Operator: Config and bundle manifest changes for Lokistack API ObjectstorageTLS CA certificate key addition (#7256)

3 years ago · eb949e2907
parent dab6a24541
commit eb949e2907
6 changed files with 27 additions and 3 deletions
--- a/operator/apis/loki/v1/lokistack_types.go
+++ b/operator/apis/loki/v1/lokistack_types.go
@ -332,7 +332,7 @@ type ObjectStorageTLSSpec struct {
 	// +kubebuilder:validation:optional
 	// +kubebuilder:default:=service-ca.crt
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:io.kubernetes:ConfigMap",displayName="CA ConfigMap Key"
-	Key string `json:"caKey,omitempty"`
+	CAKey string `json:"caKey,omitempty"`
 	// CA is the name of a ConfigMap containing a CA certificate.
 	// It needs to be in the same namespace as the LokiStack custom resource.
 	//
--- a/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml
+++ b/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml
@ -464,6 +464,12 @@ spec:
      - description: TLS configuration for reaching the object storage endpoint.
        displayName: TLS Config
        path: storage.tls
+      - description: Key is the data key of a ConfigMap containing a CA certificate.
+          It needs to be in the same namespace as the LokiStack custom resource.
+        displayName: CA ConfigMap Key
+        path: storage.tls.caKey
+        x-descriptors:
+        - urn:alm:descriptor:io.kubernetes:ConfigMap
      - description: CA is the name of a ConfigMap containing a CA certificate. It
          needs to be in the same namespace as the LokiStack custom resource.
        displayName: CA ConfigMap Name
--- a/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml
+++ b/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml
@ -452,6 +452,12 @@ spec:
                    description: TLS configuration for reaching the object storage
                      endpoint.
                    properties:
+                      caKey:
+                        default: service-ca.crt
+                        description: Key is the data key of a ConfigMap containing
+                          a CA certificate. It needs to be in the same namespace as
+                          the LokiStack custom resource.
+                        type: string
                      caName:
                        description: CA is the name of a ConfigMap containing a CA
                          certificate. It needs to be in the same namespace as the
--- a/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml
+++ b/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml
@ -435,6 +435,12 @@ spec:
                    description: TLS configuration for reaching the object storage
                      endpoint.
                    properties:
+                      caKey:
+                        default: service-ca.crt
+                        description: Key is the data key of a ConfigMap containing
+                          a CA certificate. It needs to be in the same namespace as
+                          the LokiStack custom resource.
+                        type: string
                      caName:
                        description: CA is the name of a ConfigMap containing a CA
                          certificate. It needs to be in the same namespace as the
--- a/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml
+++ b/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml
@ -319,6 +319,12 @@ spec:
      - description: TLS configuration for reaching the object storage endpoint.
        displayName: TLS Config
        path: storage.tls
+      - description: Key is the data key of a ConfigMap containing a CA certificate.
+          It needs to be in the same namespace as the LokiStack custom resource.
+        displayName: CA ConfigMap Key
+        path: storage.tls.caKey
+        x-descriptors:
+        - urn:alm:descriptor:io.kubernetes:ConfigMap
      - description: CA is the name of a ConfigMap containing a CA certificate. It
          needs to be in the same namespace as the LokiStack custom resource.
        displayName: CA ConfigMap Name
--- a/operator/internal/handlers/lokistack_create_or_update.go
+++ b/operator/internal/handlers/lokistack_create_or_update.go
@ -112,7 +112,7 @@ func CreateOrUpdateLokiStack(
 			return kverrors.Wrap(err, "failed to lookup lokistack object storage CA config map", "name", key)
 		}

-		if !storage.IsValidCAConfigMap(&cm, stack.Spec.Storage.TLS.Key) {
+		if !storage.IsValidCAConfigMap(&cm, stack.Spec.Storage.TLS.CAKey) {
 			return &status.DegradedError{
 				Message: "Invalid object storage CA configmap contents: missing key or no contents",
 				Reason:  lokiv1.ReasonInvalidObjectStorageCAConfigMap,
@ -120,7 +120,7 @@ func CreateOrUpdateLokiStack(
 			}
 		}

-		objStore.TLS = &storageoptions.TLSConfig{CA: cm.Name, Key: stack.Spec.Storage.TLS.Key}
+		objStore.TLS = &storageoptions.TLSConfig{CA: cm.Name, Key: stack.Spec.Storage.TLS.CAKey}
 	}

 	var (