Change admin secret to projected volume

This removes the logic for copying over from the initContainer, which
makes this author a very happy bunny.

Author: coro

controllers/rabbitmqcluster_controller_test.go

@@ -1206,21 +1206,6 @@ var _ = Describe("RabbitmqclusterController", func() {
 
 			Expect(sts.Spec.Template.Spec.HostNetwork).To(BeFalse())
 			Expect(sts.Spec.Template.Spec.Volumes).To(ConsistOf(
-				corev1.Volume{
-					Name: "rabbitmq-admin",
-					VolumeSource: corev1.VolumeSource{
-						Secret: &corev1.SecretVolumeSource{
-							DefaultMode: &defaultMode,
-							SecretName:  "rabbitmq-sts-override-rabbitmq-admin",
-							Items: []corev1.KeyToPath{
-								{
-									Key:  "default_user.conf",
-									Path: "default_user.conf",
-								},
-							},
-						},
-					},
-				},
 				corev1.Volume{
 					Name: "additional-config",
 					VolumeSource: corev1.VolumeSource{
@@ -1235,7 +1220,24 @@ var _ = Describe("RabbitmqclusterController", func() {
 				corev1.Volume{
 					Name: "rabbitmq-confd",
 					VolumeSource: corev1.VolumeSource{
-						EmptyDir: &corev1.EmptyDirVolumeSource{},
+						Projected: &corev1.ProjectedVolumeSource{
+							Sources: []corev1.VolumeProjection{
+								{
+									Secret: &corev1.SecretProjection{
+										LocalObjectReference: corev1.LocalObjectReference{
+											Name: "rabbitmq-sts-override-rabbitmq-admin",
+										},
+										Items: []corev1.KeyToPath{
+											{
+												Key:  "default_user.conf",
+												Path: "default_user.conf",
+											},
+										},
+									},
+								},
+							},
+							DefaultMode: &defaultMode,
+						},
 					},
 				},
 				corev1.Volume{

internal/resource/admin_secret_test.go

@@ -65,24 +65,23 @@ var _ = Describe("AdminSecret", func() {
 
 			By("creating a rabbitmq username that is base64 encoded and 24 characters in length", func() {
 				username, ok = secret.Data["username"]
-				Expect(ok).NotTo(BeFalse())
+				Expect(ok).NotTo(BeFalse(), "Failed to find a key \"username\" in the generated Secret")
 				decodedUsername, err := b64.URLEncoding.DecodeString(string(username))
 				Expect(err).NotTo(HaveOccurred())
 				Expect(len(decodedUsername)).To(Equal(24))
-
 			})
 
 			By("creating a rabbitmq password that is base64 encoded and 24 characters in length", func() {
 				password, ok = secret.Data["password"]
-				Expect(ok).NotTo(BeFalse())
+				Expect(ok).NotTo(BeFalse(), "Failed to find a key \"password\" in the generated Secret")
 				decodedPassword, err := b64.URLEncoding.DecodeString(string(password))
 				Expect(err).NotTo(HaveOccurred())
 				Expect(len(decodedPassword)).To(Equal(24))
 			})
 
 			By("creating a default_user.conf file that contains the correct sysctl config format to be parsed by RabbitMQ", func() {
 				defaultUserConf, ok := secret.Data["default_user.conf"]
-				Expect(ok).NotTo(BeFalse())
+				Expect(ok).NotTo(BeFalse(), "Failed to find a key \"default_user.conf\" in the generated Secret")
 
 				cfg, err := ini.Load(defaultUserConf)
 				Expect(err).NotTo(HaveOccurred())

internal/resource/statefulset.go

@@ -258,20 +258,6 @@ func (builder *StatefulSetBuilder) podTemplateSpec(annotations, labels map[strin
 	terminationGracePeriod := defaultGracePeriodTimeoutSeconds
 
 	volumes := []corev1.Volume{
-		{
-			Name: "rabbitmq-admin",
-			VolumeSource: corev1.VolumeSource{
-				Secret: &corev1.SecretVolumeSource{
-					SecretName: builder.Instance.ChildResourceName(AdminSecretName),
-					Items: []corev1.KeyToPath{
-						{
-							Key:  "default_user.conf",
-							Path: "default_user.conf",
-						},
-					},
-				},
-			},
-		},
 		{
 			Name: "server-conf",
 			VolumeSource: corev1.VolumeSource{
@@ -301,7 +287,23 @@ func (builder *StatefulSetBuilder) podTemplateSpec(annotations, labels map[strin
 		{
 			Name: "rabbitmq-confd",
 			VolumeSource: corev1.VolumeSource{
-				EmptyDir: &corev1.EmptyDirVolumeSource{},
+				Projected: &corev1.ProjectedVolumeSource{
+					Sources: []corev1.VolumeProjection{
+						{
+							Secret: &corev1.SecretProjection{
+								LocalObjectReference: corev1.LocalObjectReference{
+									Name: builder.Instance.ChildResourceName(AdminSecretName),
+								},
+								Items: []corev1.KeyToPath{
+									{
+										Key:  "default_user.conf",
+										Path: "default_user.conf",
+									},
+								},
+							},
+						},
+					},
+				},
 			},
 		},
 		{
@@ -511,8 +513,6 @@ func (builder *StatefulSetBuilder) podTemplateSpec(annotations, labels map[strin
 							"&& chown 999:999 /etc/rabbitmq/advanced.config ; " +
 							"cp /tmp/rabbitmq/rabbitmq-env.conf /etc/rabbitmq/rabbitmq-env.conf " +
 							"&& chown 999:999 /etc/rabbitmq/rabbitmq-env.conf ; " +
-							"cp /tmp/rabbitmq-admin/default_user.conf /etc/rabbitmq/conf.d/default_user.conf " +
-							"&& chown 999:999 /etc/rabbitmq/conf.d/*.conf ; " +
 							"cp /tmp/erlang-cookie-secret/.erlang.cookie /var/lib/rabbitmq/.erlang.cookie " +
 							"&& chown 999:999 /var/lib/rabbitmq/.erlang.cookie " +
 							"&& chmod 600 /var/lib/rabbitmq/.erlang.cookie ; " +
@@ -539,18 +539,10 @@ func (builder *StatefulSetBuilder) podTemplateSpec(annotations, labels map[strin
 							Name:      "plugins-conf",
 							MountPath: "/tmp/rabbitmq-plugins/",
 						},
-						{
-							Name:      "rabbitmq-admin",
-							MountPath: "/tmp/rabbitmq-admin/",
-						},
 						{
 							Name:      "rabbitmq-etc",
 							MountPath: "/etc/rabbitmq/",
 						},
-						{
-							Name:      "rabbitmq-confd",
-							MountPath: "/etc/rabbitmq/conf.d/",
-						},
 						{
 							Name:      "rabbitmq-erlang-cookie",
 							MountPath: "/var/lib/rabbitmq/",

internal/resource/statefulset_test.go

@@ -815,20 +815,6 @@ var _ = Describe("StatefulSet", func() {
 			Expect(stsBuilder.Update(statefulSet)).To(Succeed())
 
 			Expect(statefulSet.Spec.Template.Spec.Volumes).To(ConsistOf(
-				corev1.Volume{
-					Name: "rabbitmq-admin",
-					VolumeSource: corev1.VolumeSource{
-						Secret: &corev1.SecretVolumeSource{
-							SecretName: instance.ChildResourceName("admin"),
-							Items: []corev1.KeyToPath{
-								{
-									Key:  "default_user.conf",
-									Path: "default_user.conf",
-								},
-							},
-						},
-					},
-				},
 				corev1.Volume{
 					Name: "server-conf",
 					VolumeSource: corev1.VolumeSource{
@@ -858,7 +844,23 @@ var _ = Describe("StatefulSet", func() {
 				corev1.Volume{
 					Name: "rabbitmq-confd",
 					VolumeSource: corev1.VolumeSource{
-						EmptyDir: &corev1.EmptyDirVolumeSource{},
+						Projected: &corev1.ProjectedVolumeSource{
+							Sources: []corev1.VolumeProjection{
+								{
+									Secret: &corev1.SecretProjection{
+										LocalObjectReference: corev1.LocalObjectReference{
+											Name: builder.Instance.ChildResourceName("admin"),
+										},
+										Items: []corev1.KeyToPath{
+											{
+												Key:  "default_user.conf",
+												Path: "default_user.conf",
+											},
+										},
+									},
+								},
+							},
+						},
 					},
 				},
 				corev1.Volume{
@@ -955,8 +957,6 @@ var _ = Describe("StatefulSet", func() {
 						"&& chown 999:999 /etc/rabbitmq/advanced.config ; "+
 						"cp /tmp/rabbitmq/rabbitmq-env.conf /etc/rabbitmq/rabbitmq-env.conf "+
 						"&& chown 999:999 /etc/rabbitmq/rabbitmq-env.conf ; "+
-						"cp /tmp/rabbitmq-admin/default_user.conf /etc/rabbitmq/conf.d/default_user.conf "+
-						"&& chown 999:999 /etc/rabbitmq/conf.d/*.conf ; "+
 						"cp /tmp/erlang-cookie-secret/.erlang.cookie /var/lib/rabbitmq/.erlang.cookie "+
 						"&& chown 999:999 /var/lib/rabbitmq/.erlang.cookie "+
 						"&& chmod 600 /var/lib/rabbitmq/.erlang.cookie ; "+
@@ -973,18 +973,10 @@ var _ = Describe("StatefulSet", func() {
 						Name:      "plugins-conf",
 						MountPath: "/tmp/rabbitmq-plugins/",
 					},
-					corev1.VolumeMount{
-						Name:      "rabbitmq-admin",
-						MountPath: "/tmp/rabbitmq-admin/",
-					},
 					corev1.VolumeMount{
 						Name:      "rabbitmq-etc",
 						MountPath: "/etc/rabbitmq/",
 					},
-					corev1.VolumeMount{
-						Name:      "rabbitmq-confd",
-						MountPath: "/etc/rabbitmq/conf.d/",
-					},
 					corev1.VolumeMount{
 						Name:      "rabbitmq-erlang-cookie",
 						MountPath: "/var/lib/rabbitmq/",