H&H: Allow using Test Console (standalone) from operator 🤘 (#666)

* Allow using Test Console (standalone) from operator

* Simplify

* use strconv.ParseBool

controllers/consoleplugin/consoleplugin_objects.go

@@ -173,13 +173,6 @@ func (b *builder) deployment(cmDigest string) *appsv1.Deployment {
 func (b *builder) podTemplate(cmDigest string) *corev1.PodTemplateSpec {
 	volumes := []corev1.Volume{
 		{
-			Name: secretName,
-			VolumeSource: corev1.VolumeSource{
-				Secret: &corev1.SecretVolumeSource{
-					SecretName: secretName,
-				},
-			},
-		}, {
 			Name: configVolume,
 			VolumeSource: corev1.VolumeSource{
 				ConfigMap: &corev1.ConfigMapVolumeSource{
@@ -193,16 +186,28 @@ func (b *builder) podTemplate(cmDigest string) *corev1.PodTemplateSpec {
 
 	volumeMounts := []corev1.VolumeMount{
 		{
-			Name:      secretName,
-			MountPath: "/var/serving-cert",
-			ReadOnly:  true,
-		}, {
 			Name:      configVolume,
 			MountPath: configPath,
 			ReadOnly:  true,
 		},
 	}
 
+	if !helper.UseTestConsolePlugin(b.desired) {
+		volumes = append(volumes, corev1.Volume{
+			Name: secretName,
+			VolumeSource: corev1.VolumeSource{
+				Secret: &corev1.SecretVolumeSource{
+					SecretName: secretName,
+				},
+			},
+		})
+		volumeMounts = append(volumeMounts, corev1.VolumeMount{
+			Name:      secretName,
+			MountPath: "/var/serving-cert",
+			ReadOnly:  true,
+		})
+	}
+
 	// ensure volumes are up to date
 	loki := b.info.Loki
 	if loki.TLS.Enable && !loki.TLS.InsecureSkipVerify {
@@ -487,11 +492,17 @@ func (b *builder) setFrontendConfig(fconf *cfg.FrontendConfig) error {
 // returns a configmap with a digest of its configuration contents, which will be used to
 // detect any configuration change
 func (b *builder) configMap(ctx context.Context) (*corev1.ConfigMap, string, error) {
-	config := cfg.PluginConfig{}
-	// configure server
-	config.Server.CertPath = "/var/serving-cert/tls.crt"
-	config.Server.KeyPath = "/var/serving-cert/tls.key"
-	config.Server.Port = int(*b.advanced.Port)
+	config := cfg.PluginConfig{
+		Server: cfg.ServerConfig{
+			Port: int(*b.advanced.Port),
+		},
+	}
+	if helper.UseTestConsolePlugin(b.desired) {
+		config.Server.AuthCheck = "none"
+	} else {
+		config.Server.CertPath = "/var/serving-cert/tls.crt"
+		config.Server.KeyPath = "/var/serving-cert/tls.key"
+	}
 
 	// configure loki
 	config.Loki = b.getLokiConfig()

controllers/consoleplugin/consoleplugin_reconciler.go

@@ -67,20 +67,24 @@ func (r *CPReconciler) Reconcile(ctx context.Context, desired *flowslatest.FlowC
 		return err
 	}
 
-	if err = r.checkAutoPatch(ctx, desired); err != nil {
-		return err
+	if r.AvailableAPIs.HasConsolePlugin() {
+		if err = r.checkAutoPatch(ctx, desired); err != nil {
+			return err
+		}
 	}
 
-	if helper.UseConsolePlugin(&desired.Spec) {
+	if helper.UseConsolePlugin(&desired.Spec) && (r.AvailableAPIs.HasConsolePlugin() || helper.UseTestConsolePlugin(&desired.Spec)) {
 		// Create object builder
 		builder := newBuilder(r.Instance, &desired.Spec)
 
 		if err := r.reconcilePermissions(ctx, &builder); err != nil {
 			return err
 		}
 
-		if err = r.reconcilePlugin(ctx, &builder, &desired.Spec); err != nil {
-			return err
+		if r.AvailableAPIs.HasConsolePlugin() {
+			if err = r.reconcilePlugin(ctx, &builder, &desired.Spec); err != nil {
+				return err
+			}
 		}
 
 		cmDigest, err := r.reconcileConfigMap(ctx, &builder)

controllers/constants/constants.go

@@ -45,6 +45,8 @@ const (
 	LokiCRWriter  = "netobserv-writer"
 	LokiCRBWriter = "netobserv-writer-flp"
 	LokiCRReader  = "netobserv-reader"
+
+	EnvTestConsole = "TEST_CONSOLE"
 )
 
 var LokiIndexFields = []string{"SrcK8S_Namespace", "SrcK8S_OwnerName", "SrcK8S_Type", "DstK8S_Namespace", "DstK8S_OwnerName", "DstK8S_Type", "K8S_FlowLayer", "FlowDirection"}

controllers/flowcollector_controller.go

@@ -133,14 +133,11 @@ func (r *FlowCollectorReconciler) reconcile(ctx context.Context, clh *helper.Cli
 	r.watcher.Reset(ns)
 
 	// Create reconcilers
-	var cpReconciler consoleplugin.CPReconciler
-	if r.mgr.HasConsolePlugin() {
-		cpReconciler = consoleplugin.NewReconciler(reconcilersInfo.NewInstance(r.mgr.Config.ConsolePluginImage, r.status))
-	}
+	cpReconciler := consoleplugin.NewReconciler(reconcilersInfo.NewInstance(r.mgr.Config.ConsolePluginImage, r.status))
 
 	// Check namespace changed
 	if ns != previousNamespace {
-		if previousNamespace != "" && r.mgr.HasConsolePlugin() {
+		if previousNamespace != "" {
 			// Namespace updated, clean up previous namespace
 			log.FromContext(ctx).
 				Info("FlowCollector namespace change detected: cleaning up previous namespace", "old", previousNamespace, "new", ns)
@@ -160,11 +157,9 @@ func (r *FlowCollectorReconciler) reconcile(ctx context.Context, clh *helper.Cli
 	}
 
 	// Console plugin
-	if r.mgr.HasConsolePlugin() {
-		err := cpReconciler.Reconcile(ctx, desired)
-		if err != nil {
-			return r.status.Error("ReconcileConsolePluginFailed", err)
-		}
+	err := cpReconciler.Reconcile(ctx, desired)
+	if err != nil {
+		return r.status.Error("ReconcileConsolePluginFailed", err)
 	}
 
 	return nil

pkg/helper/flowcollector.go

@@ -1,6 +1,7 @@
 package helper
 
 import (
+	"strconv"
 	"strings"
 
 	"github.com/netobserv/flowlogs-pipeline/pkg/api"
@@ -80,6 +81,16 @@ func UseConsolePlugin(spec *flowslatest.FlowCollectorSpec) bool {
 		(spec.ConsolePlugin.Enable == nil || *spec.ConsolePlugin.Enable)
 }
 
+func UseTestConsolePlugin(spec *flowslatest.FlowCollectorSpec) bool {
+	if spec.ConsolePlugin.Advanced != nil {
+		env := spec.ConsolePlugin.Advanced.Env[constants.EnvTestConsole]
+		// Use ParseBool to allow common variants ("true", "True", "1"...) and ignore non-bools
+		b, err := strconv.ParseBool(env)
+		return err == nil && b
+	}
+	return false
+}
+
 func IsAgentFeatureEnabled(spec *flowslatest.FlowCollectorEBPF, feature flowslatest.AgentFeature) bool {
 	for _, f := range spec.Features {
 		if f == feature {