ensures support for cluster-wide monitoring (#22821)
Partially addresses #15888
This commit is contained in:
parent
ed443a962e
commit
b343f87c60
16 changed files with 72 additions and 31 deletions
37
.github/workflows/operator-ci.yml
vendored
37
.github/workflows/operator-ci.yml
vendored
|
@ -190,14 +190,41 @@ jobs:
|
|||
- name: Deploy an example Keycloak and wait for it to be ready
|
||||
working-directory: operator
|
||||
run: |
|
||||
kubectl apply -f src/main/resources/example-postgres.yaml
|
||||
kubectl apply -f src/test/resources/example-postgres.yaml
|
||||
./scripts/check-crds-installed.sh
|
||||
kubectl apply -f src/main/resources/example-db-secret.yaml
|
||||
kubectl apply -f src/main/resources/example-tls-secret.yaml
|
||||
kubectl apply -f src/main/resources/example-keycloak.yaml
|
||||
kubectl apply -f src/main/resources/example-realm.yaml
|
||||
kubectl apply -f src/test/resources/example-db-secret.yaml
|
||||
kubectl apply -f src/test/resources/example-tls-secret.yaml
|
||||
kubectl apply -f src/test/resources/example-keycloak.yaml
|
||||
kubectl apply -f src/test/resources/example-realm.yaml
|
||||
# Wait for the CRs to be ready
|
||||
./scripts/check-examples-installed.sh
|
||||
|
||||
- name: Single namespace cleanup
|
||||
working-directory: operator
|
||||
run: |
|
||||
kubectl delete -f src/test/resources/example-postgres.yaml
|
||||
kubectl delete -f src/test/resources/example-db-secret.yaml
|
||||
kubectl delete -f src/test/resources/example-tls-secret.yaml
|
||||
kubectl delete -f src/test/resources/example-keycloak.yaml
|
||||
kubectl delete -f src/test/resources/example-realm.yaml
|
||||
|
||||
- name: Arrange OLM test installation for all namespaces
|
||||
working-directory: operator
|
||||
run: |
|
||||
kubectl patch csv keycloak-operator.v86400000.0.0 --type merge --patch '{"spec": {"installModes": [{"type": "AllNamespaces","supported": true}]}}'
|
||||
kubectl patch operatorgroup og --type json --patch '[{"op":"remove","path":"/spec/targetNamespaces"}]'
|
||||
|
||||
- name: Deploy an example Keycloak in a different namespace and wait for it to be ready
|
||||
working-directory: operator
|
||||
run: |
|
||||
kubectl create ns keycloak
|
||||
kubectl apply -f src/test/resources/example-postgres.yaml -n keycloak
|
||||
kubectl apply -f src/test/resources/example-db-secret.yaml -n keycloak
|
||||
kubectl apply -f src/test/resources/example-tls-secret.yaml -n keycloak
|
||||
kubectl apply -f src/test/resources/example-keycloak.yaml -n keycloak
|
||||
kubectl apply -f src/test/resources/example-realm.yaml -n keycloak
|
||||
# Wait for the CRs to be ready
|
||||
./scripts/check-examples-installed.sh keycloak
|
||||
|
||||
check:
|
||||
name: Status Check - Keycloak Operator CI
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
#! /bin/bash
|
||||
set -euxo pipefail
|
||||
|
||||
NAMESPACE=${1:-default}
|
||||
|
||||
max_retries=500
|
||||
c=0
|
||||
while [[ $(kubectl get keycloaks/example-kc -o jsonpath="{.status.conditions[?(@.type == 'Ready')].status}") != "True" ]]
|
||||
while [[ $(kubectl -n $NAMESPACE get keycloaks/example-kc -o jsonpath="{.status.conditions[?(@.type == 'Ready')].status}") != "True" ]]
|
||||
do
|
||||
echo "waiting for Keycloak example-kc status"
|
||||
((c++)) && ((c==max_retries)) && exit -1
|
||||
|
@ -11,7 +13,7 @@ do
|
|||
done
|
||||
|
||||
c=0
|
||||
while [[ $(kubectl get keycloakrealmimports/example-count0-kc -o jsonpath="{.status.conditions[?(@.type == 'Done')].status}") != "True" ]]
|
||||
while [[ $(kubectl -n $NAMESPACE get keycloakrealmimports/example-count0-kc -o jsonpath="{.status.conditions[?(@.type == 'Done')].status}") != "True" ]]
|
||||
