diff --git a/api/v1alpha1/configuration.go b/api/v1alpha1/configuration.go index 87ddd6bb..ce24eec4 100644 --- a/api/v1alpha1/configuration.go +++ b/api/v1alpha1/configuration.go @@ -2,9 +2,7 @@ package v1alpha1 import ( "bytes" - "crypto/sha256" "fmt" - "path" "strconv" "gopkg.in/yaml.v3" @@ -12,19 +10,6 @@ import ( "github.com/ydb-platform/ydb-kubernetes-operator/internal/configuration/schema" ) -const ( - DatabaseEncryptionKeyPath = "/opt/ydb/secrets/database_encryption" - DatabaseEncryptionKeyFile = "key" - DatastreamsIAMServiceAccountKeyPath = "/opt/ydb/secrets/datastreams" - DatastreamsIAMServiceAccountKeyFile = "sa_key.json" -) - -func hash(text string) string { - h := sha256.New() - h.Write([]byte(text)) - return fmt.Sprintf("%x", h.Sum(nil)) -} - func generateHosts(cr *Storage) []schema.Host { var hosts []schema.Host @@ -61,24 +46,6 @@ func generateHosts(cr *Storage) []schema.Host { return hosts } -func generateKeyConfig(cr *Storage, crDB *Database) *schema.KeyConfig { - var keyConfig *schema.KeyConfig - if crDB != nil && crDB.Spec.Encryption != nil && crDB.Spec.Encryption.Enabled { - keyConfig = &schema.KeyConfig{ - Keys: []schema.Key{ - { - ContainerPath: path.Join(DatabaseEncryptionKeyPath, DatabaseEncryptionKeyFile), - ID: hash(cr.Name), - Pin: crDB.Spec.Encryption.Pin, - Version: 1, - }, - }, - } - } - - return keyConfig -} - func BuildConfiguration(cr *Storage, crDB *Database) ([]byte, error) { config := make(map[string]interface{}) @@ -113,12 +80,6 @@ func BuildConfiguration(cr *Storage, crDB *Database) ([]byte, error) { config["hosts"] = hosts } - // Will be removed by YDBOPS-9692 - keyConfig := generateKeyConfig(cr, crDB) - if keyConfig != nil { - config["key_config"] = keyConfig - } - return yaml.Marshal(config) } diff --git a/api/v1alpha1/const.go b/api/v1alpha1/const.go index f9055fe3..c30d6f96 100644 --- a/api/v1alpha1/const.go +++ b/api/v1alpha1/const.go @@ -30,12 +30,21 @@ const ( ConfigDir = "/opt/ydb/cfg" ConfigFileName = "config.yaml" + DatabaseEncryptionKeySecretDir = "encryption" + DatabaseEncryptionKeySecretFile = "key.pem" + DatabaseEncryptionKeyConfigFile = "key.txt" + + DatastreamsIAMServiceAccountKeyDir = "datastreams" + DatastreamsIAMServiceAccountKeyFile = "sa_key.json" + BinariesDir = "/opt/ydb/bin" DaemonBinaryName = "ydbd" - DefaultRootUsername = "root" - DefaultRootPassword = "" - DefaultSignAlgorithm = "RS256" + DefaultRootUsername = "root" + DefaultRootPassword = "" + DefaultDatabaseDomain = "Root" + DefaultDatabaseEncryptionPin = "EmptyPin" + DefaultSignAlgorithm = "RS256" LabelDeploymentKey = "deployment" LabelDeploymentValueKubernetes = "kubernetes" diff --git a/api/v1alpha1/database_webhook.go b/api/v1alpha1/database_webhook.go index b2197b9c..bf716115 100644 --- a/api/v1alpha1/database_webhook.go +++ b/api/v1alpha1/database_webhook.go @@ -17,10 +17,6 @@ import ( . "github.com/ydb-platform/ydb-kubernetes-operator/internal/controllers/constants" //nolint:revive,stylecheck ) -const ( - DefaultDatabaseDomain = "Root" -) - // log is for logging in this package. var databaselog = logf.Log.WithName("database-resource") @@ -126,6 +122,13 @@ func (r *DatabaseDefaulter) Default(ctx context.Context, obj runtime.Object) err database.Spec.Encryption = &EncryptionConfig{Enabled: false} } + if database.Spec.Encryption.Enabled && database.Spec.Encryption.Key == nil { + if database.Spec.Encryption.Pin == nil || len(*database.Spec.Encryption.Pin) == 0 { + encryptionPin := DefaultDatabaseEncryptionPin + database.Spec.Encryption.Pin = &encryptionPin + } + } + if database.Spec.Datastreams == nil { database.Spec.Datastreams = &DatastreamsConfig{Enabled: false} } @@ -149,7 +152,7 @@ func (r *DatabaseDefaulter) Default(ctx context.Context, obj runtime.Object) err database.Spec.StorageEndpoint = storage.GetStorageEndpointWithProto() } - if database.Spec.Configuration != "" || (database.Spec.Encryption != nil && database.Spec.Encryption.Enabled) { + if database.Spec.Configuration != "" { configuration, err := BuildConfiguration(storage, database) if err != nil { return err diff --git a/deploy/ydb-operator/Chart.yaml b/deploy/ydb-operator/Chart.yaml index 843e10b7..2f631228 100644 --- a/deploy/ydb-operator/Chart.yaml +++ b/deploy/ydb-operator/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.22 +version: 0.5.23 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.5.22" +appVersion: "0.5.23" diff --git a/e2e/tests/smoke_test.go b/e2e/tests/smoke_test.go index 9aacbcba..a2dc6e20 100644 --- a/e2e/tests/smoke_test.go +++ b/e2e/tests/smoke_test.go @@ -866,6 +866,54 @@ var _ = Describe("Operator smoke test", func() { ) }) + It("Check encryption for Database", func() { + By("create storage...") + Expect(k8sClient.Create(ctx, storageSample)).Should(Succeed()) + defer func() { + Expect(k8sClient.Delete(ctx, storageSample)).Should(Succeed()) + }() + By("create database...") + databaseSample.Spec.Encryption = &v1alpha1.EncryptionConfig{ + Enabled: true, + } + Expect(k8sClient.Create(ctx, databaseSample)).Should(Succeed()) + defer func() { + Expect(k8sClient.Delete(ctx, databaseSample)).Should(Succeed()) + }() + + By("waiting until Storage is ready...") + waitUntilStorageReady(ctx, storageSample.Name, testobjects.YdbNamespace) + + By("checking that all the storage pods are running and ready...") + checkPodsRunningAndReady(ctx, "ydb-cluster", "kind-storage", storageSample.Spec.Nodes) + + By("waiting until database is ready...") + waitUntilDatabaseReady(ctx, databaseSample.Name, testobjects.YdbNamespace) + + By("checking that all the database pods are running and ready...") + checkPodsRunningAndReady(ctx, "ydb-cluster", "kind-database", databaseSample.Spec.Nodes) + + database := v1alpha1.Database{} + Expect(k8sClient.Get(ctx, types.NamespacedName{ + Name: databaseSample.Name, + Namespace: testobjects.YdbNamespace, + }, &database)).Should(Succeed()) + storageEndpoint := database.Spec.StorageEndpoint + + databasePods := corev1.PodList{} + Expect(k8sClient.List(ctx, &databasePods, + client.InNamespace(testobjects.YdbNamespace), + client.MatchingLabels{"ydb-cluster": "kind-database"}), + ).Should(Succeed()) + podName := databasePods.Items[0].Name + + By("bring YDB CLI inside ydb database pod...") + bringYdbCliToPod(podName, testobjects.YdbNamespace) + + By("execute simple query inside ydb database pod...") + executeSimpleQuery(podName, testobjects.YdbNamespace, storageEndpoint) + }) + AfterEach(func() { Expect(uninstallOperatorWithHelm(testobjects.YdbNamespace)).Should(BeTrue()) Expect(k8sClient.Delete(ctx, &namespace)).Should(Succeed()) diff --git a/internal/controllers/database/controller_test.go b/internal/controllers/database/controller_test.go index f37b4f26..ff70c105 100644 --- a/internal/controllers/database/controller_test.go +++ b/internal/controllers/database/controller_test.go @@ -3,7 +3,9 @@ package database_test import ( "context" "errors" + "fmt" "path/filepath" + "reflect" "strings" "testing" @@ -142,5 +144,77 @@ var _ = Describe("Database controller medium tests", func() { } } }) + + By("Check encryption for Database...") + foundDatabase := v1alpha1.Database{} + Expect(k8sClient.Get(ctx, types.NamespacedName{ + Name: databaseSample.Name, + Namespace: testobjects.YdbNamespace, + }, &foundDatabase)) + + By("Update Database and enable encryption...") + foundDatabase.Spec.Encryption = &v1alpha1.EncryptionConfig{Enabled: true} + Expect(k8sClient.Update(ctx, &foundDatabase)).Should(Succeed()) + + By("Check that encryption secret was created...") + encryptionSecret := corev1.Secret{} + Eventually(func() error { + return k8sClient.Get(ctx, types.NamespacedName{ + Name: databaseSample.Name, + Namespace: testobjects.YdbNamespace, + }, &encryptionSecret) + }, test.Timeout, test.Interval).ShouldNot(HaveOccurred()) + encryptionData := encryptionSecret.Data + + By("Check that arg `--key-file` was added to StatefulSet...") + databaseStatefulSet = appsv1.StatefulSet{} + Eventually(func() error { + Expect(k8sClient.List(ctx, + &foundStatefulSets, + client.InNamespace(testobjects.YdbNamespace), + )).ShouldNot(HaveOccurred()) + for idx, statefulSet := range foundStatefulSets.Items { + if statefulSet.Name == testobjects.DatabaseName { + databaseStatefulSet = foundStatefulSets.Items[idx] + break + } + } + podContainerArgs := databaseStatefulSet.Spec.Template.Spec.Containers[0].Args + encryptionKeyConfigPath := fmt.Sprintf("%s/%s", v1alpha1.ConfigDir, v1alpha1.DatabaseEncryptionKeyConfigFile) + for idx, arg := range podContainerArgs { + if arg == "--key-file" { + if podContainerArgs[idx+1] == encryptionKeyConfigPath { + return nil + } + return fmt.Errorf( + "Found arg `--key-file=%s` for encryption does not match with expected path: %s", + podContainerArgs[idx+1], + encryptionKeyConfigPath, + ) + } + } + return errors.New("Failed to find arg `--key-file` for encryption in StatefulSet") + }, test.Timeout, test.Interval).ShouldNot(HaveOccurred()) + + By("Update Database encryption pin...") + Expect(k8sClient.Get(ctx, types.NamespacedName{ + Name: databaseSample.Name, + Namespace: testobjects.YdbNamespace, + }, &foundDatabase)) + pin := "Ignore" + foundDatabase.Spec.Encryption = &v1alpha1.EncryptionConfig{ + Enabled: true, + Pin: &pin, + } + Expect(k8sClient.Update(ctx, &foundDatabase)).Should(Succeed()) + + By("Check that Secret for encryption was not changed...") + Consistently(func(g Gomega) bool { + g.Expect(k8sClient.Get(ctx, types.NamespacedName{ + Name: databaseSample.Name, + Namespace: testobjects.YdbNamespace, + }, &encryptionSecret)) + return reflect.DeepEqual(encryptionData, encryptionSecret.Data) + }, test.Timeout, test.Interval).Should(BeTrue()) }) }) diff --git a/internal/controllers/database/sync.go b/internal/controllers/database/sync.go index 466f8f67..6255d521 100644 --- a/internal/controllers/database/sync.go +++ b/internal/controllers/database/sync.go @@ -364,6 +364,13 @@ func shouldIgnoreDatabaseChange(database *resources.DatabaseBuilder) resources.I return true } } + + if sec, ok := oldObj.(*corev1.Secret); ok { + // Do not update already existing secret data for encryption + if (len(sec.StringData) > 0) || (len(sec.Data) > 0) { + return true + } + } return false } } diff --git a/internal/resources/configmap.go b/internal/resources/configmap.go index 39063112..861c4512 100644 --- a/internal/resources/configmap.go +++ b/internal/resources/configmap.go @@ -1,19 +1,42 @@ package resources import ( + "bytes" "errors" + "fmt" + "html/template" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + api "github.com/ydb-platform/ydb-kubernetes-operator/api/v1alpha1" + "github.com/ydb-platform/ydb-kubernetes-operator/internal/configuration/schema" ) +const keyConfigTmpl = `Keys { + ContainerPath: "{{ .ContainerPath }}" + Pin: "{{ .Pin }}" + Id: "{{ .ID }}" + Version: {{ .Version }} +}` + type ConfigMapBuilder struct { client.Object Name string - Data map[string]string Labels map[string]string + + Data map[string]string +} + +type EncryptionConfigBuilder struct { + client.Object + + Name string + Labels map[string]string + + KeyConfig schema.KeyConfig } func (b *ConfigMapBuilder) Build(obj client.Object) error { @@ -23,13 +46,43 @@ func (b *ConfigMapBuilder) Build(obj client.Object) error { } if cm.ObjectMeta.Name == "" { - cm.ObjectMeta.Name = b.GetName() + cm.ObjectMeta.Name = b.Name } cm.ObjectMeta.Namespace = b.GetNamespace() + cm.Labels = b.Labels + cm.Data = b.Data + + return nil +} + +func (b *EncryptionConfigBuilder) Build(obj client.Object) error { + cm, ok := obj.(*v1.ConfigMap) + if !ok { + return errors.New("failed to cast to ConfigMap object") + } + + if cm.ObjectMeta.Name == "" { + cm.ObjectMeta.Name = b.Name + } + cm.ObjectMeta.Namespace = b.GetNamespace() + cm.Labels = b.Labels + t, err := template.New("keyConfig").Parse(keyConfigTmpl) + if err != nil { + return fmt.Errorf("failed to parse keyConfig template: %w", err) + } + + var buf bytes.Buffer + err = t.Execute(&buf, b.KeyConfig.Keys[0]) + if err != nil { + return fmt.Errorf("failed to execute keyConfig template: %w", err) + } + + cm.Data = map[string]string{api.DatabaseEncryptionKeyConfigFile: buf.String()} + return nil } @@ -41,3 +94,12 @@ func (b *ConfigMapBuilder) Placeholder(cr client.Object) client.Object { }, } } + +func (b *EncryptionConfigBuilder) Placeholder(cr client.Object) client.Object { + return &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: b.Name, + Namespace: cr.GetNamespace(), + }, + } +} diff --git a/internal/resources/database.go b/internal/resources/database.go index 4276b3d0..c439c0cf 100644 --- a/internal/resources/database.go +++ b/internal/resources/database.go @@ -1,11 +1,14 @@ package resources import ( + "fmt" + corev1 "k8s.io/api/core/v1" "k8s.io/client-go/rest" api "github.com/ydb-platform/ydb-kubernetes-operator/api/v1alpha1" "github.com/ydb-platform/ydb-kubernetes-operator/internal/annotations" + "github.com/ydb-platform/ydb-kubernetes-operator/internal/configuration/schema" "github.com/ydb-platform/ydb-kubernetes-operator/internal/labels" "github.com/ydb-platform/ydb-kubernetes-operator/internal/metrics" ) @@ -93,20 +96,49 @@ func (b *DatabaseBuilder) GetResourceBuilders(restConfig *rest.Config) []Resourc ) } - if b.Spec.Encryption != nil && b.Spec.Encryption.Enabled && b.Spec.Encryption.Key == nil { - var pin string + if b.Spec.Encryption != nil && b.Spec.Encryption.Enabled { + // backward compatibility if b.Spec.Encryption.Pin == nil || len(*b.Spec.Encryption.Pin) == 0 { - pin = defaultPin - } else { - pin = *b.Spec.Encryption.Pin + encryptionPin := api.DefaultDatabaseEncryptionPin + b.Spec.Encryption.Pin = &encryptionPin + } + + if b.Spec.Encryption.Key == nil { + optionalBuilders = append( + optionalBuilders, + &EncryptionSecretBuilder{ + Object: b, + + Labels: databaseLabels, + Pin: *b.Spec.Encryption.Pin, + }, + ) } + + keyConfig := schema.KeyConfig{ + Keys: []schema.Key{ + { + ContainerPath: fmt.Sprintf("%s/%s/%s", + wellKnownDirForAdditionalSecrets, + api.DatabaseEncryptionKeySecretDir, + api.DatabaseEncryptionKeySecretFile, + ), + ID: b.Name, + Pin: b.Spec.Encryption.Pin, + Version: 1, + }, + }, + } + optionalBuilders = append( optionalBuilders, - &EncryptionSecretBuilder{ + &EncryptionConfigBuilder{ Object: b, - Pin: pin, + Name: fmt.Sprintf(EncryptionKeyConfigNameFormat, b.GetName()), Labels: databaseLabels, + + KeyConfig: keyConfig, }, ) } diff --git a/internal/resources/database_statefulset.go b/internal/resources/database_statefulset.go index 687ed8e4..2d755b82 100644 --- a/internal/resources/database_statefulset.go +++ b/internal/resources/database_statefulset.go @@ -179,7 +179,7 @@ func (b *DatabaseStatefulSetBuilder) buildVolumes() []corev1.Volume { } if b.Spec.Encryption != nil && b.Spec.Encryption.Enabled { - volumes = append(volumes, b.buildEncryptionVolume()) + volumes = append(volumes, b.buildEncryptionVolumes()...) } if b.Spec.Datastreams != nil && b.Spec.Datastreams.Enabled { @@ -346,30 +346,43 @@ func buildTLSVolume(name string, configuration *api.TLSConfiguration) corev1.Vol return volume } -func (b *DatabaseStatefulSetBuilder) buildEncryptionVolume() corev1.Volume { +func (b *DatabaseStatefulSetBuilder) buildEncryptionVolumes() []corev1.Volume { var secretName, secretKey string if b.Spec.Encryption.Key != nil { secretName = b.Spec.Encryption.Key.Name secretKey = b.Spec.Encryption.Key.Key } else { secretName = b.Name - secretKey = defaultEncryptionSecretKey + secretKey = wellKnownNameForEncryptionKeySecret } - return corev1.Volume{ - Name: encryptionVolumeName, + encryptionKeySecret := corev1.Volume{ + Name: encryptionKeySecretVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: secretName, Items: []corev1.KeyToPath{ { Key: secretKey, - Path: api.DatabaseEncryptionKeyFile, + Path: api.DatabaseEncryptionKeySecretFile, }, }, }, }, } + + encryptionKeyConfig := corev1.Volume{ + Name: encryptionKeyConfigVolumeName, + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: fmt.Sprintf(EncryptionKeyConfigNameFormat, b.GetName()), + }, + }, + }, + } + + return []corev1.Volume{encryptionKeySecret, encryptionKeyConfig} } func (b *DatabaseStatefulSetBuilder) buildDatastreamsIAMServiceAccountKeyVolume() corev1.Volume { @@ -482,9 +495,16 @@ func (b *DatabaseStatefulSetBuilder) buildVolumeMounts() []corev1.VolumeMount { if b.Spec.Encryption != nil && b.Spec.Encryption.Enabled { volumeMounts = append(volumeMounts, corev1.VolumeMount{ - Name: encryptionVolumeName, + Name: encryptionKeyConfigVolumeName, ReadOnly: true, - MountPath: api.DatabaseEncryptionKeyPath, + MountPath: fmt.Sprintf("%s/%s", api.ConfigDir, api.DatabaseEncryptionKeyConfigFile), + SubPath: api.DatabaseEncryptionKeyConfigFile, + }) + + volumeMounts = append(volumeMounts, corev1.VolumeMount{ + Name: encryptionKeySecretVolumeName, + ReadOnly: true, + MountPath: fmt.Sprintf("%s/%s", wellKnownDirForAdditionalSecrets, api.DatabaseEncryptionKeySecretDir), }) } @@ -492,7 +512,7 @@ func (b *DatabaseStatefulSetBuilder) buildVolumeMounts() []corev1.VolumeMount { volumeMounts = append(volumeMounts, corev1.VolumeMount{ Name: datastreamsIAMServiceAccountKeyVolumeName, ReadOnly: true, - MountPath: api.DatastreamsIAMServiceAccountKeyPath, + MountPath: api.DatastreamsIAMServiceAccountKeyDir, }) if b.Spec.Service.Datastreams.TLSConfiguration.Enabled { volumeMounts = append(volumeMounts, corev1.VolumeMount{ @@ -569,6 +589,13 @@ func (b *DatabaseStatefulSetBuilder) buildContainerArgs() ([]string, []string) { ) } + if b.Spec.Encryption != nil && b.Spec.Encryption.Enabled { + args = append(args, + "--key-file", + fmt.Sprintf("%s/%s", api.ConfigDir, api.DatabaseEncryptionKeyConfigFile), + ) + } + // hotfix KIKIMR-16728 if b.Spec.Service.GRPC.TLSConfiguration.Enabled { args = append(args, diff --git a/internal/resources/encryption.go b/internal/resources/encryption.go index 276370a8..a3187007 100644 --- a/internal/resources/encryption.go +++ b/internal/resources/encryption.go @@ -2,6 +2,7 @@ package resources import ( "errors" + "fmt" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -13,8 +14,8 @@ import ( type EncryptionSecretBuilder struct { client.Object - Pin string Labels map[string]string + Pin string } func (b *EncryptionSecretBuilder) Build(obj client.Object) error { @@ -28,17 +29,17 @@ func (b *EncryptionSecretBuilder) Build(obj client.Object) error { } sec.ObjectMeta.Namespace = b.GetNamespace() - // Do not update already existing secret data - if (sec.StringData == nil || len(sec.StringData) == 0) && (sec.Data == nil || len(sec.Data) == 0) { - key, err := encryption.GenerateRSAKey(b.Pin) - if err != nil { - return err - } - sec.StringData = map[string]string{ - defaultEncryptionSecretKey: key, - } - } sec.Labels = b.Labels + + key, err := encryption.GenerateRSAKey(b.Pin) + if err != nil { + return fmt.Errorf("failed to generate key for encryption: %w", err) + } + + sec.StringData = map[string]string{ + wellKnownNameForEncryptionKeySecret: key, + } + sec.Type = corev1.SecretTypeOpaque return nil @@ -47,7 +48,7 @@ func (b *EncryptionSecretBuilder) Build(obj client.Object) error { func (b *EncryptionSecretBuilder) Placeholder(cr client.Object) client.Object { return &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: cr.GetName(), + Name: b.GetName(), Namespace: cr.GetNamespace(), }, } diff --git a/internal/resources/resource.go b/internal/resources/resource.go index e379ad15..e904327f 100644 --- a/internal/resources/resource.go +++ b/internal/resources/resource.go @@ -49,6 +49,7 @@ const ( InitJobNameFormat = "%s-blobstorage-init" OperatorTokenSecretNameFormat = "%s-operator-token" + EncryptionKeyConfigNameFormat = "%s-encryption-key" systemCertsVolumeName = "init-main-shared-certs-volume" localCertsVolumeName = "init-main-shared-source-dir-volume" @@ -60,6 +61,7 @@ const ( wellKnownNameForTLSCertificateAuthority = "ca.crt" wellKnownNameForTLSCertificate = "tls.crt" wellKnownNameForTLSPrivateKey = "tls.key" + wellKnownNameForEncryptionKeySecret = "key.pem" caBundleEnvName = "CA_BUNDLE" caBundleFileName = "userCABundle.crt" @@ -70,10 +72,9 @@ const ( localCertsDir = "/usr/local/share/ca-certificates" systemCertsDir = "/etc/ssl/certs" - encryptionVolumeName = "encryption" + encryptionKeyConfigVolumeName = "encryption-config" + encryptionKeySecretVolumeName = "encryption-key" datastreamsIAMServiceAccountKeyVolumeName = "datastreams-iam-sa-key" - defaultEncryptionSecretKey = "key" - defaultPin = "EmptyPin" ) type ResourceBuilder interface { @@ -581,14 +582,3 @@ func CompareMaps(map1, map2 map[string]string) bool { } return true } - -func PodIsReady(e corev1.Pod) bool { - if e.Status.Phase == corev1.PodRunning { - for _, condition := range e.Status.Conditions { - if condition.Type == corev1.PodReady && condition.Status == corev1.ConditionTrue { - return true - } - } - } - return false -}