Merge pull request #3054 from Josh-Tigera/josh.remove-curate

Remove curator
tigera · Jan 5, 2024 · b6b0551 · b6b0551
2 parents 40891c4 + f43866d
commit b6b0551
Show file tree

Hide file tree

Showing 20 changed files with 92 additions and 573 deletions.
diff --git a/hack/gen-versions/enterprise.go.tpl b/hack/gen-versions/enterprise.go.tpl
@@ -114,13 +114,6 @@ var (
 		Registry: "{{ .Registry }}",
 	}
 {{- end }}
-{{ with index .Components "es-curator" }}
-	ComponentEsCurator = component{
-		Version:  "{{ .Version }}",
-		Image:    "{{ .Image }}",
-		Registry: "{{ .Registry }}",
-	}
-{{- end }}
 {{ with index .Components "es-proxy" }}
 	ComponentEsProxy = component{
 		Version:  "{{ .Version }}",
@@ -385,7 +378,6 @@ var (
 		ComponentElasticsearch,
 		ComponentElasticsearchFIPS,
 		ComponentElasticsearchOperator,
-		ComponentEsCurator,
 		ComponentEsProxy,
 		ComponentFluentd,
 		ComponentFluentdWindows,

diff --git a/pkg/components/enterprise.go b/pkg/components/enterprise.go
@@ -101,12 +101,6 @@ var (
 		Registry: "",
 	}
 
-	ComponentEsCurator = component{
-		Version:  "master",
-		Image:    "tigera/es-curator",
-		Registry: "",
-	}
-
 	ComponentEsProxy = component{
 		Version:  "master",
 		Image:    "tigera/es-proxy",
@@ -334,7 +328,6 @@ var (
 		ComponentElasticsearch,
 		ComponentElasticsearchFIPS,
 		ComponentElasticsearchOperator,
-		ComponentEsCurator,
 		ComponentEsProxy,
 		ComponentFluentd,
 		ComponentFluentdWindows,

diff --git a/pkg/controller/logstorage/elastic/elastic_controller.go b/pkg/controller/logstorage/elastic/elastic_controller.go
@@ -143,7 +143,6 @@ func Add(mgr manager.Manager, opts options.AddOptions) error {
 	go utils.WaitToAddTierWatch(networkpolicy.TigeraComponentTierName, c, k8sClient, log, r.tierWatchReady)
 	go utils.WaitToAddNetworkPolicyWatches(c, k8sClient, log, []types.NamespacedName{
 		{Name: render.ElasticsearchPolicyName, Namespace: render.ElasticsearchNamespace},
-		{Name: render.EsCuratorPolicyName, Namespace: render.ElasticsearchNamespace},
 		{Name: render.KibanaPolicyName, Namespace: render.KibanaNamespace},
 		{Name: render.ECKOperatorPolicyName, Namespace: render.ECKOperatorNamespace},
 		{Name: render.ElasticsearchInternalPolicyName, Namespace: render.ElasticsearchNamespace},
@@ -189,7 +188,6 @@ func Add(mgr manager.Manager, opts options.AddOptions) error {
 		certificatemanagement.CASecretName,
 		monitor.PrometheusClientTLSSecretName,
 		render.ElasticsearchAdminUserSecret,
-		render.ElasticsearchCuratorUserSecret,
 		render.TigeraElasticsearchInternalCertSecret,
 	} {
 		if err = utils.AddSecretsWatch(c, secretName, common.OperatorNamespace()); err != nil {
@@ -387,7 +385,6 @@ func (r *ElasticSubController) Reconcile(ctx context.Context, request reconcile.
 	var clusterConfig *relasticsearch.ClusterConfig
 	var applyTrial bool
 	var keyStoreSecret *corev1.Secret
-	var curatorSecrets []*corev1.Secret
 	var esAdminUserSecret *corev1.Secret
 
 	flowShards := logstoragecommon.CalculateFlowShards(ls.Spec.Nodes, logstoragecommon.DefaultElasticsearchShards)
@@ -424,13 +421,6 @@ func (r *ElasticSubController) Reconcile(ctx context.Context, request reconcile.
 		}
 	}
 
