Skip to content

Commit

Permalink
Merge pull request #248 from periklis/backport-prs-11592-and-11624-5.7
Browse files Browse the repository at this point in the history
[release-5.7] LOG-4968: Backport PRs grafana#11624 and grafana#11592
  • Loading branch information
openshift-merge-bot[bot] authored Jan 18, 2024
2 parents d42605f + 9402d35 commit 1af419f
Show file tree
Hide file tree
Showing 25 changed files with 1,873 additions and 1,217 deletions.
4 changes: 4 additions & 0 deletions operator/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
## Main

## Release 5.7.11

- [11624](https://github.com/grafana/loki/pull/11624) **xperimental**: React to changes in ConfigMap used for storage CA

## Release 5.7.10

- [11448](https://github.com/grafana/loki/pull/11448) **periklis**: Update Loki operand to v2.9.3
Expand Down
43 changes: 36 additions & 7 deletions operator/controllers/loki/lokistack_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -96,12 +96,7 @@ var (
})
createUpdateOrDeletePred = builder.WithPredicates(predicate.Funcs{
UpdateFunc: func(e event.UpdateEvent) bool {
if e.ObjectOld.GetGeneration() == 0 && len(e.ObjectOld.GetAnnotations()) == 0 {
return e.ObjectOld.GetResourceVersion() != e.ObjectNew.GetResourceVersion()
}

return e.ObjectOld.GetGeneration() != e.ObjectNew.GetGeneration() ||
cmp.Diff(e.ObjectOld.GetAnnotations(), e.ObjectNew.GetAnnotations()) != ""
return e.ObjectOld.GetResourceVersion() != e.ObjectNew.GetResourceVersion()
},
CreateFunc: func(e event.CreateEvent) bool { return true },
DeleteFunc: func(e event.DeleteEvent) bool { return true },
Expand Down Expand Up @@ -207,7 +202,8 @@ func (r *LokiStackReconciler) buildController(bld k8s.Builder) error {
Owns(&rbacv1.Role{}, updateOrDeleteOnlyPred).
Owns(&rbacv1.RoleBinding{}, updateOrDeleteOnlyPred).
Watches(&source.Kind{Type: &corev1.Service{}}, r.enqueueForAlertManagerServices(), createUpdateOrDeletePred).
Watches(&source.Kind{Type: &corev1.Secret{}}, r.enqueueForStorageSecret(), createUpdateOrDeletePred)
Watches(&source.Kind{Type: &corev1.Secret{}}, r.enqueueForStorageSecret(), createUpdateOrDeletePred).
Watches(&source.Kind{Type: &corev1.ConfigMap{}}, r.enqueueForStorageCA(), createUpdateOrDeletePred)

if r.FeatureGates.LokiStackAlerts {
bld = bld.Owns(&monitoringv1.PrometheusRule{}, updateOrDeleteOnlyPred)
Expand Down Expand Up @@ -327,3 +323,36 @@ func (r *LokiStackReconciler) enqueueForStorageSecret() handler.EventHandler {
return requests
})
}

func (r *LokiStackReconciler) enqueueForStorageCA() handler.EventHandler {
ctx := context.TODO()
return handler.EnqueueRequestsFromMapFunc(func(obj client.Object) []reconcile.Request {
lokiStacks := &lokiv1.LokiStackList{}
if err := r.Client.List(ctx, lokiStacks, client.InNamespace(obj.GetNamespace())); err != nil {
r.Log.Error(err, "Error listing LokiStack resources for storage CA update")
return nil
}

var requests []reconcile.Request
for _, stack := range lokiStacks.Items {
if stack.Spec.Storage.TLS == nil {
continue
}

storageTLS := stack.Spec.Storage.TLS
if obj.GetName() != storageTLS.CA {
continue
}

requests = append(requests, reconcile.Request{
NamespacedName: types.NamespacedName{
Namespace: stack.Namespace,
Name: stack.Name,
},
})
r.Log.Info("Enqueued request for LokiStack because of Storage CA resource change", "LokiStack", stack.Name, "ConfigMap", obj.GetName())
}

