github.com/IBM-Blockchain/fabric-operator@v1.0.4/pkg/offering/k8s/ca/ca.go (about) 1 /* 2 * Copyright contributors to the Hyperledger Fabric Operator project 3 * 4 * SPDX-License-Identifier: Apache-2.0 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at: 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 package k8sca 20 21 import ( 22 "context" 23 "fmt" 24 "strings" 25 26 current "github.com/IBM-Blockchain/fabric-operator/api/v1beta1" 27 config "github.com/IBM-Blockchain/fabric-operator/operatorconfig" 28 k8sclient "github.com/IBM-Blockchain/fabric-operator/pkg/k8s/controllerclient" 29 "github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources" 30 resourcemanager "github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources/manager" 31 baseca "github.com/IBM-Blockchain/fabric-operator/pkg/offering/base/ca" 32 basecaoverride "github.com/IBM-Blockchain/fabric-operator/pkg/offering/base/ca/override" 33 "github.com/IBM-Blockchain/fabric-operator/pkg/offering/common" 34 override "github.com/IBM-Blockchain/fabric-operator/pkg/offering/k8s/ca/override" 35 "github.com/IBM-Blockchain/fabric-operator/pkg/operatorerrors" 36 "github.com/IBM-Blockchain/fabric-operator/pkg/util" 37 "github.com/IBM-Blockchain/fabric-operator/version" 38 "github.com/pkg/errors" 39 networkingv1 "k8s.io/api/networking/v1" 40 networkingv1beta1 "k8s.io/api/networking/v1beta1" 41 v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 42 "k8s.io/apimachinery/pkg/runtime" 43 "sigs.k8s.io/controller-runtime/pkg/client" 44 logf "sigs.k8s.io/controller-runtime/pkg/log" 45 "sigs.k8s.io/controller-runtime/pkg/reconcile" 46 ) 47 48 var log = logf.Log.WithName("k8s_ca") 49 50 type Override interface { 51 baseca.Override 52 Ingress(v1.Object, *networkingv1.Ingress, resources.Action) error 53 Ingressv1beta1(v1.Object, *networkingv1beta1.Ingress, resources.Action) error 54 } 55 56 var _ baseca.IBPCA = &CA{} 57 58 type CA struct { 59 *baseca.CA 60 61 IngressManager resources.Manager 62 Ingressv1beta1Manager resources.Manager 63 64 Override Override 65 } 66 67 func New(client k8sclient.Client, scheme *runtime.Scheme, config *config.Config) *CA { 68 o := &override.Override{ 69 Override: basecaoverride.Override{ 70 Client: client, 71 }, 72 } 73 ca := &CA{ 74 CA: baseca.New(client, scheme, config, o), 75 Override: o, 76 } 77 ca.CreateManagers() 78 return ca 79 } 80 81 func (ca *CA) CreateManagers() { 82 resourceManager := resourcemanager.New(ca.Client, ca.Scheme) 83 ca.IngressManager = resourceManager.CreateIngressManager("", ca.Override.Ingress, ca.GetLabels, ca.Config.CAInitConfig.IngressFile) 84 ca.Ingressv1beta1Manager = resourceManager.CreateIngressv1beta1Manager("", ca.Override.Ingressv1beta1, ca.GetLabels, ca.Config.CAInitConfig.Ingressv1beta1File) 85 } 86 87 func (ca *CA) Reconcile(instance *current.IBPCA, update baseca.Update) (common.Result, error) { 88 89 var err error 90 91 versionSet, err := ca.SetVersion(instance) 92 if err != nil { 93 return common.Result{}, errors.Wrap(err, fmt.Sprintf("failed updating CR '%s' to version '%s'", instance.Name, version.Operator)) 94 } 95 if versionSet { 96 log.Info("Instance version updated, requeuing request...") 