From 84f11a0706cf3db6eee68e6c790a1dabe2cb5f34 Mon Sep 17 00:00:00 2001
From: "cristina.petala" <cristina.petala@trasys.gr>
Date: Wed, 17 Jul 2024 13:58:20 +0300
Subject: [PATCH 01/11] adding ckeditor-secret
---
controllers/drupalsite_resources.go | 61 +++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index 77ad8597..885bb97b 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -24,6 +24,7 @@ import (
"io/ioutil"
"math/rand"
"net/url"
+ "os"
"strconv"
"time"
@@ -100,6 +101,9 @@ func (r *DrupalSiteReconciler) ensureResources(drp *webservicesv1a1.DrupalSite,
if transientErr := r.ensureResourceX(ctx, drp, "webdav_secret", log); transientErr != nil {
transientErrs = append(transientErrs, transientErr.Wrap("%v: for WebDAV Secret"))
}
+ if transientErr := r.ensureResourceX(ctx, drp, "ckeditor_secret", log); transientErr != nil {
+ transientErrs = append(transientErrs, transientErr.Wrap("%v: for ckeditor Secret"))
+ }
// 3. Serving layer
@@ -212,6 +216,7 @@ ensureResourceX ensure the requested resource is created, with the following val
- oidc_return_uri: Redirection URI for OIDC
- dbod_cr: DBOD custom resource to establish database & respective connection for the drupalsite
- webdav_secret: Secret with credential for WebDAV
+ - ckeditor_secret: Secret with credential for ckeditor4lts
- backup_schedule: Velero Schedule for scheduled backups of the drupalSite
- tekton_extra_perm_rbac: ClusterRoleBinding for tekton tasks
- gitlab_trigger_secret: Secret for Gitlab trigger config in buildconfig
@@ -253,6 +258,17 @@ func (r *DrupalSiteReconciler) ensureResourceX(ctx context.Context, d *webservic
return newApplicationError(err, ErrClientK8s)
}
return nil
+ case "ckeditor_secret":
+ ckeditor_secret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "ckeditor-secret-" + d.Name, Namespace: d.Namespace}}
+ _, err := controllerruntime.CreateOrUpdate(ctx, r.Client, ckeditor_secret, func() error {
+ log.V(4).Info("Ensuring Resource", "Kind", ckeditor_secret.TypeMeta.Kind, "Resource.Namespace", ckeditor_secret.Namespace, "Resource.Name", ckeditor_secret.Name)
+ return secretForCKEditor(ckeditor_secret, d)
+ })
+ if err != nil {
+ log.Error(err, "Failed to ensure Resource", "Kind", ckeditor_secret.TypeMeta.Kind, "Resource.Namespace", ckeditor_secret.Namespace, "Resource.Name", ckeditor_secret.Name)
+ return newApplicationError(err, ErrClientK8s)
+ }
+ return nil
case "svc_nginx":
svc := &corev1.Service{ObjectMeta: metav1.ObjectMeta{Name: d.Name, Namespace: d.Namespace}}
_, err := controllerruntime.CreateOrUpdate(ctx, r.Client, svc, func() error {
@@ -928,6 +944,13 @@ func deploymentForDrupalSite(currentobject *appsv1.Deployment, databaseSecret st
},
},
},
+ {
+ SecretRef: &corev1.SecretEnvSource{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "ckeditor-secret-" + d.Name,
+ },
+ },
+ },
}
currentobject.Spec.Template.Spec.Containers[i].VolumeMounts = []corev1.VolumeMount{
{
@@ -1419,6 +1442,30 @@ func secretForWebDAV(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite
return nil
}
+// secretForCKEditor returns a Secret object for the CKEditor license key
+func secretForCKEditor(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite) error {
+ addOwnerRefToObject(currentobject, asOwner(d))
+ currentobject.Type = "kubernetes.io/opaque"
+
+ // Fetch the CKEditor license key from environment variable
+ ckeditorLicenseKey := os.Getenv("CKEDITOR_LICENSE_KEY")
+ if ckeditorLicenseKey == "" {
+ return fmt.Errorf("CKEDITOR_LICENSE_KEY environment variable is not set")
+ }
+ currentobject.StringData = map[string]string{
+ "licenseKey": ckeditorLicenseKey,
+ }
+ if currentobject.Labels == nil {
+ currentobject.Labels = map[string]string{}
+ }
+ ls := labelsForDrupalSite(d.Name)
+ ls["app"] = "drupal"
+ for k, v := range ls {
+ currentobject.Labels[k] = v
+ }
+ return nil
+}
+
// persistentVolumeClaimForDrupalSite returns a PVC object
func persistentVolumeClaimForDrupalSite(currentobject *corev1.PersistentVolumeClaim, d *webservicesv1a1.DrupalSite) error {
addOwnerRefToObject(currentobject, asOwner(d))
@@ -1620,6 +1667,13 @@ func jobForDrupalSiteInstallation(currentobject *batchv1.Job, databaseSecret str
},
},
},
+ {
+ SecretRef: &corev1.SecretEnvSource{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "ckeditor-secret-" + d.Name,
+ },
+ },
+ },
},
VolumeMounts: []corev1.VolumeMount{
{
@@ -1772,6 +1826,13 @@ func jobForDrupalSiteClone(currentobject *batchv1.Job, databaseSecret string, d
},
},
},
+ {
+ SecretRef: &corev1.SecretEnvSource{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "ckeditor-secret-" + d.Name,
+ },
+ },
+ },
},
VolumeMounts: []corev1.VolumeMount{
{
--
GitLab
From a87c1c39f4d1cce455535bd9113ab4b1b74f441d Mon Sep 17 00:00:00 2001
From: "cristina.petala" <cristina.petala@trasys.gr>
Date: Thu, 18 Jul 2024 09:55:20 +0300
Subject: [PATCH 02/11] Revert "adding ckeditor-secret"
This reverts commit 0b08c80db36b651b975539365e3751864c7f150a.
