From 9d1630c93655d2bf74d45a5712137035403b357d Mon Sep 17 00:00:00 2001 From: John Benavides Date: Tue, 14 Apr 2020 20:25:54 +0200 Subject: [PATCH 1/3] Allow having one operator for all namespaces --- manifests/arango-deployment.yaml | 77 +++++++++----------------------- pkg/util/k8sutil/informer.go | 3 +- 2 files changed, 23 insertions(+), 57 deletions(-) diff --git a/manifests/arango-deployment.yaml b/manifests/arango-deployment.yaml index 244520a06..da745d66b 100644 --- a/manifests/arango-deployment.yaml +++ b/manifests/arango-deployment.yaml @@ -34,6 +34,24 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["*"] + - apiGroups: [""] + resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets", "serviceaccounts"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] + - apiGroups: ["backup.arangodb.com"] + resources: ["arangobackuppolicies", "arangobackups"] + verbs: ["get", "list", "watch"] + - apiGroups: ["monitoring.coreos.com"] + resources: ["servicemonitors"] + verbs: ["get", "create", "delete"] --- # Source: kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -58,7 +76,7 @@ subjects: --- # Source: kube-arangodb/templates/deployment-operator/default-role.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: name: arango-deployment-operator-rbac-default namespace: default @@ -73,41 +91,9 @@ rules: resources: ["pods"] verbs: ["get"] --- -# Source: kube-arangodb/templates/deployment-operator/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: arango-deployment-operator-rbac-deployment - namespace: default - labels: - app.kubernetes.io/name: kube-arangodb - helm.sh/chart: kube-arangodb-1.0.1 - app.kubernetes.io/managed-by: Tiller - app.kubernetes.io/instance: deployment - release: deployment -rules: - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["*"] - - apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets", "serviceaccounts"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["*"] - - apiGroups: ["backup.arangodb.com"] - resources: ["arangobackuppolicies", "arangobackups"] - verbs: ["get", "list", "watch"] - - apiGroups: ["monitoring.coreos.com"] - resources: ["servicemonitors"] - verbs: ["get", "create", "delete"] ---- # Source: kube-arangodb/templates/deployment-operator/default-role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: name: arango-deployment-operator-rbac-default namespace: default @@ -119,34 +105,13 @@ metadata: release: deployment roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role + kind: ClusterRole name: arango-deployment-operator-rbac-default subjects: - kind: ServiceAccount name: default namespace: default --- -# Source: kube-arangodb/templates/deployment-operator/role-binding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: arango-deployment-operator-rbac-deployment - namespace: default - labels: - app.kubernetes.io/name: kube-arangodb - helm.sh/chart: kube-arangodb-1.0.1 - app.kubernetes.io/managed-by: Tiller - app.kubernetes.io/instance: deployment - release: deployment -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: arango-deployment-operator-rbac-deployment -subjects: - - kind: ServiceAccount - name: arango-deployment-operator - namespace: default ---- # Source: kube-arangodb/templates/service.yaml apiVersion: v1 kind: Service diff --git a/pkg/util/k8sutil/informer.go b/pkg/util/k8sutil/informer.go index 9356f6ef5..95dc27734 100644 --- a/pkg/util/k8sutil/informer.go +++ b/pkg/util/k8sutil/informer.go @@ -23,6 +23,7 @@ package k8sutil import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/rs/zerolog" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/runtime" @@ -42,7 +43,7 @@ func NewResourceWatcher(log zerolog.Logger, getter cache.Getter, resource, names source := cache.NewListWatchFromClient( getter, resource, - namespace, + v1.NamespaceAll, fields.Everything()) _, informer := cache.NewIndexerInformer(source, objType, 0, cache.ResourceEventHandlerFuncs{ From 813853c0b5fb23d5ca70f911e99ec9b40861fe6f Mon Sep 17 00:00:00 2001 From: John Benavides Date: Tue, 14 Apr 2020 20:34:46 +0200 Subject: [PATCH 2/3] fix import styles --- pkg/util/k8sutil/informer.