Skip to content

Commit

Permalink
Install Kibana per tenant
Browse files Browse the repository at this point in the history
  • Loading branch information
asincu committed May 6, 2024
1 parent a5f8281 commit c1b531e
Show file tree
Hide file tree
Showing 9 changed files with 472 additions and 84 deletions.
15 changes: 11 additions & 4 deletions pkg/controller/logstorage/dashboards/dashboards_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func Add(mgr manager.Manager, opts options.AddOptions) error {
return fmt.Errorf("logstorage-dashboards-controller failed to watch logstorage Tigerastatus: %w", err)
}
if opts.MultiTenant {
if err = c.WatchObject(&operatorv1.Tenant{}, &handler.EnqueueRequestForObject{}); err != nil {
if err = c.WatchObject(&operatorv1.Tenant{}, eventHandler); err != nil {
return fmt.Errorf("log-storage-dashboards-controller failed to watch Tenant resource: %w", err)
}
}
Expand All @@ -122,6 +122,7 @@ func Add(mgr manager.Manager, opts options.AddOptions) error {
// For single-tenant, everything is installed in the tigera-manager namespace.
// Make a helper for determining which namespaces to use based on tenancy mode.
helper := utils.NewNamespaceHelper(opts.MultiTenant, render.ElasticsearchNamespace, "")
kibanaHelper := utils.NewNamespaceHelper(opts.MultiTenant, kibana.Namespace, "")

// Watch secrets this controller cares about.
secretsToWatch := []string{
Expand All @@ -142,10 +143,10 @@ func Add(mgr manager.Manager, opts options.AddOptions) error {
}

// Catch if something modifies the resources that this controller consumes.
if err := utils.AddServiceWatch(c, kibana.ServiceName, helper.InstallNamespace()); err != nil {
if err := utils.AddServiceWatch(c, kibana.ServiceName, kibanaHelper.InstallNamespace()); err != nil {
return fmt.Errorf("log-storage-dashboards-controller failed to watch the Service resource: %w", err)
}
if err := utils.AddConfigMapWatch(c, certificatemanagement.TrustedCertConfigMapName, helper.InstallNamespace(), &handler.EnqueueRequestForObject{}); err != nil {
if err := utils.AddConfigMapWatch(c, certificatemanagement.TrustedCertConfigMapName, helper.InstallNamespace(), eventHandler); err != nil {
return fmt.Errorf("log-storage-dashboards-controller failed to watch the Service resource: %w", err)
}

Expand Down Expand Up @@ -267,6 +268,7 @@ func (d DashboardsSubController) Reconcile(ctx context.Context, request reconcil

var externalKibanaSecret *corev1.Secret
if !d.elasticExternal {
// This is the configuration for zero tenant or single tenant with internal elastic
// Wait for Elasticsearch to be installed and available.
elasticsearch, err := utils.GetElasticsearch(ctx, d.client)
if err != nil {
Expand All @@ -277,7 +279,8 @@ func (d DashboardsSubController) Reconcile(ctx context.Context, request reconcil
d.status.SetDegraded(operatorv1.ResourceNotReady, "Waiting for Elasticsearch cluster to be operational", nil, reqLogger)
return reconcile.Result{RequeueAfter: utils.StandardRetry}, nil
}
} else {
} else if !d.multiTenant {
// This is the configuration for single tenant with external elastic
// If we're using an external ES and Kibana, the Tenant resource must specify the Kibana endpoint.
if tenant == nil || tenant.Spec.Elastic == nil || tenant.Spec.Elastic.KibanaURL == "" {
reqLogger.Error(nil, "Kibana URL must be specified for this tenant")
Expand Down Expand Up @@ -311,6 +314,10 @@ func (d DashboardsSubController) Reconcile(ctx context.Context, request reconcil
return reconcile.Result{}, err
}
}
} else {
// This is the configuration for multi-tenant
// We connect to a kibana service deployed in the tenant namespace
kibanaHost = fmt.Sprintf("tigera-secure-kb-http.%s.svc", helper.InstallNamespace())
}

// Query the username and password this Dashboards Installer instance should use to authenticate with Elasticsearch.
Expand Down
14 changes: 8 additions & 6 deletions pkg/controller/logstorage/elastic/elastic_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
cmnv1 "github.com/elastic/cloud-on-k8s/v2/pkg/apis/common/v1"
esv1 "github.com/elastic/cloud-on-k8s/v2/pkg/apis/elasticsearch/v1"
kbv1 "github.com/elastic/cloud-on-k8s/v2/pkg/apis/kibana/v1"
"github.com/elastic/cloud-on-k8s/v2/pkg/utils/k8s"
"github.com/elastic/cloud-on-k8s/v2/pkg/utils/stringsutil"
"github.com/go-logr/logr"
apps "k8s.io/api/apps/v1"
Expand Down Expand Up @@ -453,7 +454,7 @@ func (r *ElasticSubController) Reconcile(ctx context.Context, request reconcile.

var kibanaCR *kbv1.Kibana
if kibanaEnabled {
kibanaCR, err = r.getKibana(ctx)
kibanaCR, err = getKibana(ctx, r.client, kibana.Namespace)
if err != nil {
r.status.SetDegraded(operatorv1.ResourceReadError, "An error occurred trying to retrieve Kibana", err, reqLogger)
return reconcile.Result{}, err
Expand Down Expand Up @@ -504,7 +505,7 @@ func (r *ElasticSubController) Reconcile(ctx context.Context, request reconcile.
var kbService *corev1.Service
if kibanaEnabled {
// For now, Kibana is only supported in single tenant configurations.
kbService, err = r.getKibanaService(ctx)
kbService, err = getKibanaService(ctx, r.client, kibana.Namespace)
if err != nil {
r.status.SetDegraded(operatorv1.ResourceReadError, "Failed to retrieve the Kibana service", err, reqLogger)
return reconcile.Result{}, err
Expand Down Expand Up @@ -563,6 +564,7 @@ func (r *ElasticSubController) Reconcile(ctx context.Context, request reconcile.
UnusedTLSSecret: unusedTLSSecret,
UsePSP: r.usePSP,
Enabled: kibanaEnabled,
Namespace: kibana.Namespace,
}),
}

Expand Down Expand Up @@ -708,9 +710,9 @@ func (r *ElasticSubController) getElasticsearchService(ctx context.Context) (*co
return &svc, nil
}

func (r *ElasticSubController) getKibana(ctx context.Context) (*kbv1.Kibana, error) {
func getKibana(ctx context.Context, cli k8s.Client, namespace string) (*kbv1.Kibana, error) {
kb := kbv1.Kibana{}
err := r.client.Get(ctx, client.ObjectKey{Name: kibana.CRName, Namespace: kibana.Namespace}, &kb)
err := cli.Get(ctx, client.ObjectKey{Name: kibana.CRName, Namespace: namespace}, &kb)
if err != nil {
if errors.IsNotFound(err) {
return nil, nil
Expand All @@ -720,9 +722,9 @@ func (r *ElasticSubController) getKibana(ctx context.Context) (*kbv1.Kibana, err
return &kb, nil
}

func (r *ElasticSubController) getKibanaService(ctx context.Context) (*corev1.Service, error) {
func getKibanaService(ctx context.Context, cli k8s.Client, namespace string) (*corev1.Service, error) {
svc := corev1.Service{}
err := r.client.Get(ctx, client.ObjectKey{Name: kibana.ServiceName, Namespace: kibana.Namespace}, &svc)
err := cli.Get(ctx, client.ObjectKey{Name: kibana.ServiceName, Namespace: namespace}, &svc)
if err != nil {
if errors.IsNotFound(err) {
return nil, nil
Expand Down
Loading

0 comments on commit c1b531e

Please # to comment.