Skip to content

Commit

Permalink
controller: create ServiceAccounts for all components
Browse files Browse the repository at this point in the history
  • Loading branch information
@apetruhin
apetruhin committed Nov 12, 2024
1 parent d78f1bf commit 8383f61
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 18 deletions.
16 changes: 2 additions & 14 deletions controller/cluster_agent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,6 @@ const (
KubeStateMetricsImage = "ghcr.io/coroot/kube-state-metrics:2.13.0-ubi9-0"
)

func (r *CorootReconciler) clusterAgentServiceAccount(cr *corootv1.Coroot) *corev1.ServiceAccount {
a := &corev1.ServiceAccount{
ObjectMeta: metav1.ObjectMeta{
Name: cr.Name + "-cluster-agent",
Namespace: cr.Namespace,
Labels: Labels(cr, "coroot-cluster-agent"),
},
}
return a
}

func (r *CorootReconciler) clusterAgentClusterRoleBinding(cr *corootv1.Coroot) *rbacv1.ClusterRoleBinding {
b := &rbacv1.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -115,9 +104,8 @@ func (r *CorootReconciler) clusterAgentDeployment(cr *corootv1.Coroot) *appsv1.D
Labels: ls,
},
Spec: corev1.PodSpec{
SecurityContext: nonRootSecurityContext,
ServiceAccountName: cr.Name + "-cluster-agent",
Affinity: cr.Spec.ClusterAgent.Affinity,
SecurityContext: nonRootSecurityContext,
Affinity: cr.Spec.ClusterAgent.Affinity,
Containers: []corev1.Container{
{
Image: r.getAppImage(cr, AppClusterAgent),
Expand Down
19 changes: 15 additions & 4 deletions controller/controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/utils/ptr"
ctrl "sigs.k8s.io/controller-runtime"
Expand Down Expand Up @@ -98,10 +99,9 @@ func (r *CorootReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr

r.CreateOrUpdateDaemonSet(ctx, cr, r.nodeAgentDaemonSet(cr))

r.CreateOrUpdateServiceAccount(ctx, cr, r.clusterAgentServiceAccount(cr))
r.CreateOrUpdateDeployment(ctx, cr, r.clusterAgentDeployment(cr))
r.CreateOrUpdateClusterRole(ctx, cr, r.clusterAgentClusterRole(cr))
r.CreateOrUpdateClusterRoleBinding(ctx, cr, r.clusterAgentClusterRoleBinding(cr))
r.CreateOrUpdateDeployment(ctx, cr, r.clusterAgentDeployment(cr))

if cr.Spec.AgentsOnly != nil {
// TODO: delete
Expand Down Expand Up @@ -163,20 +163,26 @@ func (r *CorootReconciler) CreateSecret(ctx context.Context, cr *corootv1.Coroot
}

func (r *CorootReconciler) CreateOrUpdateDeployment(ctx context.Context, cr *corootv1.Coroot, d *appsv1.Deployment) {
r.CreateOrUpdateServiceAccount(ctx, cr, d.ObjectMeta)
d.Spec.Template.Spec.ServiceAccountName = d.ObjectMeta.Name
spec := d.Spec
r.CreateOrUpdate(ctx, cr, d, func() error {
return Merge(&d.Spec, spec)
})
}

func (r *CorootReconciler) CreateOrUpdateDaemonSet(ctx context.Context, cr *corootv1.Coroot, ds *appsv1.DaemonSet) {
r.CreateOrUpdateServiceAccount(ctx, cr, ds.ObjectMeta)
ds.Spec.Template.Spec.ServiceAccountName = ds.ObjectMeta.Name
spec := ds.Spec
r.CreateOrUpdate(ctx, cr, ds, func() error {
return Merge(&ds.Spec, spec)
})
}

func (r *CorootReconciler) CreateOrUpdateStatefulSet(ctx context.Context, cr *corootv1.Coroot, ss *appsv1.StatefulSet) {
r.CreateOrUpdateServiceAccount(ctx, cr, ss.ObjectMeta)
ss.Spec.Template.Spec.ServiceAccountName = ss.ObjectMeta.Name
spec := ss.Spec
r.CreateOrUpdate(ctx, cr, ss, func() error {
volumeClaimTemplates := ss.Spec.VolumeClaimTemplates[:]
Expand All @@ -202,8 +208,13 @@ func (r *CorootReconciler) CreateOrUpdateService(ctx context.Context, cr *coroot
})
}

func (r *CorootReconciler) CreateOrUpdateServiceAccount(ctx context.Context, cr *corootv1.Coroot, s *corev1.ServiceAccount) {
r.CreateOrUpdate(ctx, cr, s, nil)
func (r *CorootReconciler) CreateOrUpdateServiceAccount(ctx context.Context, cr *corootv1.Coroot, om metav1.ObjectMeta) {
sa := &corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{
Name: om.Name,
Namespace: om.Namespace,
Labels: om.Labels,
}}
r.CreateOrUpdate(ctx, cr, sa, nil)
}

func (r *CorootReconciler) CreateOrUpdateClusterRole(ctx context.Context, cr *corootv1.Coroot, role *rbacv1.ClusterRole) {
Expand Down

0 comments on commit 8383f61

Please sign in to comment.