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/util/k8sutil/informer.go b/pkg/util/k8sutil/informer.go index 95dc27734..00c0bf964 100644 --- a/pkg/util/k8sutil/informer.go +++ b/pkg/util/k8sutil/informer.go @@ -23,7 +23,7 @@ package k8sutil import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/rs/zerolog" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/runtime" From acd2709d86a94294b8e4fee5d1a98b5b67ea6d95 Mon Sep 17 00:00:00 2001 From: John Benavides Date: Tue, 14 Apr 2020 21:10:36 +0200 Subject: [PATCH 3/3] pass "NamespaceAll" instead of arango namespace to NewResourceWatcher --- pkg/deployment/informers.go | 9 +++++---- pkg/operator/operator_deployment.go | 3 ++- pkg/operator/operator_deployment_relication.go | 3 ++- pkg/util/k8sutil/informer.go | 4 +--- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/pkg/deployment/informers.go b/pkg/deployment/informers.go index 54b7b076f..81fc89f9f 100644 --- a/pkg/deployment/informers.go +++ b/pkg/deployment/informers.go @@ -25,6 +25,7 @@ package deployment import ( v1 "k8s.io/api/core/v1" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" "github.com/arangodb/kube-arangodb/pkg/util/k8sutil" @@ -49,7 +50,7 @@ func (d *Deployment) listenForPodEvents(stopCh <-chan struct{}) { d.deps.Log, d.deps.KubeCli.CoreV1().RESTClient(), "pods", - d.apiObject.GetNamespace(), + metav1.NamespaceAll, &v1.Pod{}, cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { @@ -91,7 +92,7 @@ func (d *Deployment) listenForPVCEvents(stopCh <-chan struct{}) { d.deps.Log, d.deps.KubeCli.CoreV1().RESTClient(), "persistentvolumeclaims", - d.apiObject.GetNamespace(), + metav1.NamespaceAll, &v1.PersistentVolumeClaim{}, cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { @@ -133,7 +134,7 @@ func (d *Deployment) listenForSecretEvents(stopCh <-chan struct{}) { d.deps.Log, d.deps.KubeCli.CoreV1().RESTClient(), "secrets", - d.apiObject.GetNamespace(), + metav1.NamespaceAll, &v1.Secret{}, cache.ResourceEventHandlerFuncs{ // Note: For secrets we look at all of them because they do not have to be owned by this deployment. @@ -176,7 +177,7 @@ func (d *Deployment) listenForServiceEvents(stopCh <-chan struct{}) { d.deps.Log, d.deps.KubeCli.CoreV1().RESTClient(), "services", - d.apiObject.GetNamespace(), + metav1.NamespaceAll, &v1.Service{}, cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { diff --git a/pkg/operator/operator_deployment.go b/pkg/operator/operator_deployment.go index 1ef97e420..da71fe0fa 100644 --- a/pkg/operator/operator_deployment.go +++ b/pkg/operator/operator_deployment.go @@ -28,6 +28,7 @@ import ( deploymentType "github.com/arangodb/kube-arangodb/pkg/apis/deployment" "github.com/pkg/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kwatch "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/tools/cache" @@ -52,7 +53,7 @@ func (o *Operator) runDeployments(stop <-chan struct{}) { o.log, o.Dependencies.CRCli.DatabaseV1().RESTClient(), deploymentType.ArangoDeploymentResourcePlural, - o.Config.Namespace, + metav1.NamespaceAll, &api.ArangoDeployment{}, cache.ResourceEventHandlerFuncs{ AddFunc: o.onAddArangoDeployment, diff --git a/pkg/operator/operator_deployment_relication.go b/pkg/operator/operator_deployment_relication.go index ea5cf8db2..81be90106 100644 --- a/pkg/operator/operator_deployment_relication.go +++ b/pkg/operator/operator_deployment_relication.go @@ -28,6 +28,7 @@ import ( replication2 "github.com/arangodb/kube-arangodb/pkg/apis/replication" "github.com/pkg/errors" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" kwatch "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/tools/cache" @@ -52,7 +53,7 @@ func (o *Operator) runDeploymentReplications(stop <-chan struct{}) { o.log, o.Dependencies.CRCli.ReplicationV1().RESTClient(), replication2.ArangoDeploymentReplicationResourcePlural, - o.Config.Namespace, + v1.NamespaceAll, &api.ArangoDeploymentReplication{}, cache.ResourceEventHandlerFuncs{ AddFunc: o.onAddArangoDeploymentReplication, diff --git a/pkg/util/k8sutil/informer.go b/pkg/util/k8sutil/informer.go index 00c0bf964..223d7aac8 100644 --- a/pkg/util/k8sutil/informer.go +++ b/pkg/util/k8sutil/informer.go @@ -23,7 +23,6 @@ package k8sutil import ( - "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/rs/zerolog" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/runtime" @@ -43,9 +42,8 @@ func NewResourceWatcher(log zerolog.Logger, getter cache.Getter, resource, names source := cache.NewListWatchFromClient( getter, resource, - v1.NamespaceAll, + namespace, fields.Everything()) - _, informer := cache.NewIndexerInformer(source, objType, 0, cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { defer func() {