL+vMEeVzpBI=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250124131400-f604bec9afd2/go.mod h1:YpNTuJhDWhbXM50O3qBkhO7M+OOyRmWkNVmJ4y3cyFs=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250116145727-01a8948d5dd7 h1:vXHpH93PjbAgg5ZN6n5WmxkybVQOs0nhXvVw62o7aZs=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250116145727-01a8948d5dd7/go.mod h1:YpNTuJhDWhbXM50O3qBkhO7M+OOyRmWkNVmJ4y3cyFs=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

api/v1beta1/swiftproxy_types.go

@@ -105,6 +105,10 @@ type SwiftProxySpecCore struct {
 	// +kubebuilder:validation:Optional
 	// NodeSelector to target subset of worker nodes running this service
 	NodeSelector *map[string]string `json:"nodeSelector,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	// HttpdCustomization - customize the httpd service
+	HttpdCustomization HttpdCustomization `json:"httpdCustomization,omitempty"`
 }
 
 // ProxyOverrideSpec to override the generated manifest of several child resources.
@@ -114,6 +118,19 @@ type ProxyOverrideSpec struct {
 	Service map[service.Endpoint]service.RoutedOverrideSpec `json:"service,omitempty"`
 }
 
+// HttpdCustomization - customize the httpd service
+type HttpdCustomization struct {
+	// +kubebuilder:validation:Optional
+	// CustomConfigSecret - customize the httpd vhost config using this parameter to specify
+	// a secret that contains service config data. The content of each provided snippet gets
+	// rendered as a go template and placed into /etc/httpd/conf/httpd_custom_<key> .
+	// In the default httpd template at the end of the vhost those custom configs get
+	// included using `Include conf/httpd_custom_<endpoint>_*`.
+	// For information on how sections in httpd configuration get merged, check section
+	// "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
+	CustomConfigSecret *string `json:"customConfigSecret,omitempty"`
+}
+
 // SwiftProxyStatus defines the observed state of SwiftProxy
 type SwiftProxyStatus struct {
 	// ReadyCount of SwiftProxy instances

config/crd/bases/swift.openstack.org_swiftproxies.yaml

@@ -71,6 +71,20 @@ spec:
                 default: false
                 description: Encrypts new objects at rest
                 type: boolean
+              httpdCustomization:
+                description: HttpdCustomization - customize the httpd service
+                properties:
+                  customConfigSecret:
+                    description: |-
+                      CustomConfigSecret - customize the httpd vhost config using this parameter to specify
+                      a secret that contains service config data. The content of each provided snippet gets
+                      rendered as a go template and placed into /etc/httpd/conf/httpd_custom_<key> .
+                      In the default httpd template at the end of the vhost those custom configs get
+                      included using `Include conf/httpd_custom_<endpoint>_*`.
+                      For information on how sections in httpd configuration get merged, check section
+                      "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
+                    type: string
+                type: object
               memcachedInstance:
                 default: memcached
                 description: Memcached instance name.

config/crd/bases/swift.openstack.org_swifts.yaml

@@ -97,6 +97,20 @@ spec:
                     default: false
                     description: Encrypts new objects at rest
                     type: boolean
+                  httpdCustomization:
+                    description: HttpdCustomization - customize the httpd service
+                    properties:
+                      customConfigSecret:
+                        description: |-
+                          CustomConfigSecret - customize the httpd vhost config using this parameter to specify
+                          a secret that contains service config data. The content of each provided snippet gets
+                          rendered as a go template and placed into /etc/httpd/conf/httpd_custom_<key> .
+                          In the default httpd template at the end of the vhost those custom configs get
+                          included using `Include conf/httpd_custom_<endpoint>_*`.
+                          For information on how sections in httpd configuration get merged, check section
+                          "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
+                        type: string
+                    type: object
                   memcachedInstance:
                     default: memcached
                     description: Memcached instance name.

controllers/swift_common.go

@@ -19,10 +19,11 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"time"
+
 	"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
 	"k8s.io/apimachinery/pkg/types"
-	"time"
 
