objectrocket · biswazr · Feb 22, 2023 · Feb 22, 2023 · Feb 22, 2023 · Feb 22, 2023
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -32,7 +32,7 @@ orbs:
 jobs:
   markdownlint:
     docker:
-    - image: circleci/node:10.14.2
+    - image: cimg/node:18.14.1
       auth:
         username: ${DOCKER_USERNAME}
         password: ${DOCKER_PASSWORD}
@@ -86,7 +86,7 @@ jobs:
     - run:
         name: docker login
         command: |
-          docker login -u $DOCKER_USER -p $DOCKER_PASS
+          docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
     - run:
         name: docker build and push
         command: |

diff --git a/example/deployment.yaml b/example/deployment.yaml
@@ -12,22 +12,28 @@ metadata:
   namespace: sensu
 
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: sensu-operator
   namespace: sensu
 spec:
   replicas: 1
+  selector:
+    matchLabels:
+      app: sensu-operator
+      release: sensu-operator
   template:
     metadata:
       labels:
         name: sensu-operator
+        release: sensu-operator
+        app: sensu-operator
     spec:
       containers:
       - name: sensu-operator
         image: objectrocket/sensu-operator:latest
-        imagePullPolicy: Never
+        imagePullPolicy: Always
         env:
         - name: MY_POD_NAMESPACE
           valueFrom:
@@ -49,3 +55,5 @@ spec:
           value: "4"
         - name: SENSUOP_PROCESSING_RETRIES
           value: "5"
+        imagePullSecrets:
+          - name: 'or-docker-secret'
diff --git a/example/example-sensu-cluster-objectrocket.yaml b/example/example-sensu-cluster-objectrocket.yaml
@@ -3,7 +3,7 @@ kind: SensuCluster
 metadata:
   annotations:
     objectrocket.com/scope: clusterwide
-  name: platdev0
+  name: sensu
   namespace: sensu
 spec:
   pod:
@@ -14,7 +14,9 @@ spec:
       resources:
         requests:
           storage: 8Gi
-      storageClassName: standard
-  repository: sensu/sensu
-  size: 1
-  version: 5.14.0
+      storageClassName: gp2
+  repository: objectrocket/sensu-backend
+  size: 5
+  version: 5.20.2_or2
+  clusteradminusername: admin
+  clusteradminpassword: p@ssw0rd!
diff --git a/helm/sensu-operator/Chart.yaml b/helm/sensu-operator/Chart.yaml
@@ -1,3 +1,4 @@
+apiVersion: v1
 name: sensu-operator
 version: 0.0.0
 description: ObjectRocket Sensu Operator

diff --git a/helm/sensu-operator/templates/sensu-operator-deployment.yaml b/helm/sensu-operator/templates/sensu-operator-deployment.yaml
@@ -66,13 +66,12 @@ spec:
       imagePullSecrets:
       - name: {{ .Values.imagePullSecret.name }}
       securityContext:
-      runAsUser: 1000
-      runAsGroup: 1000
-      fsGroup: 1000
-      allowPrivilegeEscalation: false
-      runAsNonRoot: true
-      supplementalGroups:
-      - 1000
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        runAsNonRoot: true
+        supplementalGroups:
+          - 1000
 {{- if .Values.tolerations }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}

diff --git a/helm/sensu-operator/values.yaml b/helm/sensu-operator/values.yaml
@@ -27,14 +27,14 @@ resourceSettings:
 
 logLevel: info
 
-nodeSelector:
-  node-role.kubernetes.io/platform_worker: "true"
+#nodeSelector:
+#  node-role.kubernetes.io/platform_worker: "true"
 
 tolerations:
   - effect: NoSchedule
     key: node_role
     operator: Equal
-    value: platform_worker
+    value: product_worker
 
 rbac:
   clusterRole: sensu-operator
@@ -53,4 +53,4 @@ sensu:
   processingRetries: 5
 
 prometheus:
-  enabled: true
+  enabled: false
diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go
@@ -556,7 +556,7 @@ func (c *Cluster) ClientURLs(m *etcdutil.MemberConfig) (urls []string) {
 }
 
 func (c *Cluster) PeerURL(m *etcdutil.MemberConfig, ordinalID int) string {
-	return fmt.Sprintf("%s://%s.%s.%s.svc:2380",
+	return fmt.Sprintf("%s://%s.%s.%s.svc.cluster.local:2380",
 		m.PeerScheme(),
 		c.memberName(ordinalID),
 		c.name(),

diff --git a/pkg/sensu_client/client.go b/pkg/sensu_client/client.go
@@ -80,7 +80,7 @@ func (s *SensuClient) SetTimeout(t time.Duration) {
 }
 
 func (s *SensuClient) makeFullyQualifiedSensuClientURL() string {
-	return fmt.Sprintf("%s.%s.svc", k8sutil.APIServiceName(s.clusterName), s.namespace)
+	return fmt.Sprintf("%s.%s.svc.cluster.local", k8sutil.APIServiceName(s.clusterName), s.namespace)
 }
 
 func (s *SensuClient) ensureCredentials() (err error) {

diff --git a/pkg/sensu_client/client_test.go b/pkg/sensu_client/client_test.go
@@ -36,7 +36,7 @@ func (c *sensuAPITestClient) CreateNamespace(ns *types.Namespace) error {
 func TestNew(t *testing.T) {
 	conf := basic.Config{
 		Cluster: basic.Cluster{
-			APIUrl: "http://testCluster-api.testnamespace.svc:8080",
+			APIUrl: "http://testCluster-api.testnamespace.svc.cluster.local:8080",
 		},
 		Profile: basic.Profile{
 			Format:    "json",
@@ -103,7 +103,7 @@ func TestNew(t *testing.T) {
 func TestSensuClient_makeFullyQualifiedSensuClientURL(t *testing.T) {
 	conf := basic.Config{
 		Cluster: basic.Cluster{
-			APIUrl: "http://testCluster.testnamespace.svc:8080",
+			APIUrl: "http://testCluster.testnamespace.svc.cluster.local:8080",
 		},
 		Profile: basic.Profile{
 			Format:    "json",
@@ -138,7 +138,7 @@ func TestSensuClient_makeFullyQualifiedSensuClientURL(t *testing.T) {
 					Logger: logger,
 				},
 			},
-			"testCluster-api.testnamespace.svc",
+			"testCluster-api.testnamespace.svc.cluster.local",
 		},
 	}
 	for _, tt := range tests {
@@ -159,7 +159,7 @@ func TestSensuClient_makeFullyQualifiedSensuClientURL(t *testing.T) {
 func TestSensuClient_ensureCredentials(t *testing.T) {
 	conf := basic.Config{
 		Cluster: basic.Cluster{
-			APIUrl: "http://testCluster.testnamespace.svc:8080",
+			APIUrl: "http://testCluster.testnamespace.svc.cluster.local:8080",
 			Tokens: &types.Tokens{
 				Access: "fake",
 			},
@@ -171,7 +171,7 @@ func TestSensuClient_ensureCredentials(t *testing.T) {
 	}
 	confNoToken := basic.Config{
 		Cluster: basic.Cluster{
-			APIUrl: "http://testCluster.testnamespace.svc:8080",
+			APIUrl: "http://testCluster.testnamespace.svc.cluster.local:8080",
 		},
 		Profile: basic.Profile{
 			Format:    "json",
@@ -243,7 +243,7 @@ func TestSensuClient_ensureCredentials(t *testing.T) {
 func TestSensuClient_ensureNamespace(t *testing.T) {
 	conf := basic.Config{
 		Cluster: basic.Cluster{
-			APIUrl: "http://testCluster.testnamespace.svc:8080",
+			APIUrl: "http://testCluster.testnamespace.svc.cluster.local:8080",
 			Tokens: &types.Tokens{
 				Access: "fake",
 			},

