Remove Route handling

As Route/Ingress are dependent of the cluster and because how TLS might
be configured and handled it is safer to keep that burden outside of
the sf-operator control.

This change acts in that direction by removing the Route/TLS/Let'sEncrypt
support.

The sf-operator dev CLI, `create demo-env` ensure the Route resource
exists.

The doc is amended to reflect that change, and a new ADR is added.

Change-Id: Ia71077b028223a878206c37a0a6cd5fddac885d1

Author: morucci

api/v1/softwarefactory_types.go

@@ -546,9 +546,6 @@ type SoftwareFactorySpec struct {
 	// at https://`service`.`FQDN`
 	FQDN string `json:"fqdn"`
 
-	// LetsEncrypt settings for enabling using LetsEncrypt for Routes/TLS
-	LetsEncrypt *LetsEncryptSpec `json:"letsEncrypt,omitempty"`
-
 	// Enable log forwarding to a [Fluent Bit HTTP input](https://docs.fluentbit.io/manual/pipeline/inputs/http)
 	FluentBitLogForwarding *FluentBitForwarderSpec `json:"FluentBitLogForwarding,omitempty"`
 

api/v1/zz_generated.deepcopy.go

@@ -39,6 +39,7 @@ import (
 	"k8s.io/apimachinery/pkg/selection"
 	"k8s.io/client-go/rest"
 
+	apiroutev1 "github.com/openshift/api/route/v1"
 	"github.com/spf13/cobra"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -54,8 +55,16 @@ var defaultHost = "microshift.dev"
 
 var errMissingArg = errors.New("missing argument")
 
-func createDemoEnv(env cliutils.ENV, restConfig *rest.Config, fqdn string, reposPath, sfOperatorRepoPath string, keepDemoTenantDefinition bool) {
+func ensureGatewayRoute(env *cliutils.ENV, fqdn string) {
+	route := base.MkHTTPSRoute("sf-gateway", env.Ns, fqdn, "gateway", "/", 8080)
+	exists, _ := cliutils.GetM(env, "gateway", &apiroutev1.Route{})
+	if !exists {
+		cliutils.CreateROrDie(env, &route)
+	}
+}
 
+func createDemoEnv(env cliutils.ENV, restConfig *rest.Config, fqdn string, reposPath, sfOperatorRepoPath string, keepDemoTenantDefinition bool) {
+	ensureGatewayRoute(&env, fqdn)
 	gerrit.EnsureGerrit(&env, fqdn)
 	ctrl.Log.Info("Making sure Gerrit is up and ready...")
 	gerrit.EnsureGerritAccess(fqdn)

cli/cmd/dev/dev.go

@@ -382,7 +382,7 @@ func (g *GerritCMDContext) ensureStatefulSetOrDie() {
 func (g *GerritCMDContext) ensureGerritIngressesOrDie() {
 	name := "gerrit"
 	route := base.MkHTTPSRoute(name, g.env.Ns, name+"."+g.fqdn,
-		gerritHTTPDPortName, "/", gerritHTTPDPort, map[string]string{}, nil)
+		gerritHTTPDPortName, "/", gerritHTTPDPort)
 	g.ensureRouteOrDie(route)
 }
 

cli/cmd/dev/gerrit/gerrit.go

@@ -118,11 +118,6 @@ func initializeSFManifest(withAuth bool, withBuilder bool, full bool, connection
 
 		manifest.Spec.GitServer.Storage.Size = oneGi
 
-		leSpec := sfv1.LetsEncryptSpec{
-			Server: sfv1.LEServerStaging,
-		}
-		manifest.Spec.LetsEncrypt = &leSpec
-
 		manifest.Spec.MariaDB.DBStorage.Size = oneGi
 		manifest.Spec.MariaDB.LogStorage.Size = oneGi
 

cli/cmd/initialize.go

@@ -21,51 +21,20 @@ package cmd
 */
 
 import (
-	"errors"
-	"os"
-
 	bootstraptenantconfigrepo "github.com/softwarefactory-project/sf-operator/cli/cmd/bootstrap-tenant-config-repo"
 	"github.com/spf13/cobra"
-	ctrl "sigs.k8s.io/controller-runtime"
 )
 
-func sfConfigureCmd(kmd *cobra.Command, args []string) {
-	if args[0] == "TLS" {
-		TLSConfigureCmd(kmd, args)
-	} else {
-		ctrl.Log.Error(errors.New("unknown argument"), args[0]+" is not a supported target")
-		os.Exit(1)
-	}
-}
-
 func MkSFCmd() *cobra.Command {
 
-	var (
-		CAPath          string
-		CertificatePath string
-		KeyPath         string
-
-		sfCmd = &cobra.Command{
-			Use:   "SF",
-			Short: "subcommands related to managing a Software Factory resource",
-			Long:  `Use these subcommands to perform management tasks at the resource level.`,
-		}
-
-		configureCmd = &cobra.Command{
-			Use:       "configure {TLS}",
-			Short:     "configure {TLS}",
-			Long:      "Configure a SF resource. The resource can be the TLS certificates",
-			ValidArgs: []string{"TLS"},
-			Run:       sfConfigureCmd,
-		}
-	)
-	configureCmd.Flags().StringVar(&CAPath, "CA", "", "path to the PEM-encoded Certificate Authority file")
-	configureCmd.Flags().StringVar(&CertificatePath, "cert", "", "path to the domain certificate file")
-	configureCmd.Flags().StringVar(&KeyPath, "key", "", "path to the private key file")
+	var sfCmd = &cobra.Command{
+		Use:   "SF",
+		Short: "subcommands related to managing a Software Factory resource",
+		Long:  `Use these subcommands to perform management tasks at the resource level.`,
+	}
 
 	sfCmd.AddCommand(MkBackupCmd())
 	sfCmd.AddCommand(MkRestoreCmd())
-	sfCmd.AddCommand(configureCmd)
 	sfCmd.AddCommand(bootstraptenantconfigrepo.MkBootstrapCmd())
 
 	return sfCmd

cli/cmd/sf.go

@@ -137,23 +137,6 @@ spec:
                     - size
                     type: object
                 type: object
-              letsEncrypt:
-                description: LetsEncrypt settings for enabling using LetsEncrypt for
-                  Routes/TLS
-                properties:
-                  server:
-                    description: |-
-                      Specify the Lets encrypt server.
-                      Valid values are:
-                      "staging",
-                      "prod"
-                    enum:
-                    - prod
-                    - staging
-                    type: string
-                required:
-                - server
-                type: object
               logserver:
                 default:
                   loopDelay: 3600

cli/cmd/tls.go

@@ -64,13 +64,5 @@ func (r *SFController) DeployHTTPDGateway() bool {
 		r.CreateR(&current)
 	}
 
-	isDeploymentReady := r.IsDeploymentReady(&current)
-
-	routeReady := r.ensureHTTPSRoute(
-		ident, r.cr.Spec.FQDN,
-		ident, "/", port, map[string]string{}, r.cr.Spec.LetsEncrypt)
-
-	isReady := isDeploymentReady && routeReady
-
-	return isReady
+	return r.IsDeploymentReady(&current)
 }

config/crd/bases/sf.softwarefactory-project.io_softwarefactories.yaml

@@ -329,20 +329,15 @@ func MkHeadlessServicePod(name string, ns string, podName string, ports []int32,
 
 // MkHTTPSRoute produces a Route on top of a Service
 func MkHTTPSRoute(
-	name string, ns string, host string, serviceName string, path string,
-	port int, annotations map[string]string, customTLS *apiroutev1.TLSConfig) apiroutev1.Route {
+	name string, ns string, host string, serviceName string, path string, port int) apiroutev1.Route {
 	tls := apiroutev1.TLSConfig{
 		InsecureEdgeTerminationPolicy: apiroutev1.InsecureEdgeTerminationPolicyRedirect,
 		Termination:                   apiroutev1.TLSTerminationEdge,
 	}
-	if customTLS != nil {
-		tls = *customTLS
-	}
 	return apiroutev1.Route{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:        name,
-			Namespace:   ns,
-			Annotations: annotations,
+			Name:      name,
+			Namespace: ns,
 		},
 		Spec: apiroutev1.RouteSpec{
 			TLS:  &tls,