---
controllers/drupalsite_resources.go | 61 -----------------------------
1 file changed, 61 deletions(-)
diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index 885bb97b..77ad8597 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -24,7 +24,6 @@ import (
"io/ioutil"
"math/rand"
"net/url"
- "os"
"strconv"
"time"
@@ -101,9 +100,6 @@ func (r *DrupalSiteReconciler) ensureResources(drp *webservicesv1a1.DrupalSite,
if transientErr := r.ensureResourceX(ctx, drp, "webdav_secret", log); transientErr != nil {
transientErrs = append(transientErrs, transientErr.Wrap("%v: for WebDAV Secret"))
}
- if transientErr := r.ensureResourceX(ctx, drp, "ckeditor_secret", log); transientErr != nil {
- transientErrs = append(transientErrs, transientErr.Wrap("%v: for ckeditor Secret"))
- }
// 3. Serving layer
@@ -216,7 +212,6 @@ ensureResourceX ensure the requested resource is created, with the following val
- oidc_return_uri: Redirection URI for OIDC
- dbod_cr: DBOD custom resource to establish database & respective connection for the drupalsite
- webdav_secret: Secret with credential for WebDAV
- - ckeditor_secret: Secret with credential for ckeditor4lts
- backup_schedule: Velero Schedule for scheduled backups of the drupalSite
- tekton_extra_perm_rbac: ClusterRoleBinding for tekton tasks
- gitlab_trigger_secret: Secret for Gitlab trigger config in buildconfig
@@ -258,17 +253,6 @@ func (r *DrupalSiteReconciler) ensureResourceX(ctx context.Context, d *webservic
return newApplicationError(err, ErrClientK8s)
}
return nil
- case "ckeditor_secret":
- ckeditor_secret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "ckeditor-secret-" + d.Name, Namespace: d.Namespace}}
- _, err := controllerruntime.CreateOrUpdate(ctx, r.Client, ckeditor_secret, func() error {
- log.V(4).Info("Ensuring Resource", "Kind", ckeditor_secret.TypeMeta.Kind, "Resource.Namespace", ckeditor_secret.Namespace, "Resource.Name", ckeditor_secret.Name)
- return secretForCKEditor(ckeditor_secret, d)
- })
- if err != nil {
- log.Error(err, "Failed to ensure Resource", "Kind", ckeditor_secret.TypeMeta.Kind, "Resource.Namespace", ckeditor_secret.Namespace, "Resource.Name", ckeditor_secret.Name)
- return newApplicationError(err, ErrClientK8s)
- }
- return nil
case "svc_nginx":
svc := &corev1.Service{ObjectMeta: metav1.ObjectMeta{Name: d.Name, Namespace: d.Namespace}}
_, err := controllerruntime.CreateOrUpdate(ctx, r.Client, svc, func() error {
@@ -944,13 +928,6 @@ func deploymentForDrupalSite(currentobject *appsv1.Deployment, databaseSecret st
},
},
},
- {
- SecretRef: &corev1.SecretEnvSource{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "ckeditor-secret-" + d.Name,
- },
- },
- },
}
currentobject.Spec.Template.Spec.Containers[i].VolumeMounts = []corev1.VolumeMount{
{
@@ -1442,30 +1419,6 @@ func secretForWebDAV(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite
return nil
}
-// secretForCKEditor returns a Secret object for the CKEditor license key
-func secretForCKEditor(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite) error {
- addOwnerRefToObject(currentobject, asOwner(d))
- currentobject.Type = "kubernetes.io/opaque"
-
- // Fetch the CKEditor license key from environment variable
- ckeditorLicenseKey := os.Getenv("CKEDITOR_LICENSE_KEY")
- if ckeditorLicenseKey == "" {
- return fmt.Errorf("CKEDITOR_LICENSE_KEY environment variable is not set")
- }
- currentobject.StringData = map[string]string{
- "licenseKey": ckeditorLicenseKey,
- }
- if currentobject.Labels == nil {
- currentobject.Labels = map[string]string{}
- }
- ls := labelsForDrupalSite(d.Name)
- ls["app"] = "drupal"
- for k, v := range ls {
- currentobject.Labels[k] = v
- }
- return nil
-}
-
// persistentVolumeClaimForDrupalSite returns a PVC object
func persistentVolumeClaimForDrupalSite(currentobject *corev1.PersistentVolumeClaim, d *webservicesv1a1.DrupalSite) error {
addOwnerRefToObject(currentobject, asOwner(d))
@@ -1667,13 +1620,6 @@ func jobForDrupalSiteInstallation(currentobject *batchv1.Job, databaseSecret str
},
},
},
- {
- SecretRef: &corev1.SecretEnvSource{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "ckeditor-secret-" + d.Name,
- },
- },
- },
},
VolumeMounts: []corev1.VolumeMount{
{
@@ -1826,13 +1772,6 @@ func jobForDrupalSiteClone(currentobject *batchv1.Job, databaseSecret string, d
},
},
},
- {
- SecretRef: &corev1.SecretEnvSource{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "ckeditor-secret-" + d.Name,
