HaimKortovich
da5d944430
Some checks failed
Build and Publish / build-release (push) Failing after 26s
214 lines
7.5 KiB
Go
214 lines
7.5 KiB
Go
package builder
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
|
configuration "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/configuration"
|
|
"gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/masterkey"
|
|
batchv1 "k8s.io/api/batch/v1"
|
|
corev1 "k8s.io/api/core/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/types"
|
|
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
|
|
)
|
|
|
|
func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*batchv1.Job, error) {
|
|
|
|
backOffLimit := int32(5)
|
|
activeDeadlineSeconds := int64(1800)
|
|
runAsNonRoot := true
|
|
enableServiceLinks := false
|
|
user := int64(1000)
|
|
// mode := int32(0444)
|
|
initJob := &batchv1.Job{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: key.Name,
|
|
Namespace: key.Namespace,
|
|
},
|
|
Spec: batchv1.JobSpec{
|
|
BackoffLimit: &backOffLimit,
|
|
ActiveDeadlineSeconds: &activeDeadlineSeconds,
|
|
Template: corev1.PodTemplateSpec{
|
|
Spec: corev1.PodSpec{
|
|
RestartPolicy: corev1.RestartPolicyOnFailure,
|
|
SecurityContext: &corev1.PodSecurityContext{
|
|
RunAsNonRoot: &runAsNonRoot,
|
|
RunAsUser: &user,
|
|
},
|
|
EnableServiceLinks: &enableServiceLinks,
|
|
Volumes: []corev1.Volume{
|
|
// {Name: "certs", VolumeSource: corev1.VolumeSource{
|
|
// Secret: &corev1.SecretVolumeSource{
|
|
// SecretName: zitadel.Spec.RootTLSSecret.Name,
|
|
// DefaultMode: &mode,
|
|
// },
|
|
// }},
|
|
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
|
},
|
|
Containers: []corev1.Container{
|
|
{
|
|
Name: "zitadel-init",
|
|
Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
|
|
Args: []string{
|
|
"init",
|
|
"zitadel",
|
|
"--config", "/config/zitadel-config-yaml",
|
|
},
|
|
Env: []corev1.EnvVar{
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
|
|
// Value: "/certs/ca.crt",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
|
|
// Value: "/certs/tls.crt",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
|
|
// Value: "/certs/tls.key",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
|
|
// Value: "/certs/ca.crt",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
|
|
// Value: "/certs/tls.crt",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
|
|
// Value: "/certs/tls.key",
|
|
// },
|
|
{
|
|
Name: "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD",
|
|
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}},
|
|
},
|
|
|
|
{
|
|
Name: "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD",
|
|
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}},
|
|
},
|
|
},
|
|
VolumeMounts: []corev1.VolumeMount{
|
|
{Name: "zitadel-config-yaml", MountPath: "/config"},
|
|
// {Name: "certs", MountPath: "/certs"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
if err := controllerutil.SetControllerReference(zitadel, initJob, b.scheme); err != nil {
|
|
return nil, fmt.Errorf("error setting controller reference to InitJob: %v", err)
|
|
}
|
|
return initJob, nil
|
|
}
|
|
|
|
func (b *Builder) BuildSetupJob(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*batchv1.Job, error) {
|
|
|
|
backOffLimit := int32(5)
|
|
activeDeadlineSeconds := int64(1800)
|
|
runAsNonRoot := true
|
|
enableServiceLinks := false
|
|
user := int64(1000)
|
|
// mode := int32(0444)
|
|
setupJob := &batchv1.Job{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: key.Name,
|
|
Namespace: key.Namespace,
|
|
},
|
|
Spec: batchv1.JobSpec{
|
|
BackoffLimit: &backOffLimit,
|
|
ActiveDeadlineSeconds: &activeDeadlineSeconds,
|
|
Template: corev1.PodTemplateSpec{
|
|
Spec: corev1.PodSpec{
|
|
RestartPolicy: corev1.RestartPolicyOnFailure,
|
|
SecurityContext: &corev1.PodSecurityContext{
|
|
RunAsNonRoot: &runAsNonRoot,
|
|
RunAsUser: &user,
|
|
},
|
|
EnableServiceLinks: &enableServiceLinks,
|
|
Volumes: []corev1.Volume{
|
|
// {Name: "certs", VolumeSource: corev1.VolumeSource{
|
|
// Secret: &corev1.SecretVolumeSource{
|
|
// SecretName: zitadel.Spec.RootTLSSecret.Name,
|
|
// DefaultMode: &mode,
|
|
// },
|
|
// }},
|
|
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
|
|
},
|
|
Containers: []corev1.Container{
|
|
{
|
|
Name: "zitadel-setup",
|
|
Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
|
|
Args: []string{
|
|
"setup",
|
|
"--config", "/config/zitadel-config-yaml",
|
|
"--steps", "/config/zitadel-config-yaml",
|
|
"--masterkeyFromEnv",
|
|
"--init-projections=true",
|
|
},
|
|
|
|
Env: []corev1.EnvVar{
|
|
{
|
|
Name: "ZITADEL_MASTERKEY",
|
|
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
|
|
},
|
|
// {
|
|
// Name: "ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH",
|
|
// Value: "/machinekey/sa.json",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
|
|
// Value: "/certs/ca.crt",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
|
|
// Value: "/certs/tls.crt",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
|
|
// Value: "/certs/tls.key",
|
|
// },
|
|
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
|
|
// Value: "/certs/ca.crt",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
|
|
// Value: "/certs/tls.crt",
|
|
// },
|
|
// {
|
|
// Name: "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
|
|
// Value: "/certs/tls.key",
|
|
// },
|
|
//
|
|
{
|
|
Name: "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD",
|
|
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}},
|
|
},
|
|
|
|
{
|
|
Name: "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD",
|
|
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}},
|
|
},
|
|
},
|
|
VolumeMounts: []corev1.VolumeMount{
|
|
{Name: "zitadel-config-yaml", MountPath: "/config"},
|
|
// {Name: "certs", MountPath: "/certs"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
if err := controllerutil.SetControllerReference(zitadel, setupJob, b.scheme); err != nil {
|
|
return nil, fmt.Errorf("error setting controller reference to SetupJob: %v", err)
|
|
}
|
|
return setupJob, nil
|
|
}
|