loki/operator/internal/handlers/lokistack_create_or_update.go

package handlers

import (
	"context"
	"fmt"
	"os"

	lokiv1beta1 "github.com/grafana/loki/operator/api/v1beta1"
	"github.com/grafana/loki/operator/internal/external/k8s"
	"github.com/grafana/loki/operator/internal/handlers/internal/gateway"
	"github.com/grafana/loki/operator/internal/handlers/internal/rules"
	"github.com/grafana/loki/operator/internal/handlers/internal/secrets"
	"github.com/grafana/loki/operator/internal/manifests"
	"github.com/grafana/loki/operator/internal/metrics"
	"github.com/grafana/loki/operator/internal/status"

	"github.com/ViaQ/logerr/v2/kverrors"
	"github.com/go-logr/logr"
	corev1 "k8s.io/api/core/v1"
	rbacv1 "k8s.io/api/rbac/v1"
	apierrors "k8s.io/apimachinery/pkg/api/errors"
	"k8s.io/apimachinery/pkg/runtime"
	ctrl "sigs.k8s.io/controller-runtime"
	"sigs.k8s.io/controller-runtime/pkg/client"
)

// CreateOrUpdateLokiStack handles LokiStack create and update events.
func CreateOrUpdateLokiStack(
	ctx context.Context,
	log logr.Logger,
	req ctrl.Request,
	k k8s.Client,
	s *runtime.Scheme,
	flags manifests.FeatureFlags,
) error {
	ll := log.WithValues("lokistack", req.NamespacedName, "event", "createOrUpdate")

	var stack lokiv1beta1.LokiStack
	if err := k.Get(ctx, req.NamespacedName, &stack); err != nil {
		if apierrors.IsNotFound(err) {
			// maybe the user deleted it before we could react? Either way this isn't an issue
			ll.Error(err, "could not find the requested loki stack", "name", req.NamespacedName)
			return nil
		}
		return kverrors.Wrap(err, "failed to lookup lokistack", "name", req.NamespacedName)
	}

	img := os.Getenv(manifests.EnvRelatedImageLoki)
	if img == "" {
		img = manifests.DefaultContainerImage
	}

	gwImg := os.Getenv(manifests.EnvRelatedImageGateway)
	if gwImg == "" {
		gwImg = manifests.DefaultLokiStackGatewayImage
	}

	var storageSecret corev1.Secret
	key := client.ObjectKey{Name: stack.Spec.Storage.Secret.Name, Namespace: stack.Namespace}
	if err := k.Get(ctx, key, &storageSecret); err != nil {
		if apierrors.IsNotFound(err) {
			return &status.DegradedError{
				Message: "Missing object storage secret",
				Reason:  lokiv1beta1.ReasonMissingObjectStorageSecret,
				Requeue: false,
			}
		}
		return kverrors.Wrap(err, "failed to lookup lokistack storage secret", "name", key)
	}

	storage, err := secrets.ExtractStorageSecret(&storageSecret, stack.Spec.Storage.Secret.Type)
	if err != nil {
		return &status.DegradedError{
			Message: fmt.Sprintf("Invalid object storage secret contents: %s", err),
			Reason:  lokiv1beta1.ReasonInvalidObjectStorageSecret,
			Requeue: false,
		}
	}

	var (
		baseDomain    string
		tenantSecrets []*manifests.TenantSecrets
		tenantConfigs map[string]manifests.TenantConfig
	)
	if flags.EnableGateway && stack.Spec.Tenants == nil {
		return &status.DegradedError{
			Message: "Invalid tenants configuration - TenantsSpec cannot be nil when gateway flag is enabled",
			Reason:  lokiv1beta1.ReasonInvalidTenantsConfiguration,
			Requeue: false,
		}
	} else if flags.EnableGateway && stack.Spec.Tenants != nil {
		if err = gateway.ValidateModes(stack); err != nil {
			return &status.DegradedError{
				Message: fmt.Sprintf("Invalid tenants configuration: %s", err),
				Reason:  lokiv1beta1.ReasonInvalidTenantsConfiguration,
				Requeue: false,
			}
		}

		if stack.Spec.Tenants.Mode != lokiv1beta1.OpenshiftLogging {
			tenantSecrets, err = gateway.GetTenantSecrets(ctx, k, req, &stack)
			if err != nil {
				return err
			}
		}

		if stack.Spec.Tenants.Mode == lokiv1beta1.OpenshiftLogging {
			baseDomain, err = gateway.GetOpenShiftBaseDomain(ctx, k, req)
			if err != nil {
				return err
			}
		}

		// extract the existing tenant's id, cookieSecret if exists, otherwise create new.
		tenantConfigs, err = gateway.GetTenantConfigMapData(ctx, k, req)
		if err != nil {
			ll.Error(err, "error in getting tenant config map data")
		}
	}

	var (
		alertingRules  []lokiv1beta1.AlertingRule
		recordingRules []lokiv1beta1.RecordingRule
	)
	if stack.Spec.Rules != nil && stack.Spec.Rules.Enabled {
		alertingRules, recordingRules, err = rules.List(ctx, k, req.Namespace, stack.Spec.Rules)
		if err != nil {
			log.Error(err, "failed to lookup rules", "spec", stack.Spec.Rules)
		}
	}

	// Here we will translate the lokiv1beta1.LokiStack options into manifest options
	opts := manifests.Options{
		Name:              req.Name,
		Namespace:         req.Namespace,
		Image:             img,
		GatewayImage:      gwImg,
		GatewayBaseDomain: baseDomain,
		Stack:             stack.Spec,
		Flags:             flags,
		ObjectStorage:     *storage,
		AlertingRules:     alertingRules,
		RecordingRules:    recordingRules,
		Tenants: manifests.Tenants{
			Secrets: tenantSecrets,
			Configs: tenantConfigs,
		},
	}

	ll.Info("begin building manifests")

	if optErr := manifests.ApplyDefaultSettings(&opts); optErr != nil {
		ll.Error(optErr, "failed to conform options to build settings")
		return optErr
	}

	if flags.EnableGateway {
		if optErr := manifests.ApplyGatewayDefaultOptions(&opts); optErr != nil {
			ll.Error(optErr, "failed to apply defaults options to gateway settings ")
			return err
		}
	}

	objects, err := manifests.BuildAll(opts)
	if err != nil {
		ll.Error(err, "failed to build manifests")
		return err
	}
	ll.Info("manifests built", "count", len(objects))

	var errCount int32

	for _, obj := range objects {
		l := ll.WithValues(
			"object_name", obj.GetName(),
			"object_kind", obj.GetObjectKind(),
		)

		if isNamespaceScoped(obj) {
			obj.SetNamespace(req.Namespace)

			if err := ctrl.SetControllerReference(&stack, obj, s); err != nil {
				l.Error(err, "failed to set controller owner reference to resource")
				errCount++
				continue
			}
		}

		desired := obj.DeepCopyObject().(client.Object)
		mutateFn := manifests.MutateFuncFor(obj, desired)

		op, err := ctrl.CreateOrUpdate(ctx, k, obj, mutateFn)
		if err != nil {
			l.Error(err, "failed to configure resource")
			errCount++
			continue
		}

		l.Info(fmt.Sprintf("Resource has been %s", op))
	}

	if errCount > 0 {
		return kverrors.New("failed to configure lokistack resources", "name", req.NamespacedName)
	}

	// 1x.extra-small is used only for development, so the metrics will not
	// be collected.
	if opts.Stack.Size != lokiv1beta1.SizeOneXExtraSmall {
		metrics.Collect(&opts.Stack, opts.Name)
	}

	return nil
}

func isNamespaceScoped(obj client.Object) bool {
	switch obj.(type) {
	case *rbacv1.ClusterRole, *rbacv1.ClusterRoleBinding:
		return false
	default:
		return true
	}
}
move things out of the controller and into a handler 5 years ago			`package handlers`

			`import (`
			`"context"`
Provide handler for LokiStack create and update events (#27) 5 years ago			`"fmt"`
Ensure bundle dependencies are overwritable bei env (#20) 5 years ago			`"os"`
move things out of the controller and into a handler 5 years ago
Fix `go.mod` path of operator (#5287) * fix go mod path of operator * change import path in all operator files 4 years ago			`lokiv1beta1 "github.com/grafana/loki/operator/api/v1beta1"`
			`"github.com/grafana/loki/operator/internal/external/k8s"`
			`"github.com/grafana/loki/operator/internal/handlers/internal/gateway"`
operator: Add rules support (#5986) 4 years ago			`"github.com/grafana/loki/operator/internal/handlers/internal/rules"`
Fix `go.mod` path of operator (#5287) * fix go mod path of operator * change import path in all operator files 4 years ago			`"github.com/grafana/loki/operator/internal/handlers/internal/secrets"`
			`"github.com/grafana/loki/operator/internal/manifests"`
			`"github.com/grafana/loki/operator/internal/metrics"`
			`"github.com/grafana/loki/operator/internal/status"`
Fix olm-based deployments on openshift (#96) 4 years ago
operator: logerr v2 update (#5987) 4 years ago			`"github.com/ViaQ/logerr/v2/kverrors"`
operator: Update operator-sdk to 1.18.1 (#5704) 4 years ago			`"github.com/go-logr/logr"`
Add reconciliation for the s3 object storage secret (#33) 5 years ago			`corev1 "k8s.io/api/core/v1"`
Add OpenShift Auth native support (#94) 4 years ago			`rbacv1 "k8s.io/api/rbac/v1"`
move things out of the controller and into a handler 5 years ago			`apierrors "k8s.io/apimachinery/pkg/api/errors"`
Provide handler for LokiStack create and update events (#27) 5 years ago			`"k8s.io/apimachinery/pkg/runtime"`
move things out of the controller and into a handler 5 years ago			`ctrl "sigs.k8s.io/controller-runtime"`
			`"sigs.k8s.io/controller-runtime/pkg/client"`
			`)`

Provide handler for LokiStack create and update events (#27) 5 years ago			`// CreateOrUpdateLokiStack handles LokiStack create and update events.`
operator: Fix immediate reset of degraded condition (#5691) 4 years ago			`func CreateOrUpdateLokiStack(`
			`ctx context.Context,`
			`log logr.Logger,`
			`req ctrl.Request,`
			`k k8s.Client,`
			`s *runtime.Scheme,`
			`flags manifests.FeatureFlags,`
			`) error {`
Provide handler for LokiStack create and update events (#27) 5 years ago			`ll := log.WithValues("lokistack", req.NamespacedName, "event", "createOrUpdate")`
move things out of the controller and into a handler 5 years ago
			`var stack lokiv1beta1.LokiStack`
add some tests 5 years ago			`if err := k.Get(ctx, req.NamespacedName, &stack); err != nil {`
move things out of the controller and into a handler 5 years ago			`if apierrors.IsNotFound(err) {`
			`// maybe the user deleted it before we could react? Either way this isn't an issue`
			`ll.Error(err, "could not find the requested loki stack", "name", req.NamespacedName)`
			`return nil`
			`}`
fix missing error return (#11) 5 years ago			`return kverrors.Wrap(err, "failed to lookup lokistack", "name", req.NamespacedName)`
move things out of the controller and into a handler 5 years ago			`}`

Add OpenShift Auth native support (#94) 4 years ago			`img := os.Getenv(manifests.EnvRelatedImageLoki)`
Ensure bundle dependencies are overwritable bei env (#20) 5 years ago			`if img == "" {`
			`img = manifests.DefaultContainerImage`
			`}`

Add OpenShift Auth native support (#94) 4 years ago			`gwImg := os.Getenv(manifests.EnvRelatedImageGateway)`
			`if gwImg == "" {`
			`gwImg = manifests.DefaultLokiStackGatewayImage`
			`}`

Add support for additional storage backends in operator (#5432) 4 years ago			`var storageSecret corev1.Secret`
Add reconciliation for the s3 object storage secret (#33) 5 years ago			`key := client.ObjectKey{Name: stack.Spec.Storage.Secret.Name, Namespace: stack.Namespace}`
Add support for additional storage backends in operator (#5432) 4 years ago			`if err := k.Get(ctx, key, &storageSecret); err != nil {`
Add reconciliation for the s3 object storage secret (#33) 5 years ago			`if apierrors.IsNotFound(err) {`
operator: Fix immediate reset of degraded condition (#5691) 4 years ago			`return &status.DegradedError{`
			`Message: "Missing object storage secret",`
			`Reason: lokiv1beta1.ReasonMissingObjectStorageSecret,`
			`Requeue: false,`
			`}`
Add reconciliation for the s3 object storage secret (#33) 5 years ago			`}`
Add support for additional storage backends in operator (#5432) 4 years ago			`return kverrors.Wrap(err, "failed to lookup lokistack storage secret", "name", key)`
Add reconciliation for the s3 object storage secret (#33) 5 years ago			`}`

