This commit is contained in:
15
pkg/builder/builder.go
Normal file
15
pkg/builder/builder.go
Normal file
@@ -0,0 +1,15 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
type Builder struct {
|
||||
scheme *runtime.Scheme
|
||||
}
|
||||
|
||||
func NewBuilder(scheme *runtime.Scheme) *Builder {
|
||||
return &Builder{
|
||||
scheme: scheme,
|
||||
}
|
||||
}
|
||||
39
pkg/builder/configmap_builder.go
Normal file
39
pkg/builder/configmap_builder.go
Normal file
@@ -0,0 +1,39 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||||
)
|
||||
|
||||
type ConfigMapOpts struct {
|
||||
Zitadel *zitadelv1alpha1.Cluster
|
||||
Key types.NamespacedName
|
||||
Data map[string]string
|
||||
Labels map[string]string
|
||||
Annotations map[string]string
|
||||
Immutable bool
|
||||
}
|
||||
|
||||
func (b *Builder) BuildConfigMap(opts ConfigMapOpts, owner metav1.Object) (*corev1.ConfigMap, error) {
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(opts.Key).
|
||||
WithZitadel(opts.Zitadel).
|
||||
WithLabels(opts.Labels).
|
||||
WithAnnotations(opts.Annotations).
|
||||
Build()
|
||||
|
||||
configMap := &corev1.ConfigMap{
|
||||
Data: opts.Data,
|
||||
ObjectMeta: objMeta,
|
||||
Immutable: &opts.Immutable,
|
||||
}
|
||||
if err := controllerutil.SetControllerReference(owner, configMap, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference in ConfigMap manifest: %v", err)
|
||||
}
|
||||
return configMap, nil
|
||||
}
|
||||
40
pkg/builder/connection_builder.go
Normal file
40
pkg/builder/connection_builder.go
Normal file
@@ -0,0 +1,40 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata"
|
||||
zitadelresourcesv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-resources-operator/api/v1alpha1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||||
)
|
||||
|
||||
func (b *Builder) BuildConnection(key types.NamespacedName, instance *zitadelv1alpha1.Instance) (*zitadelresourcesv1alpha1.Connection, error) {
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(key).
|
||||
Build()
|
||||
|
||||
org := &zitadelresourcesv1alpha1.Connection{
|
||||
ObjectMeta: objMeta,
|
||||
Spec: zitadelresourcesv1alpha1.ConnectionSpec{
|
||||
Host: instance.Spec.CustomDomain,
|
||||
Authentication: zitadelresourcesv1alpha1.Authentication{
|
||||
PAT: &zitadelresourcesv1alpha1.PAT{
|
||||
TokenSecretKey: corev1.SecretKeySelector{
|
||||
LocalObjectReference: corev1.LocalObjectReference{
|
||||
Name: instance.MachineSecretName(),
|
||||
},
|
||||
Key: "pat",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
if err := controllerutil.SetControllerReference(instance, org, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference in Connection manifest: %v", err)
|
||||
}
|
||||
return org, nil
|
||||
}
|
||||
173
pkg/builder/deployment_builder.go
Normal file
173
pkg/builder/deployment_builder.go
Normal file
@@ -0,0 +1,173 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
labels "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/labels"
|
||||
metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata"
|
||||
configuration "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/configuration"
|
||||
deployment "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/deployment"
|
||||
"gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/masterkey"
|
||||
appsv1 "k8s.io/api/apps/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||||
)
|
||||
|
||||
func (b *Builder) BuildDeployment(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*appsv1.Deployment, error) {
|
||||
replicas := zitadel.Spec.Replicas
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(key).
|
||||
WithZitadel(zitadel).
|
||||
WithAnnotations(map[string]string{
|
||||
"reloader.stakater.com/auto": "true",
|
||||
}).
|
||||
Build()
|
||||
selectorLabels :=
|
||||
labels.NewLabelsBuilder().
|
||||
WithZitadelSelectorLabels(zitadel).
