cryostatio · ebaron · Oct 5, 2021 · Oct 2, 2021
diff --git a/internal/controllers/common/resource_definitions/resource_definitions.go b/internal/controllers/common/resource_definitions/resource_definitions.go
@@ -122,7 +122,7 @@ func NewPersistentVolumeClaimForCR(cr *operatorv1beta1.Cryostat) *corev1.Persist
 }
 
 func NewDeploymentForCR(cr *operatorv1beta1.Cryostat, specs *ServiceSpecs, imageTags *ImageTags,
-	tls *TLSConfig, fsGroup int64) *appsv1.Deployment {
+	tls *TLSConfig, fsGroup int64, openshift bool) *appsv1.Deployment {
 	return &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      cr.Name,
@@ -152,22 +152,22 @@ func NewDeploymentForCR(cr *operatorv1beta1.Cryostat, specs *ServiceSpecs, image
 						"kind": "cryostat",
 					},
 				},
-				Spec: *NewPodForCR(cr, specs, imageTags, tls, fsGroup),
+				Spec: *NewPodForCR(cr, specs, imageTags, tls, fsGroup, openshift),
 			},
 		},
 	}
 }
 
 func NewPodForCR(cr *operatorv1beta1.Cryostat, specs *ServiceSpecs, imageTags *ImageTags,
-	tls *TLSConfig, fsGroup int64) *corev1.PodSpec {
+	tls *TLSConfig, fsGroup int64, openshift bool) *corev1.PodSpec {
 	var containers []corev1.Container
 	if cr.Spec.Minimal {
 		containers = []corev1.Container{
-			NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls),
+			NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls, openshift),
 		}
 	} else {
 		containers = []corev1.Container{
-			NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls),
+			NewCoreContainer(cr, specs, imageTags.CoreImageTag, tls, openshift),
 			NewGrafanaContainer(cr, imageTags.GrafanaImageTag, tls),
 			NewJfrDatasourceContainer(cr, imageTags.DatasourceImageTag),
 		}
@@ -300,7 +300,8 @@ func NewPodForCR(cr *operatorv1beta1.Cryostat, specs *ServiceSpecs, imageTags *I
 	}
 }
 
-func NewCoreContainer(cr *operatorv1beta1.Cryostat, specs *ServiceSpecs, imageTag string, tls *TLSConfig) corev1.Container {
+func NewCoreContainer(cr *operatorv1beta1.Cryostat, specs *ServiceSpecs, imageTag string,
+	tls *TLSConfig, openshift bool) corev1.Container {
 	configPath := "/opt/cryostat.d/conf.d"
 	archivePath := "/opt/cryostat.d/recordings.d"
 	templatesPath := "/opt/cryostat.d/templates.d"
@@ -365,6 +366,20 @@ func NewCoreContainer(cr *operatorv1beta1.Cryostat, specs *ServiceSpecs, imageTa
 		}
 		envs = append(envs, commandEnvs...)
 	}
+	if openshift {
+		// Force OpenShift platform strategy
+		openshiftEnvs := []corev1.EnvVar{
+			{
+				Name:  "CRYOSTAT_PLATFORM",
+				Value: "io.cryostat.platform.internal.OpenShiftPlatformStrategy",
+			},
+			{
+				Name:  "CRYOSTAT_AUTH_MANAGER",
+				Value: "io.cryostat.net.OpenShiftAuthManager",
+			},
+		}
+		envs = append(envs, openshiftEnvs...)
+	}
 	envsFrom := []corev1.EnvFromSource{
 		{
 			SecretRef: &corev1.SecretEnvSource{

diff --git a/internal/controllers/cryostat_controller.go b/internal/controllers/cryostat_controller.go
@@ -322,7 +322,7 @@ func (r *CryostatReconciler) Reconcile(ctx context.Context, request ctrl.Request
 	if err != nil {
 		return reconcile.Result{}, err
 	}
-	deployment := resources.NewDeploymentForCR(instance, serviceSpecs, imageTags, tlsConfig, *fsGroup)
+	deployment := resources.NewDeploymentForCR(instance, serviceSpecs, imageTags, tlsConfig, *fsGroup, r.IsOpenShift)
 	podTemplate := deployment.Spec.Template.DeepCopy()
 	if err := controllerutil.SetControllerReference(instance, deployment, r.Scheme); err != nil {
 		return reconcile.Result{}, err

diff --git a/internal/controllers/cryostat_controller_test.go b/internal/controllers/cryostat_controller_test.go
@@ -1210,7 +1210,7 @@ func (t *cryostatTestInput) checkDeployment() {
 
 	// Check that the networking environment variables are set correctly
 	coreContainer := template.Spec.Containers[0]
-	checkCoreContainer(&coreContainer, t.minimal, t.TLS, t.EnvCoreImageTag)
+	checkCoreContainer(&coreContainer, t.minimal, t.TLS, t.EnvCoreImageTag, t.controller.IsOpenShift)
 
 	if !t.minimal {
 		// Check that Grafana is configured properly, depending on the environment
@@ -1240,15 +1240,15 @@ func (t *cryostatTestInput) checkDeploymentHasTemplates() {
 	Expect(volumeMounts).To(Equal(expectedVolumeMounts))
 }
 
