divide operators

2026-04-07 13:41:25 -05:00
parent 66f38d90ee
commit da5d944430
179 changed files with 2996 additions and 10163 deletions
--- a/pkg/builder/job_builder.go
+++ b/pkg/builder/job_builder.go
@@ -0,0 +1,213 @@
+package builder
+
+import (
+	"fmt"
+
+	zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
+	configuration "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/configuration"
+	"gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/masterkey"
+	batchv1 "k8s.io/api/batch/v1"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+)
+
+func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*batchv1.Job, error) {
+
+	backOffLimit := int32(5)
+	activeDeadlineSeconds := int64(1800)
+	runAsNonRoot := true
+	enableServiceLinks := false
+	user := int64(1000)
+	// mode := int32(0444)
+	initJob := &batchv1.Job{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      key.Name,
+			Namespace: key.Namespace,
+		},
+		Spec: batchv1.JobSpec{
+			BackoffLimit:          &backOffLimit,
+			ActiveDeadlineSeconds: &activeDeadlineSeconds,
+			Template: corev1.PodTemplateSpec{
+				Spec: corev1.PodSpec{
+					RestartPolicy: corev1.RestartPolicyOnFailure,
+					SecurityContext: &corev1.PodSecurityContext{
+						RunAsNonRoot: &runAsNonRoot,
+						RunAsUser:    &user,
+					},
+					EnableServiceLinks: &enableServiceLinks,
+					Volumes: []corev1.Volume{
+						// {Name: "certs", VolumeSource: corev1.VolumeSource{
+						// 	Secret: &corev1.SecretVolumeSource{
+						// 		SecretName:  zitadel.Spec.RootTLSSecret.Name,
+						// 		DefaultMode: &mode,
+						// 	},
+						// }},
+						{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
+					},
+					Containers: []corev1.Container{
+						{
+							Name:  "zitadel-init",
+							Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
+							Args: []string{
+								"init",
+								"zitadel",
+								"--config", "/config/zitadel-config-yaml",
+							},
+							Env: []corev1.EnvVar{
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
+								// 	Value: "/certs/ca.crt",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
+								// 	Value: "/certs/tls.crt",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
+								// 	Value: "/certs/tls.key",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
+								// 	Value: "/certs/ca.crt",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
+								// 	Value: "/certs/tls.crt",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
+								// 	Value: "/certs/tls.key",
+								// },
+								{
+									Name:      "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD",
+									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}},
+								},
+
+								{
+									Name:      "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD",
+									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}},
+								},
+							},
+							VolumeMounts: []corev1.VolumeMount{
+								{Name: "zitadel-config-yaml", MountPath: "/config"},
+								// {Name: "certs", MountPath: "/certs"},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	if err := controllerutil.SetControllerReference(zitadel, initJob, b.scheme); err != nil {
+		return nil, fmt.Errorf("error setting controller reference to InitJob: %v", err)
+	}
+	return initJob, nil
+}
+
+func (b *Builder) BuildSetupJob(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*batchv1.Job, error) {
+
+	backOffLimit := int32(5)
+	activeDeadlineSeconds := int64(1800)
+	runAsNonRoot := true
+	enableServiceLinks := false
+	user := int64(1000)
+	// mode := int32(0444)
+	setupJob := &batchv1.Job{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      key.Name,
+			Namespace: key.Namespace,
+		},
+		Spec: batchv1.JobSpec{
+			BackoffLimit:          &backOffLimit,
+			ActiveDeadlineSeconds: &activeDeadlineSeconds,
+			Template: corev1.PodTemplateSpec{
+				Spec: corev1.PodSpec{
+					RestartPolicy: corev1.RestartPolicyOnFailure,
+					SecurityContext: &corev1.PodSecurityContext{
+						RunAsNonRoot: &runAsNonRoot,
+						RunAsUser:    &user,
+					},
+					EnableServiceLinks: &enableServiceLinks,
+					Volumes: []corev1.Volume{
+						// {Name: "certs", VolumeSource: corev1.VolumeSource{
+						// 	Secret: &corev1.SecretVolumeSource{
+						// 		SecretName:  zitadel.Spec.RootTLSSecret.Name,
+						// 		DefaultMode: &mode,
+						// 	},
+						// }},
+						{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
+					},
+					Containers: []corev1.Container{
+						{
+							Name:  "zitadel-setup",
+							Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
+							Args: []string{
+								"setup",
+								"--config", "/config/zitadel-config-yaml",
+								"--steps", "/config/zitadel-config-yaml",
+								"--masterkeyFromEnv",
+								"--init-projections=true",
+							},
+
+							Env: []corev1.EnvVar{
+								{
+									Name:      "ZITADEL_MASTERKEY",
+									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
+								},
+								// {
+								// 	Name:  "ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH",
+								// 	Value: "/machinekey/sa.json",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
+								// 	Value: "/certs/ca.crt",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
+								// 	Value: "/certs/tls.crt",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
+								// 	Value: "/certs/tls.key",
+								// },
+
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
+								// 	Value: "/certs/ca.crt",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
+								// 	Value: "/certs/tls.crt",
+								// },
+								// {
+								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
+								// 	Value: "/certs/tls.key",
+								// },
+								//
+								{
+									Name:      "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD",
+									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}},
+								},
+
+								{
+									Name:      "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD",
+									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}},
+								},
+							},
+							VolumeMounts: []corev1.VolumeMount{
+								{Name: "zitadel-config-yaml", MountPath: "/config"},
+								// {Name: "certs", MountPath: "/certs"},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	if err := controllerutil.SetControllerReference(zitadel, setupJob, b.scheme); err != nil {
+		return nil, fmt.Errorf("error setting controller reference to SetupJob: %v", err)
+	}
+	return setupJob, nil
+}