|
||||
Build()
|
||||
podTemplate, err := b.buildDepPodTemplate(zitadel, selectorLabels)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error building pod template: %v", err)
|
||||
}
|
||||
|
||||
dep := &appsv1.Deployment{
|
||||
ObjectMeta: objMeta,
|
||||
Spec: appsv1.DeploymentSpec{
|
||||
Replicas: &replicas,
|
||||
Selector: &metav1.LabelSelector{
|
||||
MatchLabels: selectorLabels,
|
||||
},
|
||||
Template: *podTemplate,
|
||||
}}
|
||||
if err := controllerutil.SetControllerReference(zitadel, dep, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference to Deployment: %v", err)
|
||||
}
|
||||
return dep, nil
|
||||
}
|
||||
|
||||
func (b *Builder) buildDepPodTemplate(zitadel *zitadelv1alpha1.Cluster, labels map[string]string) (*corev1.PodTemplateSpec, error) {
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(client.ObjectKeyFromObject(zitadel)).
|
||||
WithZitadel(zitadel).
|
||||
WithLabels(labels).
|
||||
WithAnnotations(zitadel.Spec.PodAnnotations).
|
||||
Build()
|
||||
group := int64(0)
|
||||
|
||||
// mode := int32(0444)
|
||||
return &corev1.PodTemplateSpec{
|
||||
ObjectMeta: objMeta,
|
||||
Spec: corev1.PodSpec{
|
||||
SecurityContext: &corev1.PodSecurityContext{FSGroup: &group},
|
||||
Containers: *b.buildDepContainers(zitadel),
|
||||
Volumes: []corev1.Volume{
|
||||
// {Name: "certs", VolumeSource: corev1.VolumeSource{
|
||||
// Secret: &corev1.SecretVolumeSource{
|
||||
// SecretName: zitadel.Spec.RootTLSSecret.Name,
|
||||
// DefaultMode: &mode,
|
||||
// },
|
||||
// }},
|
||||
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
||||
},
|
||||
},
|
||||
},
|
||||
nil
|
||||
}
|
||||
|
||||
func (b *Builder) buildDepContainers(zitadel *zitadelv1alpha1.Cluster) *[]corev1.Container {
|
||||
readyProbeHandle := corev1.ProbeHandler{
|
||||
HTTPGet: &corev1.HTTPGetAction{HTTPHeaders: []corev1.HTTPHeader{},
|
||||
Port: intstr.FromInt(deployment.ZitadelPort),
|
||||
Scheme: corev1.URISchemeHTTP,
|
||||
Path: "/debug/ready",
|
||||
},
|
||||
}
|
||||
livenessProbeHandle := corev1.ProbeHandler{
|
||||
HTTPGet: &corev1.HTTPGetAction{HTTPHeaders: []corev1.HTTPHeader{},
|
||||
Port: intstr.FromInt(deployment.ZitadelPort),
|
||||
Scheme: corev1.URISchemeHTTP,
|
||||
Path: "/debug/healthz",
|
||||
},
|
||||
}
|
||||
|
||||
return &[]corev1.Container{
|
||||
{
|
||||
Name: "zitadel",
|
||||
Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
|
||||
Args: []string{
|
||||
"start",
|
||||
"--config", "/config/zitadel-config-yaml",
|
||||
"--masterkeyFromEnv",
|
||||
},
|
||||
ImagePullPolicy: corev1.PullIfNotPresent,
|
||||
Env: []corev1.EnvVar{
|
||||
{
|
||||
Name: "ZITADEL_MASTERKEY",
|
||||
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
|
||||
},
|
||||
|
||||
{
|
||||
Name: "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD",
|
||||
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}},
|
||||
},
|
||||
|
||||
{
|
||||
Name: "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD",
|
||||
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}},
|
||||
},
|
||||
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
|
||||
// Value: "/certs/ca.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
|
||||
// Value: "/certs/tls.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
|
||||
// Value: "/certs/tls.key",
|
||||
// },
|
||||
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
|
||||
// Value: "/certs/ca.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
|
||||
// Value: "/certs/tls.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
|
||||
// Value: "/certs/tls.key",
|
||||
// },
|
||||
},
|
||||
Ports: []corev1.ContainerPort{
|
||||
{Name: deployment.ZitadelName, ContainerPort: deployment.ZitadelPort},
|
||||
},
|
||||
LivenessProbe: &corev1.Probe{
|
||||
ProbeHandler: livenessProbeHandle,
|
||||
FailureThreshold: 10,
|
||||
InitialDelaySeconds: 0,
|
||||
PeriodSeconds: 5,
|
||||
},
|
||||
