use Service CA Operator only on Openshift

Signed-off-by: Zbynek Roubalik <[email protected]>
kedacore · Apr 24, 2020 · cd7a8b3 · cd7a8b3
1 parent f2a48f5
commit cd7a8b3
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 14 deletions.
diff --git a/deploy/role.yaml b/deploy/role.yaml
@@ -70,3 +70,9 @@ rules:
   - '*'
   verbs:
   - '*'
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - list
diff --git a/pkg/controller/configmap/configmap_controller.go b/pkg/controller/configmap/configmap_controller.go
@@ -31,7 +31,11 @@ var log = logf.Log.WithName("controller_configmap")
 // Add creates a new ConfigMap Controller and adds it to the Manager. The Manager will set fields on the Controller
 // and Start it when the Manager is Started.
 func Add(mgr manager.Manager) error {
-	return add(mgr, newReconciler(mgr))
+
+	if util.RunningOnOpenshift(log, mgr.GetClient()) {
+		return add(mgr, newReconciler(mgr))
+	}
+	return nil
 }
 
 // newReconciler returns a new reconcile.Reconciler

diff --git a/pkg/controller/kedacontroller/kedacontroller_controller.go b/pkg/controller/kedacontroller/kedacontroller_controller.go
@@ -295,21 +295,29 @@ func (r *ReconcileKedaController) installController(instance *kedav1alpha1.KedaC
 func (r *ReconcileKedaController) installMetricsServer(instance *kedav1alpha1.KedaController) error {
 	log.Info("Reconciling Metrics Server Deployment")
 
-	if err := r.ensureMetricsServerConfigMap(instance); err != nil {
-		log.Error(err, "Unable to check Metrics Server ConfigMap is present")
-		return err
-	}
-	argsPrefixes := []transform.Prefix{transform.ClientCAFile, transform.TLSCertFile, transform.TLSPrivateKeyFile}
-	newArgs := []string{"/cabundle/service-ca.crt", "/certs/tls.crt", "/certs/tls.key"}
-
 	transforms := []mf.Transformer{
 		mf.InjectOwner(instance),
-		transform.EnsureCertInjectionForAPIService(injectCABundleAnnotation, injectCABundleAnnotationValue, r.scheme, log),
-		transform.EnsureCertInjectionForService(metricsServcerServiceName, injectservingCertAnnotation, injectservingCertAnnotationValue, r.scheme, log),
-		transform.EnsureCertInjectionForDeployment(metricsServerConfigMapName, metricsServcerServiceName, r.scheme, log),
 	}
 
-	transforms = append(transforms, transform.EnsurePathsToCertsInDeployment(newArgs, argsPrefixes, r.scheme, log)...)
+	// certificates rotation works only on Openshift due to openshift/service-ca-operator
+	if util.RunningOnOpenshift(log, r.client) {
+		if err := r.ensureMetricsServerConfigMap(instance); err != nil {
+			log.Error(err, "Unable to check Metrics Server ConfigMap is present")
+			return err
+		}
+
+		argsPrefixes := []transform.Prefix{transform.ClientCAFile, transform.TLSCertFile, transform.TLSPrivateKeyFile}
+		newArgs := []string{"/cabundle/service-ca.crt", "/certs/tls.crt", "/certs/tls.key"}
+
+		transforms = append(transforms,
+			transform.EnsureCertInjectionForAPIService(injectCABundleAnnotation, injectCABundleAnnotationValue, r.scheme, log),
+			transform.EnsureCertInjectionForService(metricsServcerServiceName, injectservingCertAnnotation, injectservingCertAnnotationValue, r.scheme, log),
+			transform.EnsureCertInjectionForDeployment(metricsServerConfigMapName, metricsServcerServiceName, r.scheme, log),
+		)
+		transforms = append(transforms, transform.EnsurePathsToCertsInDeployment(newArgs, argsPrefixes, r.scheme, log)...)
+	}else{
+		log.Info("Not running on OpenShift -> using generated self-signed cert for KEDA Metrics Server")
+	}
 
 	if len(instance.Spec.LogLevelMetrics) > 0 {
 		transforms = append(transforms, transform.ReplaceMetricsServerLogLevel(instance.Spec.LogLevelMetrics, r.scheme, log))

diff --git a/pkg/controller/secret/secret_controller.go b/pkg/controller/secret/secret_controller.go
@@ -31,7 +31,10 @@ var log = logf.Log.WithName("controller_secret")
 // Add creates a new Secret Controller and adds it to the Manager. The Manager will set fields on the Controller
 // and Start it when the Manager is Started.
 func Add(mgr manager.Manager) error {
-	return add(mgr, newReconciler(mgr))
+	if util.RunningOnOpenshift(log, mgr.GetClient()) {
+		return add(mgr, newReconciler(mgr))
+	}
+	return nil
 }
 
 // newReconciler returns a new reconcile.Reconciler

diff --git a/pkg/controller/util/util.go b/pkg/controller/util/util.go
@@ -5,10 +5,13 @@ import (
 	"crypto/md5"
 	"fmt"
 
-	"github.com/go-logr/logr"
 	kedav1alpha1 "github.com/kedacore/keda-olm-operator/pkg/apis/keda/v1alpha1"
 
+	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -70,3 +73,16 @@ func UpdateKedaControllerStatus(cl client.Client, kedaController *kedav1alpha1.K
 	kedaController.Status = *status
 	return cl.Status().Patch(context.TODO(), kedaController, patch)
 }
+
+func RunningOnOpenshift(logger logr.Logger, cl client.Client) bool {
+	gvk := schema.GroupVersionKind{Group: "route.openshift.io", Version: "v1", Kind: "route"}
+	list := &unstructured.UnstructuredList{}
+	list.SetGroupVersionKind(gvk)
+	if err := cl.List(context.TODO(), list); err != nil {
+		if !meta.IsNoMatchError(err) {
+			logger.Error(err, "Unable to query for OpenShift Route")
+		}
+		return false
+	}
+	return true
+}