package builder import ( "fmt" zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1" labels "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/labels" metadata "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder/metadata" configuration "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/configuration" deployment "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/deployment" "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/masterkey" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" ) func (b *Builder) BuildDeployment(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*appsv1.Deployment, error) { replicas := zitadel.Spec.Replicas objMeta := metadata.NewMetadataBuilder(key). WithZitadel(zitadel). WithAnnotations(map[string]string{ "reloader.stakater.com/auto": "true", }). Build() selectorLabels := labels.NewLabelsBuilder(). WithZitadelSelectorLabels(zitadel). Build() podTemplate, err := b.buildDepPodTemplate(zitadel, selectorLabels) if err != nil { return nil, fmt.Errorf("error building pod template: %v", err) } dep := &appsv1.Deployment{ ObjectMeta: objMeta, Spec: appsv1.DeploymentSpec{ Replicas: &replicas, Selector: &metav1.LabelSelector{ MatchLabels: selectorLabels, }, Template: *podTemplate, }} if err := controllerutil.SetControllerReference(zitadel, dep, b.scheme); err != nil { return nil, fmt.Errorf("error setting controller reference to Deployment: %v", err) } return dep, nil } func (b *Builder) buildDepPodTemplate(zitadel *zitadelv1alpha1.Cluster, labels map[string]string) (*corev1.PodTemplateSpec, error) { objMeta := metadata.NewMetadataBuilder(client.ObjectKeyFromObject(zitadel)). WithZitadel(zitadel). WithLabels(labels). WithAnnotations(zitadel.Spec.PodAnnotations). Build() group := int64(0) // mode := int32(0444) return &corev1.PodTemplateSpec{ ObjectMeta: objMeta, Spec: corev1.PodSpec{ SecurityContext: &corev1.PodSecurityContext{FSGroup: &group}, Containers: *b.buildDepContainers(zitadel), Volumes: []corev1.Volume{ // {Name: "certs", VolumeSource: corev1.VolumeSource{ // Secret: &corev1.SecretVolumeSource{ // SecretName: zitadel.Spec.RootTLSSecret.Name, // DefaultMode: &mode, // }, // }}, {Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}}, }, }, }, nil } func (b *Builder) buildDepContainers(zitadel *zitadelv1alpha1.Cluster) *[]corev1.Container { readyProbeHandle := corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{HTTPHeaders: []corev1.HTTPHeader{}, Port: intstr.FromInt(deployment.ZitadelPort), Scheme: corev1.URISchemeHTTP, Path: "/debug/ready", }, } livenessProbeHandle := corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{HTTPHeaders: []corev1.HTTPHeader{}, Port: intstr.FromInt(deployment.ZitadelPort), Scheme: corev1.URISchemeHTTP, Path: "/debug/healthz", }, } return &[]corev1.Container{ { Name: "zitadel", Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag, Args: []string{ "start", "--config", "/config/zitadel-config-yaml", "--masterkeyFromEnv", }, ImagePullPolicy: corev1.PullIfNotPresent, Env: []corev1.EnvVar{ { Name: "ZITADEL_MASTERKEY", ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}}, }, { Name: "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD", ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}}, }, { Name: "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD", ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}}, }, // { // Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT", // Value: "/certs/ca.crt", // }, // { // Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT", // Value: "/certs/tls.crt", // }, // { // Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY", // Value: "/certs/tls.key", // }, // { // Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT", // Value: "/certs/ca.crt", // }, // { // Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT", // Value: "/certs/tls.crt", // }, // { // Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY", // Value: "/certs/tls.key", // }, }, Ports: []corev1.ContainerPort{ {Name: deployment.ZitadelName, ContainerPort: deployment.ZitadelPort}, }, LivenessProbe: &corev1.Probe{ ProbeHandler: livenessProbeHandle, FailureThreshold: 10, InitialDelaySeconds: 0, PeriodSeconds: 5, }, ReadinessProbe: &corev1.Probe{ ProbeHandler: readyProbeHandle, FailureThreshold: 3, InitialDelaySeconds: 0, PeriodSeconds: 5, }, Resources: zitadel.Spec.Resources, VolumeMounts: []corev1.VolumeMount{ {Name: "zitadel-config-yaml", MountPath: "/config"}, // {Name: "certs", MountPath: "/certs"}, }, }, } }