ReadinessProbe: &corev1.Probe{
|
||||
ProbeHandler: readyProbeHandle,
|
||||
FailureThreshold: 3,
|
||||
InitialDelaySeconds: 0,
|
||||
PeriodSeconds: 5,
|
||||
},
|
||||
Resources: zitadel.Spec.Resources,
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{Name: "zitadel-config-yaml", MountPath: "/config"},
|
||||
// {Name: "certs", MountPath: "/certs"},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
213
pkg/builder/job_builder.go
Normal file
213
pkg/builder/job_builder.go
Normal file
@@ -0,0 +1,213 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
configuration "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/configuration"
|
||||
"gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/masterkey"
|
||||
batchv1 "k8s.io/api/batch/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||||
)
|
||||
|
||||
func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*batchv1.Job, error) {
|
||||
|
||||
backOffLimit := int32(5)
|
||||
activeDeadlineSeconds := int64(1800)
|
||||
runAsNonRoot := true
|
||||
enableServiceLinks := false
|
||||
user := int64(1000)
|
||||
// mode := int32(0444)
|
||||
initJob := &batchv1.Job{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: key.Name,
|
||||
Namespace: key.Namespace,
|
||||
},
|
||||
Spec: batchv1.JobSpec{
|
||||
BackoffLimit: &backOffLimit,
|
||||
ActiveDeadlineSeconds: &activeDeadlineSeconds,
|
||||
Template: corev1.PodTemplateSpec{
|
||||
Spec: corev1.PodSpec{
|
||||
RestartPolicy: corev1.RestartPolicyOnFailure,
|
||||
SecurityContext: &corev1.PodSecurityContext{
|
||||
RunAsNonRoot: &runAsNonRoot,
|
||||
RunAsUser: &user,
|
||||
},
|
||||
EnableServiceLinks: &enableServiceLinks,
|
||||
Volumes: []corev1.Volume{
|
||||
// {Name: "certs", VolumeSource: corev1.VolumeSource{
|
||||
// Secret: &corev1.SecretVolumeSource{
|
||||
// SecretName: zitadel.Spec.RootTLSSecret.Name,
|
||||
// DefaultMode: &mode,
|
||||
// },
|
||||
// }},
|
||||
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
||||
},
|
||||
Containers: []corev1.Container{
|
||||
{
|
||||
Name: "zitadel-init",
|
||||
Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
|
||||
Args: []string{
|
||||
"init",
|
||||
"zitadel",
|
||||
"--config", "/config/zitadel-config-yaml",
|
||||
},
|
||||
Env: []corev1.EnvVar{
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
|
||||
// Value: "/certs/ca.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
|
||||
// Value: "/certs/tls.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
|
||||
// Value: "/certs/tls.key",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
|
||||
// Value: "/certs/ca.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
|
||||
// Value: "/certs/tls.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
|
||||
// Value: "/certs/tls.key",
|
||||
// },
|
||||
{
|
||||
Name: "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD",
|
||||
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}},
|
||||
},
|
||||
|
||||
{
|
||||
Name: "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD",
|
||||
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}},
|
||||
},
|
||||
},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{Name: "zitadel-config-yaml", MountPath: "/config"},
|
||||
// {Name: "certs", MountPath: "/certs"},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
if err := controllerutil.SetControllerReference(zitadel, initJob, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference to InitJob: %v", err)
|
||||
}
|
||||
return initJob, nil
|
||||
}
|
||||
|
||||
func (b *Builder) BuildSetupJob(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*batchv1.Job, error) {
|
||||
|
||||
backOffLimit := int32(5)
|
||||
activeDeadlineSeconds := int64(1800)
|
||||
runAsNonRoot := true
|
||||
enableServiceLinks := false
|
||||
user := int64(1000)
|
||||
// mode := int32(0444)
|
||||
setupJob := &batchv1.Job{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: key.Name,
|
||||
Namespace: key.Namespace,
|
||||
},
|
||||
Spec: batchv1.JobSpec{
|
||||
BackoffLimit: &backOffLimit,
|
||||
ActiveDeadlineSeconds: &activeDeadlineSeconds,
|
||||
Template: corev1.PodTemplateSpec{
|
||||
Spec: corev1.PodSpec{
|
||||
RestartPolicy: corev1.RestartPolicyOnFailure,
|
||||
SecurityContext: &corev1.PodSecurityContext{
|
||||
RunAsNonRoot: &runAsNonRoot,
|
||||
RunAsUser: &user,
|
||||
},
|
||||
EnableServiceLinks: &enableServiceLinks,
|
||||
Volumes: []corev1.Volume{
|
||||
// {Name: "certs", VolumeSource: corev1.VolumeSource{
|
||||
// Secret: &corev1.SecretVolumeSource{
|
||||
// SecretName: zitadel.Spec.RootTLSSecret.Name,
|
||||
// DefaultMode: &mode,
|
||||
// },
|
||||
// }},
|
||||
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
||||
},
|
||||
Containers: []corev1.Container{
|
||||
{
|
||||
Name: "zitadel-setup",
|
||||
Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
|
||||
Args: []string{
|
||||
"setup",
|
||||
"--config", "/config/zitadel-config-yaml",
|
||||
"--steps", "/config/zitadel-config-yaml",
|
||||
"--masterkeyFromEnv",
|
||||
"--init-projections=true",
|
||||
},
|
||||
|
||||
Env: []corev1.EnvVar{
|
||||
{
|
||||
Name: "ZITADEL_MASTERKEY",
|
||||
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
|
||||
},
|
||||
// {
|
||||
// Name: "ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH",
|
||||
// Value: "/machinekey/sa.json",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
|
||||
// Value: "/certs/ca.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
|
||||
// Value: "/certs/tls.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
|
||||
// Value: "/certs/tls.key",
|
||||
// },
|
||||
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
|
||||
// Value: "/certs/ca.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
|
||||
// Value: "/certs/tls.crt",
|
||||
// },
|
||||
// {
|
||||
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
|
||||
// Value: "/certs/tls.key",
|
||||
// },
|
||||
//
|
||||
{
|
||||
Name: "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD",
|
||||
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}},
|
||||
},
|
||||
|
||||
{
|
||||
Name: "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD",
|
||||
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}},
|
||||
},
|
||||
},
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{Name: "zitadel-config-yaml", MountPath: "/config"},
|
||||
// {Name: "certs", MountPath: "/certs"},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
if err := controllerutil.SetControllerReference(zitadel, setupJob, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference to SetupJob: %v", err)
|
||||
}
|
||||
return setupJob, nil
|
||||
}
|
||||
76
pkg/builder/labels/labels.go
Normal file
76
pkg/builder/labels/labels.go
Normal file
@@ -0,0 +1,76 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
deployment "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/deployment"
|
||||
)
|
||||
|
||||
const (
|
||||
appLabel = "app.kubernetes.io/name"
|
||||
instanceLabel = "app.kubernetes.io/instance"
|
||||
deploymentPodName = "deployment.kubernetes.io/pod-name"
|
||||
appZitadel = "zitadel"
|
||||
appLoginUI = "zitadel-login-ui"
|
||||
appExporter = "exporter"
|
||||
)
|
||||
|
||||
type LabelsBuilder struct {
|
||||
labels map[string]string
|
||||
}
|
||||
|
||||
func NewLabelsBuilder() *LabelsBuilder {
|
||||
return &LabelsBuilder{
|
||||
labels: map[string]string{},
|
||||
}
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) WithApp(app string) *LabelsBuilder {
|
||||
b.labels[appLabel] = app
|
||||
return b
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) WithInstance(instance string) *LabelsBuilder {
|
||||
b.labels[instanceLabel] = instance
|
||||
return b
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) WithZitadel(zitadel *zitadelv1alpha1.Cluster) *LabelsBuilder {
|
||||
return b.WithApp(appZitadel).
