Skip to content

Commit 28ed3d6

Browse files
halim-leehalim-lee
authored
Adding #293 and #343 to 0.8.x for OLO v0.8.1 (#349)
* Add issues #293 #343 to 0.8.x * Add pullSecret check in controller
1 parent 8c26ed6 commit 28ed3d6

File tree

2 files changed

+49
-1
lines changed

2 files changed

+49
-1
lines changed

controllers/runtimecomponent_controller.go

+7
Original file line numberDiff line numberDiff line change
@@ -222,6 +222,13 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req
222222
}
223223
}
224224

225+
// Check if the ServiceAccount has a valid pull secret before creating the deployment/statefulset
226+
// or setting up knative. Otherwise the pods can go into an ImagePullBackOff loop
227+
saErr := appstacksutils.ServiceAccountPullSecretExists(instance, r.GetClient())
228+
if saErr != nil {
229+
return r.ManageError(saErr, common.StatusConditionTypeReconciled, instance)
230+
}
231+
225232
isKnativeSupported, err := r.IsGroupVersionSupported(servingv1.SchemeGroupVersion.String(), "Service")
226233
if err != nil {
227234
r.ManageError(err, common.StatusConditionTypeReconciled, instance)

utils/utils.go

+42-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,9 @@ package utils
22

33
import (
44
"bytes"
5+
"context"
56
"encoding/json"
7+
"errors"
68
"fmt"
79
"os"
810
"sort"
@@ -14,6 +16,7 @@ import (
1416
"k8s.io/client-go/kubernetes/scheme"
1517
"k8s.io/client-go/rest"
1618
"k8s.io/client-go/tools/remotecommand"
19+
"sigs.k8s.io/controller-runtime/pkg/client"
1720

1821
"github.com/application-stacks/runtime-component-operator/common"
1922
prometheusv1 "github.com/coreos/prometheus-operator/pkg/apis/monitoring/v1"
@@ -27,6 +30,7 @@ import (
2730
"k8s.io/apimachinery/pkg/api/resource"
2831
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2932
"k8s.io/apimachinery/pkg/runtime"
33+
"k8s.io/apimachinery/pkg/types"
3034
"k8s.io/apimachinery/pkg/util/intstr"
3135
servingv1 "knative.dev/serving/pkg/apis/serving/v1"
3236
)
@@ -126,7 +130,9 @@ func CustomizeRoute(route *routev1.Route, ba common.BaseComponent, key string, c
126130
route.Spec.TLS.CACertificate = ""
127131
route.Spec.TLS.Key = ""
128132
route.Spec.TLS.DestinationCACertificate = ""
129-
route.Spec.TLS.InsecureEdgeTerminationPolicy = ""
133+
if rt.GetInsecureEdgeTerminationPolicy() != nil {
134+
route.Spec.TLS.InsecureEdgeTerminationPolicy = *rt.GetInsecureEdgeTerminationPolicy()
135+
}
130136
} else if route.Spec.TLS.Termination == routev1.TLSTerminationEdge {
131137
route.Spec.TLS.Certificate = crt
132138
route.Spec.TLS.CACertificate = ca
@@ -1042,3 +1048,38 @@ func (r *ReconcilerBase) toJSONFromRaw(content *runtime.RawExtension) (map[strin
10421048
}
10431049
return data, nil
10441050
}
1051+
1052+
// Looks for a pull secret in the service account retrieved from the component
1053+
// Returns nil if there is at least one image pull secret, otherwise an error
1054+
func ServiceAccountPullSecretExists(ba common.BaseComponent, client client.Client) error {
1055+
obj := ba.(metav1.Object)
1056+
ns := obj.GetNamespace()
1057+
saName := obj.GetName()
1058+
if ba.GetServiceAccountName() != nil && *ba.GetServiceAccountName() != "" {
1059+
saName = *ba.GetServiceAccountName()
1060+
}
1061+
1062+
sa := &corev1.ServiceAccount{}
1063+
getErr := client.Get(context.TODO(), types.NamespacedName{Name: saName, Namespace: ns}, sa)
1064+
if getErr != nil {
1065+
return getErr
1066+
}
1067+
secrets := sa.ImagePullSecrets
1068+
found := false
1069+
if len(secrets) > 0 {
1070+
// if this is our service account there will be one image pull secret
1071+
// For others there could be more. either way, just use the first?
1072+
sName := secrets[0].Name
1073+
err := client.Get(context.TODO(), types.NamespacedName{Name: sName, Namespace: ns}, &corev1.Secret{})
1074+
if err != nil {
1075+
return err
1076+
}
1077+
found = true
1078+
1079+
}
1080+
if !found {
1081+
saErr := errors.New("Service account " + saName + " isn't ready")
1082+
return saErr
1083+
}
1084+
return nil
1085+
}

0 commit comments

Comments
 (0)