Unverified Commit ed74bed0 authored by OpenShift Merge Robot's avatar OpenShift Merge Robot Committed by GitHub
Browse files

Merge pull request #621 from sgreene570/bz-1955822-use-secret-for-router-stats

Bug 1955822: Ingress: Mount router stats secret as a volume
parents 2a9e3c24 7b3f4031
......@@ -358,24 +358,28 @@ func desiredRouterDeployment(ci *operatorv1.IngressController, ingressController
}}
statsSecretName := fmt.Sprintf("router-stats-%s", ci.Name)
statsVolumeName := "stats-auth"
statsVolumeMountPath := "/var/lib/haproxy/conf/metrics-auth"
statsVolume := corev1.Volume{
Name: statsVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: statsSecretName,
},
},
}
statsVolumeMount := corev1.VolumeMount{
Name: statsVolumeName,
MountPath: statsVolumeMountPath,
ReadOnly: true,
}
volumes = append(volumes, statsVolume)
routerVolumeMounts = append(routerVolumeMounts, statsVolumeMount)
env := []corev1.EnvVar{
{Name: "ROUTER_SERVICE_NAME", Value: ci.Name},
{Name: "STATS_USERNAME", ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: statsSecretName,
},
Key: "statsUsername",
},
}},
{Name: "STATS_PASSWORD", ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: statsSecretName,
},
Key: "statsPassword",
},
}},
{Name: "STATS_USERNAME_FILE", Value: filepath.Join(statsVolumeMountPath, "statsUsername")},
{Name: "STATS_PASSWORD_FILE", Value: filepath.Join(statsVolumeMountPath, "statsPassword")},
}
// Enable prometheus metrics
......
......@@ -224,14 +224,23 @@ func TestDesiredRouterDeployment(t *testing.T) {
checkDeploymentHasEnvVar(t, deployment, "ROUTER_CANONICAL_HOSTNAME", false, "")
if deployment.Spec.Template.Spec.Volumes[0].Secret == nil {
t.Error("router Deployment has no secret volume")
checkDeploymentHasEnvVar(t, deployment, "STATS_USERNAME_FILE", true, "/var/lib/haproxy/conf/metrics-auth/statsUsername")
checkDeploymentHasEnvVar(t, deployment, "STATS_PASSWORD_FILE", true, "/var/lib/haproxy/conf/metrics-auth/statsPassword")
expectedVolumeSecretPairs := map[string]string{
"default-certificate": fmt.Sprintf("router-certs-%s", ci.Name),
"metrics-certs": fmt.Sprintf("router-metrics-certs-%s", ci.Name),
"stats-auth": fmt.Sprintf("router-stats-%s", ci.Name),
}
defaultSecretName := fmt.Sprintf("router-certs-%s", ci.Name)
if deployment.Spec.Template.Spec.Volumes[0].Secret.SecretName != defaultSecretName {
t.Errorf("router Deployment expected volume with secret %s, got %s",
defaultSecretName, deployment.Spec.Template.Spec.Volumes[0].Secret.SecretName)
for _, volume := range deployment.Spec.Template.Spec.Volumes {
if secretName, ok := expectedVolumeSecretPairs[volume.Name]; ok {
if volume.Secret.SecretName != secretName {
t.Errorf("router Deployment expected volume %s to have secret %s, got %s", volume.Name, secretName, volume.Secret.SecretName)
}
} else if volume.Name != "service-ca-bundle" {
t.Errorf("router deployment has unexpected volume %s", volume.Name)
}
}
if expected, got := 2, len(deployment.Spec.Template.Annotations); expected != got {
......@@ -546,12 +555,20 @@ func TestDesiredRouterDeployment(t *testing.T) {
t.Errorf("expected startup probe host to be \"localhost\", got %q", deployment.Spec.Template.Spec.Containers[0].StartupProbe.Handler.HTTPGet.Host)
}
if deployment.Spec.Template.Spec.Volumes[0].Secret == nil {
t.Error("router Deployment has no secret volume")
expectedVolumeSecretPairs = map[string]string{
"default-certificate": secretName,
"metrics-certs": fmt.Sprintf("router-metrics-certs-%s", ci.Name),
"stats-auth": fmt.Sprintf("router-stats-%s", ci.Name),
}
if deployment.Spec.Template.Spec.Volumes[0].Secret.SecretName != secretName {
t.Errorf("expected router Deployment volume with secret %s, got %s",
secretName, deployment.Spec.Template.Spec.Volumes[0].Secret.SecretName)
for _, volume := range deployment.Spec.Template.Spec.Volumes {
if secretName, ok := expectedVolumeSecretPairs[volume.Name]; ok {
if volume.Secret.SecretName != secretName {
t.Errorf("router Deployment expected volume %s to have secret %s, got %s", volume.Name, secretName, volume.Secret.SecretName)
}
} else if volume.Name != "service-ca-bundle" {
t.Errorf("router deployment has unexpected volume %s", volume.Name)
}
}
checkDeploymentHasContainer(t, deployment, operatorv1.ContainerLoggingSidecarContainerName, false)
......@@ -1078,6 +1095,14 @@ func TestDeploymentConfigChanged(t *testing.T) {
},
},
},
{
Name: "stats-auth",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: "router-stats-default",
},
},
},
},
Containers: []corev1.Container{
{
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment