Merge pull request #124 from vshn/fix/sli_proper_redis_tls

Fix SLI prober when TLS is disabled for Redis
vshn · Jan 23, 2024 · 85c6b95 · 85c6b95
2 parents b4278d9 + 827c061
commit 85c6b95
Show file tree

Hide file tree

Showing 4 changed files with 241 additions and 61 deletions.
diff --git a/pkg/sliexporter/probes/common.go b/pkg/sliexporter/probes/common.go
@@ -0,0 +1,45 @@
+package probes
+
+import (
+	"context"
+)
+
+var _ Prober = FailingProbe{}
+
+// FailingProbe is a prober that will always fail.
+type FailingProbe struct {
+	Service   string
+	Name      string
+	Namespace string
+	Error     error
+}
+
+// Close closes open connections.
+func (p FailingProbe) Close() error {
+	return nil
+}
+
+// GetInfo returns the prober infos
+func (p FailingProbe) GetInfo() ProbeInfo {
+	return ProbeInfo{
+		Service:   p.Service,
+		Name:      p.Name,
+		Namespace: p.Namespace,
+	}
+}
+
+// Will always return error, as this is a failing probe.
+func (p FailingProbe) Probe(ctx context.Context) error {
+	return p.Error
+}
+
+// NewFailing creates a prober that will fail.
+// Can be used if the controller can't access valid credentials.
+func NewFailingProbe(service, name, namespace string, err error) (*FailingProbe, error) {
+	return &FailingProbe{
+		Service:   service,
+		Name:      name,
+		Namespace: namespace,
+		Error:     err,
+	}, nil
+}
diff --git a/pkg/sliexporter/vshnpostgresql_controller/vshnpostgresql_controller.go b/pkg/sliexporter/vshnpostgresql_controller/vshnpostgresql_controller.go
@@ -99,13 +99,13 @@ func (r *VSHNPostgreSQLReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		res.Requeue = true
 		res.RequeueAfter = 30 * time.Second
 
-		if time.Now().Sub(inst.GetCreationTimestamp().Time) < r.StartupGracePeriod {
+		if time.Since(inst.GetCreationTimestamp().Time) < r.StartupGracePeriod {
 			// Instance is starting up. Postpone probing until ready.
 			return res, nil
 		}
 
 		// Create a pobe that will always fail
-		probe, err = probes.NewFailingPostgreSQL(vshnpostgresqlsServiceKey, inst.Name, inst.ObjectMeta.Labels[claimNamespaceLabel])
+		probe, err = probes.NewFailingProbe(vshnpostgresqlsServiceKey, inst.Name, inst.ObjectMeta.Labels[claimNamespaceLabel], err)
 		if err != nil {
 			return ctrl.Result{}, err
 		}

diff --git a/pkg/sliexporter/vshnredis_controller/vshnredis_controller.go b/pkg/sliexporter/vshnredis_controller/vshnredis_controller.go
@@ -90,7 +90,7 @@ func (r *VSHNRedisReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		}
 
 		// Create a pobe that will always fail
-		probe, err = probes.NewFailingPostgreSQL(vshnRedisServiceKey, inst.Name, inst.Namespace)
+		probe, err = probes.NewFailingProbe(vshnRedisServiceKey, inst.Name, inst.Namespace, err)
 		if err != nil {
 			return ctrl.Result{}, err
 		}
@@ -134,16 +134,21 @@ func (r VSHNRedisReconciler) getRedisProber(ctx context.Context, inst *vshnv1.XV
 
 	sla := inst.Spec.Parameters.Service.ServiceLevel
 
-	certPair, err := tls.X509KeyPair(credentials.Data["tls.crt"], credentials.Data["tls.key"])
-	if err != nil {
-		return nil, err
-	}
-	tlsConfig := tls.Config{
-		Certificates: []tls.Certificate{certPair},
-		RootCAs:      x509.NewCertPool(),
-	}
+	tlsEnabled := inst.Spec.Parameters.TLS.TLSEnabled
 
-	tlsConfig.RootCAs.AppendCertsFromPEM(credentials.Data["ca.crt"])
+	tlsConfig := tls.Config{}
+	if tlsEnabled {
+		certPair, err := tls.X509KeyPair(credentials.Data["tls.crt"], credentials.Data["tls.key"])
+		if err != nil {
+			return nil, err
+		}
+		tlsConfig = tls.Config{
+			Certificates: []tls.Certificate{certPair},
+			RootCAs:      x509.NewCertPool(),
+		}
+
+		tlsConfig.RootCAs.AppendCertsFromPEM(credentials.Data["ca.crt"])
+	}
 
 	prober, err = r.RedisDialer(vshnRedisServiceKey, inst.Name, inst.ObjectMeta.Labels[claimNamespaceLabel], org, string(sla), false, redis.Options{
 		Addr:      string(credentials.Data["REDIS_HOST"]) + ":" + string(credentials.Data["REDIS_PORT"]),