-func checkCoreContainer(container *corev1.Container, minimal bool, tls bool, tag *string) {
+func checkCoreContainer(container *corev1.Container, minimal bool, tls bool, tag *string, openshift bool) {
 	Expect(container.Name).To(Equal("cryostat"))
 	if tag == nil {
 		Expect(container.Image).To(HavePrefix("quay.io/cryostat/cryostat:"))
 	} else {
 		Expect(container.Image).To(Equal(*tag))
 	}
 	Expect(container.Ports).To(ConsistOf(test.NewCorePorts()))
-	Expect(container.Env).To(ConsistOf(test.NewCoreEnvironmentVariables(minimal, tls)))
+	Expect(container.Env).To(ConsistOf(test.NewCoreEnvironmentVariables(minimal, tls, openshift)))
 	Expect(container.EnvFrom).To(ConsistOf(test.NewCoreEnvFromSource(tls)))
 	Expect(container.VolumeMounts).To(ConsistOf(test.NewCoreVolumeMounts(tls)))
 	Expect(container.LivenessProbe).To(Equal(test.NewCoreLivenessProbe(tls)))

diff --git a/internal/main.go b/internal/main.go
@@ -23,14 +23,13 @@ import (
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
+	"k8s.io/client-go/discovery"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
 	certv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	consolev1 "github.com/openshift/api/console/v1"
 	routev1 "github.com/openshift/api/route/v1"
-	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -105,13 +104,19 @@ func main() {
 	openShift, err := isOpenShift(mgr)
 	if err != nil {
 		setupLog.Error(err, "unable to detect if environment is OpenShift")
+		os.Exit(1)
+	}
+	environment := "Kubernetes"
+	if *openShift {
+		environment = "OpenShift"
 	}
+	setupLog.Info(fmt.Sprintf("detected %s environment", environment))
 
 	if err = (&controllers.CryostatReconciler{
 		Client:        mgr.GetClient(),
 		Log:           ctrl.Log.WithName("controllers").WithName("Cryostat"),
 		Scheme:        mgr.GetScheme(),
-		IsOpenShift:   openShift,
+		IsOpenShift:   *openShift,
 		EventRecorder: mgr.GetEventRecorderFor("cryostat-controller"),
 		RESTMapper:    mgr.GetRESTMapper(),
 		ReconcilerTLS: common.NewReconcilerTLS(&common.ReconcilerTLSConfig{
@@ -186,20 +191,28 @@ func getWatchNamespace() (string, error) {
 	return ns, nil
 }
 
-func isOpenShift(mgr ctrl.Manager) (bool, error) {
-	// Look up RESTMapping for Route to check if the cluster is running OpenShift
-	mapper := mgr.GetRESTMapper()
-	_, err := mapper.RESTMapping(schema.GroupKind{
-		Group: openshiftv1.GroupVersion.Group,
-		Kind:  "Route",
-	}, openshiftv1.GroupVersion.Version)
+func isOpenShift(mgr ctrl.Manager) (*bool, error) {
+	found := false
+	// Retrieve list of groups and resources from the API server
+	dc, err := discovery.NewDiscoveryClientForConfig(mgr.GetConfig())
 	if err != nil {
-		// No matches for Route GVK
-		if meta.IsNoMatchError(err) {
-			return false, nil
+		return nil, err
+	}
+	_, resources, err := dc.ServerGroupsAndResources()
+	if err != nil {
+		return nil, err
+	}
+	for _, list := range resources {
+		// Look up Route GV
+		if list.GroupVersion == openshiftv1.GroupVersion.String() {
+			for _, apiRes := range list.APIResources {
+				// Look up Route Kind
+				if apiRes.Kind == "Route" {
+					found = true
+					return &found, nil
+				}
+			}
 		}
-		// Unexpected error occurred
-		return false, err
 	}
-	return true, nil
+	return &found, nil
 }
diff --git a/internal/test/resources.go b/internal/test/resources.go
@@ -718,7 +718,7 @@ func NewDatasourcePorts() []corev1.ContainerPort {
 	}
 }
 
-func NewCoreEnvironmentVariables(minimal bool, tls bool) []corev1.EnvVar {
+func NewCoreEnvironmentVariables(minimal bool, tls bool, openshift bool) []corev1.EnvVar {
 	envs := []corev1.EnvVar{
 		{
 			Name:  "CRYOSTAT_SSL_PROXIED",
@@ -792,6 +792,17 @@ func NewCoreEnvironmentVariables(minimal bool, tls bool) []corev1.EnvVar {
 			Value: "/var/run/secrets/operator.cryostat.io/cryostat-tls/keystore.p12",
 		})
 	}
+	if openshift {
+		envs = append(envs,
+			corev1.EnvVar{
+				Name:  "CRYOSTAT_PLATFORM",
+				Value: "io.cryostat.platform.internal.OpenShiftPlatformStrategy",
+			},
+			corev1.EnvVar{
+				Name:  "CRYOSTAT_AUTH_MANAGER",
+				Value: "io.cryostat.net.OpenShiftAuthManager",
+			})
+	}
 	return envs
 }