diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 0bcaf09f0..389af8e8c 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -194,6 +194,36 @@ func (c *Cluster) initUsers() error { return nil } +/* + Ensures the service account required by StatefulSets to create pods exists in a namespace before a PG cluster is created there so that a user does not have to deploy the account manually. + + The operator does not sync these accounts. +*/ +func (c *Cluster) createPodServiceAccounts() error { + + podServiceAccount := c.Config.OpConfig.PodServiceAccountName + c.setProcessName("creating pod service account in the watched namespaces") + + _, err := c.KubeClient.ServiceAccounts(c.Namespace).Get(podServiceAccount, metav1.GetOptions{}) + + if err != nil { + c.logger.Warnf("the pod service account %q is absent from the namespace %q. Stateful sets in the namespace are unable to create pods.", podServiceAccount, c.Namespace) + + c.OpConfig.PodServiceAccount.SetNamespace(c.Namespace) + + _, err = c.KubeClient.ServiceAccounts(c.Namespace).Create(c.OpConfig.PodServiceAccount) + if err != nil { + c.logger.Warnf("cannot deploy the pod service account %q defined in the config map to the %q namespace: %v", podServiceAccount, c.Namespace, err) + } else { + c.logger.Infof("successfully deployed the pod service account %q to the %q namespace", podServiceAccount, c.Namespace) + } + } else { + c.logger.Infof("successfully found the service account %q used to create pods to the namespace %q", podServiceAccount, c.Namespace) + } + + return err +} + // Create creates the new kubernetes objects associated with the cluster. func (c *Cluster) Create() error { c.mu.Lock() @@ -256,7 +286,7 @@ func (c *Cluster) Create() error { } c.logger.Infof("pod disruption budget %q has been successfully created", util.NameFromMeta(pdb.ObjectMeta)) - if err = c.syncPodServiceAccounts(); err != nil { + if err = c.createPodServiceAccounts(); err != nil { return fmt.Errorf("could not sync pod service accounts: %v", err) } c.logger.Infof("pod service accounts have been successfully synced") diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index 133ea50fc..5a77e658b 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -44,12 +44,6 @@ func (c *Cluster) Sync(newSpec *spec.Postgresql) (err error) { return } - c.logger.Debugf("syncing service accounts") - if err = c.syncPodServiceAccounts(); err != nil { - err = fmt.Errorf("could not sync service accounts: %v", err) - return - } - c.logger.Debugf("syncing services") if err = c.syncServices(); err != nil { err = fmt.Errorf("could not sync services: %v", err) @@ -109,34 +103,6 @@ func (c *Cluster) syncServices() error { return nil } -/* - Ensures the service account required by StatefulSets to create pods exists in all namespaces watched by the operator. -*/ -func (c *Cluster) syncPodServiceAccounts() error { - - podServiceAccount := c.Config.OpConfig.PodServiceAccountName - c.setProcessName("syncing pod service account in the watched namespaces") - - _, err := c.KubeClient.ServiceAccounts(c.Namespace).Get(podServiceAccount, metav1.GetOptions{}) - - if err != nil { - c.logger.Warnf("the pod service account %q is absent from the namespace %q. Stateful sets in the namespace are unable to create pods.", podServiceAccount, c.Namespace) - - c.OpConfig.PodServiceAccount.SetNamespace(c.Namespace) - - _, err = c.KubeClient.ServiceAccounts(c.Namespace).Create(c.OpConfig.PodServiceAccount) - if err != nil { - c.logger.Warnf("cannot deploy the pod service account %q defined in the config map to the %q namespace: %v", podServiceAccount, c.Namespace, err) - } else { - c.logger.Infof("successfully deployed the pod service account %q to the %q namespace", podServiceAccount, c.Namespace) - } - } else { - c.logger.Infof("successfully found the service account %q used to create pods to the namespace %q", podServiceAccount, c.Namespace) - } - - return err -} - func (c *Cluster) syncService(role PostgresRole) error { c.setProcessName("syncing %s service", role) diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 4c47c72b0..4a12948de 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -131,7 +131,7 @@ func (c *Controller) initPodServiceAccount() { c.opConfig.PodServiceAccount = obj.(*v1.ServiceAccount) } - // actual service accounts are deployed lazily at the time of cluster creation or sync + // actual service accounts are deployed at the time of Postgres/Spilo cluster creation } func (c *Controller) initController() {