diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml index 7c436695..ded93d49 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml @@ -13,12 +13,19 @@ #@ ingress_secret = "{}-tls".format(data.values.clusterIngress.domain) #@ end +#@ ingress_ca_secret = data.values.clusterIngress.caCertificateRef.name + +#@ workshop_base_image = image_reference("base-environment") +#@ workshop_base_image_pull_policy = image_pull_policy(workshop_base_image) #@ def lookup_service_values(): tld: #@ "{}.{}".format(data.values.lookupService.ingressPrefix, data.values.clusterIngress.domain) certName: #@ ingress_secret +caName: #@ ingress_ca_secret image: #@ image imagePullPolicy: #@ image_pull_policy(image) +workshopBaseImage: #@ workshop_base_image +workshopBaseImagePullPolicy: #@ workshop_base_image_pull_policy #@ end #@ if data.values.lookupService.enabled: diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-ca-injector.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-ca-injector.yaml new file mode 100644 index 00000000..b6e8f517 --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-ca-injector.yaml @@ -0,0 +1,40 @@ +#@ load("@ytt:overlay", "overlay") +#@ load("@ytt:data", "data") + +#@overlay/match by=overlay.subset({"kind":"Deployment"}) +--- +spec: + template: + spec: + #@ if data.values.caName != None and data.values.caName != "": + #@overlay/match missing_ok=True + initContainers: + - name: ca-trust-store-initialization + image: #@ data.values.workshopBaseImage + imagePullPolicy: #@ data.values.workshopBaseImagePullPolicy + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: false + runAsUser: 0 + command: + - /opt/eduk8s/sbin/setup-certificates + volumeMounts: + - name: workshop-ca + mountPath: /etc/pki/ca-trust/source/anchors/Cluster_Ingress_CA.pem + subPath: ca.crt + - name: workshop-ca-trust + mountPath: /mnt + containers: + #@overlay/match by="name" + - name: lookup-service + volumeMounts: + - name: workshop-ca-trust + mountPath: /etc/pki/ca-trust + readOnly: true + volumes: + - name: workshop-ca + secret: + secretName: #@ data.values.caName + - name: workshop-ca-trust + emptyDir: {} + #@ end diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/values-schema.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/values-schema.yaml index 80465d38..085291b3 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/values-schema.yaml +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/values-schema.yaml @@ -3,6 +3,10 @@ #! Ingress tld: "" certName: "" +#! Custom CA +caName: "" #! Images image: "" imagePullPolicy: "" +workshopBaseImage: "" +workshopBaseImagePullPolicy: "" diff --git a/carvel-packages/installer/config/app.yaml b/carvel-packages/installer/config/app.yaml index 1196d852..fe222431 100644 --- a/carvel-packages/installer/config/app.yaml +++ b/carvel-packages/installer/config/app.yaml @@ -68,4 +68,4 @@ spec: - kapp: rawOptions: - "--app-changes-max-to-keep=0" - - "--diff-changes=true" + #! - "--diff-changes=true" diff --git a/lookup-service/service/caches/portals.py b/lookup-service/service/caches/portals.py index 3f835c8f..bea48951 100644 --- a/lookup-service/service/caches/portals.py +++ b/lookup-service/service/caches/portals.py @@ -278,6 +278,8 @@ async def reacquire_workshop_session( self.portal.cluster.name, user_id, ) + logger.error("Failed response status: %s", response.status) + logger.error("Failed response text: %s", await response.text()) return @@ -309,7 +311,7 @@ async def request_workshop_session( self, environment_name: str, user_id: str, - parameters: Dict[Tuple[str, str], str], + parameters: List[Dict[str, str]], index_url: str, ) -> Dict[str, str] | None: """Request a workshop session for a user.""" @@ -325,9 +327,9 @@ async def request_workshop_session( headers=headers, params={ "user": user_id, - "parameters": parameters, "index_url": index_url, }, + json={"parameters": parameters}, ) as response: if response.status != 200: logger.error( @@ -336,6 +338,8 @@ async def request_workshop_session( self.portal.cluster.name, user_id, ) + logger.error("Failed response status: %s", response.status) + logger.error("Failed response text: %s", await response.text()) return diff --git a/lookup-service/service/handlers/clusters.py b/lookup-service/service/handlers/clusters.py index b5c2cdf0..e8e09d64 100644 --- a/lookup-service/service/handlers/clusters.py +++ b/lookup-service/service/handlers/clusters.py @@ -169,10 +169,10 @@ def clusterconfigs_update( @kopf.on.delete("clusterconfigs.lookup.educates.dev") -def clusterconfigs_delete(name: str, memo: ServiceState, **_): +def clusterconfigs_delete(name: str, meta: kopf.Meta, memo: ServiceState, **_): """Remove the cluster configuration from the cluster database.""" - generation = memo.get("generation") + generation = meta.get("generation") cluster_database = memo.cluster_database diff --git a/session-manager/handlers/workshopsession.py b/session-manager/handlers/workshopsession.py index a2c3eae3..4ef346cb 100644 --- a/session-manager/handlers/workshopsession.py +++ b/session-manager/handlers/workshopsession.py @@ -3161,8 +3161,6 @@ def _apply_environment_patch(patch): phase = "Running" - logger.info("STATUS %s", status) - changes = { "message": None, "url": url,