do
|
||||
echo "waiting for Keycloak Realm Import example-count0-kc status"
|
||||
((c++)) && ((c==max_retries)) && exit -1
|
||||
|
|
|
@ -6,6 +6,8 @@ DOCKER_REGISTRY=$2
|
|||
|
||||
UUID=${3:-""}
|
||||
|
||||
TARGET_NAMESPACES=${4-default}
|
||||
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
|
||||
rm -rf $SCRIPT_DIR/../olm/testing-resources
|
||||
|
@ -27,23 +29,28 @@ spec:
|
|||
interval: 10m
|
||||
EOF
|
||||
|
||||
cat << EOF >> $SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml
|
||||
|
||||
OPERATOR_GROUP_FILE=$SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml
|
||||
|
||||
cat << EOF >> $OPERATOR_GROUP_FILE
|
||||
kind: OperatorGroup
|
||||
apiVersion: operators.coreos.com/v1
|
||||
metadata:
|
||||
name: og-single
|
||||
namespace: default
|
||||
name: og
|
||||
spec:
|
||||
targetNamespaces:
|
||||
- default
|
||||
EOF
|
||||
|
||||
IFS=', ' read -r -a array <<< "$TARGET_NAMESPACES"
|
||||
for element in "${array[@]}"
|
||||
do
|
||||
yq ea -i ".spec.targetNamespaces += [\"$element\"]" $OPERATOR_GROUP_FILE
|
||||
done
|
||||
|
||||
cat << EOF >> $SCRIPT_DIR/../olm/testing-resources/subscription.yaml
|
||||
apiVersion: operators.coreos.com/v1alpha1
|
||||
kind: Subscription
|
||||
metadata:
|
||||
name: keycloak-operator
|
||||
namespace: default
|
||||
spec:
|
||||
installPlanApproval: Automatic
|
||||
name: keycloak-operator
|
||||
|
|
|
@ -3,6 +3,8 @@ set -euxo pipefail
|
|||
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
|
||||
INSTALL_NAMESPACE=${1:-default}
|
||||
|
||||
# Delete the default catalog if it exists
|
||||
sh -c "kubectl delete catalogsources operatorhubio-catalog -n olm | true"
|
||||
|
||||
|
@ -18,5 +20,5 @@ do
|
|||
sleep 1
|
||||
done
|
||||
|
||||
kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml
|
||||
kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/subscription.yaml
|
||||
kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml -n $INSTALL_NAMESPACE
|
||||
kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/subscription.yaml -n $INSTALL_NAMESPACE
|
||||
|
|
|
@ -3,6 +3,10 @@ set -euxo pipefail
|
|||
|
||||
UUID=${1:-$(git rev-parse --short HEAD)}
|
||||
|
||||
INSTALL_NAMESPACE=${2:-default}
|
||||
|
||||
TARGET_NAMESPACES=${3-$INSTALL_NAMESPACE}
|
||||
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
|
||||
# This version translates to one day for ttl.sh
|
||||
|
@ -28,6 +32,6 @@ VERSION="86400000.0.0"
|
|||
docker push "ttl.sh/${UUID}keycloak-operator:${VERSION}"
|
||||
)
|
||||
|
||||
$SCRIPT_DIR/prepare-olm-test.sh ttl.sh ${VERSION} NONE ${UUID}
|
||||
$SCRIPT_DIR/prepare-olm-test.sh ttl.sh ${VERSION} NONE ${UUID} $TARGET_NAMESPACES
|
||||
|
||||
$SCRIPT_DIR/install-keycloak-operator.sh
|
||||
$SCRIPT_DIR/install-keycloak-operator.sh $INSTALL_NAMESPACE
|
||||
|
|
|
@ -10,6 +10,8 @@ PREV_VERSION="$3"
|
|||
|
||||
UUID=${4:-""}
|
||||
|
||||
TARGET_NAMESPACES=${5-default}
|
||||
|
||||
OPERATOR_IMAGE_NAME="keycloak-operator"
|
||||
OPERATOR_DOCKER_IMAGE="$DOCKER_REGISTRY/${UUID}$OPERATOR_IMAGE_NAME"
|
||||
|
||||
|
@ -31,4 +33,4 @@ $SCRIPT_DIR/create-olm-test-catalog.sh $VERSION $DOCKER_REGISTRY/${UUID}keycloak
|
|||
docker push $DOCKER_REGISTRY/${UUID}keycloak-test-catalog:$VERSION)
|
||||
|
||||
# Create testing resources
|
||||
$SCRIPT_DIR/create-olm-test-resources.sh $VERSION $DOCKER_REGISTRY ${UUID}
|
||||
$SCRIPT_DIR/create-olm-test-resources.sh $VERSION $DOCKER_REGISTRY ${UUID} $TARGET_NAMESPACES
|
||||
|
|
|
@ -46,9 +46,7 @@ import java.util.concurrent.TimeUnit;
|
|||
|
||||
import jakarta.inject.Inject;
|
||||
|
||||
import static io.javaoperatorsdk.operator.api.reconciler.Constants.WATCH_CURRENT_NAMESPACE;
