Remove sync of pod service accounts
This commit is contained in:
Sergey Dudoladov
parent
214ae04aa7
commit
23f893647c
|
|
@ -194,6 +194,36 @@ func (c *Cluster) initUsers() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
Ensures the service account required by StatefulSets to create pods exists in a namespace before a PG cluster is created there so that a user does not have to deploy the account manually.
|
||||
|
||||
The operator does not sync these accounts.
|
||||
*/
|
||||
func (c *Cluster) createPodServiceAccounts() error {
|
||||
|
||||
podServiceAccount := c.Config.OpConfig.PodServiceAccountName
|
||||
c.setProcessName("creating pod service account in the watched namespaces")
|
||||
|
||||
_, err := c.KubeClient.ServiceAccounts(c.Namespace).Get(podServiceAccount, metav1.GetOptions{})
|
||||
|
||||
if err != nil {
|
||||
c.logger.Warnf("the pod service account %q is absent from the namespace %q. Stateful sets in the namespace are unable to create pods.", podServiceAccount, c.Namespace)
|
||||
|
||||
c.OpConfig.PodServiceAccount.SetNamespace(c.Namespace)
|
||||
|
||||
_, err = c.KubeClient.ServiceAccounts(c.Namespace).Create(c.OpConfig.PodServiceAccount)
|
||||
if err != nil {
|
||||
c.logger.Warnf("cannot deploy the pod service account %q defined in the config map to the %q namespace: %v", podServiceAccount, c.Namespace, err)
|
||||
} else {
|
||||
c.logger.Infof("successfully deployed the pod service account %q to the %q namespace", podServiceAccount, c.Namespace)
|
||||
}
|
||||
} else {
|
||||
c.logger.Infof("successfully found the service account %q used to create pods to the namespace %q", podServiceAccount, c.Namespace)
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
// Create creates the new kubernetes objects associated with the cluster.
|
||||
func (c *Cluster) Create() error {
|
||||
c.mu.Lock()
|
||||
|
|
@ -256,7 +286,7 @@ func (c *Cluster) Create() error {
|
|||
}
|
||||
c.logger.Infof("pod disruption budget %q has been successfully created", util.NameFromMeta(pdb.ObjectMeta))
|
||||
|
||||
if err = c.syncPodServiceAccounts(); err != nil {
|
||||
if err = c.createPodServiceAccounts(); err != nil {
|
||||
return fmt.Errorf("could not sync pod service accounts: %v", err)
|
||||
}
|
||||
c.logger.Infof("pod service accounts have been successfully synced")
|
||||
|
|
|
|||
|
|
@ -44,12 +44,6 @@ func (c *Cluster) Sync(newSpec *spec.Postgresql) (err error) {
|
|||
return
|
||||
}
|
||||
|
||||
c.logger.Debugf("syncing service accounts")
|
||||
if err = c.syncPodServiceAccounts(); err != nil {
|
||||
err = fmt.Errorf("could not sync service accounts: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
c.logger.Debugf("syncing services")
|
||||
if err = c.syncServices(); err != nil {
|
||||
err = fmt.Errorf("could not sync services: %v", err)
|
||||
|
|
@ -109,34 +103,6 @@ func (c *Cluster) syncServices() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
/*
|
||||
Ensures the service account required by StatefulSets to create pods exists in all namespaces watched by the operator.
|
||||
*/
|
||||
func (c *Cluster) syncPodServiceAccounts() error {
|
||||
|
||||
podServiceAccount := c.Config.OpConfig.PodServiceAccountName
|
||||
c.setProcessName("syncing pod service account in the watched namespaces")
|
||||
|
||||
_, err := c.KubeClient.ServiceAccounts(c.Namespace).Get(podServiceAccount, metav1.GetOptions{})
|
||||
|
||||
if err != nil {
|
||||
c.logger.Warnf("the pod service account %q is absent from the namespace %q. Stateful sets in the namespace are unable to create pods.", podServiceAccount, c.Namespace)
|
||||
|
||||
c.OpConfig.PodServiceAccount.SetNamespace(c.Namespace)
|
||||
|
||||
_, err = c.KubeClient.ServiceAccounts(c.Namespace).Create(c.OpConfig.PodServiceAccount)
|
||||
if err != nil {
|
||||
c.logger.Warnf("cannot deploy the pod service account %q defined in the config map to the %q namespace: %v", podServiceAccount, c.Namespace, err)
|
||||
} else {
|
||||
c.logger.Infof("successfully deployed the pod service account %q to the %q namespace", podServiceAccount, c.Namespace)
|
||||
}
|
||||
} else {
|
||||
c.logger.Infof("successfully found the service account %q used to create pods to the namespace %q", podServiceAccount, c.Namespace)
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func (c *Cluster) syncService(role PostgresRole) error {
|
||||
c.setProcessName("syncing %s service", role)
|
||||
|
||||
|
|
|
|||
|
|
@ -131,7 +131,7 @@ func (c *Controller) initPodServiceAccount() {
|
|||
c.opConfig.PodServiceAccount = obj.(*v1.ServiceAccount)
|
||||
}
|
||||
|
||||
// actual service accounts are deployed lazily at the time of cluster creation or sync
|
||||
// actual service accounts are deployed at the time of Postgres/Spilo cluster creation
|
||||
}
|
||||
|
||||
func (c *Controller) initController() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue