Work with agent callback components

config/manager/kustomization.yaml

@@ -21,5 +21,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: quay.io/cryostat/cryostat-operator
-  newTag: 4.0.0-dev
+  newName: quay.io/ebaron/cryostat-operator
+  newTag: pod-mutation-01

internal/controllers/services.go

@@ -159,7 +159,7 @@ func (r *Reconciler) reconcileAgentHeadlessServices(ctx context.Context, cr *mod
 	for _, ns := range cr.TargetNamespaces {
 		svc := r.newAgentHeadlessService(cr, ns)
 
-		err := r.createOrUpdateService(ctx, svc, cr.Object, config, func() error {
+		err := r.createOrUpdateService(ctx, svc, nil, config, func() error {
 			// Select agent auto-configuration labels
 			svc.Spec.Selector = map[string]string{
 				agent.LabelCryostatName:      cr.Name,
@@ -294,8 +294,10 @@ func (r *Reconciler) createOrUpdateService(ctx context.Context, svc *corev1.Serv
 		common.MergeLabelsAndAnnotations(&svc.ObjectMeta, config.Labels, config.Annotations)
 
 		// Set the Cryostat CR as controller
-		if err := controllerutil.SetControllerReference(owner, svc, r.Scheme); err != nil {
-			return err
+		if owner != nil {
+			if err := controllerutil.SetControllerReference(owner, svc, r.Scheme); err != nil {
+				return err
+			}
 		}
 		// Update the service type
 		svc.Spec.Type = *config.ServiceType

internal/test/resources.go

@@ -1188,7 +1188,7 @@ func (r *TestResources) NewAgentCert(namespace string) *certv1.Certificate {
 		Spec: certv1.CertificateSpec{
 			CommonName: "cryostat-agent",
 			DNSNames: []string{
-				fmt.Sprintf("*.%s.pod", namespace),
+				fmt.Sprintf("*.%s.%s.svc", r.GetAgentServiceName(), namespace),
 			},
 			SecretName: name,
 			IssuerRef: certMeta.ObjectReference{
@@ -3007,6 +3007,11 @@ func (r *TestResources) clusterUniqueSuffix(namespace string) string {
 	return fmt.Sprintf("%x", sha256.Sum256([]byte(toEncode)))
 }
 
+func (r *TestResources) clusterUniqueShortSuffix() string {
+	toEncode := r.Namespace + "/" + r.Name
+	return fmt.Sprintf("%x", sha256.Sum224([]byte(toEncode)))
+}
+
 func (r *TestResources) NewClusterRoleBinding() *rbacv1.ClusterRoleBinding {
 	return &rbacv1.ClusterRoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
@@ -3588,6 +3593,10 @@ func (r *TestResources) GetAgentCertPrefix() string {
 	return "cryostat-agent-"
 }
 
+func (r *TestResources) GetAgentServiceName() string {
+	return "cryo-" + r.clusterUniqueShortSuffix()
+}
+
 func (r *TestResources) NewCreateEvent(obj ctrlclient.Object) event.CreateEvent {
 	return event.CreateEvent{
 		Object: obj,

internal/webhooks/agent/pod_defaulter.go

@@ -119,9 +119,6 @@ func (r *podMutator) Default(ctx context.Context, obj runtime.Object) error {
 		ReadOnly:  true,
 	})
 
-	// TODO check for existing hostname
-	hostname := pod.Spec.Hostname
-
 	container.Env = append(container.Env,
 		corev1.EnvVar{
 			Name:  "CRYOSTAT_AGENT_BASEURI",
@@ -154,7 +151,7 @@ func (r *podMutator) Default(ctx context.Context, obj runtime.Object) error {
 	)
 
 	// Append callback environment variables
-	container.Env = append(container.Env, r.callbackEnv(cr, pod.Namespace, tlsEnabled, hostname)...)
+	container.Env = append(container.Env, r.callbackEnv(cr, pod.Namespace, tlsEnabled)...)
 
 	if tlsEnabled {
 		// Mount the certificate volume
@@ -267,46 +264,30 @@ func cryostatURL(cr *operatorv1beta2.Cryostat, tls bool) string {
 		port)
 }
 
-func (r *podMutator) callbackEnv(cr *operatorv1beta2.Cryostat, namespace string, tls bool, hostname string) []corev1.EnvVar {
+func (r *podMutator) callbackEnv(cr *operatorv1beta2.Cryostat, namespace string, tls bool) []corev1.EnvVar {
 	scheme := "https"
 	if !tls {
 		scheme = "http"
 	}
 	envs := []corev1.EnvVar{
 		{
-			Name:  "CRYOSTAT_AGENT_KUBERNETES_CALLBACK_SCHEME",
+			Name:  "CRYOSTAT_AGENT_CALLBACK_SCHEME",
 			Value: scheme,
 		},
 		{
-			Name:  "CRYOSTAT_AGENT_KUBERNETES_CALLBACK_DOMAIN",
+			Name:  "CRYOSTAT_AGENT_CALLBACK_HOST_NAME",
+			Value: fmt.Sprintf("$(%s), $(%s)[replace(\".\"\\, \"-\")]", podNameEnvVar, podIPEnvVar),
+		},
+		{
+			Name:  "CRYOSTAT_AGENT_CALLBACK_DOMAIN_NAME",
 			Value: fmt.Sprintf("%s.%s.svc", common.ClusterUniqueShortName(r.gvk, cr.Name, cr.Namespace), namespace),
 		},
 		{
-			Name:  "CRYOSTAT_AGENT_KUBERNETES_CALLBACK_PORT",
+			Name:  "CRYOSTAT_AGENT_CALLBACK_PORT",
 			Value: "9977",
 		},
 	}
 
-	if len(hostname) > 0 {
-		envs = append(envs,
-			corev1.EnvVar{
-				Name:  "CRYOSTAT_AGENT_KUBERNETES_CALLBACK_HOST_NAME",
-				Value: hostname,
-			},
-		)
-	} else {
-		envs = append(envs,
-			corev1.EnvVar{
-				Name:  "CRYOSTAT_AGENT_KUBERNETES_CALLBACK_POD_NAME",
-				Value: fmt.Sprintf("$(%s)", podNameEnvVar),
-			},
-			corev1.EnvVar{
-				Name:  "CRYOSTAT_AGENT_KUBERNETES_CALLBACK_IP",
-				Value: fmt.Sprintf("$(%s)", podIPEnvVar),
-			},
-		)
-	}
-
 	return envs
 }