Add support for secrets (#114)

* Add support for secrets

Signed-off-by: Annanay <[email protected]>

* Add support for k8s secrets in Collector and Query

Signed-off-by: Annanay <[email protected]>

* Add tests for secrets support

Signed-off-by: Annanay <[email protected]>

* Regenerate deepcopy functions

Signed-off-by: Annanay <[email protected]>

* Add relavant test for jaeger-query

Signed-off-by: Annanay <[email protected]>

* Accept single secret as secretName

Signed-off-by: Annanay <[email protected]>

* Addressed comments

Signed-off-by: Annanay <[email protected]>

* Change deepcopy functions

Signed-off-by: Annanay <[email protected]>

* Change deepcopy functions

Signed-off-by: Annanay <[email protected]>

* Change deepcopy functions

Signed-off-by: Annanay <[email protected]>

* Update README

Signed-off-by: Annanay <[email protected]>

* Update README

Signed-off-by: Annanay <[email protected]>

* Add secrets support to all-in-one

Signed-off-by: Annanay <[email protected]>

* Update README

Signed-off-by: Annanay <[email protected]>

README.adoc

@@ -271,6 +271,23 @@ spec:
               fieldPath: status.hostIP
 ----
 
+== Secrets support
+
+The Operator supports passing secrets to the Collector, Query and All-In-One deployments. This can be used for example, to pass credentials (username/password) to access the underlying storage backend (for ex: Elasticsearch).
+The secrets are available as environment variables in the (Collector/Query/All-In-One) nodes.
+
+[source,yaml]
+----
+	storage:
+	  type: elasticsearch
+	  options:
+		es:
+		  server-urls: http://elasticsearch:9200
+	  secretName: jaeger-secrets
+----
+
+The secret itself would be managed outside of the `jaeger-operator` CR.
+
 == Schema migration
 
 === Cassandra

pkg/apis/io/v1alpha1/jaeger_types.go

@@ -116,6 +116,7 @@ type JaegerAgentSpec struct {
 // JaegerStorageSpec defines the common storage options to be used for the query and collector
 type JaegerStorageSpec struct {
 	Type                  string                          `json:"type"` // can be `memory` (default), `cassandra`, `elasticsearch`, `kafka` or `managed`
+	SecretName            string                          `json:"secretName"`
 	Options               Options                         `json:"options"`
 	CassandraCreateSchema JaegerCassandraCreateSchemaSpec `json:"cassandraCreateSchema"`
 }

pkg/deployment/all-in-one.go

@@ -52,6 +52,17 @@ func (a *AllInOne) Get() *appsv1.Deployment {
 
 	configmap.Update(a.jaeger, commonSpec, &options)
 
+	var envFromSource []v1.EnvFromSource
+	if len(a.jaeger.Spec.Storage.SecretName) > 0 {
+		envFromSource = append(envFromSource, v1.EnvFromSource{
+			SecretRef: &v1.SecretEnvSource{
+				LocalObjectReference: v1.LocalObjectReference{
+					Name: a.jaeger.Spec.Storage.SecretName,
+				},
+			},
+		})
+	}
+
 	return &appsv1.Deployment{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: "apps/v1",
@@ -95,6 +106,7 @@ func (a *AllInOne) Get() *appsv1.Deployment {
 							},
 						},
 						VolumeMounts: commonSpec.VolumeMounts,
+						EnvFrom:      envFromSource,
 						Ports: []v1.ContainerPort{
 							{
 								ContainerPort: 5775,

pkg/deployment/all-in-one_test.go

@@ -122,6 +122,17 @@ func TestAllInOneVolumeMountsWithVolumes(t *testing.T) {
 	assert.Equal(t, "globalVolume", podSpec.Containers[0].VolumeMounts[1].Name)
 }
 
