fix(all): use of tls for datastore

padok-team · May 21, 2024 · ab720ac · ab720ac
1 parent 523d7d9
commit ab720ac
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 11 deletions.
diff --git a/api/v1alpha1/terraformrun_types.go b/api/v1alpha1/terraformrun_types.go
@@ -51,8 +51,8 @@ type TerraformRunStatus struct {
 }
 
 type Attempt struct {
-	PodName      string `json:"podName,omitempty"`
-	Number       int    `json:"number,omitempty"`
+	PodName      string `json:"podName"`
+	Number       int    `json:"number"`
 	LogsUploaded bool   `json:"logsUploaded,omitempty"`
 }
 

diff --git a/deploy/charts/burrito/templates/datastore.yaml b/deploy/charts/burrito/templates/datastore.yaml
@@ -1,6 +1,10 @@
 {{ $configChecksum := (include (print $.Template.BasePath "/config.yaml") . | sha256sum) }}
 
 {{- with mergeOverwrite (deepCopy .Values.global) .Values.datastore }}
+{{- if .tls.certManager.use }}
+{{- $_ := set .deployment.livenessProbe.httpGet "scheme" "HTTPS" }}
+{{- $_ := set .deployment.readinessProbe.httpGet "scheme" "HTTPS" }}
+{{- end }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/deploy/charts/burrito/values.yaml b/deploy/charts/burrito/values.yaml
@@ -81,9 +81,11 @@ hermitcrab:
           commonName: burrito-hermitcrab.burrito-system.svc.cluster.local
           dnsNames:
             - burrito-hermitcrab.burrito-system.svc.cluster.local
+            - burrito-hermitcrab.burrito-system
+            - burrito-hermitcrab
           issuerRef:
             name: burrito-ca-issuer
-            kind: ClusterIssuer
+            kind: Issuer
 
   deployment:
     image:
@@ -176,13 +178,13 @@ controllers:
       httpGet:
         path: /healthz
         port: 8081
-      initialDelaySeconds: 15
+      initialDelaySeconds: 5
       periodSeconds: 20
     readinessProbe:
       httpGet:
         path: /readyz
         port: 8081
-      initialDelaySeconds: 15
+      initialDelaySeconds: 5
       periodSeconds: 20
     envFrom: []
     env: []
@@ -206,13 +208,13 @@ server:
       httpGet:
         path: /healthz
         port: 8080
-      initialDelaySeconds: 15
+      initialDelaySeconds: 5
       periodSeconds: 20
     readinessProbe:
       httpGet:
         path: /healthz
         port: 8080
-      initialDelaySeconds: 15
+      initialDelaySeconds: 5
       periodSeconds: 20
     envFrom:
       # -- Reference the webhook secret here
@@ -249,13 +251,13 @@ datastore:
       httpGet:
         path: /healthz
         port: 8080
-      initialDelaySeconds: 15
+      initialDelaySeconds: 5
       periodSeconds: 20
     readinessProbe:
       httpGet:
         path: /healthz
         port: 8080
-      initialDelaySeconds: 15
+      initialDelaySeconds: 5
       periodSeconds: 20
     envFrom: []
   service:
@@ -275,8 +277,10 @@ datastore:
           commonName: burrito-datastore.burrito-system.svc.cluster.local
           dnsNames:
             - burrito-datastore.burrito-system.svc.cluster.local
+            - burrito-datastore.burrito-system
+            - burrito-datastore
           issuerRef:
             name: burrito-ca-issuer
-            kind: ClusterIssuer
+            kind: Issuer
 
 tenants: []
diff --git a/internal/runner/runner.go b/internal/runner/runner.go
@@ -57,6 +57,7 @@ type TerraformExec interface {
 func New(c *config.Config) *Runner {
 	client := datastore.NewDefaultClient()
 	if c.Datastore.TLS {
+		log.Info("using TLS for datastore")
 		client.Scheme = "https"
 	}
 	return &Runner{

diff --git a/internal/server/api/api.go b/internal/server/api/api.go
@@ -13,8 +13,12 @@ type API struct {
 }
 
 func New(c *config.Config) *API {
+	client := datastore.NewDefaultClient()
+	if c.Datastore.TLS {
+		client.Scheme = "https"
+	}
 	return &API{
 		config:    c,
-		Datastore: datastore.NewDefaultClient(),
+		Datastore: client,
 	}
 }
diff --git a/manifests/crds/config.terraform.padok.cloud_terraformruns.yaml b/manifests/crds/config.terraform.padok.cloud_terraformruns.yaml
@@ -86,6 +86,9 @@ spec:
                       type: integer
                     podName:
                       type: string
+                  required:
+                  - number
+                  - podName
                   type: object
                 type: array
               conditions:

diff --git a/manifests/install.yaml b/manifests/install.yaml
@@ -4240,6 +4240,9 @@ spec:
                       type: integer
                     podName:
                       type: string
+                  required:
+                  - number
+                  - podName
                   type: object
                 type: array
               conditions: