From 2bf6eecf0f067f194c31bc550a730c497dd5dc47 Mon Sep 17 00:00:00 2001 From: ltsonov Date: Wed, 4 Oct 2023 13:55:46 +0300 Subject: [PATCH 1/2] Extend monitor role to be able to read the CR --- config/rbac/dataplane/dataplane_roles.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/config/rbac/dataplane/dataplane_roles.yaml b/config/rbac/dataplane/dataplane_roles.yaml index 9057e763..7bce3cd2 100644 --- a/config/rbac/dataplane/dataplane_roles.yaml +++ b/config/rbac/dataplane/dataplane_roles.yaml @@ -19,6 +19,20 @@ rules: - validatingwebhookconfigurations verbs: - list + - apiGroups: + - operator.containers.carbonblack.io + resources: + - cbcontainersagents + verbs: + - get + - list + - watch + - apiGroups: + - operator.containers.carbonblack.io + resources: + - cbcontainersagents/status + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole From cebdde14e8e5e11f49f56da7635bfe213cc96ec9 Mon Sep 17 00:00:00 2001 From: ltsonov Date: Wed, 4 Oct 2023 14:48:32 +0300 Subject: [PATCH 2/2] Populate ClusterID in the dataplane configmap for usage by components --- cbcontainers/state/common/common_test.go | 11 +++++++++++ cbcontainers/state/common/dataplane_consts.go | 1 + cbcontainers/state/common/env_var.go | 2 ++ cbcontainers/state/components/cluster_configmap.go | 7 ++++++- cbcontainers/state/state_applier.go | 10 ++++++++-- cbcontainers/state/state_applier_test.go | 6 +++--- main.go | 2 +- 7 files changed, 32 insertions(+), 7 deletions(-) diff --git a/cbcontainers/state/common/common_test.go b/cbcontainers/state/common/common_test.go index 4f380b71..e3c8e676 100644 --- a/cbcontainers/state/common/common_test.go +++ b/cbcontainers/state/common/common_test.go @@ -26,6 +26,8 @@ const ( ) func compareEnvVars(t *testing.T, expected map[string]coreV1.EnvVar, actual []coreV1.EnvVar) { + require.Equal(t, len(expected), len(actual), "expected and actual env vars should have equal length") + for _, envVar := range actual { expectedEnvVar, ok := expected[envVar.Name] require.True(t, ok) @@ -89,6 +91,15 @@ func TestWithDataPlaneCommonConfig(t *testing.T) { }, }, }, + clusterIDVarName: { + Name: clusterIDVarName, + ValueFrom: &coreV1.EnvVarSource{ + ConfigMapKeyRef: &coreV1.ConfigMapKeySelector{ + LocalObjectReference: coreV1.LocalObjectReference{Name: DataPlaneConfigmapName}, + Key: DataPlaneConfigmapClusterIDKey, + }, + }, + }, apiAdapterVarName: { Name: apiAdapterVarName, ValueFrom: &coreV1.EnvVarSource{ diff --git a/cbcontainers/state/common/dataplane_consts.go b/cbcontainers/state/common/dataplane_consts.go index 0fe1af2f..a2ecc450 100644 --- a/cbcontainers/state/common/dataplane_consts.go +++ b/cbcontainers/state/common/dataplane_consts.go @@ -23,6 +23,7 @@ const ( DataPlaneConfigmapAccountKey = "Account" DataPlaneConfigmapClusterKey = "Cluster" + DataPlaneConfigmapClusterIDKey = "ClusterID" DataPlaneConfigmapAgentVersionKey = "AgentVersion" DataPlaneConfigmapApiSchemeKey = "ApiScheme" DataPlaneConfigmapApiHostKey = "ApiHost" diff --git a/cbcontainers/state/common/env_var.go b/cbcontainers/state/common/env_var.go index 3330b36a..a9d8fb2a 100644 --- a/cbcontainers/state/common/env_var.go +++ b/cbcontainers/state/common/env_var.go @@ -15,6 +15,7 @@ const ( eventGatewayPortVarName = "OCTARINE_MESSAGEPROXY_PORT" accountVarName = "OCTARINE_ACCOUNT" clusterVarName = "OCTARINE_DOMAIN" + clusterIDVarName = "OCTARINE_CLUSTER_ID" accessTokenVarName = "OCTARINE_ACCESS_TOKEN" apiSchemeVarName = "OCTARINE_API_SCHEME" apiHostVarName = "OCTARINE_API_HOST" @@ -168,6 +169,7 @@ func (b *EnvVarBuilder) WithCommonDataPlane(accessKeySecretName string) *EnvVarB return b.WithEnvVarFromSecret(accessTokenVarName, accessKeySecretName, AccessTokenSecretKeyName). WithEnvVarFromConfigmap(accountVarName, DataPlaneConfigmapAccountKey). WithEnvVarFromConfigmap(clusterVarName, DataPlaneConfigmapClusterKey). + WithEnvVarFromConfigmap(clusterIDVarName, DataPlaneConfigmapClusterIDKey). WithEnvVarFromConfigmap(apiSchemeVarName, DataPlaneConfigmapApiSchemeKey). WithEnvVarFromConfigmap(apiHostVarName, DataPlaneConfigmapApiHostKey). WithEnvVarFromConfigmap(apiPortVarName, DataPlaneConfigmapApiPortKey). diff --git a/cbcontainers/state/components/cluster_configmap.go b/cbcontainers/state/components/cluster_configmap.go index 155cd218..6223f8e8 100644 --- a/cbcontainers/state/components/cluster_configmap.go +++ b/cbcontainers/state/components/cluster_configmap.go @@ -15,11 +15,15 @@ import ( type ConfigurationK8sObject struct { // Namespace is the Namespace in which the ConfigMap will be created. Namespace string + + // ClusterID is the unique identifier generated by the current operator for the cluster + ClusterID string } -func NewConfigurationK8sObject(namespace string) *ConfigurationK8sObject { +func NewConfigurationK8sObject(namespace, clusterID string) *ConfigurationK8sObject { return &ConfigurationK8sObject{ Namespace: namespace, + ClusterID: clusterID, } } @@ -38,6 +42,7 @@ func (obj *ConfigurationK8sObject) MutateK8sObject(k8sObject client.Object, agen configMap.Data = map[string]string{ commonState.DataPlaneConfigmapAccountKey: agentSpec.Account, commonState.DataPlaneConfigmapClusterKey: agentSpec.ClusterName, + commonState.DataPlaneConfigmapClusterIDKey: obj.ClusterID, commonState.DataPlaneConfigmapAgentVersionKey: agentSpec.Version, commonState.DataPlaneConfigmapDataplaneNamespaceKey: obj.Namespace, commonState.DataPlaneConfigmapApiSchemeKey: agentSpec.Gateways.ApiGateway.Scheme, diff --git a/cbcontainers/state/state_applier.go b/cbcontainers/state/state_applier.go index f2d5ce56..a3d4bc16 100644 --- a/cbcontainers/state/state_applier.go +++ b/cbcontainers/state/state_applier.go @@ -42,9 +42,15 @@ type StateApplier struct { log logr.Logger } -func NewStateApplier(apiReader client.Reader, agentComponentApplier AgentComponentApplier, k8sVersion, agentNamespace string, tlsSecretsValuesCreator components.TlsSecretsValuesCreator, log logr.Logger) *StateApplier { +func NewStateApplier( + apiReader client.Reader, + agentComponentApplier AgentComponentApplier, + k8sVersion, agentNamespace, clusterID string, + tlsSecretsValuesCreator components.TlsSecretsValuesCreator, + log logr.Logger, +) *StateApplier { return &StateApplier{ - desiredConfigMap: components.NewConfigurationK8sObject(agentNamespace), + desiredConfigMap: components.NewConfigurationK8sObject(agentNamespace, clusterID), desiredRegistrySecret: components.NewRegistrySecretK8sObject(agentNamespace), desiredPriorityClass: components.NewPriorityClassK8sObject(k8sVersion), desiredMonitorDeployment: components.NewMonitorDeploymentK8sObject(agentNamespace), diff --git a/cbcontainers/state/state_applier_test.go b/cbcontainers/state/state_applier_test.go index 4a4b6140..6914df70 100644 --- a/cbcontainers/state/state_applier_test.go +++ b/cbcontainers/state/state_applier_test.go @@ -141,7 +141,7 @@ type K8sObjectDetails struct { ObjectType reflect.Type } -func testStateApplier(t *testing.T, setup StateApplierTestSetup, k8sVersion, namespace string) (bool, error) { +func testStateApplier(t *testing.T, setup StateApplierTestSetup, k8sVersion, namespace, clusterID string) (bool, error) { ctrl := gomock.NewController(t) defer ctrl.Finish() @@ -189,7 +189,7 @@ func testStateApplier(t *testing.T, setup StateApplierTestSetup, k8sVersion, nam setup(mockObjects) - stateApplier := state.NewStateApplier(testUtilsMocks.NewMockReader(ctrl), mockObjects.componentApplier, k8sVersion, namespace, mockObjects.secretValuesCreator, logrTesting.NewTestLogger(t)) + stateApplier := state.NewStateApplier(testUtilsMocks.NewMockReader(ctrl), mockObjects.componentApplier, k8sVersion, namespace, clusterID, mockObjects.secretValuesCreator, logrTesting.NewTestLogger(t)) return stateApplier.ApplyDesiredState(context.Background(), agentSpec, &models.RegistrySecretValues{}, nil) } @@ -224,7 +224,7 @@ func getAppliedAndDeletedObjects(t *testing.T, k8sVersion, namespace string, set deletedObjects = append(deletedObjects, K8sObjectDetails{Namespace: namespacedName.Namespace, Name: namespacedName.Name, ObjectType: objType}) return true, nil }).AnyTimes() - }, k8sVersion, namespace) + }, k8sVersion, namespace, "") return appliedObjects, deletedObjects, err } diff --git a/main.go b/main.go index 94f62ea4..bc89c9cc 100644 --- a/main.go +++ b/main.go @@ -159,7 +159,7 @@ func main() { Namespace: operatorNamespace, AccessTokenProvider: operator.NewSecretAccessTokenProvider(mgr.GetClient()), ClusterProcessor: processors.NewAgentProcessor(cbContainersAgentLogger, processorGatewayCreator, operatorVersionProvider, clusterIdentifier), - StateApplier: state.NewStateApplier(mgr.GetAPIReader(), agent_applyment.NewAgentComponent(applyment.NewComponentApplier(mgr.GetClient())), k8sVersion, operatorNamespace, certificatesUtils.NewCertificateCreator(), cbContainersAgentLogger), + StateApplier: state.NewStateApplier(mgr.GetAPIReader(), agent_applyment.NewAgentComponent(applyment.NewComponentApplier(mgr.GetClient())), k8sVersion, operatorNamespace, clusterIdentifier, certificatesUtils.NewCertificateCreator(), cbContainersAgentLogger), }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "CBContainersAgent") os.Exit(1)