Add support for additional storage backends in operator (#5432) 4 years ago			`storage, err := secrets.ExtractStorageSecret(&storageSecret, stack.Spec.Storage.Secret.Type)`
Add reconciliation for the s3 object storage secret (#33) 5 years ago			`if err != nil {`
operator: Fix immediate reset of degraded condition (#5691) 4 years ago			`return &status.DegradedError{`
operator: Add method to get authenticated from GCP (#6125) 4 years ago			`Message: fmt.Sprintf("Invalid object storage secret contents: %s", err),`
operator: Fix immediate reset of degraded condition (#5691) 4 years ago			`Reason: lokiv1beta1.ReasonInvalidObjectStorageSecret,`
			`Requeue: false,`
			`}`
Add reconciliation for the s3 object storage secret (#33) 5 years ago			`}`

Fix olm-based deployments on openshift (#96) 4 years ago			`var (`
operator: Add rules support (#5986) 4 years ago			`baseDomain string`
			`tenantSecrets []*manifests.TenantSecrets`
			`tenantConfigs map[string]manifests.TenantConfig`
Fix olm-based deployments on openshift (#96) 4 years ago			`)`
[operator] Add degraded condition when gateway is enabled and tenants spec is nil (#5383) * deploy gateway when both flag, specs provided * run in degraded when invalid config provided * return nil after applying degraded condition 4 years ago			`if flags.EnableGateway && stack.Spec.Tenants == nil {`
operator: Fix immediate reset of degraded condition (#5691) 4 years ago			`return &status.DegradedError{`
			`Message: "Invalid tenants configuration - TenantsSpec cannot be nil when gateway flag is enabled",`
			`Reason: lokiv1beta1.ReasonInvalidTenantsConfiguration,`
			`Requeue: false,`
			`}`
[operator] Add degraded condition when gateway is enabled and tenants spec is nil (#5383) * deploy gateway when both flag, specs provided * run in degraded when invalid config provided * return nil after applying degraded condition 4 years ago			`} else if flags.EnableGateway && stack.Spec.Tenants != nil {`
Add lokistack-gateway configuration (#77) 4 years ago			`if err = gateway.ValidateModes(stack); err != nil {`
operator: Fix immediate reset of degraded condition (#5691) 4 years ago			`return &status.DegradedError{`
			`Message: fmt.Sprintf("Invalid tenants configuration: %s", err),`
			`Reason: lokiv1beta1.ReasonInvalidTenantsConfiguration,`
			`Requeue: false,`
			`}`
Add lokistack-gateway configuration (#77) 4 years ago			`}`

Add OpenShift Auth native support (#94) 4 years ago			`if stack.Spec.Tenants.Mode != lokiv1beta1.OpenshiftLogging {`
			`tenantSecrets, err = gateway.GetTenantSecrets(ctx, k, req, &stack)`
			`if err != nil {`
			`return err`
			`}`
Add lokistack-gateway configuration (#77) 4 years ago			`}`
Fix olm-based deployments on openshift (#96) 4 years ago
			`if stack.Spec.Tenants.Mode == lokiv1beta1.OpenshiftLogging {`
			`baseDomain, err = gateway.GetOpenShiftBaseDomain(ctx, k, req)`
			`if err != nil {`
operator: Fix immediate reset of degraded condition (#5691) 4 years ago			`return err`
Fix olm-based deployments on openshift (#96) 4 years ago			`}`
operator: Add rules support (#5986) 4 years ago			`}`
LOG-1874: lokistack-gateway component restarting too many times on OpenShift (#100) 4 years ago
operator: Add rules support (#5986) 4 years ago			`// extract the existing tenant's id, cookieSecret if exists, otherwise create new.`
			`tenantConfigs, err = gateway.GetTenantConfigMapData(ctx, k, req)`
			`if err != nil {`
			`ll.Error(err, "error in getting tenant config map data")`
			`}`
			`}`

			`var (`
			`alertingRules []lokiv1beta1.AlertingRule`
			`recordingRules []lokiv1beta1.RecordingRule`
			`)`
			`if stack.Spec.Rules != nil && stack.Spec.Rules.Enabled {`
			`alertingRules, recordingRules, err = rules.List(ctx, k, req.Namespace, stack.Spec.Rules)`
			`if err != nil {`
			`log.Error(err, "failed to lookup rules", "spec", stack.Spec.Rules)`
Fix olm-based deployments on openshift (#96) 4 years ago			`}`
Add lokistack-gateway configuration (#77) 4 years ago			`}`