 	"github.com/openstack-k8s-operators/lib-common/modules/common/env"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -32,10 +33,11 @@ import (
 
 // fields to index to reconcile when change
 const (
-	passwordSecretField     = ".spec.secret"
-	caBundleSecretNameField = ".spec.tls.caBundleSecretName"
-	tlsAPIInternalField     = ".spec.tls.api.internal.secretName"
-	tlsAPIPublicField       = ".spec.tls.api.public.secretName"
+	passwordSecretField                 = ".spec.secret"
+	caBundleSecretNameField             = ".spec.tls.caBundleSecretName"
+	tlsAPIInternalField                 = ".spec.tls.api.internal.secretName"
+	tlsAPIPublicField                   = ".spec.tls.api.public.secretName"
+	httpdCustomServiceConfigSecretField = ".spec.httpdCustomization.customServiceConfigSecret"
 )
 
 var (
@@ -44,6 +46,7 @@ var (
 		caBundleSecretNameField,
 		tlsAPIInternalField,
 		tlsAPIPublicField,
+		httpdCustomServiceConfigSecretField,
 	}
 )
 

controllers/swift_controller.go

@@ -513,6 +513,7 @@ func (r *SwiftReconciler) proxyCreateOrUpdate(ctx context.Context, instance *swi
 			RabbitMqClusterName:    instance.Spec.SwiftProxy.RabbitMqClusterName,
 			CeilometerEnabled:      instance.Spec.SwiftProxy.CeilometerEnabled,
 			NodeSelector:           instance.Spec.SwiftProxy.NodeSelector,
+			HttpdCustomization:     instance.Spec.SwiftProxy.HttpdCustomization,
 		},
 	}
 

controllers/swiftproxy_controller.go

@@ -553,8 +553,16 @@ func (r *SwiftProxyReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, err
 	}
 
+	httpdOverrideSecret := &corev1.Secret{}
+	if instance.Spec.HttpdCustomization.CustomConfigSecret != nil && *instance.Spec.HttpdCustomization.CustomConfigSecret != "" {
+		httpdOverrideSecret, _, err = secret.GetSecret(ctx, helper, *instance.Spec.HttpdCustomization.CustomConfigSecret, instance.Namespace)
+		if err != nil {
+			return ctrl.Result{}, err
+		}
+	}
+
 	// Create a Secret populated with content from templates/
-	tpl := swiftproxy.SecretTemplates(
+	tpl, err := swiftproxy.SecretTemplates(
 		instance,
 		serviceLabels,
 		keystonePublicURL,
@@ -565,7 +573,18 @@ func (r *SwiftProxyReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		secretRef,
 		os.GetRegion(),
 		transportURLString,
+		httpdOverrideSecret,
 	)
+	if err != nil {
+		instance.Status.Conditions.Set(condition.FalseCondition(
+			condition.ServiceConfigReadyCondition,
+			condition.ErrorReason,
+			condition.SeverityWarning,
+			condition.ServiceConfigReadyErrorMessage,
+			err.Error()))
+		return ctrl.Result{}, err
+	}
+
 	err = secret.EnsureSecrets(ctx, helper, instance, tpl, &envVars)
 	if err != nil {
 		instance.Status.Conditions.Set(condition.FalseCondition(
@@ -624,8 +643,13 @@ func (r *SwiftProxyReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 			instance.Spec.NetworkAttachments, err)
 	}
 
+	configData, _, err := secret.GetSecret(ctx, helper, fmt.Sprintf("%s-config-data", instance.Name), instance.Namespace)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
 	// Create Deployment
-	ssDef, err := swiftproxy.Deployment(instance, serviceLabels, serviceAnnotations, inputHash)
+	ssDef, err := swiftproxy.Deployment(instance, serviceLabels, serviceAnnotations, inputHash, configData)
 	if err != nil {
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			swiftv1beta1.SwiftProxyReadyCondition,
@@ -749,6 +773,18 @@ func (r *SwiftProxyReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		return err
 	}
 