|
||||
|
||||
@ControllerConfiguration(namespaces = WATCH_CURRENT_NAMESPACE,
|
||||
@ControllerConfiguration(
|
||||
dependents = {
|
||||
@Dependent(type = KeycloakAdminSecretDependentResource.class),
|
||||
@Dependent(type = KeycloakIngressDependentResource.class, reconcilePrecondition = KeycloakIngressDependentResource.EnabledCondition.class),
|
||||
|
@ -68,12 +66,12 @@ public class KeycloakController implements Reconciler<Keycloak>, EventSourceInit
|
|||
|
||||
@Override
|
||||
public Map<String, EventSource> prepareEventSources(EventSourceContext<Keycloak> context) {
|
||||
String namespace = context.getControllerConfiguration().getConfigurationService().getKubernetesClient().getNamespace();
|
||||
var namespaces = context.getControllerConfiguration().getNamespaces();
|
||||
|
||||
InformerConfiguration<StatefulSet> statefulSetIC = InformerConfiguration
|
||||
.from(StatefulSet.class)
|
||||
.withLabelSelector(Constants.DEFAULT_LABELS_AS_STRING)
|
||||
.withNamespaces(namespace)
|
||||
.withNamespaces(namespaces)
|
||||
.withSecondaryToPrimaryMapper(Mappers.fromOwnerReference())
|
||||
.withOnUpdateFilter(new MetadataAwareOnUpdateFilter<>())
|
||||
.build();
|
||||
|
@ -81,7 +79,7 @@ public class KeycloakController implements Reconciler<Keycloak>, EventSourceInit
|
|||
InformerConfiguration<Service> servicesIC = InformerConfiguration
|
||||
.from(Service.class)
|
||||
.withLabelSelector(Constants.DEFAULT_LABELS_AS_STRING)
|
||||
.withNamespaces(namespace)
|
||||
.withNamespaces(namespaces)
|
||||
.withSecondaryToPrimaryMapper(Mappers.fromOwnerReference())
|
||||
.withOnUpdateFilter(new MetadataAwareOnUpdateFilter<>())
|
||||
.build();
|
||||
|
|
|
@ -41,9 +41,7 @@ import java.util.concurrent.TimeUnit;
|
|||
|
||||
import jakarta.inject.Inject;
|
||||
|
||||
import static io.javaoperatorsdk.operator.api.reconciler.Constants.WATCH_CURRENT_NAMESPACE;
|
||||
|
||||
@ControllerConfiguration(namespaces = WATCH_CURRENT_NAMESPACE,
|
||||
@ControllerConfiguration(
|
||||
dependents = {
|
||||
@Dependent(type = KeycloakRealmImportSecretDependentResource.class)
|
||||
})
|
||||
|
|
|
@ -51,10 +51,8 @@ import java.util.stream.Collectors;
|
|||
import jakarta.enterprise.context.ApplicationScoped;
|
||||
import jakarta.inject.Inject;
|
||||
|
||||
import static io.javaoperatorsdk.operator.api.reconciler.Constants.WATCH_CURRENT_NAMESPACE;
|
||||
|
||||
@ApplicationScoped
|
||||
@ControllerConfiguration(namespaces = WATCH_CURRENT_NAMESPACE, labelSelector = Constants.KEYCLOAK_COMPONENT_LABEL + "=" + WatchedSecrets.WATCHED_SECRETS_LABEL_VALUE)
|
||||
@ControllerConfiguration(labelSelector = Constants.KEYCLOAK_COMPONENT_LABEL + "=" + WatchedSecrets.WATCHED_SECRETS_LABEL_VALUE)
|
||||
public class WatchedSecretsController implements Reconciler<Secret>, EventSourceInitializer<Secret>, WatchedSecrets {
|
||||
|
||||
@Inject
|
||||
|
|
|
@ -13,3 +13,6 @@ quarkus.kubernetes.env.vars.operator-keycloak-image=${operator.keycloak.image}
|
|||
# Bundle config
|
||||
quarkus.operator-sdk.bundle.package-name=keycloak-operator
|
||||
quarkus.operator-sdk.bundle.channels=fast
|
||||
|
||||
quarkus.operator-sdk.namespaces=JOSDK_WATCH_CURRENT
|
||||
quarkus.operator-sdk.generate-with-watched-namespaces=JOSDK_WATCH_CURRENT
|
||||
|
|
|
@ -172,7 +172,7 @@ public class BaseOperatorTest implements QuarkusTestAfterEachCallback {
|
|||
|
||||
for (Reconciler<?> reconciler : reconcilers) {
|
||||
Log.info("Register and apply : " + reconciler.getClass().getName());
|
||||
operator.register(reconciler);
|
||||
operator.register(reconciler, overrider -> overrider.settingNamespace(namespace));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue