diff --git a/operator/CHANGELOG.md b/operator/CHANGELOG.md index 22f005edaf..5b7b0ba357 100644 --- a/operator/CHANGELOG.md +++ b/operator/CHANGELOG.md @@ -1,5 +1,6 @@ ## Main +- [7682](https://github.com/grafana/loki/pull/7682) **periklis**: Refactor cluster proxy to use configv1.Proxy on OpenShift - [7711](https://github.com/grafana/loki/pull/7711) **Red-GV**: Remove default value from replicationFactor field - [7617](https://github.com/grafana/loki/pull/7617) **Red-GV**: Modify ingestionRate for respective shirt size - [7592](https://github.com/grafana/loki/pull/7592) **aminesnow**: Update API docs generation using gen-crd-api-reference-docs diff --git a/operator/apis/loki/v1/lokistack_types.go b/operator/apis/loki/v1/lokistack_types.go index a8edcf08a6..30d33941d7 100644 --- a/operator/apis/loki/v1/lokistack_types.go +++ b/operator/apis/loki/v1/lokistack_types.go @@ -343,13 +343,6 @@ type ClusterProxy struct { // +kubebuilder:validation:optional // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="NoProxy" NoProxy string `json:"noProxy,omitempty"` - // ReadVarsFromEnv defines a flag to use Operator-lib provides a helper function - // - // +optional - // +kubebuilder:validation:optional - // +kubebuilder:default:=false - // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:com.tectonic.ui:booleanSwitch",displayName="ReadVarsFromEnv" - ReadVarsFromEnv bool `json:"readVarsFromEnv,omitempty"` } // ObjectStorageTLSSpec is the TLS configuration for reaching the object storage endpoint. @@ -698,9 +691,9 @@ type LokiStackSpec struct { // Proxy defines the spec for the object proxy to configure cluster proxy information. // // +optional - // +kubebuilder:validation:Required + // +kubebuilder:validation:Optional // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Cluster Proxy" - Proxy *ClusterProxy `json:"proxy"` + Proxy *ClusterProxy `json:"proxy,omitempty"` // ReplicationFactor defines the policy for log stream replication. // diff --git a/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml index bb972c4f67..977d1f7462 100644 --- a/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/manifests/loki-operator.clusterserviceversion.yaml @@ -428,12 +428,6 @@ spec: - description: NoProxy configures the NO_PROXY/no_proxy env variable. displayName: NoProxy path: proxy.noProxy - - description: ReadVarsFromEnv defines a flag to use Operator-lib provides a - helper function - displayName: ReadVarsFromEnv - path: proxy.readVarsFromEnv - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - description: ReplicationFactor defines the policy for log stream replication. displayName: Replication Factor path: replicationFactor @@ -1048,7 +1042,7 @@ spec: resources: - apiservers - dnses - - proxy + - proxies verbs: - get - list diff --git a/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml b/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml index 1755a52f88..e8f73d3cbf 100644 --- a/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml +++ b/operator/bundle/manifests/loki.grafana.com_lokistacks.yaml @@ -307,11 +307,6 @@ spec: noProxy: description: NoProxy configures the NO_PROXY/no_proxy env variable. type: string - readVarsFromEnv: - default: false - description: ReadVarsFromEnv defines a flag to use Operator-lib - provides a helper function - type: boolean type: object replicationFactor: description: ReplicationFactor defines the policy for log stream replication. diff --git a/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml b/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml index 75be110297..d847be3b90 100644 --- a/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml +++ b/operator/config/crd/bases/loki.grafana.com_lokistacks.yaml @@ -290,11 +290,6 @@ spec: noProxy: description: NoProxy configures the NO_PROXY/no_proxy env variable. type: string - readVarsFromEnv: - default: false - description: ReadVarsFromEnv defines a flag to use Operator-lib - provides a helper function - type: boolean type: object replicationFactor: description: ReplicationFactor defines the policy for log stream replication. diff --git a/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml b/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml index 5f205e1b00..213ff7ed84 100644 --- a/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml +++ b/operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml @@ -283,12 +283,6 @@ spec: - description: NoProxy configures the NO_PROXY/no_proxy env variable. displayName: NoProxy path: proxy.noProxy - - description: ReadVarsFromEnv defines a flag to use Operator-lib provides a - helper function - displayName: ReadVarsFromEnv - path: proxy.readVarsFromEnv - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - description: ReplicationFactor defines the policy for log stream replication. displayName: Replication Factor path: replicationFactor diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml index 8374c97bc5..5bc3f492fd 100644 --- a/operator/config/rbac/role.yaml +++ b/operator/config/rbac/role.yaml @@ -57,7 +57,7 @@ rules: resources: - apiservers - dnses - - proxy + - proxies verbs: - get - list diff --git a/operator/controllers/loki/lokistack_controller.go b/operator/controllers/loki/lokistack_controller.go index 201aa03db2..ea8540deb0 100644 --- a/operator/controllers/loki/lokistack_controller.go +++ b/operator/controllers/loki/lokistack_controller.go @@ -85,7 +85,7 @@ type LokiStackReconciler struct { // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers,verbs=patch // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;create;update // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update -// +kubebuilder:rbac:groups=config.openshift.io,resources=dnses;apiservers;proxy,verbs=get;list;watch +// +kubebuilder:rbac:groups=config.openshift.io,resources=dnses;apiservers;proxies,verbs=get;list;watch // +kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=get;list;watch;create;update;delete // Reconcile is part of the main kubernetes reconciliation loop which aims to diff --git a/operator/go.mod b/operator/go.mod index cddd7bfc07..d9250c1988 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -26,7 +26,6 @@ require ( github.com/google/go-cmp v0.5.8 github.com/grafana/loki v1.6.2-0.20220718071907-6bd05c9a4399 github.com/openshift/library-go v0.0.0-20220622115547-84d884f4c9f6 - github.com/operator-framework/operator-lib v0.11.0 github.com/prometheus/prometheus v1.8.2-0.20220303173753-edfe657b5405 gopkg.in/yaml.v2 v2.4.0 k8s.io/apiserver v0.25.0 diff --git a/operator/go.sum b/operator/go.sum index 1c165fdc46..c21b90bfdf 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -1017,8 +1017,6 @@ github.com/opentracing-contrib/go-stdlib v1.0.0/go.mod h1:qtI1ogk+2JhVPIXVc6q+NH github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/operator-framework/operator-lib v0.11.0 h1:eYzqpiOfq9WBI4Trddisiq/X9BwCisZd3rIzmHRC9Z8= -github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/operator/internal/handlers/internal/openshift/proxy.go b/operator/internal/handlers/internal/openshift/proxy.go new file mode 100644 index 0000000000..ad43635568 --- /dev/null +++ b/operator/internal/handlers/internal/openshift/proxy.go @@ -0,0 +1,36 @@ +package openshift + +import ( + "context" + + lokiv1 "github.com/grafana/loki/operator/apis/loki/v1" + "github.com/grafana/loki/operator/internal/external/k8s" + configv1 "github.com/openshift/api/config/v1" + "k8s.io/apimachinery/pkg/api/errors" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const proxyName = "cluster" + +// GetProxy returns the cluster-wide proxy configuration of OpenShift, if one is set. +// It can also return an error. +func GetProxy(ctx context.Context, k k8s.Client) (*lokiv1.ClusterProxy, error) { + key := client.ObjectKey{Name: proxyName} + p := &configv1.Proxy{} + if err := k.Get(ctx, key, p); err != nil { + if errors.IsNotFound(err) { + return nil, nil + } + return nil, err + } + + if p.Status.HTTPProxy == "" && p.Status.HTTPSProxy == "" && p.Status.NoProxy == "" { + return nil, nil + } + + return &lokiv1.ClusterProxy{ + HTTPProxy: p.Status.HTTPProxy, + HTTPSProxy: p.Status.HTTPSProxy, + NoProxy: p.Status.NoProxy, + }, nil +} diff --git a/operator/internal/handlers/internal/openshift/proxy_test.go b/operator/internal/handlers/internal/openshift/proxy_test.go new file mode 100644 index 0000000000..247ac69982 --- /dev/null +++ b/operator/internal/handlers/internal/openshift/proxy_test.go @@ -0,0 +1,62 @@ +package openshift + +import ( + "context" + "testing" + + "github.com/grafana/loki/operator/internal/external/k8s/k8sfakes" + configv1 "github.com/openshift/api/config/v1" + "github.com/stretchr/testify/require" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +func TestGetProxy_ReturnError_WhenOtherThanNotFound(t *testing.T) { + k := &k8sfakes.FakeClient{} + + k.GetStub = func(_ context.Context, name types.NamespacedName, object client.Object, _ ...client.GetOption) error { + return apierrors.NewBadRequest("bad request") + } + + _, err := GetProxy(context.TODO(), k) + require.Error(t, err) +} + +func TestGetProxy_ReturnEmpty_WhenNotFound(t *testing.T) { + k := &k8sfakes.FakeClient{} + + k.GetStub = func(_ context.Context, name types.NamespacedName, object client.Object, _ ...client.GetOption) error { + return apierrors.NewNotFound(schema.GroupResource{}, "something wasn't found") + } + + proxy, err := GetProxy(context.TODO(), k) + require.NoError(t, err) + require.Nil(t, proxy) +} + +func TestGetProxy_ReturnEnvVars_WhenProxyExists(t *testing.T) { + k := &k8sfakes.FakeClient{} + + k.GetStub = func(_ context.Context, name types.NamespacedName, out client.Object, _ ...client.GetOption) error { + if name.Name == proxyName { + k.SetClientObject(out, &configv1.Proxy{ + Status: configv1.ProxyStatus{ + HTTPProxy: "http-test", + HTTPSProxy: "https-test", + NoProxy: "noproxy-test", + }, + }) + return nil + } + return apierrors.NewNotFound(schema.GroupResource{}, "something wasn't found") + } + + proxy, err := GetProxy(context.TODO(), k) + require.NoError(t, err) + require.NotNil(t, proxy) + require.Equal(t, "http-test", proxy.HTTPProxy) + require.Equal(t, "https-test", proxy.HTTPSProxy) + require.Equal(t, "noproxy-test", proxy.NoProxy) +} diff --git a/operator/internal/handlers/lokistack_create_or_update.go b/operator/internal/handlers/lokistack_create_or_update.go index af34ec1611..2bae995b9f 100644 --- a/operator/internal/handlers/lokistack_create_or_update.go +++ b/operator/internal/handlers/lokistack_create_or_update.go @@ -152,6 +152,17 @@ func CreateOrUpdateLokiStack( if err != nil { return err } + + if stack.Spec.Proxy == nil { + // If the LokiStack has no proxy set but there is a cluster-wide proxy setting, + // set the LokiStack proxy to that. + ocpProxy, proxyErr := openshift.GetProxy(ctx, k) + if proxyErr != nil { + return proxyErr + } + + stack.Spec.Proxy = ocpProxy + } default: tenantSecrets, err = gateway.GetTenantSecrets(ctx, k, req, &stack) if err != nil { @@ -213,7 +224,6 @@ func CreateOrUpdateLokiStack( ll.Error(err, "failed to check OCP AlertManager") return err } - } certRotationRequiredAt := "" diff --git a/operator/internal/manifests/compactor.go b/operator/internal/manifests/compactor.go index 0eb66aea9c..f9950514b0 100644 --- a/operator/internal/manifests/compactor.go +++ b/operator/internal/manifests/compactor.go @@ -43,6 +43,10 @@ func BuildCompactor(opts Options) ([]client.Object, error) { } } + if err := configureProxyEnv(&statefulSet.Spec.Template.Spec, opts); err != nil { + return nil, err + } + return []client.Object{ statefulSet, NewCompactorGRPCService(opts), @@ -115,8 +119,6 @@ func NewCompactorStatefulSet(opts