Add support for deploying elasticsearch CR and necessary com.

Signed-off-by: Pavol Loffay <ploffay@redhat.com>

Makefile

@@ -7,7 +7,7 @@ IMPORT_LOG=import.log
 FMT_LOG=fmt.log
 
 OPERATOR_NAME ?= jaeger-operator
-NAMESPACE ?= "$(USER)"
+NAMESPACE ?= jaegertracing
 BUILD_IMAGE ?= "$(NAMESPACE)/$(OPERATOR_NAME):latest"
 OUTPUT_BINARY ?= "$(BIN_DIR)/$(OPERATOR_NAME)"
 VERSION_PKG ?= "github.com/jaegertracing/jaeger-operator/pkg/version"
@@ -48,7 +48,7 @@ build: format
 	@${GO_FLAGS} go build -o $(OUTPUT_BINARY) -ldflags $(LD_FLAGS)
 
 .PHONY: docker
-docker:
+docker: build
 	@docker build --file build/Dockerfile -t "$(BUILD_IMAGE)" .
 
 .PHONY: push
@@ -62,7 +62,7 @@ unit-tests:
 	@go test $(PACKAGES) -cover -coverprofile=cover.out
 
 .PHONY: e2e-tests
-e2e-tests: cassandra es crd build docker push
+e2e-tests: cassandra es crd build docker
 	@mkdir -p deploy/test
 	@echo Running end-to-end tests...
 

build/Dockerfile

@@ -1,4 +1,15 @@
-FROM alpine:3.8
+FROM registry.svc.ci.openshift.org/openshift/origin-v4.0:base
+
+RUN INSTALL_PKGS=" \
+      openssl \
+      " && \
+    yum install -y $INSTALL_PKGS && \
+    rpm -V $INSTALL_PKGS && \
+    yum clean all && \
+    mkdir /tmp/_working_dir && \
+    chmod og+w /tmp/_working_dir
+
+COPY scripts/* /scripts/
 
 USER nobody
 

deploy/examples/simple-prod-deploy-es.yaml

@@ -0,0 +1,9 @@
+# This CR deploys Jaeger and Elasticsearch
+apiVersion: io.jaegertracing/v1alpha1
+kind: Jaeger
+metadata:
+  name: simple-prod
+spec:
+  strategy: production
+  storage:
+    type: elasticsearch

deploy/role.yaml

@@ -58,3 +58,16 @@ rules:
   - routes
   verbs:
   - "*"
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+    - roles
+    - rolebindings
+  verbs:
+    - '*'
+- apiGroups:
+  - elasticsearch.jaegertracing.io
+  resources:
+  - jaeger
+  verbs:
+  - 'get'

jaeger.version

@@ -2,4 +2,4 @@
 # by default with the Jaeger Operator. This would usually be the latest 
 # stable Jaeger version. When you update this file, make sure to update the
 # the docs as well.
-1.9
+latest

pkg/account/main.go

@@ -1,7 +1,10 @@
 package account
 
 import (
+	"fmt"
+
 	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/jaegertracing/jaeger-operator/pkg/apis/io/v1alpha1"
 )
@@ -12,5 +15,28 @@ func Get(jaeger *v1alpha1.Jaeger) []*v1.ServiceAccount {
 	if jaeger.Spec.Ingress.Security == v1alpha1.IngressSecurityOAuthProxy {
 		accounts = append(accounts, OAuthProxy(jaeger))
 	}
-	return accounts
+	return append(accounts, getMain(jaeger))
+}
+
+func getMain(jaeger *v1alpha1.Jaeger) *v1.ServiceAccount {
+	trueVar := true
+	return &v1.ServiceAccount{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      JaegerServiceAccountFor(jaeger),
+			Namespace: jaeger.Namespace,
+			OwnerReferences: []metav1.OwnerReference{
+				{
+					APIVersion: jaeger.APIVersion,
+					Kind:       jaeger.Kind,
+					Name:       jaeger.Name,
+					UID:        jaeger.UID,
+					Controller: &trueVar,
+				},
+			},
+		},
+	}
+}
+
+func JaegerServiceAccountFor(jaeger *v1alpha1.Jaeger) string {
+	return fmt.Sprintf("%s", jaeger.Name)
 }

pkg/account/main_test.go

@@ -11,19 +11,27 @@ import (
 func TestWithSecurityNil(t *testing.T) {
 	jaeger := v1alpha1.NewJaeger("TestWithOAuthProxyNil")
 	assert.Equal(t, v1alpha1.IngressSecurityNone, jaeger.Spec.Ingress.Security)
-	assert.Len(t, Get(jaeger), 0)
+	sas := Get(jaeger)
+	assert.Len(t, sas, 1)
+	assert.Equal(t, getMain(jaeger), sas[0])
 }
 
 func TestWithSecurityNone(t *testing.T) {
 	jaeger := v1alpha1.NewJaeger("TestWithOAuthProxyFalse")
 	jaeger.Spec.Ingress.Security = v1alpha1.IngressSecurityNone
-
-	assert.Len(t, Get(jaeger), 0)
+	sas := Get(jaeger)
+	assert.Len(t, sas, 1)
+	assert.Equal(t, getMain(jaeger), sas[0])
 }
 
 func TestWithSecurityOAuthProxy(t *testing.T) {
 	jaeger := v1alpha1.NewJaeger("TestWithOAuthProxyTrue")
 	jaeger.Spec.Ingress.Security = v1alpha1.IngressSecurityOAuthProxy
 
-	assert.Len(t, Get(jaeger), 1)
+	assert.Len(t, Get(jaeger), 2)
+}
+
+func TestJaegerName(t *testing.T) {
+	jaeger := v1alpha1.NewJaeger("foo")
+	assert.Equal(t, "foo", JaegerServiceAccountFor(jaeger))
 }

pkg/controller/controller.go

@@ -2,7 +2,10 @@ package controller
 
 import (
 	routev1 "github.com/openshift/api/route/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
+
+	esv1alpha1 "github.com/jaegertracing/jaeger-operator/pkg/storage/elasticsearch/v1alpha1"
 )
 
 // AddToManagerFuncs is a list of functions to add all Controllers to the Manager
@@ -13,6 +16,9 @@ func AddToManager(m manager.Manager) error {
 	if err := routev1.AddToScheme(m.GetScheme()); err != nil {
 		return err
 	}
+	// TODO temporal fix https://github.com/jaegertracing/jaeger-operator/issues/206
+	gv := schema.GroupVersion{Group: "logging.openshift.io", Version: "v1alpha1"}
+	m.GetScheme().AddKnownTypes(gv, &esv1alpha1.Elasticsearch{})
 
 	for _, f := range AddToManagerFuncs {
 		if err := f(m); err != nil {

pkg/controller/jaeger/jaeger_controller.go

@@ -139,6 +139,7 @@ func (r *ReconcileJaeger) handleCreate(str strategy.S) (bool, error) {
 	objs := str.Create()
 	created := false
 	for _, obj := range objs {
+
 		err := r.client.Create(context.Background(), obj)
 		if err != nil && !apierrors.IsAlreadyExists(err) {
 			log.WithError(err).Error("failed to create")

pkg/deployment/all-in-one.go

@@ -10,6 +10,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
+	"github.com/jaegertracing/jaeger-operator/pkg/account"
 	"github.com/jaegertracing/jaeger-operator/pkg/apis/io/v1alpha1"
 	"github.com/jaegertracing/jaeger-operator/pkg/config/sampling"
 	"github.com/jaegertracing/jaeger-operator/pkg/config/ui"
@@ -157,7 +158,8 @@ func (a *AllInOne) Get() *appsv1.Deployment {
 						},
 						Resources: commonSpec.Resources,
 					}},
-					Volumes: commonSpec.Volumes,
+					Volumes:            commonSpec.Volumes,
+					ServiceAccountName: account.JaegerServiceAccountFor(a.jaeger),
 				},
 			},
 		},

pkg/deployment/collector.go

@@ -11,6 +11,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
+	"github.com/jaegertracing/jaeger-operator/pkg/account"
 	"github.com/jaegertracing/jaeger-operator/pkg/apis/io/v1alpha1"
 	"github.com/jaegertracing/jaeger-operator/pkg/config/sampling"
 	"github.com/jaegertracing/jaeger-operator/pkg/service"
@@ -147,7 +148,8 @@ func (c *Collector) Get() *appsv1.Deployment {
 						},
 						Resources: commonSpec.Resources,
 					}},
-					Volumes: commonSpec.Volumes,
+					Volumes:            commonSpec.Volumes,
+					ServiceAccountName: account.JaegerServiceAccountFor(c.jaeger),
 				},
 			},
 		},

pkg/deployment/ingester.go

@@ -11,6 +11,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
+	"github.com/jaegertracing/jaeger-operator/pkg/account"
 	"github.com/jaegertracing/jaeger-operator/pkg/apis/io/v1alpha1"
 	"github.com/jaegertracing/jaeger-operator/pkg/storage"
 	"github.com/jaegertracing/jaeger-operator/pkg/util"
@@ -133,7 +134,8 @@ func (i *Ingester) Get() *appsv1.Deployment {
 						},
 						Resources: commonSpec.Resources,
 					}},
-					Volumes: commonSpec.Volumes,
+					Volumes:            commonSpec.Volumes,
+					ServiceAccountName: account.JaegerServiceAccountFor(i.jaeger),
 				},
 			},
 		},