Add reconciliation for the s3 object storage secret (#33) 5 years ago			`// Here we will translate the lokiv1beta1.LokiStack options into manifest options`
move things out of the controller and into a handler 5 years ago			`opts := manifests.Options{`
Fix olm-based deployments on openshift (#96) 4 years ago			`Name: req.Name,`
			`Namespace: req.Namespace,`
			`Image: img,`
			`GatewayImage: gwImg,`
			`GatewayBaseDomain: baseDomain,`
			`Stack: stack.Spec,`
			`Flags: flags,`
			`ObjectStorage: *storage,`
operator: Add rules support (#5986) 4 years ago			`AlertingRules: alertingRules,`
			`RecordingRules: recordingRules,`
			`Tenants: manifests.Tenants{`
			`Secrets: tenantSecrets,`
			`Configs: tenantConfigs,`
			`},`
move things out of the controller and into a handler 5 years ago			`}`

			`ll.Info("begin building manifests")`

Creating telemetry metrics for loki operator based on complete build spec (#32) 5 years ago			`if optErr := manifests.ApplyDefaultSettings(&opts); optErr != nil {`
			`ll.Error(optErr, "failed to conform options to build settings")`
			`return optErr`
			`}`

Add support for openshift-logging tenant mode (#93) 4 years ago			`if flags.EnableGateway {`
			`if optErr := manifests.ApplyGatewayDefaultOptions(&opts); optErr != nil {`
			`ll.Error(optErr, "failed to apply defaults options to gateway settings ")`
			`return err`
			`}`
			`}`

move things out of the controller and into a handler 5 years ago			`objects, err := manifests.BuildAll(opts)`
			`if err != nil {`
			`ll.Error(err, "failed to build manifests")`
			`return err`
			`}`
			`ll.Info("manifests built", "count", len(objects))`
Provide handler for LokiStack create and update events (#27) 5 years ago
			`var errCount int32`
Creating telemetry metrics for loki operator based on complete build spec (#32) 5 years ago
move things out of the controller and into a handler 5 years ago			`for _, obj := range objects {`
Provide handler for LokiStack create and update events (#27) 5 years ago			`l := ll.WithValues(`
			`"object_name", obj.GetName(),`
move things out of the controller and into a handler 5 years ago			`"object_kind", obj.GetObjectKind(),`
Provide handler for LokiStack create and update events (#27) 5 years ago			`)`
move things out of the controller and into a handler 5 years ago
Add OpenShift Auth native support (#94) 4 years ago			`if isNamespaceScoped(obj) {`
			`obj.SetNamespace(req.Namespace)`
Provide handler for LokiStack create and update events (#27) 5 years ago
Add OpenShift Auth native support (#94) 4 years ago			`if err := ctrl.SetControllerReference(&stack, obj, s); err != nil {`
			`l.Error(err, "failed to set controller owner reference to resource")`
			`errCount++`
			`continue`
			`}`
move things out of the controller and into a handler 5 years ago			`}`
Provide handler for LokiStack create and update events (#27) 5 years ago
			`desired := obj.DeepCopyObject().(client.Object)`
operator: logerr v2 update (#5987) 4 years ago			`mutateFn := manifests.MutateFuncFor(obj, desired)`
Provide handler for LokiStack create and update events (#27) 5 years ago
			`op, err := ctrl.CreateOrUpdate(ctx, k, obj, mutateFn)`
			`if err != nil {`
			`l.Error(err, "failed to configure resource")`
			`errCount++`
			`continue`
			`}`
Creating telemetry metrics for loki operator based on complete build spec (#32) 5 years ago
Provide handler for LokiStack create and update events (#27) 5 years ago			`l.Info(fmt.Sprintf("Resource has been %s", op))`
move things out of the controller and into a handler 5 years ago			`}`

Provide handler for LokiStack create and update events (#27) 5 years ago			`if errCount > 0 {`
			`return kverrors.New("failed to configure lokistack resources", "name", req.NamespacedName)`
			`}`
move things out of the controller and into a handler 5 years ago
Creating telemetry metrics for loki operator based on complete build spec (#32) 5 years ago			`// 1x.extra-small is used only for development, so the metrics will not`
			`// be collected.`
			`if opts.Stack.Size != lokiv1beta1.SizeOneXExtraSmall {`
			`metrics.Collect(&opts.Stack, opts.Name)`
			`}`

Provide handler for LokiStack create and update events (#27) 5 years ago			`return nil`
move things out of the controller and into a handler 5 years ago			`}`
Add OpenShift Auth native support (#94) 4 years ago
			`func isNamespaceScoped(obj client.Object) bool {`
			`switch obj.(type) {`
			`case rbacv1.ClusterRole, rbacv1.ClusterRoleBinding:`
			`return false`
			`default:`
			`return true`
			`}`
			`}`