From 03a572ba6bd7ce82824a498d4ffb02f4dfd0143c Mon Sep 17 00:00:00 2001 From: Ewout Prangsma Date: Mon, 19 Mar 2018 18:51:42 +0100 Subject: [PATCH] Change scope of ArangoLocalStorage to Cluster --- manifests/crd.yaml | 2 +- .../templates/deployment/deployment.yaml | 6 +- manifests/templates/deployment/rbac.yaml | 98 +++++++++++-------- manifests/templates/storage/deployment.yaml | 15 ++- manifests/templates/storage/rbac.yaml | 97 ++++++++++-------- pkg/apis/storage/v1alpha/local_storage.go | 1 + .../storage/v1alpha/arangolocalstorage.go | 15 +-- .../v1alpha/fake/fake_arangolocalstorage.go | 27 ++--- .../v1alpha/fake/fake_storage_client.go | 4 +- .../typed/storage/v1alpha/storage_client.go | 4 +- .../storage/v1alpha/arangolocalstorage.go | 13 ++- .../storage/v1alpha/interface.go | 2 +- .../storage/v1alpha/arangolocalstorage.go | 39 +------- .../storage/v1alpha/expansion_generated.go | 4 - pkg/operator/operator_local_storage.go | 3 +- pkg/storage/daemon_set.go | 2 +- pkg/storage/image.go | 2 +- pkg/storage/local_storage.go | 15 ++- pkg/storage/pvc_informer.go | 2 +- pkg/storage/service.go | 2 +- pkg/util/crd/crd.go | 2 +- tools/manifests/manifest_builder.go | 58 +++++++---- 22 files changed, 213 insertions(+), 200 deletions(-) diff --git a/manifests/crd.yaml b/manifests/crd.yaml index e708946d7..169262939 100644 --- a/manifests/crd.yaml +++ b/manifests/crd.yaml @@ -30,5 +30,5 @@ spec: shortNames: - arangostorage singular: arangolocalstorage - scope: Namespaced + scope: Cluster version: v1alpha diff --git a/manifests/templates/deployment/deployment.yaml b/manifests/templates/deployment/deployment.yaml index 0d6f96e3f..09166b22b 100644 --- a/manifests/templates/deployment/deployment.yaml +++ b/manifests/templates/deployment/deployment.yaml @@ -2,14 +2,14 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: {{ .Deployment.OperatorName }} - namespace: {{ .Deployment.Namespace }} + name: {{ .Deployment.OperatorDeploymentName }} + namespace: {{ .Deployment.Operator.Namespace }} spec: replicas: 1 template: metadata: labels: - name: {{ .Deployment.OperatorName }} + name: {{ .Deployment.OperatorDeploymentName }} spec: containers: - name: operator diff --git a/manifests/templates/deployment/rbac.yaml b/manifests/templates/deployment/rbac.yaml index 291aeeb71..c77ee6dd8 100644 --- a/manifests/templates/deployment/rbac.yaml +++ b/manifests/templates/deployment/rbac.yaml @@ -1,59 +1,73 @@ {{- if .RBAC -}} +## Cluster role granting access to ArangoDeployment resources. apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: {{ .Deployment.ClusterRoleName }} + name: {{ .Deployment.User.RoleName }} rules: -- apiGroups: - - database.arangodb.com - resources: - - arangodeployments - verbs: - - "*" -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get -- apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - secrets - verbs: - - "*" -- apiGroups: - - apps - resources: - - deployments - verbs: - - "*" -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list +- apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["*"] --- +## Cluster role granting access to all resources needed by the ArangoDeployment operator. apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: - name: {{ .Deployment.ClusterRoleBindingName }} + name: {{ .Deployment.Operator.RoleName }} +rules: +- apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["*"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get"] +- apiGroups: [""] + resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"] + verbs: ["*"] +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["*"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list"] + +--- + +## Bind the cluster role granting access to ArangoLocalStorage resources +## to the default service account of the configured namespace. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ .Deployment.User.RoleBindingName }} + namespace: {{ .Deployment.User.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Deployment.ClusterRoleName }} + name: {{ .Deployment.User.RoleName }} subjects: - kind: ServiceAccount - name: default - namespace: {{ .Deployment.Namespace }} + name: {{ .Deployment.User.ServiceAccountName }} + namespace: {{ .Deployment.User.Namespace }} + +--- + +## Bind the cluster role granting access to all resources needed by +## the ArangoDeployment operator to the default service account +## the is being used to run the operator deployment. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ .Deployment.Operator.RoleBindingName }} + namespace: {{ .Deployment.Operator.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Deployment.Operator.RoleName }} +subjects: +- kind: ServiceAccount + name: {{ .Deployment.Operator.ServiceAccountName }} + namespace: {{ .Deployment.Operator.Namespace }} {{- end -}} \ No newline at end of file diff --git a/manifests/templates/storage/deployment.yaml b/manifests/templates/storage/deployment.yaml index 9d94b9ea7..cd24b3a81 100644 --- a/manifests/templates/storage/deployment.yaml +++ b/manifests/templates/storage/deployment.yaml @@ -1,16 +1,25 @@ +## Service accounts +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Storage.Operator.Namespace }} + name: {{ .Storage.Operator.ServiceAccountName }} + +--- apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: {{ .Storage.OperatorName }} - namespace: {{ .Storage.Namespace }} + name: {{ .Storage.OperatorDeploymentName }} + namespace: {{ .Storage.Operator.Namespace }} spec: replicas: 1 template: metadata: labels: - name: {{ .Storage.OperatorName }} + name: {{ .Storage.OperatorDeploymentName }} spec: + serviceAccountName: {{ .Storage.Operator.ServiceAccountName }} containers: - name: operator imagePullPolicy: {{ .ImagePullPolicy }} diff --git a/manifests/templates/storage/rbac.yaml b/manifests/templates/storage/rbac.yaml index 2feee0b4e..6f743d913 100644 --- a/manifests/templates/storage/rbac.yaml +++ b/manifests/templates/storage/rbac.yaml @@ -1,56 +1,75 @@ {{- if .RBAC -}} +## Cluster role granting access to ArangoLocalStorage resources. apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: {{ .Storage.ClusterRoleName }} + name: {{ .Storage.User.RoleName }} rules: -- apiGroups: - - storage.arangodb.com - resources: - - arangolocalstorages - verbs: - - "*" -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get -- apiGroups: - - "" - resources: - - persistentvolumes - - persistentvolumeclaims - - events - verbs: - - "*" -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - "*" -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" +- apiGroups: ["storage.arangodb.com"] + resources: ["arangolocalstorages"] + verbs: ["*"] --- +## Cluster role granting access to all resources needed by the ArangoLocalStorage operator. apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding +kind: ClusterRole metadata: - name: {{ .Storage.ClusterRoleBindingName }} + name: {{ .Storage.Operator.RoleName }} +rules: +- apiGroups: ["storage.arangodb.com"] + resources: ["arangolocalstorages"] + verbs: ["*"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get"] +- apiGroups: [""] + resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"] + verbs: ["*"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["*"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["*"] + +--- + +## Bind the cluster role granting access to ArangoLocalStorage resources +## to the default service account of the configured namespace. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ .Storage.User.RoleBindingName }} + namespace: {{ .Storage.User.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Storage.ClusterRoleName }} + name: {{ .Storage.User.RoleName }} subjects: - kind: ServiceAccount - name: default - namespace: {{ .Storage.Namespace }} + name: {{ .Storage.User.ServiceAccountName }} + namespace: {{ .Storage.User.Namespace }} -{{- end -}} \ No newline at end of file +--- + +## Bind the cluster role granting access to all resources needed by +## the ArangoLocalStorage operator to the default service account +## the is being used to run the operator deployment. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ .Storage.Operator.RoleBindingName }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Storage.Operator.RoleName }} +subjects: +- kind: ServiceAccount + name: {{ .Storage.Operator.ServiceAccountName }} + namespace: {{ .Storage.Operator.Namespace }} +{{- end -}} diff --git a/pkg/apis/storage/v1alpha/local_storage.go b/pkg/apis/storage/v1alpha/local_storage.go index 0dc464f9d..cc755f2b4 100644 --- a/pkg/apis/storage/v1alpha/local_storage.go +++ b/pkg/apis/storage/v1alpha/local_storage.go @@ -38,6 +38,7 @@ type ArangoLocalStorageList struct { } // +genclient +// +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ArangoLocalStorage contains the entire Kubernetes info for an ArangoDB diff --git a/pkg/generated/clientset/versioned/typed/storage/v1alpha/arangolocalstorage.go b/pkg/generated/clientset/versioned/typed/storage/v1alpha/arangolocalstorage.go index cbcbe34b3..3a09820df 100644 --- a/pkg/generated/clientset/versioned/typed/storage/v1alpha/arangolocalstorage.go +++ b/pkg/generated/clientset/versioned/typed/storage/v1alpha/arangolocalstorage.go @@ -31,7 +31,7 @@ import ( // ArangoLocalStoragesGetter has a method to return a ArangoLocalStorageInterface. // A group's client should implement this interface. type ArangoLocalStoragesGetter interface { - ArangoLocalStorages(namespace string) ArangoLocalStorageInterface + ArangoLocalStorages() ArangoLocalStorageInterface } // ArangoLocalStorageInterface has methods to work with ArangoLocalStorage resources. @@ -51,14 +51,12 @@ type ArangoLocalStorageInterface interface { // arangoLocalStorages implements ArangoLocalStorageInterface type arangoLocalStorages struct { client rest.Interface - ns string } // newArangoLocalStorages returns a ArangoLocalStorages -func newArangoLocalStorages(c *StorageV1alphaClient, namespace string) *arangoLocalStorages { +func newArangoLocalStorages(c *StorageV1alphaClient) *arangoLocalStorages { return &arangoLocalStorages{ client: c.RESTClient(), - ns: namespace, } } @@ -66,7 +64,6 @@ func newArangoLocalStorages(c *StorageV1alphaClient, namespace string) *arangoLo func (c *arangoLocalStorages) Get(name string, options v1.GetOptions) (result *v1alpha.ArangoLocalStorage, err error) { result = &v1alpha.ArangoLocalStorage{} err = c.client.Get(). - Namespace(c.ns). Resource("arangolocalstorages"). Name(name). VersionedParams(&options, scheme.ParameterCodec). @@ -79,7 +76,6 @@ func (c *arangoLocalStorages) Get(name string, options v1.GetOptions) (result *v func (c *arangoLocalStorages) List(opts v1.ListOptions) (result *v1alpha.ArangoLocalStorageList, err error) { result = &v1alpha.ArangoLocalStorageList{} err = c.client.Get(). - Namespace(c.ns). Resource("arangolocalstorages"). VersionedParams(&opts, scheme.ParameterCodec). Do(). @@ -91,7 +87,6 @@ func (c *arangoLocalStorages) List(opts v1.ListOptions) (result *v1alpha.ArangoL func (c *arangoLocalStorages) Watch(opts v1.ListOptions) (watch.Interface, error) { opts.Watch = true return c.client.Get(). - Namespace(c.ns). Resource("arangolocalstorages"). VersionedParams(&opts, scheme.ParameterCodec). Watch() @@ -101,7 +96,6 @@ func (c *arangoLocalStorages) Watch(opts v1.ListOptions) (watch.Interface, error func (c *arangoLocalStorages) Create(arangoLocalStorage *v1alpha.ArangoLocalStorage) (result *v1alpha.ArangoLocalStorage, err error) { result = &v1alpha.ArangoLocalStorage{} err = c.client.Post(). - Namespace(c.ns). Resource("arangolocalstorages"). Body(arangoLocalStorage). Do(). @@ -113,7 +107,6 @@ func (c *arangoLocalStorages) Create(arangoLocalStorage *v1alpha.ArangoLocalStor func (c *arangoLocalStorages) Update(arangoLocalStorage *v1alpha.ArangoLocalStorage) (result *v1alpha.ArangoLocalStorage, err error) { result = &v1alpha.ArangoLocalStorage{} err = c.client.Put(). - Namespace(c.ns). Resource("arangolocalstorages"). Name(arangoLocalStorage.Name). Body(arangoLocalStorage). @@ -128,7 +121,6 @@ func (c *arangoLocalStorages) Update(arangoLocalStorage *v1alpha.ArangoLocalStor func (c *arangoLocalStorages) UpdateStatus(arangoLocalStorage *v1alpha.ArangoLocalStorage) (result *v1alpha.ArangoLocalStorage, err error) { result = &v1alpha.ArangoLocalStorage{} err = c.client.Put(). - Namespace(c.ns). Resource("arangolocalstorages"). Name(arangoLocalStorage.Name). SubResource("status"). @@ -141,7 +133,6 @@ func (c *arangoLocalStorages) UpdateStatus(arangoLocalStorage *v1alpha.ArangoLoc // Delete takes name of the arangoLocalStorage and deletes it. Returns an error if one occurs. func (c *arangoLocalStorages) Delete(name string, options *v1.DeleteOptions) error { return c.client.Delete(). - Namespace(c.ns). Resource("arangolocalstorages"). Name(name). Body(options). @@ -152,7 +143,6 @@ func (c *arangoLocalStorages) Delete(name string, options *v1.DeleteOptions) err // DeleteCollection deletes a collection of objects. func (c *arangoLocalStorages) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { return c.client.Delete(). - Namespace(c.ns). Resource("arangolocalstorages"). VersionedParams(&listOptions, scheme.ParameterCodec). Body(options). @@ -164,7 +154,6 @@ func (c *arangoLocalStorages) DeleteCollection(options *v1.DeleteOptions, listOp func (c *arangoLocalStorages) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha.ArangoLocalStorage, err error) { result = &v1alpha.ArangoLocalStorage{} err = c.client.Patch(pt). - Namespace(c.ns). Resource("arangolocalstorages"). SubResource(subresources...). Name(name). diff --git a/pkg/generated/clientset/versioned/typed/storage/v1alpha/fake/fake_arangolocalstorage.go b/pkg/generated/clientset/versioned/typed/storage/v1alpha/fake/fake_arangolocalstorage.go index d55b6f84a..833e7c550 100644 --- a/pkg/generated/clientset/versioned/typed/storage/v1alpha/fake/fake_arangolocalstorage.go +++ b/pkg/generated/clientset/versioned/typed/storage/v1alpha/fake/fake_arangolocalstorage.go @@ -32,7 +32,6 @@ import ( // FakeArangoLocalStorages implements ArangoLocalStorageInterface type FakeArangoLocalStorages struct { Fake *FakeStorageV1alpha - ns string } var arangolocalstoragesResource = schema.GroupVersionResource{Group: "storage.arangodb.com", Version: "v1alpha", Resource: "arangolocalstorages"} @@ -42,8 +41,7 @@ var arangolocalstoragesKind = schema.GroupVersionKind{Group: "storage.arangodb.c // Get takes name of the arangoLocalStorage, and returns the corresponding arangoLocalStorage object, and an error if there is any. func (c *FakeArangoLocalStorages) Get(name string, options v1.GetOptions) (result *v1alpha.ArangoLocalStorage, err error) { obj, err := c.Fake. - Invokes(testing.NewGetAction(arangolocalstoragesResource, c.ns, name), &v1alpha.ArangoLocalStorage{}) - + Invokes(testing.NewRootGetAction(arangolocalstoragesResource, name), &v1alpha.ArangoLocalStorage{}) if obj == nil { return nil, err } @@ -53,8 +51,7 @@ func (c *FakeArangoLocalStorages) Get(name string, options v1.GetOptions) (resul // List takes label and field selectors, and returns the list of ArangoLocalStorages that match those selectors. func (c *FakeArangoLocalStorages) List(opts v1.ListOptions) (result *v1alpha.ArangoLocalStorageList, err error) { obj, err := c.Fake. - Invokes(testing.NewListAction(arangolocalstoragesResource, arangolocalstoragesKind, c.ns, opts), &v1alpha.ArangoLocalStorageList{}) - + Invokes(testing.NewRootListAction(arangolocalstoragesResource, arangolocalstoragesKind, opts), &v1alpha.ArangoLocalStorageList{}) if obj == nil { return nil, err } @@ -75,15 +72,13 @@ func (c *FakeArangoLocalStorages) List(opts v1.ListOptions) (result *v1alpha.Ara // Watch returns a watch.Interface that watches the requested arangoLocalStorages. func (c *FakeArangoLocalStorages) Watch(opts v1.ListOptions) (watch.Interface, error) { return c.Fake. - InvokesWatch(testing.NewWatchAction(arangolocalstoragesResource, c.ns, opts)) - + InvokesWatch(testing.NewRootWatchAction(arangolocalstoragesResource, opts)) } // Create takes the representation of a arangoLocalStorage and creates it. Returns the server's representation of the arangoLocalStorage, and an error, if there is any. func (c *FakeArangoLocalStorages) Create(arangoLocalStorage *v1alpha.ArangoLocalStorage) (result *v1alpha.ArangoLocalStorage, err error) { obj, err := c.Fake. - Invokes(testing.NewCreateAction(arangolocalstoragesResource, c.ns, arangoLocalStorage), &v1alpha.ArangoLocalStorage{}) - + Invokes(testing.NewRootCreateAction(arangolocalstoragesResource, arangoLocalStorage), &v1alpha.ArangoLocalStorage{}) if obj == nil { return nil, err } @@ -93,8 +88,7 @@ func (c *FakeArangoLocalStorages) Create(arangoLocalStorage *v1alpha.ArangoLocal // Update takes the representation of a arangoLocalStorage and updates it. Returns the server's representation of the arangoLocalStorage, and an error, if there is any. func (c *FakeArangoLocalStorages) Update(arangoLocalStorage *v1alpha.ArangoLocalStorage) (result *v1alpha.ArangoLocalStorage, err error) { obj, err := c.Fake. - Invokes(testing.NewUpdateAction(arangolocalstoragesResource, c.ns, arangoLocalStorage), &v1alpha.ArangoLocalStorage{}) - + Invokes(testing.NewRootUpdateAction(arangolocalstoragesResource, arangoLocalStorage), &v1alpha.ArangoLocalStorage{}) if obj == nil { return nil, err } @@ -105,8 +99,7 @@ func (c *FakeArangoLocalStorages) Update(arangoLocalStorage *v1alpha.ArangoLocal // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). func (c *FakeArangoLocalStorages) UpdateStatus(arangoLocalStorage *v1alpha.ArangoLocalStorage) (*v1alpha.ArangoLocalStorage, error) { obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(arangolocalstoragesResource, "status", c.ns, arangoLocalStorage), &v1alpha.ArangoLocalStorage{}) - + Invokes(testing.NewRootUpdateSubresourceAction(arangolocalstoragesResource, "status", arangoLocalStorage), &v1alpha.ArangoLocalStorage{}) if obj == nil { return nil, err } @@ -116,14 +109,13 @@ func (c *FakeArangoLocalStorages) UpdateStatus(arangoLocalStorage *v1alpha.Arang // Delete takes name of the arangoLocalStorage and deletes it. Returns an error if one occurs. func (c *FakeArangoLocalStorages) Delete(name string, options *v1.DeleteOptions) error { _, err := c.Fake. - Invokes(testing.NewDeleteAction(arangolocalstoragesResource, c.ns, name), &v1alpha.ArangoLocalStorage{}) - + Invokes(testing.NewRootDeleteAction(arangolocalstoragesResource, name), &v1alpha.ArangoLocalStorage{}) return err } // DeleteCollection deletes a collection of objects. func (c *FakeArangoLocalStorages) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(arangolocalstoragesResource, c.ns, listOptions) + action := testing.NewRootDeleteCollectionAction(arangolocalstoragesResource, listOptions) _, err := c.Fake.Invokes(action, &v1alpha.ArangoLocalStorageList{}) return err @@ -132,8 +124,7 @@ func (c *FakeArangoLocalStorages) DeleteCollection(options *v1.DeleteOptions, li // Patch applies the patch and returns the patched arangoLocalStorage. func (c *FakeArangoLocalStorages) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha.ArangoLocalStorage, err error) { obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(arangolocalstoragesResource, c.ns, name, data, subresources...), &v1alpha.ArangoLocalStorage{}) - + Invokes(testing.NewRootPatchSubresourceAction(arangolocalstoragesResource, name, data, subresources...), &v1alpha.ArangoLocalStorage{}) if obj == nil { return nil, err } diff --git a/pkg/generated/clientset/versioned/typed/storage/v1alpha/fake/fake_storage_client.go b/pkg/generated/clientset/versioned/typed/storage/v1alpha/fake/fake_storage_client.go index 8ddd0d93f..e1fbbe983 100644 --- a/pkg/generated/clientset/versioned/typed/storage/v1alpha/fake/fake_storage_client.go +++ b/pkg/generated/clientset/versioned/typed/storage/v1alpha/fake/fake_storage_client.go @@ -29,8 +29,8 @@ type FakeStorageV1alpha struct { *testing.Fake } -func (c *FakeStorageV1alpha) ArangoLocalStorages(namespace string) v1alpha.ArangoLocalStorageInterface { - return &FakeArangoLocalStorages{c, namespace} +func (c *FakeStorageV1alpha) ArangoLocalStorages() v1alpha.ArangoLocalStorageInterface { + return &FakeArangoLocalStorages{c} } // RESTClient returns a RESTClient that is used to communicate diff --git a/pkg/generated/clientset/versioned/typed/storage/v1alpha/storage_client.go b/pkg/generated/clientset/versioned/typed/storage/v1alpha/storage_client.go index 06fca283c..b2358f01d 100644 --- a/pkg/generated/clientset/versioned/typed/storage/v1alpha/storage_client.go +++ b/pkg/generated/clientset/versioned/typed/storage/v1alpha/storage_client.go @@ -36,8 +36,8 @@ type StorageV1alphaClient struct { restClient rest.Interface } -func (c *StorageV1alphaClient) ArangoLocalStorages(namespace string) ArangoLocalStorageInterface { - return newArangoLocalStorages(c, namespace) +func (c *StorageV1alphaClient) ArangoLocalStorages() ArangoLocalStorageInterface { + return newArangoLocalStorages(c) } // NewForConfig creates a new StorageV1alphaClient for the given config. diff --git a/pkg/generated/informers/externalversions/storage/v1alpha/arangolocalstorage.go b/pkg/generated/informers/externalversions/storage/v1alpha/arangolocalstorage.go index a3c3005cc..62ece31db 100644 --- a/pkg/generated/informers/externalversions/storage/v1alpha/arangolocalstorage.go +++ b/pkg/generated/informers/externalversions/storage/v1alpha/arangolocalstorage.go @@ -45,33 +45,32 @@ type ArangoLocalStorageInformer interface { type arangoLocalStorageInformer struct { factory internalinterfaces.SharedInformerFactory tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string } // NewArangoLocalStorageInformer constructs a new informer for ArangoLocalStorage type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewArangoLocalStorageInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredArangoLocalStorageInformer(client, namespace, resyncPeriod, indexers, nil) +func NewArangoLocalStorageInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredArangoLocalStorageInformer(client, resyncPeriod, indexers, nil) } // NewFilteredArangoLocalStorageInformer constructs a new informer for ArangoLocalStorage type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewFilteredArangoLocalStorageInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { +func NewFilteredArangoLocalStorageInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( &cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.StorageV1alpha().ArangoLocalStorages(namespace).List(options) + return client.StorageV1alpha().ArangoLocalStorages().List(options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.StorageV1alpha().ArangoLocalStorages(namespace).Watch(options) + return