pkg/deployment/query.go

@@ -10,6 +10,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
+	"github.com/jaegertracing/jaeger-operator/pkg/account"
 	"github.com/jaegertracing/jaeger-operator/pkg/apis/io/v1alpha1"
 	"github.com/jaegertracing/jaeger-operator/pkg/config/ui"
 	"github.com/jaegertracing/jaeger-operator/pkg/service"
@@ -132,7 +133,8 @@ func (q *Query) Get() *appsv1.Deployment {
 						},
 						Resources: commonSpec.Resources,
 					}},
-					Volumes: commonSpec.Volumes,
+					Volumes:            commonSpec.Volumes,
+					ServiceAccountName: account.JaegerServiceAccountFor(q.jaeger),
 				},
 			},
 		},

pkg/storage/elasticsearch.go

@@ -0,0 +1,102 @@
+package storage
+
+import (
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/jaegertracing/jaeger-operator/pkg/apis/io/v1alpha1"
+	esv1alpha1 "github.com/jaegertracing/jaeger-operator/pkg/storage/elasticsearch/v1alpha1"
+)
+
+const (
+	// #nosec   G101: Potential hardcoded credentials (Confidence: LOW, Severity: HIGH)
+	k8sTokenFile    = "/var/run/secrets/kubernetes.io/serviceaccount/token"
+	volumeName      = "certs"
+	volumeMountPath = "/sec"
+	caCert          = volumeMountPath + "/ca"
+)
+
+func ShouldDeployElasticsearch(s v1alpha1.JaegerStorageSpec) bool {
+	if strings.ToLower(s.Type) != "elasticsearch" {
+		return false
+	}
+	_, ok := s.Options.Map()["es.server-urls"]
+	if ok {
+		return false
+	}
+	return true
+}
+
+func CreateElasticsearchObjects(j *v1alpha1.Jaeger, collector, query *v1.PodSpec) ([]runtime.Object, error) {
+	err := createESCerts(certScript)
+	if err != nil {
+		logrus.Error("Failed to create Elasticsearch certificates: ", err)
+		return nil, errors.Wrap(err, "failed to create Elasticsearch certificates")
+	}
+	os := []runtime.Object{}
+	esSecret := createESSecrets(j)
+	for _, s := range esSecret {
+		os = append(os, s)
+	}
+	os = append(os, getESRoles(j, collector.ServiceAccountName, query.ServiceAccountName)...)
+	os = append(os, createCr(j))
+	inject(collector)
+	inject(query)
+	return os, nil
+}
+
+// TODO inject curator certs to es-index-cleaner
+func inject(p *v1.PodSpec) {
+	p.Volumes = append(p.Volumes, v1.Volume{
+		Name: volumeName,
+		VolumeSource: v1.VolumeSource{
+			Secret: &v1.SecretVolumeSource{
+				SecretName: "jaeger-elasticsearch",
+			},
+		},
+	})
+	// we assume jaeger containers are first
+	if len(p.Containers) > 0 {
+		p.Containers[0].Args = append(p.Containers[0].Args,
+			"--es.server-urls=https://elasticsearch:9200",
+			"--es-archive.server-urls=https://elasticsearch:9200",
+			"--es.token-file="+k8sTokenFile,
+			"--es-archive.token-file="+k8sTokenFile,
+			"--es.tls.ca="+caCert,
+			"--es-archive.tls.ca="+caCert)
+		p.Containers[0].VolumeMounts = append(p.Containers[0].VolumeMounts, v1.VolumeMount{
+			Name:      volumeName,
+			ReadOnly:  true,
+			MountPath: volumeMountPath,
+		})
+	}
+}
+
+func createCr(j *v1alpha1.Jaeger) *esv1alpha1.Elasticsearch {
+	return &esv1alpha1.Elasticsearch{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace:       j.Namespace,
+			Name:            "elasticsearch",
+			OwnerReferences: []metav1.OwnerReference{asOwner(j)},
+		},
+		Spec: esv1alpha1.ElasticsearchSpec{
+			Spec: esv1alpha1.ElasticsearchNodeSpec{
+				// TODO remove after https://github.com/openshift/origin-aggregated-logging/pull/1500 is merged
+				Image:     "pavolloffay/ecl-es:latest",
+				Resources: v1.ResourceRequirements{},
+			},
+			ManagementState:  esv1alpha1.ManagementStateManaged,
+			RedundancyPolicy: esv1alpha1.SingleRedundancy,
+			Nodes: []esv1alpha1.ElasticsearchNode{
+				{
+					NodeCount: 1,
+					Roles:     []esv1alpha1.ElasticsearchNodeRole{esv1alpha1.ElasticsearchRoleClient, esv1alpha1.ElasticsearchRoleData, esv1alpha1.ElasticsearchRoleMaster}},
+			},
+		},
+	}
+}