diff --git a/controllers/consoleplugin/consoleplugin_objects.go b/controllers/consoleplugin/consoleplugin_objects.go index 765866af3..213b6fa4d 100644 --- a/controllers/consoleplugin/consoleplugin_objects.go +++ b/controllers/consoleplugin/consoleplugin_objects.go @@ -208,18 +208,6 @@ func (b *builder) podTemplate(cmDigest string) *corev1.PodTemplateSpec { }) } - // ensure volumes are up to date - loki := b.info.Loki - if loki.TLS.Enable && !loki.TLS.InsecureSkipVerify { - b.volumes.AddCACertificate(&loki.TLS, "loki-certs") - } - if loki.StatusTLS.Enable && !loki.StatusTLS.InsecureSkipVerify { - b.volumes.AddMutualTLSCertificates(&loki.StatusTLS, "loki-status-certs") - } - if loki.UseHostToken() { - b.volumes.AddToken(constants.PluginName) - } - return &corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: b.labels, diff --git a/controllers/consoleplugin/consoleplugin_reconciler.go b/controllers/consoleplugin/consoleplugin_reconciler.go index a64f751d1..77a0ce40d 100644 --- a/controllers/consoleplugin/consoleplugin_reconciler.go +++ b/controllers/consoleplugin/consoleplugin_reconciler.go @@ -104,13 +104,15 @@ func (r *CPReconciler) Reconcile(ctx context.Context, desired *flowslatest.FlowC return err } - // Watch for Loki certificates if necessary; we'll ignore in that case the returned digest, as we don't need to restart pods on cert rotation - // because certificate is always reloaded from file - if _, err = r.Watcher.ProcessCACert(ctx, r.Client, &r.Loki.TLS, r.Namespace); err != nil { - return err - } - if _, _, err = r.Watcher.ProcessMTLSCerts(ctx, r.Client, &r.Loki.StatusTLS, r.Namespace); err != nil { - return err + if helper.UseLoki(&desired.Spec) { + // Watch for Loki certificates if necessary; we'll ignore in that case the returned digest, as we don't need to restart pods on cert rotation + // because certificate is always reloaded from file + if _, err = r.Watcher.ProcessCACert(ctx, r.Client, &r.Loki.TLS, r.Namespace); err != nil { + return err + } + if _, _, err = r.Watcher.ProcessMTLSCerts(ctx, r.Client, &r.Loki.StatusTLS, r.Namespace); err != nil { + return err + } } } else { // delete any existing owned object diff --git a/controllers/consoleplugin/consoleplugin_test.go b/controllers/consoleplugin/consoleplugin_test.go index 052d4788d..f69603b88 100644 --- a/controllers/consoleplugin/consoleplugin_test.go +++ b/controllers/consoleplugin/consoleplugin_test.go @@ -111,7 +111,9 @@ func getAutoScalerSpecs() (ascv2.HorizontalPodAutoscaler, flowslatest.FlowCollec func getBuilder(spec *flowslatest.FlowCollectorSpec, lk *helper.LokiConfig) builder { info := reconcilers.Common{Namespace: testNamespace, Loki: lk} - return newBuilder(info.NewInstance(testImage, status.Instance{}), spec) + b := newBuilder(info.NewInstance(testImage, status.Instance{}), spec) + _, _, _ = b.configMap(context.Background()) // build configmap to update builder's volumes + return b } func TestContainerUpdateCheck(t *testing.T) {