Skip to content

Commit

Permalink
feat(deploy): separate -storage and -db pods (#923)
Browse files Browse the repository at this point in the history 
Co-authored-by: Andrew Azores <[email protected]>
  • Loading branch information
@mwangggg @andrewazores
mwangggg and andrewazores authored Jan 14, 2025
1 parent d058b54 commit 0f95870
Show file tree
Hide file tree
Showing 14 changed files with 1,681 additions and 127 deletions.
38 changes: 38 additions & 0 deletions api/v1beta2/cryostat_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,18 @@ const (
ConditionTypeMainDeploymentProgressing CryostatConditionType = "MainDeploymentProgressing"
// If pods within the main Cryostat deployment failed to be created or destroyed.
ConditionTypeMainDeploymentReplicaFailure CryostatConditionType = "MainDeploymentReplicaFailure"
// If enabled, whether the database deployment is available.
ConditionTypeDatabaseDeploymentAvailable CryostatConditionType = "DatabaseDeploymentAvailable"
// If enabled, whether the database deployment is progressing.
ConditionTypeDatabaseDeploymentProgressing CryostatConditionType = "DatabaseDeploymentProgressing"
// If enabled, whether pods in the database deployment failed to be created or destroyed.
ConditionTypeDatabaseDeploymentReplicaFailure CryostatConditionType = "DatabaseDeploymentReplicaFailure"
// If enabled, whether the storage deployment is available.
ConditionTypeStorageDeploymentAvailable CryostatConditionType = "StorageDeploymentAvailable"
// If enabled, whether the storage deployment is progressing.
ConditionTypeStorageDeploymentProgressing CryostatConditionType = "StorageDeploymentProgressing"
// If enabled, whether pods in the storage deployment failed to be created or destroyed.
ConditionTypeStorageDeploymentReplicaFailure CryostatConditionType = "StorageDeploymentReplicaFailure"
// If enabled, whether the reports deployment is available.
ConditionTypeReportsDeploymentAvailable CryostatConditionType = "ReportsDeploymentAvailable"
// If enabled, whether the reports deployment is progressing.
Expand Down Expand Up @@ -310,6 +322,26 @@ type ReportsServiceConfig struct {
ServiceConfig `json:",inline"`
}

// DatabaseServiceConfig provides customization for the service handling
// traffic for the cryostat application's database.
type DatabaseServiceConfig struct {
// DatabasePort number for the cryostat application's database.
// Defaults to 5432.
// +optional
DatabasePort *int32 `json:"databasePort,omitempty"`
ServiceConfig `json:",inline"`
}

// DatabaseServiceConfig provides customization for the service handling
// traffic for the storage to be created by the operator.
type StorageServiceConfig struct {
// HTTP port number for the storage to be created by the operator.
// Defaults to 8333.
// +optional
HTTPPort *int32 `json:"httpPort,omitempty"`
ServiceConfig `json:",inline"`
}

// AgentServiceConfig provides customization for the service handling
// traffic from Cryostat agents to the Cryostat application.
type AgentServiceConfig struct {
Expand All @@ -329,6 +361,12 @@ type ServiceConfigList struct {
// Specification for the service responsible for the cryostat-reports sidecars.
// +optional
ReportsConfig *ReportsServiceConfig `json:"reportsConfig,omitempty"`
// Specification for the service responsible for the cryostat application's database.
// +optional
DatabaseConfig *DatabaseServiceConfig `json:"databaseConfig,omitempty"`
// Specification for the service responsible for the storage to be created by the operator.
// +optional
StorageConfig *StorageServiceConfig `json:"storageConfig,omitempty"`
// Specification for the service responsible for agents to communicate with Cryostat.
// +optional
AgentConfig *AgentServiceConfig `json:"agentConfig,omitempty"`
Expand Down
52 changes: 52 additions & 0 deletions api/v1beta2/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion bundle/manifests/cryostat-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ metadata:
capabilities: Seamless Upgrades
categories: Monitoring, Developer Tools
containerImage: quay.io/cryostat/cryostat-operator:4.0.0-dev
createdAt: "2024-10-10T18:16:26Z"
createdAt: "2025-01-13T15:32:07Z"
description: JVM monitoring and profiling tool
operatorframework.io/initialization-resource: |-
{
Expand Down
56 changes: 56 additions & 0 deletions bundle/manifests/operator.cryostat.io_cryostats.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9185,6 +9185,34 @@ spec:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
databaseConfig:
description: Specification for the service responsible for the
cryostat application's database.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to add to the service during its
creation.
type: object
httpPort:
description: |-
Port number for the cryostat application's database.
Defaults to 5432.
format: int32
type: integer
labels:
additionalProperties:
type: string
description: |-
Labels to add to the service during its creation.
The labels with keys "app" and "component" are reserved
for use by the operator.
type: object
serviceType:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
reportsConfig:
description: Specification for the service responsible for the
cryostat-reports sidecars.
Expand Down Expand Up @@ -9213,6 +9241,34 @@ spec:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
storageConfig:
description: Specification for the service responsible for the
storage to be created by the operator.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to add to the service during its
creation.
type: object
httpPort:
description: |-
HTTP port number for the storage to be created by the operator.
Defaults to 8333.
format: int32
type: integer
labels:
additionalProperties:
type: string
description: |-
Labels to add to the service during its creation.
The labels with keys "app" and "component" are reserved
for use by the operator.
type: object
serviceType:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
type: object
storageOptions:
description: Options to customize the storage provisioned for the
Expand Down
56 changes: 56 additions & 0 deletions config/crd/bases/operator.cryostat.io_cryostats.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9172,6 +9172,34 @@ spec:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
databaseConfig:
description: Specification for the service responsible for the
cryostat application's database.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to add to the service during its
creation.
type: object
httpPort:
description: |-
Port number for the cryostat application's database.
Defaults to 5432.
format: int32
type: integer
labels:
additionalProperties:
type: string
description: |-
Labels to add to the service during its creation.
The labels with keys "app" and "component" are reserved
for use by the operator.
type: object
serviceType:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
reportsConfig:
description: Specification for the service responsible for the
cryostat-reports sidecars.
Expand Down Expand Up @@ -9200,6 +9228,34 @@ spec:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
storageConfig:
description: Specification for the service responsible for the
storage to be created by the operator.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to add to the service during its
creation.
type: object
httpPort:
description: |-
HTTP port number for the storage to be created by the operator.
Defaults to 8333.
format: int32
type: integer
labels:
additionalProperties:
type: string
description: |-
Labels to add to the service during its creation.
The labels with keys "app" and "component" are reserved
for use by the operator.
type: object
serviceType:
description: Type of service to create. Defaults to "ClusterIP".
type: string
type: object
type: object
storageOptions:
description: Options to customize the storage provisioned for the
Expand Down
41 changes: 38 additions & 3 deletions internal/controllers/certmanager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"github.com/cryostatio/cryostat-operator/internal/controllers/common"
resources "github.com/cryostatio/cryostat-operator/internal/controllers/common/resource_definitions"
"github.com/cryostatio/cryostat-operator/internal/controllers/model"
"github.com/google/go-cmp/cmp"
corev1 "k8s.io/api/core/v1"
kerrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
Expand Down Expand Up @@ -91,6 +92,20 @@ func (r *Reconciler) setupTLS(ctx context.Context, cr *model.CryostatInstance) (
return nil, err
}

// Create a certificate for the Cryostat database signed by the Cryostat CA
databaseCert := resources.NewDatabaseCert(cr)
err = r.createOrUpdateCertificate(ctx, databaseCert, cr.Object)
if err != nil {
return nil, err
}

// Create a certificate for Cryostat storage signed by the Cryostat CA
storageCert := resources.NewStorageCert(cr)
err = r.createOrUpdateCertificate(ctx, storageCert, cr.Object)
if err != nil {
return nil, err
}

// Create a certificate for the agent proxy signed by the Cryostat CA
agentProxyCert := resources.NewAgentProxyCert(cr)
err = r.createOrUpdateCertificate(ctx, agentProxyCert, cr.Object)
Expand All @@ -109,6 +124,8 @@ func (r *Reconciler) setupTLS(ctx context.Context, cr *model.CryostatInstance) (

tlsConfig := &resources.TLSConfig{
CryostatSecret: cryostatCert.Spec.SecretName,
DatabaseSecret: databaseCert.Spec.SecretName,
StorageSecret: storageCert.Spec.SecretName,
ReportsSecret: reportsCert.Spec.SecretName,
AgentProxySecret: agentProxyCert.Spec.SecretName,
KeystorePassSecret: cryostatCert.Spec.Keystores.PKCS12.PasswordSecretRef.Name,
Expand Down Expand Up @@ -398,25 +415,43 @@ func (r *Reconciler) reconcileAgentCertificate(ctx context.Context, cert *certv1
return nil
}

var errCertificateModified error = errors.New("certificate has been modified")

func (r *Reconciler) createOrUpdateCertificate(ctx context.Context, cert *certv1.Certificate, owner metav1.Object) error {
certSpec := cert.Spec.DeepCopy()
certCopy := cert.DeepCopy()
op, err := controllerutil.CreateOrUpdate(ctx, r.Client, cert, func() error {
if owner != nil {
if err := controllerutil.SetControllerReference(owner, cert, r.Scheme); err != nil {
return err
}
}
// Update Certificate spec
cert.Spec = *certSpec

if cert.CreationTimestamp.IsZero() {
cert.Spec = certCopy.Spec
} else if !cmp.Equal(cert.Spec, certCopy.Spec) {
return errCertificateModified
}

return nil
})
if err != nil {
if err == errCertificateModified {
return r.recreateCertificate(ctx, certCopy, owner)
}
return err
}
r.Log.Info(fmt.Sprintf("Certificate %s", op), "name", cert.Name, "namespace", cert.Namespace)
return nil
}

func (r *Reconciler) recreateCertificate(ctx context.Context, cert *certv1.Certificate, owner metav1.Object) error {
err := r.deleteCertWithSecret(ctx, cert)
if err != nil {
return err
}
return r.createOrUpdateCertificate(ctx, cert, owner)
}

func newKeystoreSecret(cr *model.CryostatInstance) *corev1.Secret {
return &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Expand Down
Loading

0 comments on commit 0f95870

Please sign in to comment.