+	// index httpdOverrideSecretField
+	if err := mgr.GetFieldIndexer().IndexField(context.Background(), &swiftv1beta1.SwiftProxy{}, httpdCustomServiceConfigSecretField, func(rawObj client.Object) []string {
+		// Extract the secret name from the spec, if one is provided
+		cr := rawObj.(*swiftv1beta1.SwiftProxy)
+		if cr.Spec.HttpdCustomization.CustomConfigSecret == nil {
+			return nil
+		}
+		return []string{*cr.Spec.HttpdCustomization.CustomConfigSecret}
+	}); err != nil {
+		return err
+	}
+
 	memcachedFn := func(_ context.Context, o client.Object) []reconcile.Request {
 		result := []reconcile.Request{}
 

go.mod

@@ -12,9 +12,9 @@ require (
 	github.com/openstack-k8s-operators/infra-operator/apis v0.5.1-0.20250123115751-98853871de94
 	github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250124143616-a588be8e9118
 	github.com/openstack-k8s-operators/lib-common/modules/ansible v0.5.1-0.20250124131400-f604bec9afd2
-	github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250124131400-f604bec9afd2
+	github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250116145727-01a8948d5dd7
 	github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250124131400-f604bec9afd2
-	github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240523121736-379011b2cfac
+	github.com/openstack-k8s-operators/swift-operator/api v0.0.0-00010101000000-000000000000
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
 	k8s.io/api v0.29.12
 	k8s.io/apimachinery v0.29.12

go.sum

@@ -86,8 +86,8 @@ github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250124143616
 github.com/openstack-k8s-operators/keystone-operator/api v0.5.1-0.20250124143616-a588be8e9118/go.mod h1:2QUsdxG62RNzVn/L6/ZcLgoU01KJfPkKTG/IW5Aw/mM=
 github.com/openstack-k8s-operators/lib-common/modules/ansible v0.5.1-0.20250124131400-f604bec9afd2 h1:NBJNYu+nq8GAaiUKxENCZO4C7mHSQmBXtlprLfoQPDs=
 github.com/openstack-k8s-operators/lib-common/modules/ansible v0.5.1-0.20250124131400-f604bec9afd2/go.mod h1:FxA/2ChDnVKgbZAyiiRLDGZB7WMcrHlOMBZYUQGgRf0=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250124131400-f604bec9afd2 h1:hN6XaJS6UPGjB/0aGt9LKzXYOTGAyDjpL+vMEeVzpBI=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250124131400-f604bec9afd2/go.mod h1:YpNTuJhDWhbXM50O3qBkhO7M+OOyRmWkNVmJ4y3cyFs=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250116145727-01a8948d5dd7 h1:vXHpH93PjbAgg5ZN6n5WmxkybVQOs0nhXvVw62o7aZs=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.5.1-0.20250116145727-01a8948d5dd7/go.mod h1:YpNTuJhDWhbXM50O3qBkhO7M+OOyRmWkNVmJ4y3cyFs=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250124131400-f604bec9afd2 h1:VRzGsqjD2gBiu94ODLZ8pMuLKV8fE58s/rxnxIc77iM=
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.5.1-0.20250124131400-f604bec9afd2/go.mod h1:IASoGvp5QM/tBJUd/8i8uIjj4DBnI+64Ydh4r7pmnvA=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=

pkg/swiftproxy/deployment.go

@@ -38,6 +38,7 @@ func Deployment(
 	labels map[string]string,
 	annotations map[string]string,
 	configHash string,
+	configDataSecret *corev1.Secret,
 ) (*appsv1.Deployment, error) {
 
 	trueVal := true
@@ -71,7 +72,7 @@ func Deployment(
 	// create Volume and VolumeMounts
 	volumes := getProxyVolumes(instance)
 	volumeMounts := getProxyVolumeMounts()
-	httpdVolumeMounts := append(getProxyVolumeMounts(), getHttpdVolumeMounts()...)
+	httpdVolumeMounts := append(getProxyVolumeMounts(), getHttpdVolumeMounts(configDataSecret)...)
 
 	// add CA cert if defined
 	if instance.Spec.TLS.CaBundleSecretName != "" {