-	// Curator secrets are created by es-kube-controllers
-	curatorSecrets, err = utils.ElasticsearchSecrets(context.Background(), []string{render.ElasticsearchCuratorUserSecret}, r.client)
-	if err != nil && !errors.IsNotFound(err) {
-		r.status.SetDegraded(operatorv1.ResourceReadError, "Failed to get curator credentials", err, reqLogger)
-		return reconcile.Result{}, err
-	}
-
 	// Get the admin user secret to copy to the operator namespace.
 	esAdminUserSecret, err = utils.GetSecret(ctx, r.client, render.ElasticsearchAdminUserSecret, render.ElasticsearchNamespace)
 	if err != nil {
@@ -540,7 +530,6 @@ func (r *ElasticSubController) Reconcile(ctx context.Context, request reconcile.
 		KibanaKeyPair:           kibanaKeyPair,
 		PullSecrets:             pullSecrets,
 		Provider:                r.provider,
-		CuratorSecrets:          curatorSecrets,
 		ESService:               esService,
 		KbService:               kbService,
 		ClusterDomain:           r.clusterDomain,
@@ -578,11 +567,6 @@ func (r *ElasticSubController) Reconcile(ctx context.Context, request reconcile.
 		return reconcile.Result{}, nil
 	}
 
-	if !r.multiTenant && len(curatorSecrets) == 0 {
-		r.status.SetDegraded(operatorv1.ResourceNotReady, "Waiting for curator secrets to become available", nil, reqLogger)
-		return reconcile.Result{}, nil
-	}
-
 	// In multi-tenant mode, ILM programming is created out of band
 	if !r.multiTenant {
 		if err := r.applyILMPolicies(ls, reqLogger, ctx); err != nil {

diff --git a/pkg/controller/logstorage/elastic/elastic_controller_test.go b/pkg/controller/logstorage/elastic/elastic_controller_test.go
@@ -64,15 +64,13 @@ var (
 	eckOperatorObjKey = client.ObjectKey{Name: render.ECKOperatorName, Namespace: render.ECKOperatorNamespace}
 	esObjKey          = client.ObjectKey{Name: render.ElasticsearchName, Namespace: render.ElasticsearchNamespace}
 	kbObjKey          = client.ObjectKey{Name: render.KibanaName, Namespace: render.KibanaNamespace}
-	curatorObjKey     = types.NamespacedName{Namespace: render.ElasticsearchNamespace, Name: render.ESCuratorName}
 
 	esCertSecretOperKey = client.ObjectKey{Name: render.TigeraElasticsearchGatewaySecret, Namespace: common.OperatorNamespace()}
 
 	kbCertSecretOperKey = client.ObjectKey{Name: render.TigeraKibanaCertSecret, Namespace: common.OperatorNamespace()}
 
-	curatorUsrSecretObjMeta = metav1.ObjectMeta{Name: render.ElasticsearchCuratorUserSecret, Namespace: common.OperatorNamespace()}
-	storageClassName        = "test-storage-class"
-	kbDNSNames              = dns.GetServiceDNSNames(render.KibanaServiceName, render.KibanaNamespace, dns.DefaultClusterDomain)
+	storageClassName = "test-storage-class"
+	kbDNSNames       = dns.GetServiceDNSNames(render.KibanaServiceName, render.KibanaNamespace, dns.DefaultClusterDomain)
 
 	successResult = reconcile.Result{}
 )
@@ -315,10 +313,9 @@ var _ = Describe("LogStorage controller", func() {
 				mockStatus.On("Run").Return()
 				mockStatus.On("AddStatefulSets", mock.Anything)
 				mockStatus.On("RemoveCertificateSigningRequests", mock.Anything).Return()
-				mockStatus.On("AddCronJobs", mock.Anything)
 				mockStatus.On("OnCRFound").Return()
 				mockStatus.On("ReadyToMonitor")
-				// mockStatus.On("SetMetaData", mock.Anything).Return()
+				mockStatus.On("RemoveCronJobs", mock.Anything)
 			})
 
 			It("test LogStorage reconciles successfully", func() {
@@ -416,27 +413,16 @@ var _ = Describe("LogStorage controller", func() {
 				}
 				Expect(cli.Update(ctx, &esConfigMap)).NotTo(HaveOccurred())
 
-				mockStatus.On("SetDegraded", operatorv1.ResourceNotReady, "Waiting for curator secrets to become available", mock.Anything, mock.Anything).Return()
+				mockStatus.On("ClearDegraded")
 				result, err = r.Reconcile(ctx, reconcile.Request{})
 				Expect(err).ShouldNot(HaveOccurred())
+				Expect(result).Should(Equal(successResult))
 
 				// Verify that the ConfigMap was reverted to the original state
 				Expect(cli.Get(ctx, esConfigMapKey, &esConfigMap)).NotTo(HaveOccurred())
 				_, ok = esConfigMap.Data["test-field"]
 				Expect(ok).To(BeFalse())
 
-				// Expect to be waiting for curator secret
-				Expect(result).Should(Equal(reconcile.Result{}))
-				Expect(cli.Create(ctx, &corev1.Secret{ObjectMeta: curatorUsrSecretObjMeta})).ShouldNot(HaveOccurred())
-
-				mockStatus.On("ClearDegraded")
-				result, err = r.Reconcile(ctx, reconcile.Request{})
-				Expect(err).ShouldNot(HaveOccurred())
-				Expect(result).Should(Equal(successResult))
-
-				By("confirming curator job is created")
-				Expect(cli.Get(ctx, curatorObjKey, &batchv1.CronJob{})).ShouldNot(HaveOccurred())
-
 				mockStatus.AssertExpectations(GinkgoT())
 			})
 
@@ -535,22 +521,11 @@ var _ = Describe("LogStorage controller", func() {
 				}
 				Expect(cli.Create(ctx, esAdminUserSecret)).ShouldNot(HaveOccurred())
 
-				mockStatus.On("SetDegraded", operatorv1.ResourceNotReady, "Waiting for curator secrets to become available", mock.Anything, mock.Anything).Return()
-				result, err = r.Reconcile(ctx, reconcile.Request{})
-				Expect(err).ShouldNot(HaveOccurred())
-
-				// Expect to be waiting for curator secret
-				Expect(result).Should(Equal(reconcile.Result{}))
-				Expect(cli.Create(ctx, &corev1.Secret{ObjectMeta: curatorUsrSecretObjMeta})).ShouldNot(HaveOccurred())
-
 				mockStatus.On("ClearDegraded")
 				result, err = r.Reconcile(ctx, reconcile.Request{})
 				Expect(err).ShouldNot(HaveOccurred())
 				Expect(result).Should(Equal(successResult))
 
-				By("confirming curator job is created")
-				Expect(cli.Get(ctx, curatorObjKey, &batchv1.CronJob{})).ShouldNot(HaveOccurred())
-
 				By("confirming logstorage is degraded if ConfigMap is not available")
 				mockStatus.On("SetDegraded", operatorv1.ResourceReadError, "Failed to get oidc user Secret and ConfigMap", "configmaps \"tigera-known-oidc-users\" not found", mock.Anything).Return()
 				Expect(cli.Delete(ctx, &corev1.ConfigMap{
@@ -747,7 +722,6 @@ var _ = Describe("LogStorage controller", func() {
 				r, err := NewReconcilerWithShims(cli, scheme, mockStatus, operatorv1.ProviderNone, MockESCLICreator, dns.DefaultClusterDomain, readyFlag)
 				Expect(err).ShouldNot(HaveOccurred())
 
-				mockStatus.On("SetDegraded", operatorv1.ResourceNotReady, "Waiting for curator secrets to become available", mock.Anything, mock.Anything).Return()
 				result, err := r.Reconcile(ctx, reconcile.Request{})
 				Expect(err).ShouldNot(HaveOccurred())
 				Expect(result).Should(Equal(reconcile.Result{}))
@@ -797,6 +771,7 @@ var _ = Describe("LogStorage controller", func() {
 			Context("checking rendered images", func() {
 				BeforeEach(func() {
 					mockStatus.On("ClearDegraded", mock.Anything)
+					mockStatus.On("RemoveCronJobs", mock.Anything)
 
 					CreateLogStorage(cli, &operatorv1.LogStorage{
 						ObjectMeta: metav1.ObjectMeta{
@@ -842,10 +817,6 @@ var _ = Describe("LogStorage controller", func() {
 							ObjectMeta: metav1.ObjectMeta{Namespace: render.ECKOperatorNamespace, Name: render.ECKLicenseConfigMapName},
 							Data:       map[string]string{"eck_license_level": string(render.ElasticsearchLicenseTypeEnterprise)},
 						},
-						&corev1.Secret{ObjectMeta: curatorUsrSecretObjMeta},
-						&corev1.Secret{ObjectMeta: metav1.ObjectMeta{
-							Name: render.ElasticsearchCuratorUserSecret, Namespace: render.ElasticsearchNamespace,
-						}},
 					}
 
 					for _, rec := range resources {
@@ -872,27 +843,8 @@ var _ = Describe("LogStorage controller", func() {
 					_, err = r.Reconcile(ctx, reconcile.Request{})
 					Expect(err).ShouldNot(HaveOccurred())
 
-					By("confirming curator job is created")
-					Expect(cli.Get(ctx, curatorObjKey, &batchv1.CronJob{})).ShouldNot(HaveOccurred())
-
 					mockStatus.AssertExpectations(GinkgoT())
 
-					cj := batchv1.CronJob{
-						TypeMeta: metav1.TypeMeta{Kind: "CronJob", APIVersion: "v1"},
-						ObjectMeta: metav1.ObjectMeta{
-							Name:      render.ESCuratorName,
-							Namespace: render.ElasticsearchNamespace,
-						},
-					}
-					Expect(test.GetResource(cli, &cj)).To(BeNil())
-					Expect(cj.Spec.JobTemplate.Spec.Template.Spec.Containers).To(HaveLen(1))
-					curator := test.GetContainer(cj.Spec.JobTemplate.Spec.Template.Spec.Containers, render.ESCuratorName)
-					Expect(curator).ToNot(BeNil())
-					Expect(curator.Image).To(Equal(
-						fmt.Sprintf("some.registry.org/%s:%s",
-							components.ComponentEsCurator.Image,
-							components.ComponentEsCurator.Version)))
-
 					escfg := esv1.Elasticsearch{
 						TypeMeta: metav1.TypeMeta{Kind: "Elasticsearch", APIVersion: "elasticsearch.k8s.elastic.co/v1"},
 						ObjectMeta: metav1.ObjectMeta{
@@ -950,7 +902,6 @@ var _ = Describe("LogStorage controller", func() {
 								{Image: "tigera/kube-controllers", Digest: "sha256:kubecontrollershash"},
 								{Image: "tigera/kibana", Digest: "sha256:kibanahash"},
 								{Image: "tigera/eck-operator", Digest: "sha256:eckoperatorhash"},
-								{Image: "tigera/es-curator", Digest: "sha256:escuratorhash"},
 								{Image: "tigera/elasticsearch-metrics", Digest: "sha256:esmetricshash"},
 								{Image: "tigera/es-gateway", Digest: "sha256:esgatewayhash"},
 								{Image: "tigera/linseed", Digest: "sha256:linseedhash"},
@@ -976,27 +927,8 @@ var _ = Describe("LogStorage controller", func() {
 					_, err = r.Reconcile(ctx, reconcile.Request{})
 					Expect(err).ShouldNot(HaveOccurred())
 
-					By("confirming curator job is created")
-					Expect(cli.Get(ctx, curatorObjKey, &batchv1.CronJob{})).ShouldNot(HaveOccurred())
-
 					mockStatus.AssertExpectations(GinkgoT())
 