97 return common.Result{ 98 Result: reconcile.Result{ 99 Requeue: true, 100 }, 101 }, nil 102 } 103 104 instanceUpdated, err := ca.PreReconcileChecks(instance, update) 105 if err != nil { 106 return common.Result{}, errors.Wrap(err, "failed pre reconcile checks") 107 } 108 109 if instanceUpdated { 110 log.Info("Updating instance after pre reconcile checks") 111 err := ca.Client.Patch(context.TODO(), instance, nil, k8sclient.PatchOption{ 112 Resilient: &k8sclient.ResilientPatch{ 113 Retry: 3, 114 Into: ¤t.IBPCA{}, 115 Strategy: client.MergeFrom, 116 }, 117 }) 118 if err != nil { 119 return common.Result{}, errors.Wrap(err, "failed to update instance") 120 } 121 122 log.Info("Instance updated, requeuing request...") 123 return common.Result{ 124 Result: reconcile.Result{ 125 Requeue: true, 126 }, 127 }, nil 128 } 129 130 err = ca.AddTLSCryptoIfMissing(instance, ca.GetEndpointsDNS(instance)) 131 if err != nil { 132 return common.Result{}, errors.Wrap(err, "failed to generate tls crypto") 133 } 134 135 err = ca.Initialize(instance, update) 136 if err != nil { 137 return common.Result{}, operatorerrors.Wrap(err, operatorerrors.CAInitilizationFailed, "failed to initialize ca") 138 } 139 140 err = ca.ReconcileManagers(instance, update) 141 if err != nil { 142 return common.Result{}, errors.Wrap(err, "failed to reconcile managers") 143 } 144 145 if update.CATagUpdated() { 146 if err := ca.ReconcileFabricCAMigration(instance); err != nil { 147 return common.Result{}, operatorerrors.Wrap(err, operatorerrors.FabricCAMigrationFailed, "failed to migrate fabric ca versions") 148 } 149 } 150 151 err = ca.UpdateConnectionProfile(instance) 152 if err != nil { 153 return common.Result{}, errors.Wrap(err, "failed to create connection profile") 154 } 155 156 err = ca.CheckStates(instance) 157 if err != nil { 158 return common.Result{}, errors.Wrap(err, "failed to check and restore state") 159 } 160 161 status, err := ca.CheckCertificates(instance) 162 if err != nil { 163 return common.Result{}, errors.Wrap(err, "failed to check for expiring certificates") 164 } 165 166 if update.CACryptoUpdated() { 167 err = ca.Restart.ForTLSReenroll(instance) 168 if err != nil { 169 return common.Result{}, errors.Wrap(err, "failed to update restart config") 170 } 171 } 172 173 err = ca.HandleActions(instance, update) 174 if err != nil { 175 return common.Result{}, err 176 } 177 178 err = ca.HandleRestart(instance, update) 179 if err != nil { 180 return common.Result{}, err 181 } 182 183 return common.Result{ 184 Status: status, 185 }, nil 186 } 187 188 func (ca *CA) ReconcileManagers(instance *current.IBPCA, update baseca.Update) error { 189 err := ca.CA.ReconcileManagers(instance, update) 190 if err != nil { 191 return err 192 } 193 194 err = ca.ReconcileIngressManager(instance, update.SpecUpdated()) 195 if err != nil { 196 return err 197 } 198 199 return nil 200 } 201 202 func (ca *CA) ReconcileIngressManager(instance *current.IBPCA, update bool) error { 203 if ca.Config.Operator.Globals.AllowKubernetesEighteen == "true" { 204 // check k8s version 205 version, err := util.GetServerVersion() 206 if err != nil { 207 return err 208 } 209 if strings.Compare(version.Minor, "19") < 0 { // v1beta 210 err = ca.Ingressv1beta1Manager.Reconcile(instance, update) 211 if err != nil { 212 return errors.Wrap(err, "failed Ingressv1beta1 reconciliation") 213 } 214 } else { 215 err = ca.IngressManager.Reconcile(instance, update) 216 if err != nil { 217 return errors.Wrap(err, "failed Ingress reconciliation") 218 } 219 } 220 } else { 221 err := ca.IngressManager.Reconcile(instance, update) 222 if err != nil { 223 return errors.Wrap(err, "failed Ingress reconciliation") 224 } 225 } 226 return nil 227 }