From 76f83f0ab238f6b9af6e2303a6f2a14948cd64c6 Mon Sep 17 00:00:00 2001 From: andreaTP Date: Thu, 5 May 2022 18:48:03 +0100 Subject: [PATCH] Use the entire podTemplateSpec to spawn the realm-import job --- .../operator/v2alpha1/KeycloakDeployment.java | 2 + .../v2alpha1/KeycloakRealmImportJob.java | 40 +++++++------------ .../keycloak/operator/ClusteringE2EIT.java | 4 +- .../keycloak/operator/RealmImportE2EIT.java | 16 +++++++- 4 files changed, 34 insertions(+), 28 deletions(-) diff --git a/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java b/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java index a1797281a5..2bc225f720 100644 --- a/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java +++ b/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakDeployment.java @@ -134,6 +134,7 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu if (overlayTemplate.getSpec() != null && overlayTemplate.getSpec().getContainers() != null && + overlayTemplate.getSpec().getContainers().size() > 0 && overlayTemplate.getSpec().getContainers().get(0) != null && overlayTemplate.getSpec().getContainers().get(0).getName() != null) { status.addWarningMessage("The name of the keycloak container cannot be modified"); @@ -141,6 +142,7 @@ public class KeycloakDeployment extends OperatorManagedResource implements Statu if (overlayTemplate.getSpec() != null && overlayTemplate.getSpec().getContainers() != null && + overlayTemplate.getSpec().getContainers().size() > 0 && overlayTemplate.getSpec().getContainers().get(0) != null && overlayTemplate.getSpec().getContainers().get(0).getImage() != null) { status.addWarningMessage("The image of the keycloak container cannot be modified using podTemplate"); diff --git a/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakRealmImportJob.java b/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakRealmImportJob.java index 54355007b1..fd562ddbe1 100644 --- a/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakRealmImportJob.java +++ b/operator/src/main/java/org/keycloak/operator/v2alpha1/KeycloakRealmImportJob.java @@ -18,6 +18,7 @@ package org.keycloak.operator.v2alpha1; import io.fabric8.kubernetes.api.model.Container; import io.fabric8.kubernetes.api.model.HasMetadata; +import io.fabric8.kubernetes.api.model.PodTemplateSpec; import io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder; import io.fabric8.kubernetes.api.model.Volume; import io.fabric8.kubernetes.api.model.VolumeBuilder; @@ -86,20 +87,16 @@ public class KeycloakRealmImportJob extends OperatorManagedResource { .get(); } - private Job buildJob(Container keycloakContainer, List volumes) { + private Job buildJob(PodTemplateSpec keycloakPodTemplate) { + keycloakPodTemplate.getSpec().setRestartPolicy("Never"); + return new JobBuilder() .withNewMetadata() .withName(getName()) .withNamespace(getNamespace()) .endMetadata() .withNewSpec() - .withNewTemplate() - .withNewSpec() - .withContainers(keycloakContainer) - .withVolumes(volumes) - .withRestartPolicy("Never") - .endSpec() - .endTemplate() + .withTemplate(keycloakPodTemplate) .endSpec() .build(); } @@ -114,25 +111,18 @@ public class KeycloakRealmImportJob extends OperatorManagedResource { } private Job createImportJob() { - var keycloakContainer = buildKeycloakJobContainer(); - - var volumes = this.existingDeployment.getSpec().getTemplate().getSpec().getVolumes(); - volumes.add(buildSecretVolume()); - var importJob = buildJob(keycloakContainer, volumes); - - return importJob; - } - - private Container buildKeycloakJobContainer() { - var keycloakContainer = - this + var keycloakPodTemplate = this .existingDeployment .getSpec() - .getTemplate() - .getSpec() - .getContainers() - .get(0); + .getTemplate(); + buildKeycloakJobContainer(keycloakPodTemplate.getSpec().getContainers().get(0)); + keycloakPodTemplate.getSpec().getVolumes().add(buildSecretVolume()); + + return buildJob(keycloakPodTemplate); + } + + private void