Options) *appsv1.StatefulSet { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } - podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) - if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/distributor.go b/operator/internal/manifests/distributor.go index afba9c8798..93d4e102e5 100644 --- a/operator/internal/manifests/distributor.go +++ b/operator/internal/manifests/distributor.go @@ -39,6 +39,10 @@ func BuildDistributor(opts Options) ([]client.Object, error) { } } + if err := configureProxyEnv(&deployment.Spec.Template.Spec, opts); err != nil { + return nil, err + } + return []client.Object{ deployment, NewDistributorGRPCService(opts), diff --git a/operator/internal/manifests/indexgateway.go b/operator/internal/manifests/indexgateway.go index 5349826653..97101691c9 100644 --- a/operator/internal/manifests/indexgateway.go +++ b/operator/internal/manifests/indexgateway.go @@ -43,6 +43,10 @@ func BuildIndexGateway(opts Options) ([]client.Object, error) { } } + if err := configureProxyEnv(&statefulSet.Spec.Template.Spec, opts); err != nil { + return nil, err + } + return []client.Object{ statefulSet, NewIndexGatewayGRPCService(opts), @@ -115,8 +119,6 @@ func NewIndexGatewayStatefulSet(opts Options) *appsv1.StatefulSet { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } - podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) - if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/ingester.go b/operator/internal/manifests/ingester.go index 1fdfa361bc..5e49ec4f68 100644 --- a/operator/internal/manifests/ingester.go +++ b/operator/internal/manifests/ingester.go @@ -45,6 +45,10 @@ func BuildIngester(opts Options) ([]client.Object, error) { } } + if err := configureProxyEnv(&statefulSet.Spec.Template.Spec, opts); err != nil { + return nil, err + } + return []client.Object{ statefulSet, NewIngesterGRPCService(opts), @@ -127,8 +131,6 @@ func NewIngesterStatefulSet(opts Options) *appsv1.StatefulSet { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } - podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) - if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/proxy_env.go b/operator/internal/manifests/proxy_env.go new file mode 100644 index 0000000000..e43bc34883 --- /dev/null +++ b/operator/internal/manifests/proxy_env.go @@ -0,0 +1,110 @@ +package manifests + +import ( + "strings" + + lokiv1 "github.com/grafana/loki/operator/apis/loki/v1" + "github.com/imdario/mergo" + corev1 "k8s.io/api/core/v1" +) + +const ( + httpProxyKey = "HTTP_PROXY" + httpsProxyKey = "HTTPS_PROXY" + noProxyKey = "NO_PROXY" +) + +var proxyEnvNames = []string{ + httpProxyKey, + strings.ToLower(httpProxyKey), + httpsProxyKey, + strings.ToLower(httpsProxyKey), + noProxyKey, + strings.ToLower(noProxyKey), +} + +func configureProxyEnv(pod *corev1.PodSpec, opts Options) error { + for _, envVar := range proxyEnvNames { + resetProxyVar(pod, envVar) + } + + proxySpec := opts.Stack.Proxy + if proxySpec == nil { + return nil + } + + src := corev1.Container{ + Env: toEnvVars(proxySpec), + } + + for i, dst := range pod.Containers { + if err := mergo.Merge(&dst, src, mergo.WithAppendSlice); err != nil { + return err + } + pod.Containers[i] = dst + } + + return nil +} + +func resetProxyVar(podSpec *corev1.PodSpec, name string) { + for i, container := range podSpec.Containers { + found, index := findEnvVar(name, container.Env) + if found { + podSpec.Containers[i].Env = append(podSpec.Containers[i].Env[:index], podSpec.Containers[i].Env[index+1:]...) + } + } +} + +func findEnvVar(name string, envVars []corev1.EnvVar) (bool, int) { + for i, env := range envVars { + if env.Name == name || env.Name == strings.ToLower(name) { + return true, i + } + } + return false, 0 +} + +func toEnvVars(proxySpec *lokiv1.ClusterProxy) []corev1.EnvVar { + var envVars []corev1.EnvVar + if proxySpec.HTTPProxy != "" { + envVars = append(envVars, + corev1.EnvVar{ + Name: httpProxyKey, + Value: proxySpec.HTTPProxy, + }, + corev1.EnvVar{ + Name: strings.ToLower(httpProxyKey), + Value: proxySpec.HTTPProxy, + }, + ) + } + + if proxySpec.HTTPSProxy != "" { + envVars = append(envVars, + corev1.EnvVar{ + Name: httpsProxyKey, + Value: proxySpec.HTTPSProxy, + }, + corev1.EnvVar{ + Name: strings.ToLower(httpsProxyKey), + Value: proxySpec.HTTPSProxy, + }, + ) + } + + if proxySpec.NoProxy != "" { + envVars = append(envVars, + corev1.EnvVar{ + Name: noProxyKey, + Value: proxySpec.NoProxy, + }, + corev1.EnvVar{ + Name: strings.ToLower(noProxyKey), + Value: proxySpec.NoProxy, + }, + ) + } + + return envVars +} diff --git a/operator/internal/manifests/proxy_env_test.go b/operator/internal/manifests/proxy_env_test.go new file mode 100644 index 0000000000..cd273f5f00 --- /dev/null +++ b/operator/internal/manifests/proxy_env_test.go @@ -0,0 +1,97 @@ +package manifests + +import ( + "strings" + "testing" + + lokiv1 "github.com/grafana/loki/operator/apis/loki/v1" + "github.com/stretchr/testify/require" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" +) + +func TestContainerEnvVars_ReadVarsFromCustomResource(t *testing.T) { + opt := Options{ + Name: "test", + Namespace: "test", + Image: "test", + Stack: lokiv1.LokiStackSpec{ + Size: lokiv1.SizeOneXExtraSmall, + Proxy: &lokiv1.ClusterProxy{ + HTTPProxy: "http-test", + HTTPSProxy: "https-test", + NoProxy: "noproxy-test", + }, + Template: &lokiv1.LokiTemplateSpec{ + Compactor: &lokiv1.LokiComponentSpec{ + Replicas: 1, + }, + Distributor: &lokiv1.LokiComponentSpec{ + Replicas: 1, + }, + Ingester: &lokiv1.LokiComponentSpec{ + Replicas: 1, + }, + Querier: &lokiv1.LokiComponentSpec{ + Replicas: 1, + }, + QueryFrontend: &lokiv1.LokiComponentSpec{ + Replicas: 1, + }, + Gateway: &lokiv1.LokiComponentSpec{ + Replicas: 1, + }, + IndexGateway: &lokiv1.LokiComponentSpec{ + Replicas: 1, + }, + Ruler: &lokiv1.LokiComponentSpec{ + Replicas: 1, + }, + }, + }, + } + + for _, cs := range lokiContainers(t, opt) { + for _, c := range cs { + require.Contains(t, c.Env, corev1.EnvVar{Name: httpProxyKey, Value: "http-test"}, + "missing envVar HTTP_PROXY for: %s", c.Name) + require.Contains(t, c.Env, corev1.EnvVar{Name: strings.ToLower(httpProxyKey), Value: "http-test"}, + "missing envVar http_proxy for: %s", c.Name) + require.Contains(t, c.Env, corev1.EnvVar{Name: httpsProxyKey, Value: "https-test"}, + "missing envVar HTTPS_PROXY for: %s", c.Name) + require.Contains(t, c.Env, corev1.EnvVar{Name: strings.ToLower(httpsProxyKey), Value: "https-test"}, + "missing envVar https_proxy for: %s", c.Name) + require.Contains(t, c.Env, corev1.EnvVar{Name: noProxyKey, Value: "noproxy-test"}, + "missing envVar NO_PROXY for: %s", c.Name) + require.Contains(t, c.Env, corev1.EnvVar{Name: strings.ToLower(noProxyKey), Value: "noproxy-test"}, + "missing envVar no_proxy for: %s", c.Name) + } + } +} + +func lokiContainers(t *testing.T, opt Options) [][]corev1.Container { + db, err := BuildDistributor(opt) + require.NoError(t, err) + in, err := BuildIngester(opt) + require.NoError(t, err) + qr, err := BuildQuerier(opt) + require.NoError(t, err) + qf, err := BuildQueryFrontend(opt) + require.NoError(t, err) + cm, err := BuildCompactor(opt) + require.NoError(t, err) + ig, err := BuildIndexGateway(opt) + require.NoError(t, err) + rl, err := BuildRuler(opt) + require.NoError(t, err) + + return [][]corev1.Container{ + db[0].(*appsv1.Deployment).Spec.Template.Spec.Containers, + in[0].(*appsv1.StatefulSet).Spec.Template.Spec.Containers, + qr[0].(*appsv1.Deployment).Spec.Template.Spec.Containers, + qf[0].(*appsv1.Deployment).Spec.Template.Spec.Containers, + cm[0].(*appsv1.StatefulSet).Spec.Template.Spec.Containers, + ig[0].(*appsv1.StatefulSet).Spec.Template.Spec.Containers, + rl[0].(*appsv1.StatefulSet).Spec.Template.Spec.Containers, + } +} diff --git a/operator/internal/manifests/querier.go b/operator/internal/manifests/querier.go index 32341a406e..c9929934c5 100644 --- a/operator/internal/manifests/querier.go +++ b/operator/internal/manifests/querier.go @@ -44,6 +44,10 @@ func BuildQuerier(opts Options) ([]client.Object, error) { } } + if err := configureProxyEnv(&deployment.Spec.Template.Spec, opts); err != nil { + return nil, err + } + return []client.Object{ deployment, NewQuerierGRPCService(opts), @@ -116,8 +120,6 @@ func NewQuerierDeployment(opts Options) *appsv1.Deployment { SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile), } - podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec) - if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption { podSpec.Containers[0].Args = append(podSpec.Containers[0].Args, fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()), diff --git a/operator/internal/manifests/query-frontend.go b/operator/internal/manifests/query-frontend.go index 935d061cde..cabf5a5d1d 100644 --- a/operator/internal/manifests/query-frontend.go +++ b/operator/internal/manifests/query-frontend.go @@ -39,6 +39,10 @@ func BuildQueryFrontend(opts Options) ([]client.Object, error) { } } + if err := configureProxyEnv(&deployment.Spec.Template.Spec, opts); err != nil { + return nil, err + } + return []client.Object{ deployment, NewQueryFrontendGRPCService(opts), diff --git a/operator/internal/manifests/ruler.go b/operator/internal/manifests/ruler.go index 36a3b6cf0a..09aaa126d9 100644 --- a/operator/internal/manifests/ruler.go +++ b/operator/internal/manifests/ruler.go @@ -51,6 +51,10 @@ func BuildRuler(opts Options) ([]client.Object, error) { objs = configureRulerObjsForMode(opts) } + if err := configureProxyEnv(&statefulSet.Spec.Template.Spec, opts); err != nil { + return nil, err + } + return append(objs, statefulSet, NewRulerGRPCService(opts), diff --git a/operator/internal/manifests/var.go b/operator/internal/manifests/var.go index 1d8a039f9a..e6eff29f4b 100644 --- a/operator/internal/manifests/var.go +++ b/operator/internal/manifests/var.go @@ -3,11 +3,8 @@ package manifests import ( "fmt" "path" - "strings" - lokiv1 "github.com/grafana/loki/operator/apis/loki/v1" "github.com/grafana/loki/operator/internal/manifests/openshift" - "github.com/operator-framework/operator-lib/proxy" monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/labels" @@ -531,55 +528,3 @@ func podSecurityContext(withSeccompProfile bool) *corev1.PodSecurityContext { return &context } - -func addProxyEnvVar(clusterProxy *lokiv1.ClusterProxy, podSpec corev1.PodSpec) corev1.PodSpec { - if clusterProxy == nil { - return podSpec - } - - podSpec = resetProxyVar(podSpec, "HTTP_PROXY") - podSpec = resetProxyVar(podSpec, "HTTPS_PROXY") - podSpec = resetProxyVar(podSpec, "NO_PROXY") - if clusterProxy.ReadVarsFromEnv { - for i, container := range podSpec.Containers { - podSpec.Containers[i].Env = append(container.Env, proxy.ReadProxyVarsFromEnv()...) - } - } else { - for i, container := range podSpec.Containers { - podSpec.Containers[i].Env = append(container.Env, - corev1.EnvVar{ - Name: "HTTP_PROXY", - Value: clusterProxy.HTTPProxy, - }, - corev1.EnvVar{ - Name: "HTTPS_PROXY", - Value: clusterProxy.HTTPSProxy, - }, - corev1.EnvVar{ - Name: "NO_PROXY", - Value: clusterProxy.NoProxy, - }) - } - } - return podSpec -} - -func resetProxyVar(podSpec corev1.PodSpec, name string) corev1.PodSpec { - for i, container := range podSpec.Containers { - found, index := getEnvVar(name, container.Env) - if found { - podSpec.Containers[i].Env = append(podSpec.Containers[i].Env[:index], podSpec.Containers[i].Env[index+1:]...) - } - } - return podSpec -} - -// getEnvVar matches the given name with the envvar name -func getEnvVar(name string, envVars []corev1.EnvVar) (bool, int) { - for i, env := range envVars { - if env.Name == name || env.Name == strings.ToLower(name) { - return true, i - } - } - return false, 0 -}