return requests
})
}
19 changes: 13 additions & 6 deletions operator/controllers/loki/lokistack_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -204,8 +204,8 @@ func TestLokiStackController_RegisterWatchedResources(t *testing.T) {
table := []test{
{
src: &source.Kind{Type: &openshiftconfigv1.APIServer{}},
index: 2,
watchesCallsCount: 3,
index: 3,
watchesCallsCount: 4,
featureGates: configv1.FeatureGates{
OpenShift: configv1.OpenShiftFeatureGates{
ClusterTLSPolicy: true,
Expand All @@ -215,8 +215,8 @@ func TestLokiStackController_RegisterWatchedResources(t *testing.T) {
},
{
src: &source.Kind{Type: &openshiftconfigv1.Proxy{}},
index: 2,
watchesCallsCount: 3,
index: 3,
watchesCallsCount: 4,
featureGates: configv1.FeatureGates{
OpenShift: configv1.OpenShiftFeatureGates{
ClusterProxy: true,
Expand All @@ -227,14 +227,21 @@ func TestLokiStackController_RegisterWatchedResources(t *testing.T) {
{
src: &source.Kind{Type: &corev1.Service{}},
index: 0,
watchesCallsCount: 2,
watchesCallsCount: 3,
featureGates: configv1.FeatureGates{},
pred: createUpdateOrDeletePred,
},
{
src: &source.Kind{Type: &corev1.Secret{}},
index: 1,
watchesCallsCount: 2,
watchesCallsCount: 3,
featureGates: configv1.FeatureGates{},
pred: createUpdateOrDeletePred,
},
{
src: &source.Kind{Type: &corev1.ConfigMap{}},
index: 2,
watchesCallsCount: 3,
featureGates: configv1.FeatureGates{},
pred: createUpdateOrDeletePred,
},
Expand Down
5 changes: 2 additions & 3 deletions operator/internal/handlers/internal/gateway/base_domain.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,18 @@ import (
"github.com/ViaQ/logerr/v2/kverrors"
configv1 "github.com/openshift/api/config/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"

lokiv1 "github.com/grafana/loki/operator/apis/loki/v1"
"github.com/grafana/loki/operator/internal/external/k8s"
"github.com/grafana/loki/operator/internal/status"
)

// GetOpenShiftBaseDomain returns the cluster DNS base domain on OpenShift
// getOpenShiftBaseDomain returns the cluster DNS base domain on OpenShift
// clusters to auto-create redirect URLs for OpenShift Auth or an error.
// If the config.openshift.io/DNS object is not found the whole lokistack
// resoure is set to a degraded state.
func GetOpenShiftBaseDomain(ctx context.Context, k k8s.Client, req ctrl.Request) (string, error) {
func getOpenShiftBaseDomain(ctx context.Context, k k8s.Client) (string, error) {
var cluster configv1.DNS
key := client.ObjectKey{Name: "cluster"}
if err := k.Get(ctx, key, &cluster); err != nil {
Expand Down
87 changes: 87 additions & 0 deletions operator/internal/handlers/internal/gateway/gateway.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
package gateway

import (
"context"
"fmt"

"github.com/go-logr/logr"

configv1 "github.com/grafana/loki/operator/apis/config/v1"
lokiv1 "github.com/grafana/loki/operator/apis/loki/v1"
"github.com/grafana/loki/operator/internal/external/k8s"
"github.com/grafana/loki/operator/internal/handlers/internal/openshift"
"github.com/grafana/loki/operator/internal/manifests"
"github.com/grafana/loki/operator/internal/status"
)

// BuildOptions returns the options needed to generate Kubernetes resource
// manifests for the lokistack-gateway.
// The returned error can be a status.DegradedError in the following cases:
// - The tenants spec is missing.
// - The tenants spec is invalid.
func BuildOptions(ctx context.Context, log logr.Logger, k k8s.Client, stack *lokiv1.LokiStack, fg configv1.FeatureGates) (string, manifests.Tenants, error) {
var (
err error
baseDomain string
secrets []*manifests.TenantSecrets
configs map[string]manifests.TenantConfig
tenants manifests.Tenants
)

if !fg.LokiStackGateway {
return "", tenants, nil
}

if stack.Spec.Tenants == nil {
return "", tenants, &status.DegradedError{
Message: "Invalid tenants configuration: TenantsSpec cannot be nil when gateway flag is enabled",
Reason: lokiv1.ReasonInvalidTenantsConfiguration,
Requeue: false,
}
}

if err = validateModes(stack); err != nil {
return "", tenants, &status.DegradedError{
Message: fmt.Sprintf("Invalid tenants configuration: %s", err),
Reason: lokiv1.ReasonInvalidTenantsConfiguration,
Requeue: false,
}
}

switch stack.Spec.Tenants.Mode {
case lokiv1.OpenshiftLogging, lokiv1.OpenshiftNetwork:
baseDomain, err = getOpenShiftBaseDomain(ctx, k)
if err != nil {
return "", tenants, err
}

if stack.Spec.Proxy == nil {
// If the LokiStack has no proxy set but there is a cluster-wide proxy setting,
// set the LokiStack proxy to that.
ocpProxy, proxyErr := openshift.GetProxy(ctx, k)
if proxyErr != nil {
return "", tenants, proxyErr
}

stack.Spec.Proxy = ocpProxy
}
default:
secrets, err = getTenantSecrets(ctx, k, stack)
if err != nil {
return "", tenants, err
}
}

// extract the existing tenant's id, cookieSecret if exists, otherwise create new.
configs, err = getTenantConfigFromSecret(ctx, k, stack)
if err != nil {
log.Error(err, "error in getting tenant secret data")
}

tenants = manifests.Tenants{
Secrets: secrets,
Configs: configs,
}

return baseDomain, tenants, nil
}
Loading

0 comments on commit 1af419f

Please sign in to comment.