+func TestAllInOneSecrets(t *testing.T) {
+	jaeger := v1alpha1.NewJaeger("TestAllInOneSecrets")
+	secret := "mysecret"
+	jaeger.Spec.Storage.SecretName = secret
+
+	allInOne := NewAllInOne(jaeger)
+	dep := allInOne.Get()
+
+	assert.Equal(t, "mysecret", dep.Spec.Template.Spec.Containers[0].EnvFrom[0].SecretRef.LocalObjectReference.Name)
+}
+
 func TestAllInOneMountGlobalVolumes(t *testing.T) {
 	name := "TestAllInOneMountGlobalVolumes"
 

pkg/deployment/collector.go

@@ -52,6 +52,17 @@ func (c *Collector) Get() *appsv1.Deployment {
 
 	commonSpec := util.Merge([]v1alpha1.JaegerCommonSpec{c.jaeger.Spec.Collector.JaegerCommonSpec, c.jaeger.Spec.JaegerCommonSpec, baseCommonSpec})
 
+	var envFromSource []v1.EnvFromSource
+	if len(c.jaeger.Spec.Storage.SecretName) > 0 {
+		envFromSource = append(envFromSource, v1.EnvFromSource{
+			SecretRef: &v1.SecretEnvSource{
+				LocalObjectReference: v1.LocalObjectReference{
+					Name: c.jaeger.Spec.Storage.SecretName,
+				},
+			},
+		})
+	}
+
 	return &appsv1.Deployment{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: "apps/v1",
@@ -97,6 +108,7 @@ func (c *Collector) Get() *appsv1.Deployment {
 							},
 						},
 						VolumeMounts: commonSpec.VolumeMounts,
+						EnvFrom:      envFromSource,
 						Ports: []v1.ContainerPort{
 							{
 								ContainerPort: 9411,

pkg/deployment/collector_test.go

@@ -91,6 +91,17 @@ func TestCollectorAnnotations(t *testing.T) {
 	assert.Equal(t, "false", dep.Spec.Template.Annotations["prometheus.io/scrape"])
 }
 
+func TestCollectorSecrets(t *testing.T) {
+	jaeger := v1alpha1.NewJaeger("TestCollectorSecrets")
+	secret := "mysecret"
+	jaeger.Spec.Storage.SecretName = secret
+
+	collector := NewCollector(jaeger)
+	dep := collector.Get()
+
+	assert.Equal(t, "mysecret", dep.Spec.Template.Spec.Containers[0].EnvFrom[0].SecretRef.LocalObjectReference.Name)
+}
+
 func TestCollectorVolumeMountsWithVolumes(t *testing.T) {
 	name := "TestCollectorVolumeMountsWithVolumes"
 

pkg/deployment/query.go

@@ -63,6 +63,16 @@ func (q *Query) Get() *appsv1.Deployment {
 		q.jaeger.Spec.Storage.Options.Filter(storage.OptionsPrefix(q.jaeger.Spec.Storage.Type)))
 
 	configmap.Update(q.jaeger, commonSpec, &options)
+	var envFromSource []v1.EnvFromSource
+	if len(q.jaeger.Spec.Storage.SecretName) > 0 {
+		envFromSource = append(envFromSource, v1.EnvFromSource{
+			SecretRef: &v1.SecretEnvSource{
+				LocalObjectReference: v1.LocalObjectReference{
+					Name: q.jaeger.Spec.Storage.SecretName,
+				},
+			},
+		})
+	}
 
 	return &appsv1.Deployment{
 		TypeMeta: metav1.TypeMeta{
@@ -104,6 +114,7 @@ func (q *Query) Get() *appsv1.Deployment {
 							},
 						},
 						VolumeMounts: commonSpec.VolumeMounts,
+						EnvFrom:      envFromSource,
 						Ports: []v1.ContainerPort{
 							{
 								ContainerPort: 16686,

pkg/deployment/query_test.go

@@ -68,6 +68,17 @@ func TestQueryAnnotations(t *testing.T) {
 	assert.Equal(t, "false", dep.Spec.Template.Annotations["prometheus.io/scrape"])
 }
 
+func TestQuerySecrets(t *testing.T) {
+	jaeger := v1alpha1.NewJaeger("TestQuerySecrets")
+	secret := "mysecret"
+	jaeger.Spec.Storage.SecretName = secret
+
+	query := NewQuery(jaeger)
+	dep := query.Get()
+
+	assert.Equal(t, "mysecret", dep.Spec.Template.Spec.Containers[0].EnvFrom[0].SecretRef.LocalObjectReference.Name)
+}
+
 func TestQueryPodName(t *testing.T) {
 	name := "TestQueryPodName"
 	query := NewQuery(v1alpha1.NewJaeger(name))