buildKeycloakJobContainer(Container keycloakContainer) { var importMntPath = "/mnt/realm-import/"; var command = List.of("/bin/bash"); @@ -158,8 +148,6 @@ public class KeycloakRealmImportJob extends OperatorManagedResource { // Disable probes since we are not really starting the server keycloakContainer.setReadinessProbe(null); keycloakContainer.setLivenessProbe(null); - - return keycloakContainer; } diff --git a/operator/src/test/java/org/keycloak/operator/ClusteringE2EIT.java b/operator/src/test/java/org/keycloak/operator/ClusteringE2EIT.java index da495fe2ac..8b0ab4e58d 100644 --- a/operator/src/test/java/org/keycloak/operator/ClusteringE2EIT.java +++ b/operator/src/test/java/org/keycloak/operator/ClusteringE2EIT.java @@ -50,7 +50,7 @@ public class ClusteringE2EIT extends ClusterOperatorTest { .untilAsserted(() -> CRAssert.assertKeycloakStatusCondition(crSelector.get(), KeycloakStatusCondition.READY, false)); Awaitility.await() - .atMost(Duration.ofSeconds(5)) + .atMost(Duration.ofSeconds(60)) .ignoreExceptions() .untilAsserted(() -> assertThat(kcPodsSelector.list().getItems().size()).isEqualTo(3)); @@ -118,6 +118,8 @@ public class ClusteringE2EIT extends ClusterOperatorTest { Log.info("Checking Keycloak is stable."); CRAssert.assertKeycloakStatusCondition(crSelector.get(), KeycloakStatusCondition.READY, true); }); + // Remove the completed pod for the job + realmImportSelector.delete(); Log.info("Testing the Keycloak Cluster"); Awaitility.await().atMost(5, MINUTES).ignoreExceptions().untilAsserted(() -> { diff --git a/operator/src/test/java/org/keycloak/operator/RealmImportE2EIT.java b/operator/src/test/java/org/keycloak/operator/RealmImportE2EIT.java index 4c3e640d3d..abe92ad9af 100644 --- a/operator/src/test/java/org/keycloak/operator/RealmImportE2EIT.java +++ b/operator/src/test/java/org/keycloak/operator/RealmImportE2EIT.java @@ -1,5 +1,7 @@ package org.keycloak.operator; +import io.fabric8.kubernetes.api.model.LocalObjectReferenceBuilder; +import io.fabric8.kubernetes.api.model.PodTemplateSpecBuilder; import io.quarkus.logging.Log; import io.quarkus.test.junit.QuarkusTest; import org.awaitility.Awaitility; @@ -7,6 +9,7 @@ import org.junit.jupiter.api.Test; import org.keycloak.operator.utils.CRAssert; import org.keycloak.operator.v2alpha1.KeycloakService; import org.keycloak.operator.v2alpha1.crds.KeycloakRealmImport; +import org.keycloak.operator.v2alpha1.crds.keycloakspec.Unsupported; import static java.util.concurrent.TimeUnit.MINUTES; import static java.util.concurrent.TimeUnit.SECONDS; @@ -25,7 +28,14 @@ public class RealmImportE2EIT extends ClusterOperatorTest { @Test public void testWorkingRealmImport() { // Arrange - deployKeycloak(k8sclient, getDefaultKeycloakDeployment(), false); + var kc = getDefaultKeycloakDeployment(); + var podTemplate = new PodTemplateSpecBuilder() + .withNewSpec() + .withImagePullSecrets(new LocalObjectReferenceBuilder().withName("my-empty-secret").build()) + .endSpec() + .build(); + kc.getSpec().setUnsupported(new Unsupported(podTemplate)); + deployKeycloak(k8sclient, kc, false); // Act k8sclient.load(getClass().getResourceAsStream("/example-realm.yaml")).inNamespace(namespace).createOrReplace(); @@ -54,6 +64,10 @@ public class RealmImportE2EIT extends ClusterOperatorTest { CRAssert.assertKeycloakRealmImportStatusCondition(crSelector.get(), STARTED, false); CRAssert.assertKeycloakRealmImportStatusCondition(crSelector.get(), HAS_ERRORS, false); }); + var job = k8sclient.batch().v1().jobs().inNamespace(namespace).withName("example-count0-kc").get(); + assertThat(job.getSpec().getTemplate().getSpec().getImagePullSecrets().size()).isEqualTo(1); + assertThat(job.getSpec().getTemplate().getSpec().getImagePullSecrets().get(0).getName()).isEqualTo("my-empty-secret"); + var service = new KeycloakService(k8sclient, getDefaultKeycloakDeployment()); String url = "https://" + service.getName() + "." + namespace + ":" + KEYCLOAK_HTTPS_PORT + "/realms/count0";