client.StorageV1alpha().ArangoLocalStorages().Watch(options) }, }, &storage_v1alpha.ArangoLocalStorage{}, @@ -81,7 +80,7 @@ func NewFilteredArangoLocalStorageInformer(client versioned.Interface, namespace } func (f *arangoLocalStorageInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredArangoLocalStorageInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) + return NewFilteredArangoLocalStorageInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) } func (f *arangoLocalStorageInformer) Informer() cache.SharedIndexInformer { diff --git a/pkg/generated/informers/externalversions/storage/v1alpha/interface.go b/pkg/generated/informers/externalversions/storage/v1alpha/interface.go index a90dd68a8..d410030ea 100644 --- a/pkg/generated/informers/externalversions/storage/v1alpha/interface.go +++ b/pkg/generated/informers/externalversions/storage/v1alpha/interface.go @@ -45,5 +45,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList // ArangoLocalStorages returns a ArangoLocalStorageInformer. func (v *version) ArangoLocalStorages() ArangoLocalStorageInformer { - return &arangoLocalStorageInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} + return &arangoLocalStorageInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } diff --git a/pkg/generated/listers/storage/v1alpha/arangolocalstorage.go b/pkg/generated/listers/storage/v1alpha/arangolocalstorage.go index 9b0e2ba58..7a89e9306 100644 --- a/pkg/generated/listers/storage/v1alpha/arangolocalstorage.go +++ b/pkg/generated/listers/storage/v1alpha/arangolocalstorage.go @@ -33,8 +33,8 @@ import ( type ArangoLocalStorageLister interface { // List lists all ArangoLocalStorages in the indexer. List(selector labels.Selector) (ret []*v1alpha.ArangoLocalStorage, err error) - // ArangoLocalStorages returns an object that can list and get ArangoLocalStorages. - ArangoLocalStorages(namespace string) ArangoLocalStorageNamespaceLister + // Get retrieves the ArangoLocalStorage from the index for a given name. + Get(name string) (*v1alpha.ArangoLocalStorage, error) ArangoLocalStorageListerExpansion } @@ -56,38 +56,9 @@ func (s *arangoLocalStorageLister) List(selector labels.Selector) (ret []*v1alph return ret, err } -// ArangoLocalStorages returns an object that can list and get ArangoLocalStorages. -func (s *arangoLocalStorageLister) ArangoLocalStorages(namespace string) ArangoLocalStorageNamespaceLister { - return arangoLocalStorageNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// ArangoLocalStorageNamespaceLister helps list and get ArangoLocalStorages. -type ArangoLocalStorageNamespaceLister interface { - // List lists all ArangoLocalStorages in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1alpha.ArangoLocalStorage, err error) - // Get retrieves the ArangoLocalStorage from the indexer for a given namespace and name. - Get(name string) (*v1alpha.ArangoLocalStorage, error) - ArangoLocalStorageNamespaceListerExpansion -} - -// arangoLocalStorageNamespaceLister implements the ArangoLocalStorageNamespaceLister -// interface. -type arangoLocalStorageNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all ArangoLocalStorages in the indexer for a given namespace. -func (s arangoLocalStorageNamespaceLister) List(selector labels.Selector) (ret []*v1alpha.ArangoLocalStorage, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha.ArangoLocalStorage)) - }) - return ret, err -} - -// Get retrieves the ArangoLocalStorage from the indexer for a given namespace and name. -func (s arangoLocalStorageNamespaceLister) Get(name string) (*v1alpha.ArangoLocalStorage, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) +// Get retrieves the ArangoLocalStorage from the index for a given name. +func (s *arangoLocalStorageLister) Get(name string) (*v1alpha.ArangoLocalStorage, error) { + obj, exists, err := s.indexer.GetByKey(name) if err != nil { return nil, err } diff --git a/pkg/generated/listers/storage/v1alpha/expansion_generated.go b/pkg/generated/listers/storage/v1alpha/expansion_generated.go index 2d1482be3..76e4cd4fe 100644 --- a/pkg/generated/listers/storage/v1alpha/expansion_generated.go +++ b/pkg/generated/listers/storage/v1alpha/expansion_generated.go @@ -25,7 +25,3 @@ package v1alpha // ArangoLocalStorageListerExpansion allows custom methods to be added to // ArangoLocalStorageLister. type ArangoLocalStorageListerExpansion interface{} - -// ArangoLocalStorageNamespaceListerExpansion allows custom methods to be added to -// ArangoLocalStorageNamespaceLister. -type ArangoLocalStorageNamespaceListerExpansion interface{} diff --git a/pkg/operator/operator_local_storage.go b/pkg/operator/operator_local_storage.go index 33c532a84..2672e78d7 100644 --- a/pkg/operator/operator_local_storage.go +++ b/pkg/operator/operator_local_storage.go @@ -49,7 +49,7 @@ func (o *Operator) runLocalStorages(stop <-chan struct{}) { source := cache.NewListWatchFromClient( o.Dependencies.CRCli.StorageV1alpha().RESTClient(), api.ArangoLocalStorageResourcePlural, - o.Config.Namespace, + "", //o.Config.Namespace, fields.Everything()) _, informer := cache.NewIndexerInformer(source, &api.ArangoLocalStorage{}, 0, cache.ResourceEventHandlerFuncs{ @@ -194,6 +194,7 @@ func (o *Operator) handleLocalStorageEvent(event *Event) error { // makeLocalStorageConfigAndDeps creates a Config & Dependencies object for a new LocalStorage. func (o *Operator) makeLocalStorageConfigAndDeps(apiObject *api.ArangoLocalStorage) (storage.Config, storage.Dependencies) { cfg := storage.Config{ + Namespace: o.Config.Namespace, PodName: o.Config.PodName, ServiceAccount: o.Config.ServiceAccount, } diff --git a/pkg/storage/daemon_set.go b/pkg/storage/daemon_set.go index d05c3ecfe..50381ea32 100644 --- a/pkg/storage/daemon_set.go +++ b/pkg/storage/daemon_set.go @@ -44,7 +44,7 @@ const ( // If it already exists, it is updated. func (ls *LocalStorage) ensureDaemonSet(apiObject *api.ArangoLocalStorage) error { log := ls.deps.Log - ns := apiObject.GetNamespace() + ns := ls.config.Namespace c := corev1.Container{ Name: "provisioner", Image: ls.image, diff --git a/pkg/storage/image.go b/pkg/storage/image.go index 48d166a84..8114076c0 100644 --- a/pkg/storage/image.go +++ b/pkg/storage/image.go @@ -30,7 +30,7 @@ import ( // getMyImage fetched the docker image from my own pod func (l *LocalStorage) getMyImage() (string, v1.PullPolicy, error) { log := l.deps.Log - ns := l.apiObject.GetNamespace() + ns := l.config.Namespace p, err := l.deps.KubeCli.CoreV1().Pods(ns).Get(l.config.PodName, metav1.GetOptions{}) if err != nil { diff --git a/pkg/storage/local_storage.go b/pkg/storage/local_storage.go index 983e76cb4..9e1c2b437 100644 --- a/pkg/storage/local_storage.go +++ b/pkg/storage/local_storage.go @@ -44,6 +44,7 @@ import ( // Config holds configuration settings for a LocalStorage type Config struct { + Namespace string PodName string ServiceAccount string } @@ -274,7 +275,7 @@ func (ls *LocalStorage) handleArangoLocalStorageUpdatedEvent(event *localStorage log := ls.deps.Log.With().Str("localStorage", event.LocalStorage.GetName()).Logger() // Get the most recent version of the local storage from the API server - current, err := ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages(ls.apiObject.GetNamespace()).Get(ls.apiObject.GetName(), metav1.GetOptions{}) + current, err := ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages().Get(ls.apiObject.GetName(), metav1.GetOptions{}) if err != nil { log.Debug().Err(err).Msg("Failed to get current version of local storage from API server") if k8sutil.IsNotFound(err) { @@ -339,8 +340,7 @@ func (ls *LocalStorage) updateCRStatus() error { for { attempt++ update.Status = ls.status - ns := ls.apiObject.GetNamespace() - newAPIObject, err := ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages(ns).Update(update) + newAPIObject, err := ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages().Update(update) if err == nil { // Update internal object ls.apiObject = newAPIObject @@ -350,7 +350,7 @@ func (ls *LocalStorage) updateCRStatus() error { // API object may have been changed already, // Reload api object and try again var current *api.ArangoLocalStorage - current, err = ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages(ns).Get(update.GetName(), metav1.GetOptions{}) + current, err = ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages().Get(update.GetName(), metav1.GetOptions{}) if err == nil { update = current.DeepCopy() continue @@ -374,8 +374,7 @@ func (ls *LocalStorage) updateCRSpec(newSpec api.LocalStorageSpec) error { attempt++ update.Spec = newSpec update.Status = ls.status - ns := ls.apiObject.GetNamespace() - newAPIObject, err := ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages(ns).Update(update) + newAPIObject, err := ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages().Update(update) if err == nil { // Update internal object ls.apiObject = newAPIObject @@ -385,7 +384,7 @@ func (ls *LocalStorage) updateCRSpec(newSpec api.LocalStorageSpec) error { // API object may have been changed already, // Reload api object and try again var current *api.ArangoLocalStorage - current, err = ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages(ns).Get(update.GetName(), metav1.GetOptions{}) + current, err = ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages().Get(update.GetName(), metav1.GetOptions{}) if err == nil { update = current.DeepCopy() continue @@ -424,7 +423,7 @@ func (ls *LocalStorage) reportFailedStatus() { return maskAny(err) } - depl, err := ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages(ls.apiObject.Namespace).Get(ls.apiObject.Name, metav1.GetOptions{}) + depl, err := ls.deps.StorageCRCli.StorageV1alpha().ArangoLocalStorages().Get(ls.apiObject.Name, metav1.GetOptions{}) if err != nil { // Update (PUT) will return conflict even if object is deleted since we have UID set in object. // Because it will check UID first and return something like: diff --git a/pkg/storage/pvc_informer.go b/pkg/storage/pvc_informer.go index 7e9e3e4b0..de2db650d 100644 --- a/pkg/storage/pvc_informer.go +++ b/pkg/storage/pvc_informer.go @@ -33,7 +33,7 @@ func (ls *LocalStorage) listenForPvcEvents() { source := cache.NewListWatchFromClient( ls.deps.KubeCli.CoreV1().RESTClient(), "persistentvolumeclaims", - ls.apiObject.GetNamespace(), + "", //ls.apiObject.GetNamespace(), fields.Everything()) getPvc := func(obj interface{}) (*v1.PersistentVolumeClaim, bool) { diff --git a/pkg/storage/service.go b/pkg/storage/service.go index c897a7dca..18901df3c 100644 --- a/pkg/storage/service.go +++ b/pkg/storage/service.go @@ -52,7 +52,7 @@ func (ls *LocalStorage) ensureProvisionerService(apiObject *api.ArangoLocalStora }, } svc.SetOwnerReferences(append(svc.GetOwnerReferences(), apiObject.AsOwner())) - ns := apiObject.GetNamespace() + ns := ls.config.Namespace if _, err := ls.deps.KubeCli.CoreV1().Services(ns).Create(svc); err != nil && !k8sutil.IsAlreadyExists(err) { return maskAny(err) } diff --git a/pkg/util/crd/crd.go b/pkg/util/crd/crd.go index 966a1b847..67bfd634e 100644 --- a/pkg/util/crd/crd.go +++ b/pkg/util/crd/crd.go @@ -54,7 +54,7 @@ func WaitCRDReady(clientset apiextensionsclient.Interface, crdName string) error } return maskAny(fmt.Errorf("Retry needed")) } - if err := retry.Retry(op, time.Minute*5); err != nil { + if err := retry.Retry(op, time.Second*30); err != nil { return maskAny(err) } return nil diff --git a/tools/manifests/manifest_builder.go b/tools/manifests/manifest_builder.go index 0919e9482..9ab7766d5 100644 --- a/tools/manifests/manifest_builder.go +++ b/tools/manifests/manifest_builder.go @@ -77,15 +77,21 @@ type TemplateOptions struct { Image string ImagePullPolicy string RBAC bool - Deployment OperatorOptions - Storage OperatorOptions + Deployment ResourceOptions + Storage ResourceOptions } -type OperatorOptions struct { - Namespace string - OperatorName string - ClusterRoleName string - ClusterRoleBindingName string +type CommonOptions struct { + Namespace string + RoleName string + RoleBindingName string + ServiceAccountName string +} + +type ResourceOptions struct { + User CommonOptions + Operator CommonOptions + OperatorDeploymentName string } func main() { @@ -124,17 +130,35 @@ func main() { Image: options.Image, ImagePullPolicy: options.ImagePullPolicy, RBAC: options.RBAC, - Deployment: OperatorOptions{ - Namespace: options.Namespace, - OperatorName: options.DeploymentOperatorName, - ClusterRoleName: "arango-deployment-operator", - ClusterRoleBindingName: "arango-deployment-operator", + Deployment: ResourceOptions{ + User: CommonOptions{ + Namespace: options.Namespace, + RoleName: "arango-deployments", + RoleBindingName: "arango-deployments", + ServiceAccountName: "default", + }, + Operator: CommonOptions{ + Namespace: options.Namespace, + RoleName: "arango-deployment-operator", + RoleBindingName: "arango-deployment-operator", + ServiceAccountName: "default", + }, + OperatorDeploymentName: "arango-deployment-operator", }, - Storage: OperatorOptions{ - Namespace: options.Namespace, - OperatorName: options.StorageOperatorName, - ClusterRoleName: "arango-storage-operator", - ClusterRoleBindingName: "arango-storage-operator", + Storage: ResourceOptions{ + User: CommonOptions{ + Namespace: options.Namespace, + RoleName: "arango-storages", + RoleBindingName: "arango-storages", + ServiceAccountName: "default", + }, + Operator: CommonOptions{ + Namespace: "kube-system", + RoleName: "arango-storage-operator", + RoleBindingName: "arango-storage-operator", + ServiceAccountName: "arango-storage-operator", + }, + OperatorDeploymentName: "arango-storage-operator", }, } for group, templateNames := range templateNameSet {