From c82a7c87c5a06bee8e8693ceda5f7ec0ec899124 Mon Sep 17 00:00:00 2001 From: Annanay Agarwal Date: Fri, 30 Nov 2018 16:26:09 +0530 Subject: [PATCH] Add support for secrets (#114) * Add support for secrets Signed-off-by: Annanay * Add support for k8s secrets in Collector and Query Signed-off-by: Annanay * Add tests for secrets support Signed-off-by: Annanay * Regenerate deepcopy functions Signed-off-by: Annanay * Add relavant test for jaeger-query Signed-off-by: Annanay * Accept single secret as secretName Signed-off-by: Annanay * Addressed comments Signed-off-by: Annanay * Change deepcopy functions Signed-off-by: Annanay * Change deepcopy functions Signed-off-by: Annanay * Change deepcopy functions Signed-off-by: Annanay * Update README Signed-off-by: Annanay * Update README Signed-off-by: Annanay * Add secrets support to all-in-one Signed-off-by: Annanay * Update README Signed-off-by: Annanay --- README.adoc | 17 +++++++++++++++++ pkg/apis/io/v1alpha1/jaeger_types.go | 1 + pkg/deployment/all-in-one.go | 12 ++++++++++++ pkg/deployment/all-in-one_test.go | 11 +++++++++++ pkg/deployment/collector.go | 12 ++++++++++++ pkg/deployment/collector_test.go | 11 +++++++++++ pkg/deployment/query.go | 11 +++++++++++ pkg/deployment/query_test.go | 11 +++++++++++ 8 files changed, 86 insertions(+) diff --git a/README.adoc b/README.adoc index ebf6eb45c..4ba582e36 100644 --- a/README.adoc +++ b/README.adoc @@ -271,6 +271,23 @@ spec: fieldPath: status.hostIP ---- +== Secrets support + +The Operator supports passing secrets to the Collector, Query and All-In-One deployments. This can be used for example, to pass credentials (username/password) to access the underlying storage backend (for ex: Elasticsearch). +The secrets are available as environment variables in the (Collector/Query/All-In-One) nodes. + +[source,yaml] +---- + storage: + type: elasticsearch + options: + es: + server-urls: http://elasticsearch:9200 + secretName: jaeger-secrets +---- + +The secret itself would be managed outside of the `jaeger-operator` CR. + == Schema migration === Cassandra diff --git a/pkg/apis/io/v1alpha1/jaeger_types.go b/pkg/apis/io/v1alpha1/jaeger_types.go index bf25a8396..37fb050bc 100644 --- a/pkg/apis/io/v1alpha1/jaeger_types.go +++ b/pkg/apis/io/v1alpha1/jaeger_types.go @@ -116,6 +116,7 @@ type JaegerAgentSpec struct { // JaegerStorageSpec defines the common storage options to be used for the query and collector type JaegerStorageSpec struct { Type string `json:"type"` // can be `memory` (default), `cassandra`, `elasticsearch`, `kafka` or `managed` + SecretName string `json:"secretName"` Options Options `json:"options"` CassandraCreateSchema JaegerCassandraCreateSchemaSpec `json:"cassandraCreateSchema"` } diff --git a/pkg/deployment/all-in-one.go b/pkg/deployment/all-in-one.go index 1a951f160..a018be3e7 100644 --- a/pkg/deployment/all-in-one.go +++ b/pkg/deployment/all-in-one.go @@ -52,6 +52,17 @@ func (a *AllInOne) Get() *appsv1.Deployment { configmap.Update(a.jaeger, commonSpec, &options) + var envFromSource []v1.EnvFromSource + if len(a.jaeger.Spec.Storage.SecretName) > 0 { + envFromSource = append(envFromSource, v1.EnvFromSource{ + SecretRef: &v1.SecretEnvSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: a.jaeger.Spec.Storage.SecretName, + }, + }, + }) + } + return &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ APIVersion: "apps/v1", @@ -95,6 +106,7 @@ func (a *AllInOne) Get() *appsv1.Deployment { }, }, VolumeMounts: commonSpec.VolumeMounts, + EnvFrom: envFromSource, Ports: []v1.ContainerPort{ { ContainerPort: 5775, diff --git a/pkg/deployment/all-in-one_test.go b/pkg/deployment/all-in-one_test.go index abd70b22e..77396d265 100644 --- a/pkg/deployment/all-in-one_test.go +++ b/pkg/deployment/all-in-one_test.go @@ -122,6 +122,17 @@ func TestAllInOneVolumeMountsWithVolumes(t *testing.T) { assert.Equal(t, "globalVolume", podSpec.Containers[0].VolumeMounts[1].Name) } +func TestAllInOneSecrets(t *testing.T) { + jaeger := v1alpha1.NewJaeger("TestAllInOneSecrets") + secret := "mysecret" + jaeger.Spec.Storage.SecretName = secret + + allInOne := NewAllInOne(jaeger) + dep := allInOne.Get() + + assert.Equal(t, "mysecret", dep.Spec.Template.Spec.Containers[0].EnvFrom[0].SecretRef.LocalObjectReference.Name) +} + func TestAllInOneMountGlobalVolumes(t *testing.T) { name := "TestAllInOneMountGlobalVolumes" diff --git a/pkg/deployment/collector.go b/pkg/deployment/collector.go index 3d83cd4a5..b774a52ee 100644 --- a/pkg/deployment/collector.go +++ b/pkg/deployment/collector.go @@ -52,6 +52,17 @@ func (c *Collector) Get() *appsv1.Deployment { commonSpec := util.Merge([]v1alpha1.JaegerCommonSpec{c.jaeger.Spec.Collector.JaegerCommonSpec, c.jaeger.Spec.JaegerCommonSpec, baseCommonSpec}) + var envFromSource []v1.EnvFromSource + if len(c.jaeger.Spec.Storage.SecretName) > 0 { + envFromSource = append(envFromSource, v1.EnvFromSource{ + SecretRef: &v1.SecretEnvSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: c.jaeger.Spec.Storage.SecretName, + }, + }, + }) + } + return &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ APIVersion: "apps/v1", @@ -97,6 +108,7 @@ func (c *Collector) Get() *appsv1.Deployment { }, }, VolumeMounts: commonSpec.VolumeMounts, + EnvFrom: envFromSource, Ports: []v1.ContainerPort{ { ContainerPort: 9411, diff --git a/pkg/deployment/collector_test.go b/pkg/deployment/collector_test.go index 809cdf638..bbc806c6a 100644 --- a/pkg/deployment/collector_test.go +++ b/pkg/deployment/collector_test.go @@ -91,6 +91,17 @@ func TestCollectorAnnotations(t *testing.T) { assert.Equal(t, "false", dep.Spec.Template.Annotations["prometheus.io/scrape"]) } +func TestCollectorSecrets(t *testing.T) { + jaeger := v1alpha1.NewJaeger("TestCollectorSecrets") + secret := "mysecret" + jaeger.Spec.Storage.SecretName = secret + + collector := NewCollector(jaeger) + dep := collector.Get() + + assert.Equal(t, "mysecret", dep.Spec.Template.Spec.Containers[0].EnvFrom[0].SecretRef.LocalObjectReference.Name) +} + func TestCollectorVolumeMountsWithVolumes(t *testing.T) { name := "TestCollectorVolumeMountsWithVolumes" diff --git a/pkg/deployment/query.go b/pkg/deployment/query.go index d8b77526a..05a486b05 100644 --- a/pkg/deployment/query.go +++ b/pkg/deployment/query.go @@ -63,6 +63,16 @@ func (q *Query) Get() *appsv1.Deployment { q.jaeger.Spec.Storage.Options.Filter(storage.OptionsPrefix(q.jaeger.Spec.Storage.Type))) configmap.Update(q.jaeger, commonSpec, &options) + var envFromSource []v1.EnvFromSource + if len(q.jaeger.Spec.Storage.SecretName) > 0 { + envFromSource = append(envFromSource, v1.EnvFromSource{ + SecretRef: &v1.SecretEnvSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: q.jaeger.Spec.Storage.SecretName, + }, + }, + }) + } return &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ @@ -104,6 +114,7 @@ func (q *Query) Get() *appsv1.Deployment { }, }, VolumeMounts: commonSpec.VolumeMounts, + EnvFrom: envFromSource, Ports: []v1.ContainerPort{ { ContainerPort: 16686, diff --git a/pkg/deployment/query_test.go b/pkg/deployment/query_test.go index e3be73ce6..aadc0a8bf 100644 --- a/pkg/deployment/query_test.go +++ b/pkg/deployment/query_test.go @@ -68,6 +68,17 @@ func TestQueryAnnotations(t *testing.T) { assert.Equal(t, "false", dep.Spec.Template.Annotations["prometheus.io/scrape"]) } +func TestQuerySecrets(t *testing.T) { + jaeger := v1alpha1.NewJaeger("TestQuerySecrets") + secret := "mysecret" + jaeger.Spec.Storage.SecretName = secret + + query := NewQuery(jaeger) + dep := query.Get() + + assert.Equal(t, "mysecret", dep.Spec.Template.Spec.Containers[0].EnvFrom[0].SecretRef.LocalObjectReference.Name) +} + func TestQueryPodName(t *testing.T) { name := "TestQueryPodName" query := NewQuery(v1alpha1.NewJaeger(name))