diff --git a/pkg/util/k8sutil/k8sutil.go b/pkg/util/k8sutil/k8sutil.go
@@ -501,6 +501,11 @@ etcd-key-file: %[1]s/server.key
 		Name:      "etcsensu",
 		MountPath: "/etc/sensu",
 	}
+	/*configVolumeMountData := v1.VolumeMount{
+		Name:				"etcd-data",
+		MountPath:	"/var/lib/sensu/etcd",
+	}*/
+
 	container := containerWithProbes(
 		sensuContainer(strings.Split(commands, " "), cs.Repository, cs.Version, cs.ClusterAdminUsername, cs.ClusterAdminPassword),
 		livenessProbe,
@@ -564,7 +569,7 @@ etcd-key-file: %[1]s/server.key
 					TIMEOUT_READY=%d
 					SUBDOMAIN=%s
 					NAMESPACE=%s
-					LOCAL_HOSTNAME=$(hostname).${SUBDOMAIN}.${NAMESPACE}.svc
+					LOCAL_HOSTNAME=$(hostname).${SUBDOMAIN}.${NAMESPACE}.svc.cluster.local
 					while ( ! nslookup $LOCAL_HOSTNAME )
 					do
 						# If TIMEOUT_READY is 0 we should never time out and exit
@@ -595,9 +600,9 @@ ORDINAL=${HOSTNAME##*-}
 TOKEN=%s
 SUBDOMAIN=%s
 NAMESPACE=%s
-LOCAL_HOSTNAME=${HOSTNAME}.${SUBDOMAIN}.${NAMESPACE}.svc
+LOCAL_HOSTNAME=${HOSTNAME}.${SUBDOMAIN}.${NAMESPACE}.svc.cluster.local
 SEED_NAME=${SUBDOMAIN}-0
-SEED_HOSTNAME=${SEED_NAME}.${SUBDOMAIN}.${NAMESPACE}.svc
+SEED_HOSTNAME=${SEED_NAME}.${SUBDOMAIN}.${NAMESPACE}.svc.cluster.local
 INITIAL_CLUSTER="${SEED_NAME}=http://${SEED_HOSTNAME}:2380"
 STATE="new"
 if [[ "$ORDINAL" == "0" ]]
@@ -607,7 +612,7 @@ else
 	STATE="existing"
 	for i in $(seq 1 $ORDINAL)
 	do
-		INITIAL_CLUSTER=${INITIAL_CLUSTER},${SUBDOMAIN}-${i}=http://${SUBDOMAIN}-${i}.${SUBDOMAIN}.${NAMESPACE}.svc:2380
+		INITIAL_CLUSTER=${INITIAL_CLUSTER},${SUBDOMAIN}-${i}=http://${SUBDOMAIN}-${i}.${SUBDOMAIN}.${NAMESPACE}.svc.cluster.local:2380
 	done
 fi
 if [[ "${STATE}" == "new" ]]
@@ -621,6 +626,7 @@ cat /etc/sensu/backend.yml
 `, token, clusterName, m.Namespace, options)},
 					VolumeMounts: []v1.VolumeMount{configVolumeMount},
 				},
+
 			},
 			Containers:    []v1.Container{container},
 			RestartPolicy: v1.RestartPolicyAlways,
@@ -682,7 +688,7 @@ func InClusterConfig() (*rest.Config, error) {
 	// Work around https://github.com/kubernetes/kubernetes/issues/40973
 	// See https://github.com/sensu/sensu-operator/issues/731#issuecomment-283804819
 	if len(os.Getenv("KUBERNETES_SERVICE_HOST")) == 0 {
-		addrs, err := net.LookupHost("kubernetes.default.svc")
+		addrs, err := net.LookupHost("kubernetes.default.svc.cluster.local")
 		if err != nil {
 			panic(err)
 		}