-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathdeployment.go
87 lines (75 loc) · 2.89 KB
/
deployment.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package logsigner
import (
"context"
"fmt"
"github.com/securesign/operator/internal/controller/common/action"
"github.com/securesign/operator/internal/controller/common/utils/kubernetes"
"github.com/securesign/operator/internal/controller/common/utils/kubernetes/ensure"
"github.com/securesign/operator/internal/controller/constants"
"github.com/securesign/operator/internal/controller/labels"
"github.com/securesign/operator/internal/controller/trillian/actions"
trillianUtils "github.com/securesign/operator/internal/controller/trillian/utils"
"golang.org/x/exp/maps"
apps "k8s.io/api/apps/v1"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1"
)
func NewDeployAction() action.Action[*rhtasv1alpha1.Trillian] {
return &deployAction{}
}
type deployAction struct {
action.BaseAction
}
func (i deployAction) Name() string {
return "deploy"
}
func (i deployAction) CanHandle(_ context.Context, instance *rhtasv1alpha1.Trillian) bool {
c := meta.FindStatusCondition(instance.Status.Conditions, constants.Ready)
return c.Reason == constants.Creating || c.Reason == constants.Ready
}
func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Trillian) *action.Result {
var (
err error
result controllerutil.OperationResult
)
labels := labels.For(actions.LogSignerComponentName, actions.LogsignerDeploymentName, instance.Name)
caTrustRef := ensure.TrustedCAAnnotationToReference(instance.Annotations)
// override if spec.trustedCA is defined
if instance.Spec.TrustedCA != nil {
caTrustRef = instance.Spec.TrustedCA
}
if result, err = kubernetes.CreateOrUpdate(ctx, i.Client,
&apps.Deployment{
ObjectMeta: metav1.ObjectMeta{
Name: actions.LogsignerDeploymentName,
Namespace: instance.Namespace,
},
},
trillianUtils.EnsureServerDeployment(instance, constants.TrillianLogSignerImage, actions.LogsignerDeploymentName, actions.RBACName, labels,
"--election_system=k8s", "--lock_namespace=$(NAMESPACE)", "--lock_holder_identity=$(POD_NAME)"),
ensure.ControllerReference[*apps.Deployment](instance, i.Client),
ensure.Labels[*apps.Deployment](maps.Keys(labels), labels),
ensure.Proxy(),
ensure.TrustedCA(caTrustRef),
); err != nil {
return i.Error(ctx, fmt.Errorf("could not create Trillian LogSigner: %w", err), instance, metav1.Condition{
Type: actions.SignerCondition,
Status: metav1.ConditionFalse,
Reason: constants.Failure,
Message: err.Error(),
})
}
if result != controllerutil.OperationResultNone {
meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
Type: actions.SignerCondition,
Status: metav1.ConditionFalse,
Reason: constants.Creating,
Message: "Deployment created",
})
return i.StatusUpdate(ctx, instance)
} else {
return i.Continue()
}
}