func()

in pkg/controller/kibana/driver.go [231:317]

• 67 lines of code
• 12 McCabe index (conditional complexity)

func (d *driver) deploymentParams(ctx context.Context, kb *kbv1.Kibana, policyAnnotations map[string]string, basePath string, setDefaultSecurityContext bool) (deployment.Params, error) {
	initContainersParameters, err := initcontainer.NewInitContainersParameters(kb)
	if err != nil {
		return deployment.Params{}, err
	}
	// setup a keystore with secure settings in an init container, if specified by the user
	keystoreResources, err := keystore.ReconcileResources(
		ctx,
		d,
		kb,
		kbv1.KBNamer,
		kb.GetIdentityLabels(),
		initContainersParameters,
	)
	if err != nil {
		return deployment.Params{}, err
	}

	volumes, err := d.buildVolumes(kb)
	if err != nil {
		return deployment.Params{}, err
	}
	kibanaPodSpec, err := NewPodTemplateSpec(ctx, d.client, *kb, keystoreResources, volumes, basePath, setDefaultSecurityContext)
	if err != nil {
		return deployment.Params{}, err
	}

	// Build a checksum of the configuration, which we can use to cause the Deployment to roll Kibana
	// instances in case of any change in the CA file, secure settings or credentials contents.
	// This is done because Kibana does not support updating those without restarting the process.
	configHash := fnv.New32a()
	if keystoreResources != nil {
		_, _ = configHash.Write([]byte(keystoreResources.Hash))
	}

	// we need to deref the secret here to include it in the checksum otherwise Kibana will not be rolled on contents changes
	if err := commonassociation.WriteAssocsToConfigHash(d.client, kb.GetAssociations(), configHash); err != nil {
		return deployment.Params{}, err
	}

	if kb.Spec.HTTP.TLS.Enabled() {
		// fetch the secret to calculate the checksum
		var httpCerts corev1.Secret
		err := d.client.Get(ctx, types.NamespacedName{
			Namespace: kb.Namespace,
			Name:      certificates.InternalCertsSecretName(kbv1.KBNamer, kb.Name),
		}, &httpCerts)
		if err != nil {
			return deployment.Params{}, err
		}
		if httpCert, ok := httpCerts.Data[certificates.CertFileName]; ok {
			_, _ = configHash.Write(httpCert)
		}
	}

	// get config secret to add its content to the config checksum
	configSecret := corev1.Secret{}
	err = d.client.Get(ctx, types.NamespacedName{Name: kbv1.ConfigSecret(kb.Name), Namespace: kb.Namespace}, &configSecret)
	if err != nil {
		return deployment.Params{}, err
	}
	_, _ = configHash.Write(configSecret.Data[SettingsFilename])

	// add the checksum to an annotation for the deployment and its pods (the important bit is that the pod template
	// changes, which will trigger a rolling update)
	kibanaPodSpec.Annotations[configHashAnnotationName] = fmt.Sprint(configHash.Sum32())

	// add additional annotations related to the StackConfigPolicy
	kibanaPodSpec.Annotations = maps.Merge(kibanaPodSpec.Annotations, policyAnnotations)

	// decide the strategy type
	strategyType, err := d.getStrategyType(kb)
	if err != nil {
		return deployment.Params{}, err
	}

	return deployment.Params{
		Name:                 kbv1.KBNamer.Suffix(kb.Name),
		Namespace:            kb.Namespace,
		Replicas:             kb.Spec.Count,
		Selector:             kb.GetIdentityLabels(),
		Labels:               kb.GetIdentityLabels(),
		PodTemplateSpec:      kibanaPodSpec,
		RevisionHistoryLimit: kb.Spec.RevisionHistoryLimit,
		Strategy:             appsv1.DeploymentStrategy{Type: strategyType},
	}, nil
}