|
||||
WithInstance(zitadel.Name)
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) WithLoginUI(instance *zitadelv1alpha1.Instance) *LabelsBuilder {
|
||||
return b.WithApp(appLoginUI).
|
||||
WithInstance(instance.Name)
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) WithDeploymentPod(zitadel *zitadelv1alpha1.Cluster, podIndex int) *LabelsBuilder {
|
||||
b.labels[deploymentPodName] = deployment.PodName(zitadel.ObjectMeta, podIndex)
|
||||
return b
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) WithLabels(labels map[string]string) *LabelsBuilder {
|
||||
for k, v := range labels {
|
||||
b.labels[k] = v
|
||||
}
|
||||
return b
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) WithZitadelSelectorLabels(zitadel *zitadelv1alpha1.Cluster) *LabelsBuilder {
|
||||
b = b.WithZitadel(zitadel)
|
||||
return b
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) WithLoginUISelectorLabels(instance *zitadelv1alpha1.Instance) *LabelsBuilder {
|
||||
b = b.WithLoginUI(instance)
|
||||
return b
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) WithMetricsSelectorLabels(zitadel *zitadelv1alpha1.Cluster) *LabelsBuilder {
|
||||
return b.WithApp(appExporter).
|
||||
WithInstance(zitadel.Name)
|
||||
}
|
||||
|
||||
func (b *LabelsBuilder) Build() map[string]string {
|
||||
return b.labels
|
||||
}
|
||||
120
pkg/builder/login_deployment_builder.go
Normal file
120
pkg/builder/login_deployment_builder.go
Normal file
@@ -0,0 +1,120 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
labels "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/labels"
|
||||
metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata"
|
||||
deployment "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/deployment"
|
||||
appsv1 "k8s.io/api/apps/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/intstr"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||||
)
|
||||
|
||||
func (b *Builder) BuildLoginDeployment(cluster *zitadelv1alpha1.Cluster, instance *zitadelv1alpha1.Instance, customDomain string, key types.NamespacedName) (*appsv1.Deployment, error) {
|
||||
replicas := int32(1)
|
||||
tag := cluster.Spec.Image.Tag
|
||||
if instance.Spec.LoginUI.Image.Tag != nil {
|
||||
tag = *instance.Spec.LoginUI.Image.Tag
|
||||
}
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(key).
|
||||
WithAnnotations(map[string]string{
|
||||
"reloader.stakater.com/auto": "true",
|
||||
}).
|
||||
Build()
|
||||
|
||||
selectorLabels :=
|
||||
labels.NewLabelsBuilder().
|
||||
WithLoginUISelectorLabels(instance).
|
||||
Build()
|
||||
templateObjMeta :=
|
||||
metadata.NewMetadataBuilder(client.ObjectKeyFromObject(instance)).
|
||||
WithLabels(selectorLabels).
