ensures support for cluster-wide monitoring (#22821)
Partially addresses #15888
This commit is contained in:
parent
ed443a962e
commit
b343f87c60
16 changed files with 72 additions and 31 deletions
37
.github/workflows/operator-ci.yml
vendored
37
.github/workflows/operator-ci.yml
vendored
|
@ -190,15 +190,42 @@ jobs:
|
||||||
- name: Deploy an example Keycloak and wait for it to be ready
|
- name: Deploy an example Keycloak and wait for it to be ready
|
||||||
working-directory: operator
|
working-directory: operator
|
||||||
run: |
|
run: |
|
||||||
kubectl apply -f src/main/resources/example-postgres.yaml
|
kubectl apply -f src/test/resources/example-postgres.yaml
|
||||||
./scripts/check-crds-installed.sh
|
./scripts/check-crds-installed.sh
|
||||||
kubectl apply -f src/main/resources/example-db-secret.yaml
|
kubectl apply -f src/test/resources/example-db-secret.yaml
|
||||||
kubectl apply -f src/main/resources/example-tls-secret.yaml
|
kubectl apply -f src/test/resources/example-tls-secret.yaml
|
||||||
kubectl apply -f src/main/resources/example-keycloak.yaml
|
kubectl apply -f src/test/resources/example-keycloak.yaml
|
||||||
kubectl apply -f src/main/resources/example-realm.yaml
|
kubectl apply -f src/test/resources/example-realm.yaml
|
||||||
# Wait for the CRs to be ready
|
# Wait for the CRs to be ready
|
||||||
./scripts/check-examples-installed.sh
|
./scripts/check-examples-installed.sh
|
||||||
|
|
||||||
|
- name: Single namespace cleanup
|
||||||
|
working-directory: operator
|
||||||
|
run: |
|
||||||
|
kubectl delete -f src/test/resources/example-postgres.yaml
|
||||||
|
kubectl delete -f src/test/resources/example-db-secret.yaml
|
||||||
|
kubectl delete -f src/test/resources/example-tls-secret.yaml
|
||||||
|
kubectl delete -f src/test/resources/example-keycloak.yaml
|
||||||
|
kubectl delete -f src/test/resources/example-realm.yaml
|
||||||
|
|
||||||
|
- name: Arrange OLM test installation for all namespaces
|
||||||
|
working-directory: operator
|
||||||
|
run: |
|
||||||
|
kubectl patch csv keycloak-operator.v86400000.0.0 --type merge --patch '{"spec": {"installModes": [{"type": "AllNamespaces","supported": true}]}}'
|
||||||
|
kubectl patch operatorgroup og --type json --patch '[{"op":"remove","path":"/spec/targetNamespaces"}]'
|
||||||
|
|
||||||
|
- name: Deploy an example Keycloak in a different namespace and wait for it to be ready
|
||||||
|
working-directory: operator
|
||||||
|
run: |
|
||||||
|
kubectl create ns keycloak
|
||||||
|
kubectl apply -f src/test/resources/example-postgres.yaml -n keycloak
|
||||||
|
kubectl apply -f src/test/resources/example-db-secret.yaml -n keycloak
|
||||||
|
kubectl apply -f src/test/resources/example-tls-secret.yaml -n keycloak
|
||||||
|
kubectl apply -f src/test/resources/example-keycloak.yaml -n keycloak
|
||||||
|
kubectl apply -f src/test/resources/example-realm.yaml -n keycloak
|
||||||
|
# Wait for the CRs to be ready
|
||||||
|
./scripts/check-examples-installed.sh keycloak
|
||||||
|
|
||||||
check:
|
check:
|
||||||
name: Status Check - Keycloak Operator CI
|
name: Status Check - Keycloak Operator CI
|
||||||
if: always()
|
if: always()
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
|
|
||||||
|
NAMESPACE=${1:-default}
|
||||||
|
|
||||||
max_retries=500
|
max_retries=500
|
||||||
c=0
|
c=0
|
||||||
while [[ $(kubectl get keycloaks/example-kc -o jsonpath="{.status.conditions[?(@.type == 'Ready')].status}") != "True" ]]
|
while [[ $(kubectl -n $NAMESPACE get keycloaks/example-kc -o jsonpath="{.status.conditions[?(@.type == 'Ready')].status}") != "True" ]]
|
||||||
do
|
do
|
||||||
echo "waiting for Keycloak example-kc status"
|
echo "waiting for Keycloak example-kc status"
|
||||||
((c++)) && ((c==max_retries)) && exit -1
|
((c++)) && ((c==max_retries)) && exit -1
|
||||||
|
@ -11,7 +13,7 @@ do
|
||||||
done
|
done
|
||||||
|
|
||||||
c=0
|
c=0
|
||||||
while [[ $(kubectl get keycloakrealmimports/example-count0-kc -o jsonpath="{.status.conditions[?(@.type == 'Done')].status}") != "True" ]]
|
while [[ $(kubectl -n $NAMESPACE get keycloakrealmimports/example-count0-kc -o jsonpath="{.status.conditions[?(@.type == 'Done')].status}") != "True" ]]
|
||||||
do
|
do
|
||||||
echo "waiting for Keycloak Realm Import example-count0-kc status"
|
echo "waiting for Keycloak Realm Import example-count0-kc status"
|
||||||
((c++)) && ((c==max_retries)) && exit -1
|
((c++)) && ((c==max_retries)) && exit -1
|
||||||
|
|
|
@ -6,6 +6,8 @@ DOCKER_REGISTRY=$2
|
||||||
|
|
||||||
UUID=${3:-""}
|
UUID=${3:-""}
|
||||||
|
|
||||||
|
TARGET_NAMESPACES=${4-default}
|
||||||
|
|
||||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||||
|
|
||||||
rm -rf $SCRIPT_DIR/../olm/testing-resources
|
rm -rf $SCRIPT_DIR/../olm/testing-resources
|
||||||
|
@ -27,23 +29,28 @@ spec:
|
||||||
interval: 10m
|
interval: 10m
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat << EOF >> $SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml
|
|
||||||
|
OPERATOR_GROUP_FILE=$SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml
|
||||||
|
|
||||||
|
cat << EOF >> $OPERATOR_GROUP_FILE
|
||||||
kind: OperatorGroup
|
kind: OperatorGroup
|
||||||
apiVersion: operators.coreos.com/v1
|
apiVersion: operators.coreos.com/v1
|
||||||
metadata:
|
metadata:
|
||||||
name: og-single
|
name: og
|
||||||
namespace: default
|
|
||||||
spec:
|
spec:
|
||||||
targetNamespaces:
|
|
||||||
- default
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
IFS=', ' read -r -a array <<< "$TARGET_NAMESPACES"
|
||||||
|
for element in "${array[@]}"
|
||||||
|
do
|
||||||
|
yq ea -i ".spec.targetNamespaces += [\"$element\"]" $OPERATOR_GROUP_FILE
|
||||||
|
done
|
||||||
|
|
||||||
cat << EOF >> $SCRIPT_DIR/../olm/testing-resources/subscription.yaml
|
cat << EOF >> $SCRIPT_DIR/../olm/testing-resources/subscription.yaml
|
||||||
apiVersion: operators.coreos.com/v1alpha1
|
apiVersion: operators.coreos.com/v1alpha1
|
||||||
kind: Subscription
|
kind: Subscription
|
||||||
metadata:
|
metadata:
|
||||||
name: keycloak-operator
|
name: keycloak-operator
|
||||||
namespace: default
|
|
||||||
spec:
|
spec:
|
||||||
installPlanApproval: Automatic
|
installPlanApproval: Automatic
|
||||||
name: keycloak-operator
|
name: keycloak-operator
|
||||||
|
|
|
@ -3,6 +3,8 @@ set -euxo pipefail
|
||||||
|
|
||||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||||
|
|
||||||
|
INSTALL_NAMESPACE=${1:-default}
|
||||||
|
|
||||||
# Delete the default catalog if it exists
|
# Delete the default catalog if it exists
|
||||||
sh -c "kubectl delete catalogsources operatorhubio-catalog -n olm | true"
|
sh -c "kubectl delete catalogsources operatorhubio-catalog -n olm | true"
|
||||||
|
|
||||||
|
@ -18,5 +20,5 @@ do
|
||||||
sleep 1
|
sleep 1
|
||||||
done
|
done
|
||||||
|
|
||||||
kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml
|
kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml -n $INSTALL_NAMESPACE
|
||||||
kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/subscription.yaml
|
kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/subscription.yaml -n $INSTALL_NAMESPACE
|
||||||
|
|
|
@ -3,6 +3,10 @@ set -euxo pipefail
|
||||||
|
|
||||||
UUID=${1:-$(git rev-parse --short HEAD)}
|
UUID=${1:-$(git rev-parse --short HEAD)}
|
||||||
|
|
||||||
|
INSTALL_NAMESPACE=${2:-default}
|
||||||
|
|
||||||
|
TARGET_NAMESPACES=${3-$INSTALL_NAMESPACE}
|
||||||
|
|
||||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||||
|
|
||||||
# This version translates to one day for ttl.sh
|
# This version translates to one day for ttl.sh
|
||||||
|
@ -28,6 +32,6 @@ VERSION="86400000.0.0"
|
||||||
docker push "ttl.sh/${UUID}keycloak-operator:${VERSION}"
|
docker push "ttl.sh/${UUID}keycloak-operator:${VERSION}"
|
||||||
)
|
)
|
||||||
|
|
||||||
$SCRIPT_DIR/prepare-olm-test.sh ttl.sh ${VERSION} NONE ${UUID}
|
$SCRIPT_DIR/prepare-olm-test.sh ttl.sh ${VERSION} NONE ${UUID} $TARGET_NAMESPACES
|
||||||
|
|
||||||
$SCRIPT_DIR/install-keycloak-operator.sh
|
$SCRIPT_DIR/install-keycloak-operator.sh $INSTALL_NAMESPACE
|
||||||
|
|
|
@ -10,6 +10,8 @@ PREV_VERSION="$3"
|
||||||
|
|
||||||
UUID=${4:-""}
|
UUID=${4:-""}
|
||||||
|
|
||||||
|
TARGET_NAMESPACES=${5-default}
|
||||||
|
|
||||||
OPERATOR_IMAGE_NAME="keycloak-operator"
|
OPERATOR_IMAGE_NAME="keycloak-operator"
|
||||||
OPERATOR_DOCKER_IMAGE="$DOCKER_REGISTRY/${UUID}$OPERATOR_IMAGE_NAME"
|
OPERATOR_DOCKER_IMAGE="$DOCKER_REGISTRY/${UUID}$OPERATOR_IMAGE_NAME"
|
||||||
|
|
||||||
|
@ -31,4 +33,4 @@ $SCRIPT_DIR/create-olm-test-catalog.sh $VERSION $DOCKER_REGISTRY/${UUID}keycloak
|
||||||
docker push $DOCKER_REGISTRY/${UUID}keycloak-test-catalog:$VERSION)
|
docker push $DOCKER_REGISTRY/${UUID}keycloak-test-catalog:$VERSION)
|
||||||
|
|
||||||
# Create testing resources
|
# Create testing resources
|
||||||
$SCRIPT_DIR/create-olm-test-resources.sh $VERSION $DOCKER_REGISTRY ${UUID}
|
$SCRIPT_DIR/create-olm-test-resources.sh $VERSION $DOCKER_REGISTRY ${UUID} $TARGET_NAMESPACES
|
||||||
|
|
|
@ -46,9 +46,7 @@ import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
|
|
||||||
import static io.javaoperatorsdk.operator.api.reconciler.Constants.WATCH_CURRENT_NAMESPACE;
|
@ControllerConfiguration(
|
||||||
|
|
||||||
@ControllerConfiguration(namespaces = WATCH_CURRENT_NAMESPACE,
|
|
||||||
dependents = {
|
dependents = {
|
||||||
@Dependent(type = KeycloakAdminSecretDependentResource.class),
|
@Dependent(type = KeycloakAdminSecretDependentResource.class),
|
||||||
@Dependent(type = KeycloakIngressDependentResource.class, reconcilePrecondition = KeycloakIngressDependentResource.EnabledCondition.class),
|
@Dependent(type = KeycloakIngressDependentResource.class, reconcilePrecondition = KeycloakIngressDependentResource.EnabledCondition.class),
|
||||||
|
@ -68,12 +66,12 @@ public class KeycloakController implements Reconciler<Keycloak>, EventSourceInit
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Map<String, EventSource> prepareEventSources(EventSourceContext<Keycloak> context) {
|
public Map<String, EventSource> prepareEventSources(EventSourceContext<Keycloak> context) {
|
||||||
String namespace = context.getControllerConfiguration().getConfigurationService().getKubernetesClient().getNamespace();
|
var namespaces = context.getControllerConfiguration().getNamespaces();
|
||||||
|
|
||||||
InformerConfiguration<StatefulSet> statefulSetIC = InformerConfiguration
|
InformerConfiguration<StatefulSet> statefulSetIC = InformerConfiguration
|
||||||
.from(StatefulSet.class)
|
.from(StatefulSet.class)
|
||||||
.withLabelSelector(Constants.DEFAULT_LABELS_AS_STRING)
|
.withLabelSelector(Constants.DEFAULT_LABELS_AS_STRING)
|
||||||
.withNamespaces(namespace)
|
.withNamespaces(namespaces)
|
||||||
.withSecondaryToPrimaryMapper(Mappers.fromOwnerReference())
|
.withSecondaryToPrimaryMapper(Mappers.fromOwnerReference())
|
||||||
.withOnUpdateFilter(new MetadataAwareOnUpdateFilter<>())
|
.withOnUpdateFilter(new MetadataAwareOnUpdateFilter<>())
|
||||||
.build();
|
.build();
|
||||||
|
@ -81,7 +79,7 @@ public class KeycloakController implements Reconciler<Keycloak>, EventSourceInit
|
||||||
InformerConfiguration<Service> servicesIC = InformerConfiguration
|
InformerConfiguration<Service> servicesIC = InformerConfiguration
|
||||||
.from(Service.class)
|
.from(Service.class)
|
||||||
.withLabelSelector(Constants.DEFAULT_LABELS_AS_STRING)
|
.withLabelSelector(Constants.DEFAULT_LABELS_AS_STRING)
|
||||||
.withNamespaces(namespace)
|
.withNamespaces(namespaces)
|
||||||
.withSecondaryToPrimaryMapper(Mappers.fromOwnerReference())
|
.withSecondaryToPrimaryMapper(Mappers.fromOwnerReference())
|
||||||
.withOnUpdateFilter(new MetadataAwareOnUpdateFilter<>())
|
.withOnUpdateFilter(new MetadataAwareOnUpdateFilter<>())
|
||||||
.build();
|
.build();
|
||||||
|
|
|
@ -41,9 +41,7 @@ import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
|
|
||||||
import static io.javaoperatorsdk.operator.api.reconciler.Constants.WATCH_CURRENT_NAMESPACE;
|
@ControllerConfiguration(
|
||||||
|
|
||||||
@ControllerConfiguration(namespaces = WATCH_CURRENT_NAMESPACE,
|
|
||||||
dependents = {
|
dependents = {
|
||||||
@Dependent(type = KeycloakRealmImportSecretDependentResource.class)
|
@Dependent(type = KeycloakRealmImportSecretDependentResource.class)
|
||||||
})
|
})
|
||||||
|
|
|
@ -51,10 +51,8 @@ import java.util.stream.Collectors;
|
||||||
import jakarta.enterprise.context.ApplicationScoped;
|
import jakarta.enterprise.context.ApplicationScoped;
|
||||||
import jakarta.inject.Inject;
|
import jakarta.inject.Inject;
|
||||||
|
|
||||||
import static io.javaoperatorsdk.operator.api.reconciler.Constants.WATCH_CURRENT_NAMESPACE;
|
|
||||||
|
|
||||||
@ApplicationScoped
|
@ApplicationScoped
|
||||||
@ControllerConfiguration(namespaces = WATCH_CURRENT_NAMESPACE, labelSelector = Constants.KEYCLOAK_COMPONENT_LABEL + "=" + WatchedSecrets.WATCHED_SECRETS_LABEL_VALUE)
|
@ControllerConfiguration(labelSelector = Constants.KEYCLOAK_COMPONENT_LABEL + "=" + WatchedSecrets.WATCHED_SECRETS_LABEL_VALUE)
|
||||||
public class WatchedSecretsController implements Reconciler<Secret>, EventSourceInitializer<Secret>, WatchedSecrets {
|
public class WatchedSecretsController implements Reconciler<Secret>, EventSourceInitializer<Secret>, WatchedSecrets {
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
|
|
|
@ -13,3 +13,6 @@ quarkus.kubernetes.env.vars.operator-keycloak-image=${operator.keycloak.image}
|
||||||
# Bundle config
|
# Bundle config
|
||||||
quarkus.operator-sdk.bundle.package-name=keycloak-operator
|
quarkus.operator-sdk.bundle.package-name=keycloak-operator
|
||||||
quarkus.operator-sdk.bundle.channels=fast
|
quarkus.operator-sdk.bundle.channels=fast
|
||||||
|
|
||||||
|
quarkus.operator-sdk.namespaces=JOSDK_WATCH_CURRENT
|
||||||
|
quarkus.operator-sdk.generate-with-watched-namespaces=JOSDK_WATCH_CURRENT
|
||||||
|
|
|
@ -172,7 +172,7 @@ public class BaseOperatorTest implements QuarkusTestAfterEachCallback {
|
||||||
|
|
||||||
for (Reconciler<?> reconciler : reconcilers) {
|
for (Reconciler<?> reconciler : reconcilers) {
|
||||||
Log.info("Register and apply : " + reconciler.getClass().getName());
|
Log.info("Register and apply : " + reconciler.getClass().getName());
|
||||||
operator.register(reconciler);
|
operator.register(reconciler, overrider -> overrider.settingNamespace(namespace));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue