diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 35e0b862ee..c3e3a2fe35 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,3 +36,9 @@ jobs: ${{ runner.os }}-go- - name: Build run: make build + - name: Build image + run: | + make image + - name: Display image + run: | + docker images diff --git a/Dockerfile b/Dockerfile index 98d58cc8e4..eef9ea3e17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,11 +2,13 @@ FROM golang:1.20-alpine3.18 AS builder ARG HAWTIO_ONLINE_VERSION=latest ARG HAWTIO_ONLINE_IMAGE_NAME=quay.io/hawtio/online +ARG HAWTIO_ONLINE_GATEWAY_IMAGE_NAME=quay.io/hawtio/online-gateway ENV IMAGE_VERSION_FLAG="-X main.ImageVersion=${HAWTIO_ONLINE_VERSION}" ENV IMAGE_REPOSITORY_FLAG="-X main.ImageRepository=${HAWTIO_ONLINE_IMAGE_NAME}" +ENV GATEWAY_IMAGE_REPOSITORY_FLAG="-X main.GatewayImageRepository=${HAWTIO_ONLINE_GATEWAY_IMAGE_NAME}" -ENV GOLDFLAGS="${IMAGE_VERSION_FLAG} ${IMAGE_REPOSITORY_FLAG}" +ENV GOLDFLAGS="${IMAGE_VERSION_FLAG} ${IMAGE_REPOSITORY_FLAG} ${GATEWAY_IMAGE_REPOSITORY_FLAG}" RUN apk update RUN apk add git make diff --git a/Makefile b/Makefile index 8e374e09f5..23b2a3e8c0 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ IMAGE ?= $(DEFAULT_IMAGE) VERSION ?= 1.1.1 HAWTIO_ONLINE_VERSION ?= 2.1.0 HAWTIO_ONLINE_IMAGE_NAME ?= quay.io/${ORG}/online +HAWTIO_ONLINE_GATEWAY_IMAGE_NAME ?= quay.io/${ORG}/online-gateway DEBUG ?= false LAST_RELEASED_IMAGE_NAME := hawtio-operator LAST_RELEASED_VERSION ?= 1.1.0 @@ -76,15 +77,17 @@ endef #== Compile the operator as a docker image # #* PARAMETERS: -#** IMAGE: Set a custom image for the container image -#** VERSION: Set a custom version for the container image tag -#** HAWTIO_ONLINE_IMAGE_NAME Set the operator's target hawtio-online image name -#** HAWTIO_ONLINE_VERSION Set the operator's target hawtio-online image version +#** IMAGE: Set a custom image for the container image +#** VERSION: Set a custom version for the container image tag +#** HAWTIO_ONLINE_IMAGE_NAME Set the operator's target hawtio-online image name +#** HAWTIO_ONLINE_GATEWAY_IMAGE_NAME Set the operator's target hawtio-online-gateway image name +#** HAWTIO_ONLINE_VERSION Set the operator's target hawtio-online image version # #--- image: docker build -t $(IMAGE):$(VERSION) \ --build-arg HAWTIO_ONLINE_IMAGE_NAME=$(HAWTIO_ONLINE_IMAGE_NAME) \ + --build-arg HAWTIO_ONLINE_GATEWAY_IMAGE_NAME=$(HAWTIO_ONLINE_GATEWAY_IMAGE_NAME) \ --build-arg HAWTIO_ONLINE_VERSION=$(HAWTIO_ONLINE_VERSION) \ . @@ -95,10 +98,11 @@ image: #== Compile the operator as a docker image then push the image to the repository # #* PARAMETERS: -#** IMAGE: Set a custom image for the container image -#** VERSION: Set a custom version for the container image tag -#** HAWTIO_ONLINE_IMAGE_NAME Set the operator's target hawtio-online image name -#** HAWTIO_ONLINE_VERSION Set the operator's target hawtio-online image version +#** IMAGE: Set a custom image for the container image +#** VERSION: Set a custom version for the container image tag +#** HAWTIO_ONLINE_IMAGE_NAME Set the operator's target hawtio-online image name +#** HAWTIO_ONLINE_GATEWAY_IMAGE_NAME Set the operator's target hawtio-online-gateway image name +#** HAWTIO_ONLINE_VERSION Set the operator's target hawtio-online image version # #--- publish-image: image diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 71655e324b..d82b1d3551 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -29,6 +29,7 @@ import ( var ( ImageRepository string ImageVersion string + GatewayImageRepository string LegacyServingCertificateMountVersion string ProductName string ServerRootDirectory string @@ -46,6 +47,7 @@ func printVersion() { func printBuildVars(bv util.BuildVariables) { log.Info(fmt.Sprintf("Hawtio Online Image Repository: %s", bv.ImageRepository)) log.Info(fmt.Sprintf("Hawtio Online Image Version: %s", bv.ImageVersion)) + log.Info(fmt.Sprintf("Hawtio Online Gateway Image Repository: %s", bv.GatewayImageRepository)) } func main() { @@ -137,6 +139,7 @@ func operatorRun(namespace string, cfg *rest.Config) error { bv := util.BuildVariables{ ImageRepository: ImageRepository, ImageVersion: ImageVersion, + GatewayImageRepository: GatewayImageRepository, LegacyServingCertificateMountVersion: LegacyServingCertificateMountVersion, ProductName: ProductName, ServerRootDirectory: ServerRootDirectory, diff --git a/pkg/controller/hawtio/hawtio_controller_test.go b/pkg/controller/hawtio/hawtio_controller_test.go index 92bf76e32d..859ae9c3e2 100644 --- a/pkg/controller/hawtio/hawtio_controller_test.go +++ b/pkg/controller/hawtio/hawtio_controller_test.go @@ -102,8 +102,11 @@ func TestHawtioController_Reconcile(t *testing.T) { err = r.client.Get(context.TODO(), NamespacedName, &deployment) require.NoError(t, err) - container := deployment.Spec.Template.Spec.Containers[0] - assert.Equal(t, container.Resources, hawtio.Spec.Resources) + hawtioContainer := deployment.Spec.Template.Spec.Containers[0] + assert.Equal(t, hawtioContainer.Resources, hawtio.Spec.Resources) + + gatewayContainer := deployment.Spec.Template.Spec.Containers[1] + assert.Equal(t, gatewayContainer.Resources, hawtio.Spec.Resources) }) t.Run("check if the ConfigMap has been created", func(t *testing.T) { configMap := corev1.ConfigMap{} @@ -137,8 +140,8 @@ func TestHawtioController_Reconcile(t *testing.T) { err = r.client.Get(context.TODO(), NamespacedName, &deployment) require.NoError(t, err) - container := deployment.Spec.Template.Spec.Containers[0] - assert.ElementsMatch(t, container.Env, []corev1.EnvVar{ + hawtioContainer := deployment.Spec.Template.Spec.Containers[0] + assert.ElementsMatch(t, hawtioContainer.Env, []corev1.EnvVar{ { Name: resources.HawtioTypeEnvVar, Value: strings.ToLower(string(hawtiov1.NamespaceHawtioDeploymentType)), @@ -156,15 +159,36 @@ func TestHawtioController_Reconcile(t *testing.T) { Name: resources.HawtioOAuthClientEnvVar, Value: hawtio.Name, }, - { - Name: resources.HawtioRbacEnvVar, - Value: "", - }, { Name: resources.HawtioAuthEnvVar, Value: "form", }, }) + + gatewayContainer := deployment.Spec.Template.Spec.Containers[1] + assert.ElementsMatch(t, gatewayContainer.Env, []corev1.EnvVar{ + { + Name: resources.GatewayWebSvrEnvVar, + Value: "https://localhost:8443", + }, + { + Name: resources.GatewaySSLKeyEnvVar, + Value: "/etc/tls/private/serving/tls.key", + }, + { + Name: resources.GatewaySSLCertEnvVar, + Value: "/etc/tls/private/serving/tls.crt", + }, + { + Name: resources.GatewaySSLCertCAEnvVar, + Value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", + }, + { + Name: resources.GatewayRbacEnvVar, + Value: "", + }, + }) + }) }) } diff --git a/pkg/resources/container.go b/pkg/resources/container.go index be9dcf766a..2dc05cf8b6 100644 --- a/pkg/resources/container.go +++ b/pkg/resources/container.go @@ -11,11 +11,45 @@ import ( ) const containerPortName = "https" +const containerGatewayPortName = "express" -func newContainer(hawtio *hawtiov1.Hawtio, envVars []corev1.EnvVar, imageVersion string, imageRepository string) corev1.Container { +func newHawtioContainer(hawtio *hawtiov1.Hawtio, envVars []corev1.EnvVar, imageVersion string, imageRepository string) corev1.Container { + /* + * - name: hawtio-online-container + * image: quay.io/hawtio/online + * imagePullPolicy: Always + * ports: + * - name: https + * containerPort: 8443 + * livenessProbe: + * httpGet: + * path: /online + * port: https + * scheme: HTTPS + * periodSeconds: 10 + * timeoutSeconds: 1 + * readinessProbe: + * httpGet: + * path: /online + * port: https + * scheme: HTTPS + * initialDelaySeconds: 5 + * periodSeconds: 5 + * timeoutSeconds: 1 + * resources: + * requests: + * cpu: "0.2" + * memory: 32Mi + * limits: + * cpu: "1.0" + * memory: 500Mi + * volumeMounts: + * - name: hawtio-online-tls-serving + * mountPath: /etc/tls/private/serving + */ container := corev1.Container{ Name: hawtio.Name + "-container", - Image: getImageFor(imageVersion, imageRepository), + Image: getHawtioImageFor(imageVersion, imageRepository), Env: envVars, ReadinessProbe: &corev1.Probe{ InitialDelaySeconds: 5, @@ -53,13 +87,84 @@ func newContainer(hawtio *hawtiov1.Hawtio, envVars []corev1.EnvVar, imageVersion return container } -func getImageFor(tag string, imageRepository string) string { - repository := os.Getenv("IMAGE_REPOSITORY") +func newGatewayContainer(hawtio *hawtiov1.Hawtio, envVars []corev1.EnvVar, imageVersion string, imageGatewayRepository string) corev1.Container { + /* + * - name: hawtio-online-gateway-container + * image: quay.io/hawtio/online-gateway + * ports: + * - name: express + * containerPort: 3000 + * livenessProbe: + * httpGet: + * path: /status + * port: express + * scheme: HTTPS + * periodSeconds: 120 + * timeoutSeconds: 1 + * readinessProbe: + * httpGet: + * path: /status + * port: express + * scheme: HTTPS + * initialDelaySeconds: 5 + * periodSeconds: 30 + * timeoutSeconds: 1 + */ + container := corev1.Container{ + Name: hawtio.Name + "-gateway-container", + Image: getGatewayImageFor(imageVersion, imageGatewayRepository), + Env: envVars, + Ports: []corev1.ContainerPort{ + { + Name: containerGatewayPortName, + ContainerPort: 3000, + Protocol: "TCP", + }, + }, + LivenessProbe: &corev1.Probe{ + Handler: corev1.Handler{ + HTTPGet: &corev1.HTTPGetAction{ + Port: intstr.FromString(containerGatewayPortName), + Path: "/status", + Scheme: "HTTPS", + }, + }, + PeriodSeconds: 10, + TimeoutSeconds: 1, + }, + ReadinessProbe: &corev1.Probe{ + Handler: corev1.Handler{ + HTTPGet: &corev1.HTTPGetAction{ + Port: intstr.FromString(containerGatewayPortName), + Path: "/status", + Scheme: "HTTPS", + }, + }, + InitialDelaySeconds: 5, + PeriodSeconds: 5, + TimeoutSeconds: 1, + }, + Resources: hawtio.Spec.Resources, + } + + return container +} + +func getHawtioImageFor(tag string, imageRepository string) string { + return getImageFor(tag, imageRepository, "IMAGE_REPOSITORY", "quay.io/hawtio/online") +} + +func getGatewayImageFor(tag string, gatewayImgRepository string) string { + return getImageFor(tag, gatewayImgRepository, "GATEWAY_IMAGE_REPOSITORY", "quay.io/hawtio/online-gateway") +} + +func getImageFor(tag string, imgRepo string, envVar string, defaultVal string) string { + repository := os.Getenv(envVar) if repository == "" { - if imageRepository != "" { - repository = imageRepository + if imgRepo != "" { + repository = imgRepo } else { - repository = "quay.io/hawtio/online" + repository = defaultVal } } diff --git a/pkg/resources/deployment.go b/pkg/resources/deployment.go index c2c12d6a49..bf6523ae31 100644 --- a/pkg/resources/deployment.go +++ b/pkg/resources/deployment.go @@ -25,7 +25,6 @@ const ( clientCertificateSecretVolumeName = "hawtio-online-tls-proxying" clientCertificateSecretVolumeMountPath = "/etc/tls/private/proxying" onlineConfigMapVolumeName = "hawtio-online" - integrationConfigMapVolumeName = "hawtio-integration" rbacConfigMapVolumeName = "hawtio-rbac" rbacConfigMapVolumeMountPath = "/etc/hawtio/rbac" RBACConfigMapKey = "ACL.yaml" @@ -74,9 +73,18 @@ func newDeployment(hawtio *hawtiov1.Hawtio, replicas *int32, pts corev1.PodTempl } } +/** + * + * Creates a new pod template comprising 2 constainers: + * - The hawtio container is the main Hawtio-Online application image + * - The gteway container is the auxiliary image that provides useful javascript functions to + * the Hawtio-Online web server, inc. jolokia connection API and cluster URI checking + * + */ func newPodTemplateSpec(hawtio *hawtiov1.Hawtio, apiSpec *capabilities.ApiServerSpec, openShiftConsoleURL string, configMapVersion string, clientCertSecretVersion string, buildVariables util.BuildVariables) (corev1.PodTemplateSpec, error) { hawtioVersion := getVersion(buildVariables) - container := newContainer(hawtio, newEnvVars(hawtio, apiSpec, openShiftConsoleURL), hawtioVersion, buildVariables.ImageRepository) + hawtioContainer := newHawtioContainer(hawtio, newHawtioEnvVars(hawtio, apiSpec, openShiftConsoleURL), hawtioVersion, buildVariables.ImageRepository) + gatewayContainer := newGatewayContainer(hawtio, newGatewayEnvVars(hawtio), hawtioVersion, buildVariables.GatewayImageRepository) annotations := map[string]string{ configVersionAnnotation: configMapVersion, @@ -91,7 +99,19 @@ func newPodTemplateSpec(hawtio *hawtiov1.Hawtio, apiSpec *capabilities.ApiServer return corev1.PodTemplateSpec{}, err } if len(volumeMounts) > 0 { - container.VolumeMounts = volumeMounts + /* Distribute the volume mounts between the containers */ + hawtioContainer.VolumeMounts = append(hawtioContainer.VolumeMounts, volumeMounts[onlineConfigMapVolumeName]) + hawtioContainer.VolumeMounts = append(hawtioContainer.VolumeMounts, volumeMounts[serviceSigningSecretVolumeName]) + + if apiSpec.IsOpenShift4 { + hawtioContainer.VolumeMounts = append(hawtioContainer.VolumeMounts, volumeMounts[clientCertificateSecretVolumeName]) + } + + if hawtio.Spec.RBAC.ConfigMap != "" { + gatewayContainer.VolumeMounts = append(gatewayContainer.VolumeMounts, volumeMounts[rbacConfigMapVolumeName]) + } + + gatewayContainer.VolumeMounts = append(gatewayContainer.VolumeMounts, volumeMounts[serviceSigningSecretVolumeName]) } volumes := newVolumes(hawtio, apiSpec.IsOpenShift4) @@ -114,7 +134,8 @@ func newPodTemplateSpec(hawtio *hawtiov1.Hawtio, apiSpec *capabilities.ApiServer }, Spec: corev1.PodSpec{ Containers: []corev1.Container{ - container, + hawtioContainer, + gatewayContainer, }, Volumes: volumes, }, @@ -137,9 +158,6 @@ func newVolumes(hawtio *hawtiov1.Hawtio, isOpenShift4 bool) []corev1.Volume { volume = newConfigMapVolume(hawtio.Name, onlineConfigMapVolumeName) volumes = append(volumes, volume) - volume = newConfigMapVolume(hawtio.Name, integrationConfigMapVolumeName) - volumes = append(volumes, volume) - if rbacConfigMapName := hawtio.Spec.RBAC.ConfigMap; rbacConfigMapName != "" { volume = newConfigMapVolume(rbacConfigMapName, rbacConfigMapVolumeName) volumes = append(volumes, volume) @@ -148,61 +166,76 @@ func newVolumes(hawtio *hawtiov1.Hawtio, isOpenShift4 bool) []corev1.Volume { return volumes } -func newEnvVars(hawtio *hawtiov1.Hawtio, apiSpec *capabilities.ApiServerSpec, openShiftConsoleURL string) []corev1.EnvVar { +func newHawtioEnvVars(hawtio *hawtiov1.Hawtio, apiSpec *capabilities.ApiServerSpec, openShiftConsoleURL string) []corev1.EnvVar { var envVars []corev1.EnvVar envVarsForHawtio := envVarsForHawtio(hawtio.Spec.Type, hawtio.Name, apiSpec.IsOpenShift4) envVars = append(envVars, envVarsForHawtio...) if apiSpec.IsOpenShift4 { - envVarsForOpenShift4 := envVarsForOpenshift4(apiSpec.Version, openShiftConsoleURL) + envVarsForOpenShift4 := envVarsForHawtioOCP4(apiSpec.Version, openShiftConsoleURL) envVars = append(envVars, envVarsForOpenShift4...) } - envVarsForRBAC := envVarsForRBAC(hawtio.Spec.RBAC) - envVars = append(envVars, envVarsForRBAC...) - envVarsForNginx := envVarsForNginx(hawtio.Spec.Nginx) envVars = append(envVars, envVarsForNginx...) return envVars } -func newVolumeMounts(isOpenShift4 bool, hawtioVersion string, rbacConfigMapName string, buildVariables util.BuildVariables) ([]corev1.VolumeMount, error) { - var volumeMounts []corev1.VolumeMount +func newGatewayEnvVars(hawtio *hawtiov1.Hawtio) []corev1.EnvVar { + var envVars []corev1.EnvVar + + envVarsForGateway := envVarsForGateway() + envVars = append(envVars, envVarsForGateway...) + + envVarsForRBAC := envVarsForRBAC(hawtio.Spec.RBAC) + envVars = append(envVars, envVarsForRBAC...) + + return envVars +} + +func newVolumeMounts(isOpenShift4 bool, hawtioVersion string, rbacConfigMapName string, buildVariables util.BuildVariables) (map[string]corev1.VolumeMount, error) { + var volumeMounts map[string]corev1.VolumeMount var volumeMountPath string + volumeMounts = make(map[string]corev1.VolumeMount) + + /* + * The hawtio-online config-map volume + */ if buildVariables.ServerRootDirectory != "" { volumeMountPath = path.Join(buildVariables.ServerRootDirectory, "online", hawtioConfigKey) } else { volumeMountPath = path.Join(serverRootDirectory, "online", hawtioConfigKey) } volumeMount := newVolumeMount(onlineConfigMapVolumeName, volumeMountPath, hawtioConfigKey) - volumeMounts = append(volumeMounts, volumeMount) - - if buildVariables.ServerRootDirectory != "" { - volumeMountPath = path.Join(buildVariables.ServerRootDirectory, "integration", hawtioConfigKey) - } else { - volumeMountPath = path.Join(serverRootDirectory, "integration", hawtioConfigKey) - } - volumeMount = newVolumeMount(integrationConfigMapVolumeName, volumeMountPath, hawtioConfigKey) - volumeMounts = append(volumeMounts, volumeMount) + volumeMounts[onlineConfigMapVolumeName] = volumeMount + /* + * The serving-certificate volume + */ volumeMountPath, err := getServingCertificateMountPath(hawtioVersion, buildVariables.LegacyServingCertificateMountVersion) if err != nil { return nil, err } volumeMount = newVolumeMount(serviceSigningSecretVolumeName, volumeMountPath, "") - volumeMounts = append(volumeMounts, volumeMount) + volumeMounts[serviceSigningSecretVolumeName] = volumeMount if isOpenShift4 { + /* + * The proxying volume + */ volumeMount = newVolumeMount(clientCertificateSecretVolumeName, clientCertificateSecretVolumeMountPath, "") - volumeMounts = append(volumeMounts, volumeMount) + volumeMounts[clientCertificateSecretVolumeName] = volumeMount } + /* + * The rbac volume + */ if rbacConfigMapName != "" { volumeMount = newVolumeMount(rbacConfigMapVolumeName, rbacConfigMapVolumeMountPath, "") - volumeMounts = append(volumeMounts, volumeMount) + volumeMounts[rbacConfigMapVolumeName] = volumeMount } return volumeMounts, nil diff --git a/pkg/resources/environment.go b/pkg/resources/environment.go index 7c45f15f56..69bda9df95 100644 --- a/pkg/resources/environment.go +++ b/pkg/resources/environment.go @@ -14,7 +14,6 @@ const ( HawtioNamespaceEnvVar = "HAWTIO_ONLINE_NAMESPACE" HawtioAuthEnvVar = "HAWTIO_ONLINE_AUTH" HawtioOAuthClientEnvVar = "HAWTIO_OAUTH_CLIENT_ID" - HawtioRbacEnvVar = "HAWTIO_ONLINE_RBAC_ACL" HawtioDisableRbacRegistry = "HAWTIO_ONLINE_DISABLE_RBAC_REGISTRY" OpenShiftClusterVersionEnvVar = "OPENSHIFT_CLUSTER_VERSION" OpenShiftWebConsoleUrlEnvVar = "OPENSHIFT_WEB_CONSOLE_URL" @@ -23,6 +22,15 @@ const ( NginxSubrequestOutputBufferSize = "NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE" HawtioAuthTypeForm = "form" HawtioAuthTypeOAuth = "oauth" + + /* + * Gateway Env Vars + */ + GatewayWebSvrEnvVar = "HAWTIO_ONLINE_GATEWAY_WEB_SERVER" // https://localhost:8443 + GatewaySSLKeyEnvVar = "HAWTIO_ONLINE_GATEWAY_SSL_KEY" // /etc/tls/private/serving/tls.key + GatewaySSLCertEnvVar = "HAWTIO_ONLINE_GATEWAY_SSL_CERTIFICATE" // /etc/tls/private/serving/tls.crt + GatewaySSLCertCAEnvVar = "HAWTIO_ONLINE_GATEWAY_SSL_CERTIFICATE_CA" // /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + GatewayRbacEnvVar = "HAWTIO_ONLINE_RBAC_ACL" ) func envVarsForHawtio(deploymentType hawtiov1.HawtioDeploymentType, name string, isOpenShift bool) []corev1.EnvVar { @@ -71,7 +79,7 @@ func envVarsForHawtio(deploymentType hawtiov1.HawtioDeploymentType, name string, return envVars } -func envVarsForOpenshift4(openShiftVersion string, openShiftConsoleURL string) []corev1.EnvVar { +func envVarsForHawtioOCP4(openShiftVersion string, openShiftConsoleURL string) []corev1.EnvVar { envVars := []corev1.EnvVar{ { Name: OpenShiftClusterVersionEnvVar, @@ -85,28 +93,6 @@ func envVarsForOpenshift4(openShiftVersion string, openShiftConsoleURL string) [ return envVars } -func envVarsForRBAC(rbac hawtiov1.HawtioRBAC) []corev1.EnvVar { - var envVars []corev1.EnvVar - - aclPath := "" - if rbac.ConfigMap != "" { - aclPath = path.Join(rbacConfigMapVolumeMountPath, RBACConfigMapKey) - } - envVars = append(envVars, corev1.EnvVar{ - Name: HawtioRbacEnvVar, - Value: aclPath, - }) - - if rbac.DisableRBACRegistry != nil && *rbac.DisableRBACRegistry { - envVars = append(envVars, corev1.EnvVar{ - Name: HawtioDisableRbacRegistry, - Value: "true", - }) - } - - return envVars -} - func envVarsForNginx(nginx hawtiov1.HawtioNginx) []corev1.EnvVar { var envVars []corev1.EnvVar if nginx.ClientBodyBufferSize != "" { @@ -129,3 +115,48 @@ func envVarsForNginx(nginx hawtiov1.HawtioNginx) []corev1.EnvVar { } return envVars } + +func envVarsForGateway() []corev1.EnvVar { + envVars := []corev1.EnvVar{ + { + Name: GatewayWebSvrEnvVar, + Value: "https://localhost:8443", // Same port as defined in hawtio container + }, + { + Name: GatewaySSLKeyEnvVar, + Value: "/etc/tls/private/serving/tls.key", // serving-certificate key + }, + { + Name: GatewaySSLCertEnvVar, + Value: "/etc/tls/private/serving/tls.crt", // serving-certificate certificate + }, + { + Name: GatewaySSLCertCAEnvVar, + Value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", // serviceaccount certificate authority + }, + } + + return envVars +} + +func envVarsForRBAC(rbac hawtiov1.HawtioRBAC) []corev1.EnvVar { + var envVars []corev1.EnvVar + + aclPath := "" + if rbac.ConfigMap != "" { + aclPath = path.Join(rbacConfigMapVolumeMountPath, RBACConfigMapKey) + } + envVars = append(envVars, corev1.EnvVar{ + Name: GatewayRbacEnvVar, + Value: aclPath, + }) + + if rbac.DisableRBACRegistry != nil && *rbac.DisableRBACRegistry { + envVars = append(envVars, corev1.EnvVar{ + Name: HawtioDisableRbacRegistry, + Value: "true", + }) + } + + return envVars +} diff --git a/pkg/util/variables.go b/pkg/util/variables.go index d4bebed0e2..a7b743f313 100644 --- a/pkg/util/variables.go +++ b/pkg/util/variables.go @@ -4,6 +4,8 @@ package util type BuildVariables struct { // The hawtio-online operand image repository ImageRepository string + // The hawtio-online-gateway operand image repository + GatewayImageRepository string // The hawtio-online operand image version ImageVersion string // Legacy serving certificate version