- },
- },
- },
},
VolumeMounts: []corev1.VolumeMount{
{
--
GitLab
From f21b8840f3043e5fdcaf361403c7298025ec3438 Mon Sep 17 00:00:00 2001
From: "cristina.petala" <cristina.petala@trasys.gr>
Date: Thu, 18 Jul 2024 11:43:31 +0300
Subject: [PATCH 03/11] adding ckeditor-secret second iteration
---
controllers/drupalsite_controller.go | 1 +
controllers/drupalsite_resources.go | 40 ++++++++++++++++++++++++++++
2 files changed, 41 insertions(+)
diff --git a/controllers/drupalsite_controller.go b/controllers/drupalsite_controller.go
index 83e81745..1fdad848 100644
--- a/controllers/drupalsite_controller.go
+++ b/controllers/drupalsite_controller.go
@@ -49,6 +49,7 @@ const (
debugAnnotation = "debug"
adminPauseAnnotation = "admin-pause-reconcile"
oidcSecretName = "oidc-client-secret"
+ ckeditorSecretName = "ckeditor-secret"
// Labels used by the Operator
ssoProxyLabel = "drupal.okd.cern.ch/full-sso"
diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index 77ad8597..7159853a 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -253,6 +253,17 @@ func (r *DrupalSiteReconciler) ensureResourceX(ctx context.Context, d *webservic
return newApplicationError(err, ErrClientK8s)
}
return nil
+ case "ckeditor_secret":
+ ckeditor_secret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: ckeditorSecretName, Namespace: d.Namespace}}
+ _, err := controllerruntime.CreateOrUpdate(ctx, r.Client, ckeditor_secret, func() error {
+ log.V(4).Info("Ensuring Resource", "Kind", ckeditor_secret.TypeMeta.Kind, "Resource.Namespace", ckeditor_secret.Namespace, "Resource.Name", ckeditor_secret.Name)
+ return secretForCKEditor(ckeditor_secret, d)
+ })
+ if err != nil {
+ log.Error(err, "Failed to ensure Resource", "Kind", ckeditor_secret.TypeMeta.Kind, "Resource.Namespace", ckeditor_secret.Namespace, "Resource.Name", ckeditor_secret.Name)
+ return newApplicationError(err, ErrClientK8s)
+ }
+ return nil
case "svc_nginx":
svc := &corev1.Service{ObjectMeta: metav1.ObjectMeta{Name: d.Name, Namespace: d.Namespace}}
_, err := controllerruntime.CreateOrUpdate(ctx, r.Client, svc, func() error {
@@ -912,6 +923,17 @@ func deploymentForDrupalSite(currentobject *appsv1.Deployment, databaseSecret st
Name: "SMTPHOST",
Value: SMTPHost,
},
+ {
+ Name: "CKEDITOR_LICENSE_KEY",
+ ValueFrom: &corev1.EnvVarSource{
+ SecretKeyRef: &corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: ckeditorSecretName,
+ },
+ Key: "CKEDITOR_LICENSE_KEY",
+ },
+ },
+ },
}
currentobject.Spec.Template.Spec.Containers[i].EnvFrom = []corev1.EnvFromSource{
{
@@ -1419,6 +1441,24 @@ func secretForWebDAV(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite
return nil
}
+// secretForCKEditor returns a Secret object
+func secretForCKEditor(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite) error {
+ addOwnerRefToObject(currentobject, asOwner(d))
+ currentobject.Type = "kubernetes.io/opaque"
+ currentobject.StringData = map[string]string{
+ "CKEDITOR_LICENSE_KEY": "WWxoQmNYSTFabkZvYWpWTVVrSkZjamd6TmpseWN6STRjUT09LU56WXpOelE0TkRZNU9EYzVNems1",
+ }
+ if currentobject.Labels == nil {
+ currentobject.Labels = map[string]string{}
+ }
+ ls := labelsForDrupalSite(d.Name)
+ ls["app"] = "drupal"
+ for k, v := range ls {
+ currentobject.Labels[k] = v
+ }
+ return nil
+}
+
// persistentVolumeClaimForDrupalSite returns a PVC object
func persistentVolumeClaimForDrupalSite(currentobject *corev1.PersistentVolumeClaim, d *webservicesv1a1.DrupalSite) error {
addOwnerRefToObject(currentobject, asOwner(d))
--
GitLab
From 14b9ef59baf5649d74039d52e20331f0f879b885 Mon Sep 17 00:00:00 2001
From: "cristina.petala" <cristina.petala@trasys.gr>
Date: Thu, 18 Jul 2024 16:58:04 +0300
Subject: [PATCH 04/11] fixed typos
---
controllers/drupalsite_controller.go | 1 -
controllers/drupalsite_resources.go | 61 +++++++++++++++-------------
2 files changed, 32 insertions(+), 30 deletions(-)
diff --git a/controllers/drupalsite_controller.go b/controllers/drupalsite_controller.go
index 1fdad848..83e81745 100644
--- a/controllers/drupalsite_controller.go
+++ b/controllers/drupalsite_controller.go
@@ -49,7 +49,6 @@ const (
debugAnnotation = "debug"
adminPauseAnnotation = "admin-pause-reconcile"
oidcSecretName = "oidc-client-secret"
- ckeditorSecretName = "ckeditor-secret"
// Labels used by the Operator
ssoProxyLabel = "drupal.okd.cern.ch/full-sso"
diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index 7159853a..ad710d21 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -253,17 +253,22 @@ func (r *DrupalSiteReconciler) ensureResourceX(ctx context.Context, d *webservic
return newApplicationError(err, ErrClientK8s)
}
return nil
- case "ckeditor_secret":
- ckeditor_secret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: ckeditorSecretName, Namespace: d.Namespace}}
- _, err := controllerruntime.CreateOrUpdate(ctx, r.Client, ckeditor_secret, func() error {
- log.V(4).Info("Ensuring Resource", "Kind", ckeditor_secret.TypeMeta.Kind, "Resource.Namespace", ckeditor_secret.Namespace, "Resource.Name", ckeditor_secret.Name)
- return secretForCKEditor(ckeditor_secret, d)
+ case "ckeditor_license_key_secret":
+ ckeditorLicenseKeySecret := &corev1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "ckeditor-license-key",
+ Namespace: d.Namespace,
+ },
+ }
+ _, err := controllerruntime.CreateOrUpdate(ctx, r.Client, ckeditorLicenseKeySecret, func() error {
+ log.V(4).Info("Ensuring Resource", "Kind", ckeditorLicenseKeySecret.TypeMeta.Kind, "Resource.Namespace", ckeditorLicenseKeySecret.Namespace, "Resource.Name", ckeditorLicenseKeySecret.Name)
+ return secretForCKEditorLicenseKey(ckeditorLicenseKeySecret, d)
})
if err != nil {
- log.Error(err, "Failed to ensure Resource", "Kind", ckeditor_secret.TypeMeta.Kind, "Resource.Namespace", ckeditor_secret.Namespace, "Resource.Name", ckeditor_secret.Name)
+ log.Error(err, "Failed to ensure Resource", "Kind", ckeditorLicenseKeySecret.TypeMeta.Kind, "Resource.Namespace", ckeditorLicenseKeySecret.Namespace, "Resource.Name", ckeditorLicenseKeySecret.Name)
return newApplicationError(err, ErrClientK8s)
}
- return nil
+ return nil
case "svc_nginx":
svc := &corev1.Service{ObjectMeta: metav1.ObjectMeta{Name: d.Name, Namespace: d.Namespace}}
_, err := controllerruntime.CreateOrUpdate(ctx, r.Client, svc, func() error {
@@ -925,10 +930,10 @@ func deploymentForDrupalSite(currentobject *appsv1.Deployment, databaseSecret st
},
{
Name: "CKEDITOR_LICENSE_KEY",
- ValueFrom: &corev1.EnvVarSource{
- SecretKeyRef: &corev1.SecretKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: ckeditorSecretName,
+ ValueFrom: &v1.EnvVarSource{
+ SecretKeyRef: &v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "ckeditor-license-key",
},
Key: "CKEDITOR_LICENSE_KEY",
},
@@ -1440,25 +1445,23 @@ func secretForWebDAV(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite
}
return nil
}
-
-// secretForCKEditor returns a Secret object
-func secretForCKEditor(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite) error {
- addOwnerRefToObject(currentobject, asOwner(d))
- currentobject.Type = "kubernetes.io/opaque"
- currentobject.StringData = map[string]string{
- "CKEDITOR_LICENSE_KEY": "WWxoQmNYSTFabkZvYWpWTVVrSkZjamd6TmpseWN6STRjUT09LU56WXpOelE0TkRZNU9EYzVNems1",
- }
- if currentobject.Labels == nil {
- currentobject.Labels = map[string]string{}
- }
- ls := labelsForDrupalSite(d.Name)
- ls["app"] = "drupal"
- for k, v := range ls {
- currentobject.Labels[k] = v
- }
- return nil
+// secretForCKEditorLicenseKey returns a Secret object for CKEditor license key
+func secretForCKEditorLicenseKey(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite) error {
+ addOwnerRefToObject(currentobject, asOwner(d))
+ currentobject.Type = "Opaque"
+ currentobject.StringData = map[string]string{
+ "CKEDITOR_LICENSE_KEY": "WWxoQmNYSTFabkZvYWpWTVVrSkZjamd6TmpseWN6STRjUT09LU56WXpOelE0TkRZNU9EYzVNems1",
+ }
+ if currentobject.Labels == nil {
+ currentobject.Labels = map[string]string{}
+ }
+ ls := labelsForDrupalSite(d.Name)
+ ls["app"] = "drupal"
+ for k, v := range ls {
+ currentobject.Labels[k] = v
+ }
+ return nil
}
-
// persistentVolumeClaimForDrupalSite returns a PVC object
func persistentVolumeClaimForDrupalSite(currentobject *corev1.PersistentVolumeClaim, d *webservicesv1a1.DrupalSite) error {
addOwnerRefToObject(currentobject, asOwner(d))
--
GitLab
From 13a54293dc46d6a7864d3c44fcef65aa3a517771 Mon Sep 17 00:00:00 2001
From: "cristina.petala" <cristina.petala@trasys.gr>
Date: Fri, 19 Jul 2024 10:05:19 +0300
Subject: [PATCH 05/11] Using os.getenv for the key
---
controllers/drupalsite_resources.go | 71 ++++++++++++++++++++---------
1 file changed, 50 insertions(+), 21 deletions(-)
diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index ad710d21..f27a17da 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -24,6 +24,7 @@ import (
"io/ioutil"
"math/rand"
"net/url"
+ "os"
"strconv"
"time"
@@ -100,6 +101,9 @@ func (r *DrupalSiteReconciler) ensureResources(drp *webservicesv1a1.DrupalSite,
if transientErr := r.ensureResourceX(ctx, drp, "webdav_secret", log); transientErr != nil {
transientErrs = append(transientErrs, transientErr.Wrap("%v: for WebDAV Secret"))
}
+ if transientErr := r.ensureResourceX(ctx, drp, "ckeditor_license_key_secret", log); transientErr != nil {
+ transientErrs = append(transientErrs, transientErr.Wrap("%v: for Ckeditor4LTS Secret"))
+ }
// 3. Serving layer
@@ -212,6 +216,7 @@ ensureResourceX ensure the requested resource is created, with the following val
- oidc_return_uri: Redirection URI for OIDC
- dbod_cr: DBOD custom resource to establish database & respective connection for the drupalsite
- webdav_secret: Secret with credential for WebDAV
+ - ckeditor_license_key_secret: Secret with license key for ckeditor4lts
- backup_schedule: Velero Schedule for scheduled backups of the drupalSite
- tekton_extra_perm_rbac: ClusterRoleBinding for tekton tasks
- gitlab_trigger_secret: Secret for Gitlab trigger config in buildconfig
@@ -254,12 +259,7 @@ func (r *DrupalSiteReconciler) ensureResourceX(ctx context.Context, d *webservic
}
return nil
case "ckeditor_license_key_secret":
- ckeditorLicenseKeySecret := &corev1.Secret{
- ObjectMeta: metav1.ObjectMeta{
- Name: "ckeditor-license-key",
- Namespace: d.Namespace,
- },
- }
+ ckeditorLicenseKeySecret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "ckeditor-license-key", Namespace: d.Namespace}}
_, err := controllerruntime.CreateOrUpdate(ctx, r.Client, ckeditorLicenseKeySecret, func() error {
log.V(4).Info("Ensuring Resource", "Kind", ckeditorLicenseKeySecret.TypeMeta.Kind, "Resource.Namespace", ckeditorLicenseKeySecret.Namespace, "Resource.Name", ckeditorLicenseKeySecret.Name)
return secretForCKEditorLicenseKey(ckeditorLicenseKeySecret, d)
@@ -268,7 +268,7 @@ func (r *DrupalSiteReconciler) ensureResourceX(ctx context.Context, d *webservic
log.Error(err, "Failed to ensure Resource", "Kind", ckeditorLicenseKeySecret.TypeMeta.Kind, "Resource.Namespace", ckeditorLicenseKeySecret.Namespace, "Resource.Name", ckeditorLicenseKeySecret.Name)
return newApplicationError(err, ErrClientK8s)
}
- return nil
+ return nil
case "svc_nginx":
svc := &corev1.Service{ObjectMeta: metav1.ObjectMeta{Name: d.Name, Namespace: d.Namespace}}
_, err := controllerruntime.CreateOrUpdate(ctx, r.Client, svc, func() error {
@@ -1445,23 +1445,30 @@ func secretForWebDAV(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite
}
return nil
}
+
// secretForCKEditorLicenseKey returns a Secret object for CKEditor license key
func secretForCKEditorLicenseKey(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite) error {
- addOwnerRefToObject(currentobject, asOwner(d))
- currentobject.Type = "Opaque"
- currentobject.StringData = map[string]string{
- "CKEDITOR_LICENSE_KEY": "WWxoQmNYSTFabkZvYWpWTVVrSkZjamd6TmpseWN6STRjUT09LU56WXpOelE0TkRZNU9EYzVNems1",
- }
- if currentobject.Labels == nil {
- currentobject.Labels = map[string]string{}
- }
- ls := labelsForDrupalSite(d.Name)
- ls["app"] = "drupal"
- for k, v := range ls {
- currentobject.Labels[k] = v
- }
- return nil
+ addOwnerRefToObject(currentobject, asOwner(d))
+ currentobject.Type = "Opaque"
+ // Retrieve the CKEDITOR_LICENSE_KEY from environment variables
+ ckeditorLicenseKey := os.Getenv("CKEDITOR_LICENSE_KEY")
+ if ckeditorLicenseKey == "" {
+ return fmt.Errorf("CKEDITOR_LICENSE_KEY environment variable is not set")
+ }
+ currentobject.StringData = map[string]string{
+ "CKEDITOR_LICENSE_KEY": ckeditorLicenseKey,
+ }
+ if currentobject.Labels == nil {
+ currentobject.Labels = map[string]string{}
+ }
+ ls := labelsForDrupalSite(d.Name)
+ ls["app"] = "drupal"
+ for k, v := range ls {
+ currentobject.Labels[k] = v
+ }
+ return nil
}
+
// persistentVolumeClaimForDrupalSite returns a PVC object
func persistentVolumeClaimForDrupalSite(currentobject *corev1.PersistentVolumeClaim, d *webservicesv1a1.DrupalSite) error {
addOwnerRefToObject(currentobject, asOwner(d))
@@ -1647,6 +1654,17 @@ func jobForDrupalSiteInstallation(currentobject *batchv1.Job, databaseSecret str
Name: "SMTPHOST",
Value: SMTPHost,
},
+ {
+ Name: "CKEDITOR_LICENSE_KEY",
+ ValueFrom: &v1.EnvVarSource{
+ SecretKeyRef: &v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "ckeditor-license-key",
+ },
+ Key: "CKEDITOR_LICENSE_KEY",
+ },
+ },
+ },
},
EnvFrom: []corev1.EnvFromSource{
{
@@ -1799,6 +1817,17 @@ func jobForDrupalSiteClone(currentobject *batchv1.Job, databaseSecret string, d
Name: "DRUPAL_SHARED_VOLUME",
Value: "/drupal-data-source",
},
+ {
+ Name: "CKEDITOR_LICENSE_KEY",
+ ValueFrom: &v1.EnvVarSource{
+ SecretKeyRef: &v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: "ckeditor-license-key",
+ },
+ Key: "CKEDITOR_LICENSE_KEY",
+ },
+ },
+ },
},
EnvFrom: []corev1.EnvFromSource{
{
--
GitLab
From 16c40ed16307e227b3093b6c770191519d7779fb Mon Sep 17 00:00:00 2001
From: "cristina.petala" <cristina.petala@trasys.gr>
Date: Wed, 24 Jul 2024 10:55:00 +0300
Subject: [PATCH 06/11] added variable in gitlab-ci yaml
---
.gitlab-ci.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e95c537f..44ef9f33 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,6 +15,7 @@ stages:
variables:
DEFAULT_DOMAIN: "webtest.cern.ch"
+ CKEDITOR_LICENSE_KEY: $CKEDITOR_LICENSE_KEY
GoTest:
stage: test
--
GitLab
From 1d3704033f506ff416c102cbb36598d9a17a3041 Mon Sep 17 00:00:00 2001
From: "cristina.petala" <cristina.petala@trasys.gr>
Date: Fri, 26 Jul 2024 11:26:04 +0300
Subject: [PATCH 07/11] first attempt to pass key from parameter
---
.gitlab-ci.yml | 1 -
.../drupalsite-operator/templates/manager-deploy.yaml | 1 +
chart/drupalsite-operator/values.yaml | 1 +
controllers/drupalsite_controller.go | 2 ++
controllers/drupalsite_resources.go | 11 ++++-------
controllers/suite_test.go | 1 +
main.go | 1 +
7 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 44ef9f33..e95c537f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,7 +15,6 @@ stages:
variables:
DEFAULT_DOMAIN: "webtest.cern.ch"
- CKEDITOR_LICENSE_KEY: $CKEDITOR_LICENSE_KEY
GoTest:
stage: test
diff --git a/chart/drupalsite-operator/templates/manager-deploy.yaml b/chart/drupalsite-operator/templates/manager-deploy.yaml
index 887b9396..2311e037 100644
--- a/chart/drupalsite-operator/templates/manager-deploy.yaml
+++ b/chart/drupalsite-operator/templates/manager-deploy.yaml
@@ -35,6 +35,7 @@ spec:
- --easystart-backup-name={{.Values.drupalsiteOperator.easystartBackupName}}
- --supported-drupal-version-name={{.Values.drupalsiteOperator.supportedDrupalVersionName}}
- --velero-backup-storage-location={{.Values.drupalsiteOperator.veleroBackupStorageLocation}}
+ - --ckeditor-license-key={{.Values.drupalsiteOperator.ckeditorLicenseKey}}
command:
- /manager
image: {{ .Values.image | quote }}
diff --git a/chart/drupalsite-operator/values.yaml b/chart/drupalsite-operator/values.yaml
index b7450610..88964a6e 100644
--- a/chart/drupalsite-operator/values.yaml
+++ b/chart/drupalsite-operator/values.yaml
@@ -33,3 +33,4 @@ drupalsiteOperator:
clusterName: {}
easystartBackupName: ""
veleroBackupStorageLocation: "default"
+ ckeditorLicenseKey: "DUMMY_LICENSE_KEY_FOR_TESTING"
diff --git a/controllers/drupalsite_controller.go b/controllers/drupalsite_controller.go
index 83e81745..0e44c246 100644
--- a/controllers/drupalsite_controller.go
+++ b/controllers/drupalsite_controller.go
@@ -84,6 +84,8 @@ var (
SupportedDrupalVersionName string
// VeleroBackupStorageLocation refers to the name of the Velero backupStorageLocation to be used
VeleroBackupStorageLocation string
+ // CkeditorLicenseKey refers to the name of the License key for the ckeditor4lts module
+ CkeditorLicenseKey string
)
// DrupalSiteReconciler reconciles a DrupalSite object
diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index f27a17da..8fb29a53 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -24,7 +24,6 @@ import (
"io/ioutil"
"math/rand"
"net/url"
- "os"
"strconv"
"time"
@@ -262,7 +261,7 @@ func (r *DrupalSiteReconciler) ensureResourceX(ctx context.Context, d *webservic
ckeditorLicenseKeySecret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "ckeditor-license-key", Namespace: d.Namespace}}
_, err := controllerruntime.CreateOrUpdate(ctx, r.Client, ckeditorLicenseKeySecret, func() error {
log.V(4).Info("Ensuring Resource", "Kind", ckeditorLicenseKeySecret.TypeMeta.Kind, "Resource.Namespace", ckeditorLicenseKeySecret.Namespace, "Resource.Name", ckeditorLicenseKeySecret.Name)
- return secretForCKEditorLicenseKey(ckeditorLicenseKeySecret, d)
+ return secretForCKEditorLicenseKey(ckeditorLicenseKeySecret, d, CkeditorLicenseKey)
})
if err != nil {
log.Error(err, "Failed to ensure Resource", "Kind", ckeditorLicenseKeySecret.TypeMeta.Kind, "Resource.Namespace", ckeditorLicenseKeySecret.Namespace, "Resource.Name", ckeditorLicenseKeySecret.Name)
@@ -1446,14 +1445,12 @@ func secretForWebDAV(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite
return nil
}
-// secretForCKEditorLicenseKey returns a Secret object for CKEditor license key
-func secretForCKEditorLicenseKey(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite) error {
+// secretForCKEditorLicenseKey returns the CKEditor license key from a parameter
+func secretForCKEditorLicenseKey(currentobject *corev1.Secret, d *webservicesv1a1.DrupalSite, ckeditorLicenseKey string) error {
addOwnerRefToObject(currentobject, asOwner(d))
currentobject.Type = "Opaque"
- // Retrieve the CKEDITOR_LICENSE_KEY from environment variables
- ckeditorLicenseKey := os.Getenv("CKEDITOR_LICENSE_KEY")
if ckeditorLicenseKey == "" {
- return fmt.Errorf("CKEDITOR_LICENSE_KEY environment variable is not set")
+ return fmt.Errorf("CKEDITOR_LICENSE_KEY parameter is not set")
}
currentobject.StringData = map[string]string{
"CKEDITOR_LICENSE_KEY": ckeditorLicenseKey,
diff --git a/controllers/suite_test.go b/controllers/suite_test.go
index 090f679f..a1728ff9 100644
--- a/controllers/suite_test.go
+++ b/controllers/suite_test.go
@@ -85,6 +85,7 @@ var _ = BeforeSuite(func(done Done) {
EasystartBackupName = "easystart-backup"
SupportedDrupalVersionName = "supported-drupal-versions"
VeleroBackupStorageLocation = "default"
+ CkeditorLicenseKey = "DUMMY_LICENSE_KEY_FOR_TESTING"
By("bootstrapping test environment")
testEnv = &envtest.Environment{
diff --git a/main.go b/main.go
index 651a25f9..3522c8ad 100644
--- a/main.go
+++ b/main.go
@@ -96,6 +96,7 @@ func main() {
flag.StringVar(&controllers.SupportedDrupalVersionName, "supported-drupal-version-name", "supported-drupal-versions", "The name of the resource used cluster-wide for supported drupal versions")
flag.StringVar(&controllers.VeleroBackupStorageLocation, "velero-backup-storage-location", "default", "The name of the backupStorageLocation to be used for Velero Schedules created by the controller")
flag.StringVar(&websiteImagePullPolicyString, "websiteImagePullPolicy", "IfNotPresent", "The default image pull policy for deployed pods. We avoid 'Always' as it makes us more vulnerable to container registry downtime.")
+ flag.StringVar(&controllers.CkeditorLicenseKey, "ckeditor-license-key", "", "License key for the ckeditor4lts module")
opts := zap.Options{
Development: false,
}
--
GitLab
From 2da29a08c5b3f0f1884301adaffb1fbe2d0191db Mon Sep 17 00:00:00 2001
From: "cristina.petala" <cristina.petala@trasys.gr>
Date: Tue, 30 Jul 2024 14:03:47 +0300
Subject: [PATCH 08/11] removing the dummy value from ckeditorLicenseKey
---
chart/drupalsite-operator/values.yaml | 2 +-
controllers/suite_test.go | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/chart/drupalsite-operator/values.yaml b/chart/drupalsite-operator/values.yaml
index 88964a6e..80005cfa 100644
--- a/chart/drupalsite-operator/values.yaml
+++ b/chart/drupalsite-operator/values.yaml
@@ -33,4 +33,4 @@ drupalsiteOperator:
clusterName: {}
easystartBackupName: ""
veleroBackupStorageLocation: "default"
- ckeditorLicenseKey: "DUMMY_LICENSE_KEY_FOR_TESTING"
+ ckeditorLicenseKey: ""
diff --git a/controllers/suite_test.go b/controllers/suite_test.go
index a1728ff9..86ca34b4 100644
--- a/controllers/suite_test.go
+++ b/controllers/suite_test.go
@@ -85,7 +85,7 @@ var _ = BeforeSuite(func(done Done) {
EasystartBackupName = "easystart-backup"
SupportedDrupalVersionName = "supported-drupal-versions"
VeleroBackupStorageLocation = "default"
- CkeditorLicenseKey = "DUMMY_LICENSE_KEY_FOR_TESTING"
+ CkeditorLicenseKey = ""
By("bootstrapping test environment")
testEnv = &envtest.Environment{
--
GitLab
From 62b18fdb8812e801cdaba24c5140507bd216d5f6 Mon Sep 17 00:00:00 2001
From: Carina Antunes <carinadeoliveiraantunes@gmail.com>
Date: Tue, 17 Sep 2024 15:58:19 +0200
Subject: [PATCH 09/11] improvemtns: one ckeditor secret per instance
---
controllers/drupalsite_resources.go | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index 8fb29a53..e2372cdf 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -258,7 +258,8 @@ func (r *DrupalSiteReconciler) ensureResourceX(ctx context.Context, d *webservic
}
return nil
case "ckeditor_license_key_secret":
- ckeditorLicenseKeySecret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "ckeditor-license-key", Namespace: d.Namespace}}
+ secretName := fmt.Sprintf("ckeditor-license-key-%s", d.Name)
+ ckeditorLicenseKeySecret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: secretName, Namespace: d.Namespace}}
_, err := controllerruntime.CreateOrUpdate(ctx, r.Client, ckeditorLicenseKeySecret, func() error {
log.V(4).Info("Ensuring Resource", "Kind", ckeditorLicenseKeySecret.TypeMeta.Kind, "Resource.Namespace", ckeditorLicenseKeySecret.Namespace, "Resource.Name", ckeditorLicenseKeySecret.Name)
return secretForCKEditorLicenseKey(ckeditorLicenseKeySecret, d, CkeditorLicenseKey)
@@ -932,7 +933,7 @@ func deploymentForDrupalSite(currentobject *appsv1.Deployment, databaseSecret st
ValueFrom: &v1.EnvVarSource{
SecretKeyRef: &v1.SecretKeySelector{
LocalObjectReference: v1.LocalObjectReference{
- Name: "ckeditor-license-key",
+ Name: fmt.Sprintf("ckeditor-license-key-%s", d.Name),
},
Key: "CKEDITOR_LICENSE_KEY",
},
@@ -1656,7 +1657,7 @@ func jobForDrupalSiteInstallation(currentobject *batchv1.Job, databaseSecret str
ValueFrom: &v1.EnvVarSource{
SecretKeyRef: &v1.SecretKeySelector{
LocalObjectReference: v1.LocalObjectReference{
- Name: "ckeditor-license-key",
+ Name: fmt.Sprintf("ckeditor-license-key-%s", d.Name),
},
Key: "CKEDITOR_LICENSE_KEY",
},
@@ -1819,7 +1820,7 @@ func jobForDrupalSiteClone(currentobject *batchv1.Job, databaseSecret string, d
ValueFrom: &v1.EnvVarSource{
SecretKeyRef: &v1.SecretKeySelector{
LocalObjectReference: v1.LocalObjectReference{
- Name: "ckeditor-license-key",
+ Name: fmt.Sprintf("ckeditor-license-key-%s", d.Name),
},
Key: "CKEDITOR_LICENSE_KEY",
},
--
GitLab
From c3afc4de4414388cb93b032df5a2d267a1f2cda5 Mon Sep 17 00:00:00 2001
From: Carina Antunes <carinadeoliveiraantunes@gmail.com>
Date: Tue, 17 Sep 2024 16:44:27 +0200
Subject: [PATCH 10/11] enforce new deployment env on update as well
---
controllers/drupalsite_resources.go | 43 +++++++++++++++--------------
1 file changed, 22 insertions(+), 21 deletions(-)
diff --git a/controllers/drupalsite_resources.go b/controllers/drupalsite_resources.go
index e2372cdf..f99d284a 100644
--- a/controllers/drupalsite_resources.go
+++ b/controllers/drupalsite_resources.go
@@ -919,27 +919,6 @@ func deploymentForDrupalSite(currentobject *appsv1.Deployment, databaseSecret st
Name: "php-fpm",
Protocol: "TCP",
}}
- currentobject.Spec.Template.Spec.Containers[i].Env = []corev1.EnvVar{
- {
- Name: "DRUPAL_SHARED_VOLUME",
- Value: "/drupal-data",
- },
- {
- Name: "SMTPHOST",
- Value: SMTPHost,
- },
- {
- Name: "CKEDITOR_LICENSE_KEY",
- ValueFrom: &v1.EnvVarSource{
- SecretKeyRef: &v1.SecretKeySelector{
- LocalObjectReference: v1.LocalObjectReference{
- Name: fmt.Sprintf("ckeditor-license-key-%s", d.Name),
- },
- Key: "CKEDITOR_LICENSE_KEY",
- },
- },
- },
- }
currentobject.Spec.Template.Spec.Containers[i].EnvFrom = []corev1.EnvFromSource{
{
SecretRef: &corev1.SecretEnvSource{
@@ -1192,6 +1171,28 @@ func deploymentForDrupalSite(currentobject *appsv1.Deployment, databaseSecret st
FailureThreshold: 3,
SuccessThreshold: 1,
}
+
+ currentobject.Spec.Template.Spec.Containers[i].Env = []corev1.EnvVar{
+ {
+ Name: "DRUPAL_SHARED_VOLUME",
+ Value: "/drupal-data",
+ },
+ {
+ Name: "SMTPHOST",
+ Value: SMTPHost,
+ },
+ {
+ Name: "CKEDITOR_LICENSE_KEY",
+ ValueFrom: &v1.EnvVarSource{
+ SecretKeyRef: &v1.SecretKeySelector{
+ LocalObjectReference: v1.LocalObjectReference{
+ Name: fmt.Sprintf("ckeditor-license-key-%s", d.Name),
+ },
+ Key: "CKEDITOR_LICENSE_KEY",
+ },
+ },
+ },
+ }
case "php-fpm-exporter":
currentobject.Spec.Template.Spec.Containers[i].Image = PhpFpmExporterImage
currentobject.Spec.Template.Spec.Containers[i].Resources = config.phpExporterResources
--
GitLab
From 249c3645c375f374067b6cb065c2e0de37b585a0 Mon Sep 17 00:00:00 2001
From: Carina Antunes <carina.oliveira.antunes@cern.ch>
Date: Tue, 17 Sep 2024 17:15:26 +0200
Subject: [PATCH 11/11] Update file .gitlab-ci.yml
---
.gitlab-ci.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e95c537f..b0504ab9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,6 +9,10 @@ include:
- project: 'paas-tools/infrastructure-ci'
file: 'docker-images-ci-templates/DockerImages.gitlab-ci.yml'
+Build Topic Branch:
+ variables:
+ TAG: "${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}"
+
stages:
- build
- test
--
GitLab