Commit 6d3ea839 authored by Edmund Ochieng's avatar Edmund Ochieng

use runner token secret in volumes

parent e7db46e8
......@@ -205,7 +205,7 @@ func GetDeployment(cr *gitlabv1beta1.Runner) *appsv1.Deployment {
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: cr.Name + "-runner-secret",
Name: RegistrationTokenSecretName(cr),
},
Key: "runner-token",
},
......@@ -216,7 +216,7 @@ func GetDeployment(cr *gitlabv1beta1.Runner) *appsv1.Deployment {
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: cr.Name + "-runner-secret",
Name: RegistrationTokenSecretName(cr),
},
Key: "runner-registration-token",
},
......@@ -445,7 +445,7 @@ func runnerSecretsVolume(cr *gitlabv1beta1.Runner) []corev1.VolumeProjection {
{
Secret: &corev1.SecretProjection{
LocalObjectReference: corev1.LocalObjectReference{
Name: cr.Name + "-runner-secret",
Name: RegistrationTokenSecretName(cr),
},
Items: []corev1.KeyToPath{
{
......@@ -514,3 +514,21 @@ func runnerConfig(cr *gitlabv1beta1.Runner) (options runnerOptions) {
return
}
// RegistrationTokenSecretName returns name of secret containing the
// runner-registration-token and runner-token keys
func RegistrationTokenSecretName(cr *gitlabv1beta1.Runner) string {
var tokenSecretName string
if cr.Spec.Gitlab.Name != "" {
tokenSecretName = cr.Spec.Gitlab.Name + "-runner-token-secret"
}
if cr.Spec.RegistrationToken != "" {
// If user provides a secret with registration token
// set it to the gitlab secret
tokenSecretName = cr.Spec.RegistrationToken
}
return tokenSecretName
}
package runner
import (
gitlabv1beta1 "gitlab.com/gitlab-org/gl-openshift/gitlab-operator/api/v1beta1"
gitlabutils "gitlab.com/gitlab-org/gl-openshift/gitlab-operator/controllers/utils"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
)
// GetSecret returns the runners secret object
func GetSecret(client client.Client, cr *gitlabv1beta1.Runner) (*corev1.Secret, error) {
labels := gitlabutils.Label(cr.Name, "runner", gitlabutils.RunnerType)
var gitlabSecret, token string
var err error
if cr.Spec.Gitlab.Name != "" {
gitlabSecret = cr.Spec.Gitlab.Name + "-runner-token-secret"
}
if cr.Spec.RegistrationToken != "" {
// If user provides a secret with registration token
// set it to the gitlab secret
gitlabSecret = cr.Spec.RegistrationToken
}
token, err = gitlabutils.GetSecretValue(client, cr.Namespace, gitlabSecret, "runner-registration-token")
if err != nil {
return nil, err
}
runnerSecret := gitlabutils.GenericSecret(labels["app.kubernetes.io/instance"]+"-secret", cr.Namespace, labels)
runnerSecret.StringData = map[string]string{
"runner-registration-token": token,
"runner-token": "",
}
return runnerSecret, nil
}
......@@ -18,6 +18,7 @@ package controllers
import (
"context"
"fmt"
"reflect"
"github.com/go-logr/logr"
......@@ -66,7 +67,7 @@ func (r *RunnerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
return ctrl.Result{}, err
}
if err := r.reconcileSecrets(ctx, runner); err != nil {
if err := r.validateRegistrationTokenSecret(ctx, runner); err != nil {
return ctrl.Result{}, err
}
......@@ -74,7 +75,7 @@ func (r *RunnerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
return ctrl.Result{}, err
}
if err := r.reconcileStatus(runner); err != nil {
if err := r.reconcileStatus(ctx, runner); err != nil {
return ctrl.Result{}, err
}
......@@ -100,34 +101,6 @@ func (r *RunnerReconciler) SetupWithManager(mgr ctrl.Manager) error {
Complete(r)
}
func (r *RunnerReconciler) reconcileSecrets(ctx context.Context, cr *gitlabv1beta1.Runner) error {
tokens, err := runnerctl.GetSecret(r, cr)
if err != nil {
return err
}
found := &corev1.Secret{}
err = r.Get(ctx, types.NamespacedName{Name: tokens.Name, Namespace: cr.Namespace}, found)
if err != nil {
if errors.IsNotFound(err) {
if err := controllerutil.SetControllerReference(cr, tokens, r.Scheme); err != nil {
return err
}
return r.Create(ctx, tokens)
}
return err
}
if !reflect.DeepEqual(tokens.Data, found.Data) {
found.Data = tokens.Data
return r.Update(ctx, found)
}
return nil
}
func (r *RunnerReconciler) reconcileConfigMaps(ctx context.Context, cr *gitlabv1beta1.Runner) error {
configs := runnerctl.GetConfigMap(cr)
......@@ -178,9 +151,9 @@ func (r *RunnerReconciler) reconcileDeployments(ctx context.Context, cr *gitlabv
return nil
}
func (r *RunnerReconciler) updateRunnerStatus(cr *gitlabv1beta1.Runner, consoleLog string) error {
func (r *RunnerReconciler) updateRunnerStatus(ctx context.Context, cr *gitlabv1beta1.Runner, consoleLog string) error {
runner := &gitlabv1beta1.Runner{}
err := r.Get(context.TODO(), types.NamespacedName{Name: cr.Name, Namespace: cr.Namespace}, runner)
err := r.Get(ctx, types.NamespacedName{Name: cr.Name, Namespace: cr.Namespace}, runner)
if err != nil {
return err
}
......@@ -192,10 +165,10 @@ func (r *RunnerReconciler) updateRunnerStatus(cr *gitlabv1beta1.Runner, consoleL
runner.Status.Phase = "Initializing"
}
return r.Status().Update(context.TODO(), runner)
return r.Status().Update(ctx, runner)
}
func (r *RunnerReconciler) reconcileStatus(cr *gitlabv1beta1.Runner) error {
func (r *RunnerReconciler) reconcileStatus(ctx context.Context, cr *gitlabv1beta1.Runner) error {
client, err := gitlabutils.KubernetesConfig().NewKubernetesClient()
if err != nil {
......@@ -215,7 +188,7 @@ func (r *RunnerReconciler) reconcileStatus(cr *gitlabv1beta1.Runner) error {
}
}
if err := r.updateRunnerStatus(cr, log); err != nil {
if err := r.updateRunnerStatus(ctx, cr, log); err != nil {
return err
}
......@@ -276,7 +249,29 @@ func (r *RunnerReconciler) reconcileServiceMonitor(ctx context.Context, cr *gitl
return nil
}
func (r *RunnerReconciler) validateRegistrationSecret(ctx context.Context, cr *gitlabv1beta1.Runner) error {
func (r *RunnerReconciler) validateRegistrationTokenSecret(ctx context.Context, cr *gitlabv1beta1.Runner) error {
tokenSecretName := runnerctl.RegistrationTokenSecretName(cr)
found := &corev1.Secret{}
err := r.Get(ctx, types.NamespacedName{Name: tokenSecretName, Namespace: cr.Namespace}, found)
if err != nil {
return err
}
registrationToken, ok := found.Data["runner-registration-token"]
if !ok {
return fmt.Errorf("runner-registration-token key not found in %s secret", tokenSecretName)
}
tokenStr := string(registrationToken)
if tokenStr == "" {
return fmt.Errorf("runner-registration-token can not be empty")
}
if _, ok := found.StringData["runner-token"]; !ok {
found.Data["runner-token"] = []byte("")
return r.Update(ctx, found)
}
return nil
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment