diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 0a54c06..7e0c936 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -35,4 +35,4 @@ jobs: with: check-latest: true - name: Display Go version - run: go test ./... + run: go test ./... \ No newline at end of file diff --git a/Makefile b/Makefile index 9cd8d52..ea4e1ab 100644 --- a/Makefile +++ b/Makefile @@ -108,7 +108,7 @@ build: manifests generate ## Build manager binary. .PHONY: run run: manifests generate zap-pretty ## Run a controller from your host. - go run ./cmd/manager.go --namespace ${NAMESPACE} --disable-checks --debug 2>&1 | $(ZAP_PRETTY) --all + go run ./cmd/manager.go --namespace ${NAMESPACE} --disable-checks --debug --log-structured 2>&1 | $(ZAP_PRETTY) --all # If you wish to build the manager image targeting other platforms you can use the --platform flag. # (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it. @@ -176,10 +176,10 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi .PHONY: helm helm: path version manifests kustomize yq ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. echo Create version $(version) + rm -r $(path) 2> /dev/null || true cp -r helm $(path) $(KUSTOMIZE) build config/crd > $(path)/crds/crd.yaml - $(KUSTOMIZE) build config/rbac > $(path)/templates/rbac.yaml - sed -i '/namespace: default/d' $(path)/templates/rbac.yaml + $(KUSTOMIZE) build config/helm > $(path)/templates/operator.yaml $(YQ) e -i '.appVersion = "$(version)"' $(path)/Chart.yaml $(YQ) e -i '.version = "$(version)"' $(path)/Chart.yaml diff --git a/api/v1/env.go b/api/v1/env.go index 7d73c4d..e99881a 100644 --- a/api/v1/env.go +++ b/api/v1/env.go @@ -306,6 +306,10 @@ func (s *Store) GetEnv() []corev1.EnvVar { Name: "APP_URL", Value: fmt.Sprintf("https://%s", s.Spec.Network.Host), }, + { + Name: "DATABASE_PERSISTENT_CONNECTION", + Value: "1", + }, } c = append(c, s.getSessionCache()...) diff --git a/cmd/manager.go b/cmd/manager.go index 69598de..1d09b2f 100644 --- a/cmd/manager.go +++ b/cmd/manager.go @@ -20,7 +20,6 @@ import ( "flag" "fmt" "os" - "time" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. @@ -33,10 +32,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/healthz" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - "github.com/go-logr/logr" - "go.uber.org/zap/zapcore" + "github.com/go-logr/zapr" + "go.uber.org/zap" shopv1 "github.com/shopware/shopware-operator/api/v1" "github.com/shopware/shopware-operator/internal/controller" @@ -59,6 +57,7 @@ func main() { var metricsAddr string var enableLeaderElection bool var debug bool + var logStructured bool var disableChecks bool var probeAddr string var namespace string @@ -66,35 +65,33 @@ func main() { flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.StringVar(&namespace, "namespace", "default", "The namespace in which the operator is running in") flag.BoolVar(&debug, "debug", false, "Set's the logger to debug with more logging output") + flag.BoolVar(&logStructured, "log-structured", false, "Set's the logger to output with human logs") flag.BoolVar(&disableChecks, "disable-checks", false, "Disable the s3 connection check and the database connection check") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") - opts := zap.Options{ - Development: true, - } - opts.BindFlags(flag.CommandLine) + flag.Parse() - var logger logr.Logger - if debug { - logger = zap.New() - logger.Info("Use development logger") + var cfg zap.Config + + if logStructured { + cfg = zap.NewProductionConfig() } else { - logger = zap.New(zap.UseFlagOptions(&opts), func(o *zap.Options) { - o.EncoderConfigOptions = append(o.EncoderConfigOptions, - func(c *zapcore.EncoderConfig) { - c.EncodeTime = zapcore.TimeEncoderOfLayout(time.DateTime) - }, func(c *zapcore.EncoderConfig) { - c.EncodeLevel = func(level zapcore.Level, enc zapcore.PrimitiveArrayEncoder) { - enc.AppendString("[" + level.CapitalString() + "]") - } - }) - }, - ) + cfg = zap.NewDevelopmentConfig() } + if debug { + cfg.Level = zap.NewAtomicLevelAt(zap.DebugLevel) + } + + zlogger, err := cfg.Build() + if err != nil { + setupLog.Error(err, "setup zap logger") + return + } + logger := zapr.NewLogger(zlogger) ctrl.SetLogger(logger) // Overwrite namespace when env is set, which is always set running in a cluster @@ -154,6 +151,12 @@ func main() { } //+kubebuilder:scaffold:builder + defer func() { + if err := recover(); err != nil { + zlogger.Fatal("Panic occurred", zap.Any("error", err)) + } + }() + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { setupLog.Error(err, "unable to set up health check") os.Exit(1) diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 33fa0b5..afd8416 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -5,7 +5,7 @@ resources: - bases/shop.shopware.com_stores.yaml #+kubebuilder:scaffold:crdkustomizeresource -patches: +#patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD #- path: patches/webhook_in_stores.yaml diff --git a/config/helm/kustomization.yaml b/config/helm/kustomization.yaml new file mode 100644 index 0000000..8b87ad1 --- /dev/null +++ b/config/helm/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: "{{ .Release.Namespace }}" +namePrefix: '{{ .Release.Name }}-' + +resources: +- ../rbac diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index d43cedd..0c6c1ac 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,4 +1,3 @@ -namePrefix: shopware-operator- resources: - manager.yaml apiVersion: kustomize.config.k8s.io/v1beta1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 881bfb4..fad6734 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,11 +1,11 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager + name: shopware-operator labels: - control-plane: controller-manager + control-plane: shopware-operator app.kubernetes.io/name: deployment - app.kubernetes.io/instance: controller-manager + app.kubernetes.io/instance: shopware-operator app.kubernetes.io/component: manager app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator @@ -13,19 +13,15 @@ metadata: spec: selector: matchLabels: - control-plane: controller-manager + control-plane: shopware-operator replicas: 1 template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: - control-plane: controller-manager + control-plane: shopware-operator spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -42,11 +38,6 @@ spec: - linux securityContext: runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). seccompProfile: type: RuntimeDefault containers: @@ -87,5 +78,5 @@ spec: requests: cpu: 10m memory: 64Mi - serviceAccountName: controller-manager + serviceAccountName: shopware-operator terminationGracePeriodSeconds: 10 diff --git a/config/manager/manager_auth_proxy_patch.yaml b/config/manager/manager_auth_proxy_patch.yaml index e52ac1d..9b89999 100644 --- a/config/manager/manager_auth_proxy_patch.yaml +++ b/config/manager/manager_auth_proxy_patch.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager + name: shopware-operator spec: template: spec: diff --git a/config/manager/manager_config_patch.yaml b/config/manager/manager_config_patch.yaml index b454087..1883b73 100644 --- a/config/manager/manager_config_patch.yaml +++ b/config/manager/manager_config_patch.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager + name: shopware-operator spec: template: spec: diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index fb5a2b8..cd5ca67 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -16,3 +16,10 @@ resources: # - auth_proxy_role.yaml # - auth_proxy_role_binding.yaml # - auth_proxy_client_clusterrole.yaml +patches: + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: Role + name: manager-role + path: name_patch.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index a5efb24..f42cce8 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator app.kubernetes.io/managed-by: kustomize - name: leader-election-role + name: le-shopware-operator rules: - apiGroups: - "" diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 84afa21..8411985 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -8,11 +8,11 @@ metadata: app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator app.kubernetes.io/managed-by: kustomize - name: leader-election-rolebinding + name: le-shopware-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: leader-election-role + name: le-shopware-operator subjects: - kind: ServiceAccount - name: controller-manager + name: shopware-operator diff --git a/config/rbac/name_patch.yaml b/config/rbac/name_patch.yaml new file mode 100644 index 0000000..5b0ff95 --- /dev/null +++ b/config/rbac/name_patch.yaml @@ -0,0 +1,3 @@ +- op: add + path: /metadata/name + value: 'shopware-operator' diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index f5b5447..2ea091e 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -69,7 +69,6 @@ rules: - stores verbs: - create - - delete - get - list - patch diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 6b0647c..401c7ac 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -8,11 +8,11 @@ metadata: app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator app.kubernetes.io/managed-by: kustomize - name: manager-rolebinding + name: shopware-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: manager-role + name: shopware-operator subjects: - kind: ServiceAccount - name: controller-manager + name: shopware-operator diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index ea7171e..d863cb7 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -8,4 +8,4 @@ metadata: app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator app.kubernetes.io/managed-by: kustomize - name: controller-manager + name: shopware-operator diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 5826971..aec36a5 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -1,16 +1,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: shopware-operator + name: '{{ .Release.Name }}-shopware-operator' namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/component: manager app.kubernetes.io/created-by: shopware-operator - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/instance: shopware-operator + app.kubernetes.io/managed-by: shopware-operator app.kubernetes.io/name: deployment app.kubernetes.io/part-of: shopware-operator - control-plane: controller-manager + control-plane: shopware-operator {{- with .Values.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -18,7 +18,7 @@ spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - control-plane: controller-manager + control-plane: shopware-operator strategy: rollingUpdate: maxUnavailable: 1 @@ -26,19 +26,19 @@ spec: template: metadata: annotations: - kubectl.kubernetes.io/default-container: manager + kubectl.kubernetes.io/default-container: operator {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: - control-plane: controller-manager + control-plane: shopware-operator spec: - {{ if hasKey .Values "affinity" }} + {{- if hasKey .Values "affinity" }} affinity: {{- with .Values.affinity }} {{- toYaml . | nindent 8 }} {{- end }} - {{ else }} + {{- else }} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -53,7 +53,7 @@ spec: operator: In values: - linux - {{ end }} + {{- end }} tolerations: {{- with .Values.tolerations }} {{- toYaml . | nindent 10 }} @@ -61,6 +61,12 @@ spec: containers: - args: - --leader-elect + {{- if .Values.logStructured }} + - --log-structured + {{- end }} + {{- if .Values.debug }} + - --debug + {{- end }} command: - /manager env: @@ -76,7 +82,7 @@ spec: port: 8081 initialDelaySeconds: 15 periodSeconds: 20 - name: manager + name: operator readinessProbe: httpGet: path: /readyz @@ -96,5 +102,5 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault - serviceAccountName: controller-manager + serviceAccountName: '{{ .Release.Name }}-shopware-operator' terminationGracePeriodSeconds: 10 diff --git a/helm/values.yaml b/helm/values.yaml index b21d9f7..481a282 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -49,4 +49,4 @@ labels: {} podAnnotations: {} logStructured: false -logLevel: "INFO" +debug: false diff --git a/internal/controller/store_controller.go b/internal/controller/store_controller.go index d35539a..50b25c1 100644 --- a/internal/controller/store_controller.go +++ b/internal/controller/store_controller.go @@ -84,7 +84,7 @@ func (r *StoreReconciler) findStoreForReconcile( return requests } -//+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores,verbs=get;list;watch;create;update;patch //+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores/status,verbs=get;update;patch //+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores/finalizers,verbs=update //+kubebuilder:rbac:groups="",namespace=default,resources=secrets,verbs=get;list;watch;create;patch