|
||||
Build()
|
||||
|
||||
dep := &appsv1.Deployment{
|
||||
ObjectMeta: objMeta,
|
||||
Spec: appsv1.DeploymentSpec{
|
||||
Replicas: &replicas,
|
||||
Selector: &metav1.LabelSelector{
|
||||
MatchLabels: selectorLabels,
|
||||
},
|
||||
Template: corev1.PodTemplateSpec{
|
||||
ObjectMeta: templateObjMeta,
|
||||
Spec: corev1.PodSpec{
|
||||
// SecurityContext: &corev1.PodSecurityContext{FSGroup: &group},
|
||||
Containers: []corev1.Container{
|
||||
corev1.Container{
|
||||
|
||||
Name: "login-ui",
|
||||
Image: instance.Spec.LoginUI.Image.Name + ":" + tag,
|
||||
ImagePullPolicy: corev1.PullIfNotPresent,
|
||||
Env: []corev1.EnvVar{
|
||||
{
|
||||
Name: "ZITADEL_SERVICE_USER_TOKEN_FILE",
|
||||
Value: "/login-client/pat",
|
||||
},
|
||||
|
||||
{
|
||||
Name: "ZITADEL_API_URL",
|
||||
Value: fmt.Sprintf("http://%s:%d", deployment.ServiceFQDN(cluster.ObjectMeta), deployment.ZitadelPort),
|
||||
},
|
||||
|
||||
{
|
||||
Name: "CUSTOM_REQUEST_HEADERS",
|
||||
Value: fmt.Sprintf("Host:%s,X-Zitadel-Public-Host:%s", customDomain, customDomain),
|
||||
},
|
||||
},
|
||||
Ports: []corev1.ContainerPort{
|
||||
{Name: deployment.LoginName, ContainerPort: deployment.LoginPort},
|
||||
},
|
||||
LivenessProbe: &corev1.Probe{
|
||||
ProbeHandler: corev1.ProbeHandler{
|
||||
HTTPGet: &corev1.HTTPGetAction{
|
||||
Path: "/ui/v2/login/healthy",
|
||||
Port: intstr.FromString(deployment.LoginName),
|
||||
Scheme: corev1.URISchemeHTTP,
|
||||
},
|
||||
},
|
||||
FailureThreshold: 3,
|
||||
InitialDelaySeconds: 0,
|
||||
PeriodSeconds: 5,
|
||||
},
|
||||
ReadinessProbe: &corev1.Probe{
|
||||
ProbeHandler: corev1.ProbeHandler{
|
||||
HTTPGet: &corev1.HTTPGetAction{
|
||||
Path: "/ui/v2/login/security",
|
||||
Port: intstr.FromString(deployment.LoginName),
|
||||
Scheme: corev1.URISchemeHTTP,
|
||||
},
|
||||
},
|
||||
FailureThreshold: 3,
|
||||
InitialDelaySeconds: 0,
|
||||
PeriodSeconds: 5,
|
||||
},
|
||||
|
||||
Resources: instance.Spec.LoginUI.Resources,
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{Name: "login-ui-pat", MountPath: "/login-client"},
|
||||
},
|
||||
},
|
||||
},
|
||||
Volumes: []corev1.Volume{
|
||||
{Name: "login-ui-pat", VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{
|
||||
SecretName: instance.LoginMachineUserName() + "-pat-secret",
|
||||
}}},
|
||||
},
|
||||
},
|
||||
},
|
||||
}}
|
||||
if err := controllerutil.SetControllerReference(instance, dep, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference to Deployment: %v", err)
|
||||
}
|
||||
return dep, nil
|
||||
}
|
||||
51
pkg/builder/machine_user_builder.go
Normal file
51
pkg/builder/machine_user_builder.go
Normal file
@@ -0,0 +1,51 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata"
|
||||
zitadelresourcesv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-resources-operator/api/v1alpha1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||||
)
|
||||
|
||||
type MachineUserOpts struct {
|
||||
Instance *zitadelv1alpha1.Instance
|
||||
Authorizations []zitadelresourcesv1alpha1.Authorization
|
||||
InternalPermissions []zitadelresourcesv1alpha1.InternalPermissions
|
||||
Username string
|
||||
}
|
||||
|
||||
func (b *Builder) BuildMachineUser(
|
||||
key types.NamespacedName,
|
||||
opts MachineUserOpts, owner metav1.Object) (*zitadelresourcesv1alpha1.MachineUser, error) {
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(key).
|
||||
Build()
|
||||
|
||||
mu := &zitadelresourcesv1alpha1.MachineUser{
|
||||
ObjectMeta: objMeta,
|
||||
Spec: zitadelresourcesv1alpha1.MachineUserSpec{
|
||||
OrganizationRef: zitadelresourcesv1alpha1.OrganizationRef{
|
||||
ObjectReference: corev1.ObjectReference{
|
||||
Kind: "Organization",
|
||||
Namespace: opts.Instance.Namespace,
|
||||
Name: opts.Instance.FirstOrgObjectName(),
|
||||
},
|
||||
},
|
||||
AccessTokenType: "ACCESS_TOKEN_TYPE_BEARER",
|
||||
Authorizations: opts.Authorizations,
|
||||
InternalPermissions: opts.InternalPermissions,
|
||||
Metadata: []map[string]string{},
|
||||
Username: opts.Username,
|
||||
},
|
||||
}
|
||||
|
||||
if err := controllerutil.SetControllerReference(owner, mu, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference in Machine User manifest: %v", err)
|
||||
}
|
||||
return mu, nil
|
||||
}
|
||||
48
pkg/builder/metadata/metadata.go
Normal file
48
pkg/builder/metadata/metadata.go
Normal file
@@ -0,0 +1,48 @@
|
||||
package metadata
|
||||
|
||||
import (
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
)
|
||||
|
||||
type MetadataBuilder struct {
|
||||
objMeta metav1.ObjectMeta
|
||||
}
|
||||
|
||||
func NewMetadataBuilder(key types.NamespacedName) *MetadataBuilder {
|
||||
return &MetadataBuilder{
|
||||
objMeta: metav1.ObjectMeta{
|
||||
Name: key.Name,
|
||||
Namespace: key.Namespace,
|
||||
Labels: map[string]string{},
|
||||
Annotations: map[string]string{},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func (b *MetadataBuilder) WithZitadel(zitadel *zitadelv1alpha1.Cluster) *MetadataBuilder {
|
||||
if zitadel == nil {
|
||||
return b
|
||||
}
|
||||
return b
|
||||
}
|
||||
|
||||
func (b *MetadataBuilder) WithLabels(labels map[string]string) *MetadataBuilder {
|
||||
for k, v := range labels {
|
||||
b.objMeta.Labels[k] = v
|
||||
}
|
||||
return b
|
||||
}
|
||||
|
||||
func (b *MetadataBuilder) WithAnnotations(annotations map[string]string) *MetadataBuilder {
|
||||
for k, v := range annotations {
|
||||
b.objMeta.Annotations[k] = v
|
||||
}
|
||||
return b
|
||||
}
|
||||
|
||||
func (b *MetadataBuilder) Build() metav1.ObjectMeta {
|
||||
return b.objMeta
|
||||
}
|
||||
45
pkg/builder/organization_builder.go
Normal file
45
pkg/builder/organization_builder.go
Normal file
@@ -0,0 +1,45 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata"
|
||||
zitadelresourcesv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-resources-operator/api/v1alpha1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||||
)
|
||||
|
||||
type OrganizationOpts struct {
|
||||
Key types.NamespacedName
|
||||
Zitadel *zitadelv1alpha1.Instance
|
||||
OrganizationName string
|
||||
}
|
||||
|
||||
func (b *Builder) BuildOrganization(opts OrganizationOpts, owner metav1.Object) (*zitadelresourcesv1alpha1.Organization, error) {
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(opts.Key).
|
||||
Build()
|
||||
|
||||
org := &zitadelresourcesv1alpha1.Organization{
|
||||
ObjectMeta: objMeta,
|
||||
Spec: zitadelresourcesv1alpha1.OrganizationSpec{
|
||||
ConnectionRef: zitadelresourcesv1alpha1.ConnectionRef{
|
||||
ObjectReference: corev1.ObjectReference{
|
||||
Kind: "Connection",
|
||||
Namespace: opts.Zitadel.Namespace,
|
||||
Name: opts.Zitadel.ConnectionObjectName(),
|
||||
APIVersion: "v1alpha1",
|
||||
},
|
||||
},
|
||||
OrganzationName: opts.OrganizationName,
|
||||
},
|
||||
}
|
||||
|
||||
if err := controllerutil.SetControllerReference(owner, org, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference in Organization manifest: %v", err)
|
||||
}
|
||||
return org, nil
|
||||
}
|
||||
38
pkg/builder/secret_builder.go
Normal file
38
pkg/builder/secret_builder.go
Normal file
@@ -0,0 +1,38 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||||
)
|
||||
|
||||
type SecretOpts struct {
|
||||
Zitadel *zitadelv1alpha1.Cluster
|
||||
Key types.NamespacedName
|
||||
Data map[string][]byte
|
||||
Labels map[string]string
|
||||
Annotations map[string]string
|
||||
Immutable bool
|
||||
}
|
||||
|
||||
func (b *Builder) BuildSecret(opts SecretOpts, owner metav1.Object) (*corev1.Secret, error) {
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(opts.Key).
|
||||
WithZitadel(opts.Zitadel).
|
||||
WithLabels(opts.Labels).
|
||||
WithAnnotations(opts.Annotations).
|
||||
Build()
|
||||
secret := &corev1.Secret{
|
||||
ObjectMeta: objMeta,
|
||||
Data: opts.Data,
|
||||
Immutable: &opts.Immutable,
|
||||
}
|
||||
if err := controllerutil.SetControllerReference(owner, secret, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference in Secret manifest: %v", err)
|
||||
}
|
||||
return secret, nil
|
||||
}
|
||||
69
pkg/builder/service_builder.go
Normal file
69
pkg/builder/service_builder.go
Normal file
@@ -0,0 +1,69 @@
|
||||
package builder
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
labels "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/labels"
|
||||
metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
||||
)
|
||||
|
||||
type ServiceOpts struct {
|
||||
Ports []corev1.ServicePort
|
||||
}
|
||||
|
||||
func (b *Builder) BuildService(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName,
|
||||
opts ServiceOpts) (*corev1.Service, error) {
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(key).
|
||||
WithZitadel(zitadel).
|
||||
Build()
|
||||
|
||||
svc := &corev1.Service{
|
||||
ObjectMeta: objMeta,
|
||||
Spec: corev1.ServiceSpec{
|
||||
Type: corev1.ServiceTypeClusterIP,
|
||||
Ports: opts.Ports,
|
||||
Selector: serviceSelectorLabels(opts, zitadel),
|
||||
},
|
||||
}
|
||||
if err := controllerutil.SetControllerReference(zitadel, svc, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference to Service: %v", err)
|
||||
}
|
||||
return svc, nil
|
||||
}
|
||||
|
||||
func (b *Builder) BuildLoginService(instance *zitadelv1alpha1.Instance, key types.NamespacedName,
|
||||
opts ServiceOpts) (*corev1.Service, error) {
|
||||
objMeta :=
|
||||
metadata.NewMetadataBuilder(key).
|
||||
Build()
|
||||
|
||||
svc := &corev1.Service{
|
||||
ObjectMeta: objMeta,
|
||||
Spec: corev1.ServiceSpec{
|
||||
Type: corev1.ServiceTypeClusterIP,
|
||||
Ports: opts.Ports,
|
||||
Selector: serviceLoginSelectorLabels(opts, instance),
|
||||
},
|
||||
}
|
||||
if err := controllerutil.SetControllerReference(instance, svc, b.scheme); err != nil {
|
||||
return nil, fmt.Errorf("error setting controller reference to Service: %v", err)
|
||||
}
|
||||
return svc, nil
|
||||
}
|
||||
|
||||
func serviceLoginSelectorLabels(opts ServiceOpts, instance *zitadelv1alpha1.Instance) map[string]string {
|
||||
return labels.NewLabelsBuilder().
|
||||
WithLoginUISelectorLabels(instance).
|
||||
Build()
|
||||
}
|
||||
|
||||
func serviceSelectorLabels(opts ServiceOpts, cluster *zitadelv1alpha1.Cluster) map[string]string {
|
||||
return labels.NewLabelsBuilder().
|
||||
WithZitadelSelectorLabels(cluster).
|
||||
Build()
|
||||
}
|
||||
Reference in New Issue
Block a user