Skip to content

Commit

Permalink
Merge pull request #238 from periklis/refactor-objstore-creds-5.7
Browse files Browse the repository at this point in the history 
[release-5.7] Backport PR grafana#11531
  • Loading branch information
@periklis
periklis authored Dec 20, 2023
2 parents 85fe32e + a52554d commit d42605f
Showing 1 changed file with 47 additions and 87 deletions.
134 changes: 47 additions & 87 deletions operator/internal/manifests/storage/configure.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,6 @@ func ensureObjectStoreCredentials(p *corev1.PodSpec, opts Options) corev1.PodSpe
container := p.Containers[0].DeepCopy()
volumes := p.Volumes
secretName := opts.SecretName
storeType := opts.SharedStore

volumes = append(volumes, corev1.Volume{
Name: secretName,
Expand All @@ -126,100 +125,40 @@ func ensureObjectStoreCredentials(p *corev1.PodSpec, opts Options) corev1.PodSpe
MountPath: secretDirectory,
})

var storeEnvVars []corev1.EnvVar
switch storeType {
container.Env = append(container.Env, staticAuthCredentials(opts)...)

return corev1.PodSpec{
Containers: []corev1.Container{
*container,
},
Volumes: volumes,
}
}

func staticAuthCredentials(opts Options) []corev1.EnvVar {
secretName := opts.SecretName
switch opts.SharedStore {
case lokiv1.ObjectStorageSecretAzure:
storeEnvVars = []corev1.EnvVar{
{
Name: EnvAzureStorageAccountName,
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: secretName,
},
Key: KeyAzureStorageAccountName,
},
},
},
{
Name: EnvAzureStorageAccountKey,
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: secretName,
},
Key: KeyAzureStorageAccountKey,
},
},
},
return []corev1.EnvVar{
envVarFromSecret(EnvAzureStorageAccountName, secretName, KeyAzureStorageAccountName),
envVarFromSecret(EnvAzureStorageAccountKey, secretName, KeyAzureStorageAccountKey),
}
case lokiv1.ObjectStorageSecretGCS:
storeEnvVars = []corev1.EnvVar{
{
Name: EnvGoogleApplicationCredentials,
Value: path.Join(secretDirectory, KeyGCPServiceAccountKeyFilename),
},
return []corev1.EnvVar{
envVarFromValue(EnvGoogleApplicationCredentials, path.Join(secretDirectory, KeyGCPServiceAccountKeyFilename)),
}
case lokiv1.ObjectStorageSecretS3:
storeEnvVars = []corev1.EnvVar{
{
Name: EnvAWSAccessKeyID,
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: secretName,
},
Key: KeyAWSAccessKeyID,
},
},
},
{
Name: EnvAWSAccessKeySecret,
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: secretName,
},
Key: KeyAWSAccessKeySecret,
},
},
},
return []corev1.EnvVar{
envVarFromSecret(EnvAWSAccessKeyID, secretName, KeyAWSAccessKeyID),
envVarFromSecret(EnvAWSAccessKeySecret, secretName, KeyAWSAccessKeySecret),
}

case lokiv1.ObjectStorageSecretSwift:
storeEnvVars = []corev1.EnvVar{
{
Name: EnvSwiftUsername,
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: secretName,
},
Key: KeySwiftUsername,
},
},
},
{
Name: EnvSwiftPassword,
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: secretName,
},
Key: KeySwiftPassword,
},
},
},
return []corev1.EnvVar{
envVarFromSecret(EnvSwiftUsername, secretName, KeySwiftUsername),
envVarFromSecret(EnvSwiftPassword, secretName, KeySwiftPassword),
}
}

container.Env = append(container.Env, storeEnvVars...)

return corev1.PodSpec{
Containers: []corev1.Container{
*container,
},
Volumes: volumes,
default:
return []corev1.EnvVar{}
}
}

Expand Down Expand Up @@ -255,3 +194,24 @@ func ensureCAForS3(p *corev1.PodSpec, tls *TLSConfig) corev1.PodSpec {
Volumes: volumes,
}
}

func envVarFromSecret(name, secretName, secretKey string) corev1.EnvVar {
return corev1.EnvVar{
Name: name,
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: secretName,
},
Key: secretKey,
},
},
}
}

func envVarFromValue(name, value string) corev1.EnvVar {
return corev1.EnvVar{
Name: name,
Value: value,
}
}

0 comments on commit d42605f

Please sign in to comment.