-					cj := batchv1.CronJob{
-						TypeMeta: metav1.TypeMeta{Kind: "CronJob", APIVersion: "v1"},
-						ObjectMeta: metav1.ObjectMeta{
-							Name:      render.ESCuratorName,
-							Namespace: render.ElasticsearchNamespace,
-						},
-					}
-					Expect(test.GetResource(cli, &cj)).To(BeNil())
-					Expect(cj.Spec.JobTemplate.Spec.Template.Spec.Containers).To(HaveLen(1))
-					curator := test.GetContainer(cj.Spec.JobTemplate.Spec.Template.Spec.Containers, render.ESCuratorName)
-					Expect(curator).ToNot(BeNil())
-					Expect(curator.Image).To(Equal(
-						fmt.Sprintf("some.registry.org/%s@%s",
-							components.ComponentEsCurator.Image,
-							"sha256:escuratorhash")))
-
 					escfg := esv1.Elasticsearch{
 						TypeMeta: metav1.TypeMeta{Kind: "Elasticsearch", APIVersion: "elasticsearch.k8s.elastic.co/v1"},
 						ObjectMeta: metav1.ObjectMeta{
@@ -1137,11 +1069,10 @@ var _ = Describe("LogStorage controller", func() {
 				mockStatus.On("Run").Return()
 				mockStatus.On("AddStatefulSets", mock.Anything)
 				mockStatus.On("RemoveCertificateSigningRequests", mock.Anything)
-				mockStatus.On("AddCronJobs", mock.Anything)
 				mockStatus.On("ClearDegraded", mock.Anything)
 				mockStatus.On("OnCRFound").Return()
 				mockStatus.On("ReadyToMonitor")
-				// mockStatus.On("SetMetaData", mock.Anything).Return()
+				mockStatus.On("RemoveCronJobs", mock.Anything)
 				readyFlag = &utils.ReadyFlag{}
 				readyFlag.MarkAsReady()
 			})
@@ -1284,10 +1215,7 @@ func setUpLogStorageComponents(cli client.Client, ctx context.Context, storageCl
 		PullSecrets: []*corev1.Secret{
 			{ObjectMeta: metav1.ObjectMeta{Name: "tigera-pull-secret"}},
 		},
-		Provider: operatorv1.ProviderNone,
-		CuratorSecrets: []*corev1.Secret{
-			{ObjectMeta: metav1.ObjectMeta{Name: render.ElasticsearchCuratorUserSecret, Namespace: common.OperatorNamespace()}},
-		},
+		Provider:           operatorv1.ProviderNone,
 		ClusterDomain:      "cluster.local",
 		ElasticLicenseType: render.ElasticsearchLicenseTypeBasic,
 	}
@@ -1312,7 +1240,6 @@ func setUpLogStorageComponents(cli client.Client, ctx context.Context, storageCl
 
 		Expect(cli.Create(ctx, obj)).ShouldNot(HaveOccurred())
 	}
-	Expect(cli.Create(ctx, &corev1.Secret{ObjectMeta: curatorUsrSecretObjMeta})).ShouldNot(HaveOccurred())
 }
 
 // CreateLogStorage creates a LogStorage object with the given parameters after filling in defaults,

diff --git a/pkg/controller/logstorage/kubecontrollers/es_kube_controllers_test.go b/pkg/controller/logstorage/kubecontrollers/es_kube_controllers_test.go
@@ -253,7 +253,6 @@ var _ = Describe("LogStorage ES kube-controllers controller", func() {
 					{Image: "tigera/kube-controllers", Digest: "sha256:kubecontrollershash"},
 					{Image: "tigera/kibana", Digest: "sha256:kibanahash"},
 					{Image: "tigera/eck-operator", Digest: "sha256:eckoperatorhash"},
-					{Image: "tigera/es-curator", Digest: "sha256:escuratorhash"},
 					{Image: "tigera/elasticsearch-metrics", Digest: "sha256:esmetricshash"},
 					{Image: "tigera/es-gateway", Digest: "sha256:esgatewayhash"},
 					{Image: "tigera/linseed", Digest: "sha256:linseedhash"},

diff --git a/pkg/controller/logstorage/linseed/linseed_controller_test.go b/pkg/controller/logstorage/linseed/linseed_controller_test.go
@@ -230,7 +230,6 @@ var _ = Describe("LogStorage Linseed controller", func() {
 						{Image: "tigera/kube-controllers", Digest: "sha256:kubecontrollershash"},
 						{Image: "tigera/kibana", Digest: "sha256:kibanahash"},
 						{Image: "tigera/eck-operator", Digest: "sha256:eckoperatorhash"},
-						{Image: "tigera/es-curator", Digest: "sha256:escuratorhash"},
 						{Image: "tigera/elasticsearch-metrics", Digest: "sha256:esmetricshash"},
 						{Image: "tigera/es-gateway", Digest: "sha256:esgatewayhash"},
 						{Image: "tigera/linseed", Digest: "sha256:linseedhash"},
@@ -429,7 +428,6 @@ var _ = Describe("LogStorage Linseed controller", func() {
 						{Image: "tigera/kube-controllers", Digest: "sha256:kubecontrollershash"},
 						{Image: "tigera/kibana", Digest: "sha256:kibanahash"},
 						{Image: "tigera/eck-operator", Digest: "sha256:eckoperatorhash"},
-						{Image: "tigera/es-curator", Digest: "sha256:escuratorhash"},
 						{Image: "tigera/elasticsearch-metrics", Digest: "sha256:esmetricshash"},
 						{Image: "tigera/es-gateway", Digest: "sha256:esgatewayhash"},
 						{Image: "tigera/linseed", Digest: "sha256:linseedhash"},

diff --git a/pkg/controller/utils/elasticsearch.go b/pkg/controller/utils/elasticsearch.go
@@ -368,7 +368,7 @@ func (es *esClient) listILMPolicies(ls *operatorv1.LogStorage) map[string]policy
 	minorPctOfTotalDisk := 0.1
 	pctOfDisk := minorPctOfTotalDisk / float64(numOfIndicesWithMinorSpace)
 
-	// Retention is not set in LogStorage for l7, benchmark and events logs, set default values used by curator
+	// Retention is not set in LogStorage for l7, benchmark and events logs
 	return map[string]policyDetail{
 		"tigera_secure_ee_flows": buildILMPolicy(totalEsStorage, majorPctOfTotalDisk, 0.85, int(*ls.Spec.Retention.Flows)),
 		"tigera_secure_ee_dns":   buildILMPolicy(totalEsStorage, majorPctOfTotalDisk, 0.05, int(*ls.Spec.Retention.DNSLogs)),
@@ -479,7 +479,7 @@ func calculateRolloverSize(totalEsStorage int64, diskPercentage float64, diskFor
 // calculateRolloverAge returns max_age to rollover
 // max_age to rollover an index is retention period set in LogStorage divided by ElasticsearchRetentionFactor
 // If retention is < ElasticsearchRetentionFactor, set rollover age to 1 day
-// if retention is 0 days, rollover every 1 hr - we dont want to rollover index every few ms/s set it to 1hr similar to curator cronjob interval
+// if retention is 0 days, rollover every 1 hr - we dont want to rollover index every few ms/s set it to 1hr
 func calculateRolloverAge(retention int) string {
 	var age string
 	if retention <= 0 {

diff --git a/pkg/render/common/elasticsearch/decorator.go b/pkg/render/common/elasticsearch/decorator.go
@@ -81,7 +81,6 @@ func DecorateEnvironment(c corev1.Container, namespace string, cluster, esUserSe
 		},
 		{Name: "ELASTIC_CA", Value: certPath},
 		{Name: "ES_CA_CERT", Value: certPath},
-		{Name: "ES_CURATOR_BACKEND_CERT", Value: certPath},
 	}
 
 	c.Env = append(c.Env, envVars...)