From 2796dcc804290386d55e946da651ec569a826dcb Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Sat, 9 Feb 2019 19:30:00 -0500 Subject: [PATCH 1/2] Delete operator 1 This is the minimal change to remove operator 1. It does not attempt to update operator 2 to remove the "2" or make other cosmetic changes. Signed-off-by: Monis Khan --- cmd/authentication-operator/main.go | 2 - ...ter-authentication-operator_05_deploy.yaml | 40 ------ pkg/cmd/operator/cmd.go | 18 --- pkg/operator/operator.go | 125 ------------------ pkg/operator/starter.go | 89 ------------- 5 files changed, 274 deletions(-) delete mode 100644 pkg/cmd/operator/cmd.go delete mode 100644 pkg/operator/operator.go delete mode 100644 pkg/operator/starter.go diff --git a/cmd/authentication-operator/main.go b/cmd/authentication-operator/main.go index e1c2aecbb8..6d8bd52d1a 100644 --- a/cmd/authentication-operator/main.go +++ b/cmd/authentication-operator/main.go @@ -13,7 +13,6 @@ import ( utilflag "k8s.io/apiserver/pkg/util/flag" "k8s.io/apiserver/pkg/util/logs" - "github.com/openshift/cluster-authentication-operator/pkg/cmd/operator" "github.com/openshift/cluster-authentication-operator/pkg/cmd/operator2" ) @@ -43,7 +42,6 @@ func NewAuthenticationOperatorCommand() *cobra.Command { }, } - cmd.AddCommand(operator.NewOperator()) cmd.AddCommand(operator2.NewOperator()) return cmd diff --git a/manifests/cluster-authentication-operator_05_deploy.yaml b/manifests/cluster-authentication-operator_05_deploy.yaml index 8d1107f31e..fe7b065c24 100644 --- a/manifests/cluster-authentication-operator_05_deploy.yaml +++ b/manifests/cluster-authentication-operator_05_deploy.yaml @@ -1,45 +1,5 @@ apiVersion: apps/v1 kind: Deployment -metadata: - namespace: openshift-authentication-operator - name: origin-cluster-authentication-operator1 - labels: - app: origin-cluster-osin-operator -spec: - replicas: 1 - selector: - matchLabels: - app: origin-cluster-osin-operator - template: - metadata: - name: origin-cluster-osin-operator - labels: - app: origin-cluster-osin-operator - spec: - serviceAccountName: openshift-authentication-operator - containers: - - name: operator - image: quay.io/openshift/origin-cluster-authentication-operator:v4.0 - imagePullPolicy: IfNotPresent - command: ["authentication-operator", "operator1"] - args: - - "--config=/var/run/configmaps/config/operator-config.yaml" - - "-v=4" - volumeMounts: - - mountPath: /var/run/configmaps/config - name: config - volumes: - - name: config - configMap: - defaultMode: 440 - name: openshift-authentication-operator-config - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - operator: Exists ---- -apiVersion: apps/v1 -kind: Deployment metadata: namespace: openshift-authentication-operator name: openshift-authentication-operator diff --git a/pkg/cmd/operator/cmd.go b/pkg/cmd/operator/cmd.go deleted file mode 100644 index f94f4b55f2..0000000000 --- a/pkg/cmd/operator/cmd.go +++ /dev/null @@ -1,18 +0,0 @@ -package operator - -import ( - "github.com/spf13/cobra" - - "github.com/openshift/cluster-authentication-operator/pkg/operator" - "github.com/openshift/cluster-authentication-operator/pkg/version" - "github.com/openshift/library-go/pkg/controller/controllercmd" -) - -const componentName = "cluster-osin-operator" - -func NewOperator() *cobra.Command { - cmd := controllercmd.NewControllerCommandConfig(componentName, version.Get(), operator.RunOperator).NewCommand() - cmd.Use = "operator1" - cmd.Short = "Start the Osin Operator" - return cmd -} diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go deleted file mode 100644 index 52a3549c50..0000000000 --- a/pkg/operator/operator.go +++ /dev/null @@ -1,125 +0,0 @@ -package operator - -import ( - "bytes" - "encoding/json" - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/client-go/dynamic" - - "github.com/openshift/cluster-authentication-operator/pkg/boilerplate/controller" - "github.com/openshift/cluster-authentication-operator/pkg/boilerplate/operator" - "github.com/openshift/library-go/pkg/operator/resource/resourcemerge" -) - -const ( - oldTargetKubeAPIServerOperatorConfig = "instance" - targetKubeAPIServerOperatorConfig = "cluster" - targetInfratructureConfig = "cluster" -) - -type osinOperator struct { - oldKubeAPIServerOperatorClient dynamic.ResourceInterface - kubeAPIServerOperatorClient dynamic.ResourceInterface - infrastructureConfigClient dynamic.ResourceInterface -} - -func NewOsinOperator( - oldOperatorConfigInformer controller.InformerGetter, oldKubeAPIServerOperatorClient dynamic.ResourceInterface, - kubeAPIServerOperatorConfigInformer controller.InformerGetter, kubeAPIServerOperatorClient dynamic.ResourceInterface, - infrastructureConfigInformer controller.InformerGetter, infrastructureConfigClient dynamic.ResourceInterface) operator.Runner { - c := &osinOperator{ - oldKubeAPIServerOperatorClient: oldKubeAPIServerOperatorClient, - kubeAPIServerOperatorClient: kubeAPIServerOperatorClient, - infrastructureConfigClient: infrastructureConfigClient, - } - - return operator.New("OsinOperator", c, - operator.WithInformer(oldOperatorConfigInformer, operator.FilterByNames(oldTargetKubeAPIServerOperatorConfig, targetKubeAPIServerOperatorConfig), controller.WithNoSync()), - operator.WithInformer(kubeAPIServerOperatorConfigInformer, operator.FilterByNames(oldTargetKubeAPIServerOperatorConfig, targetKubeAPIServerOperatorConfig), controller.WithNoSync()), - operator.WithInformer(infrastructureConfigInformer, operator.FilterByNames(targetInfratructureConfig), controller.WithNoSync()), - ) -} - -func (c osinOperator) Key() (metav1.Object, error) { - return c.infrastructureConfigClient.Get(targetInfratructureConfig, metav1.GetOptions{}) -} - -func (c osinOperator) Sync(obj metav1.Object) error { - infra := obj.(*unstructured.Unstructured) - // https://github.com/openshift/api/blob/ea5d05408a95a765d44b5a4b31561b530f0b1f4c/config/v1/types_infrastructure.go#L47 - apiURL, ok, err := unstructured.NestedString(infra.Object, "status", "apiServerURL") - if err != nil { - return err - } - if !ok || apiURL == "" { - return fmt.Errorf("apiServerURL field not found") - } - - // try all the potential names and resources to update. Eventually we'll be done with the old - updateErr := updateKubeAPIServer(c.oldKubeAPIServerOperatorClient, oldTargetKubeAPIServerOperatorConfig, apiURL) - if updateErr == nil { - return nil - } - - updateErr = updateKubeAPIServer(c.kubeAPIServerOperatorClient, oldTargetKubeAPIServerOperatorConfig, apiURL) - if updateErr == nil { - return nil - } - - updateErr = updateKubeAPIServer(c.oldKubeAPIServerOperatorClient, targetKubeAPIServerOperatorConfig, apiURL) - if updateErr == nil { - return nil - } - - updateErr = updateKubeAPIServer(c.kubeAPIServerOperatorClient, targetKubeAPIServerOperatorConfig, apiURL) - if updateErr == nil { - return nil - } - - return updateErr -} - -func updateKubeAPIServer(kubeAPIServerOperatorClient dynamic.ResourceInterface, name, apiURL string) error { - apiServerOperatorConfig, err := kubeAPIServerOperatorClient.Get(name, metav1.GetOptions{}) - if err != nil { - return err - } - apiServerOperatorConfigBytes, err := apiServerOperatorConfig.MarshalJSON() - if err != nil { - return err - } - - expectedOAuthConfig := map[string]interface{}{ - "spec": map[string]interface{}{ - "unsupportedConfigOverrides": map[string]interface{}{ - "oauthConfig": map[string]interface{}{ - "masterPublicURL": apiURL, - "masterURL": apiURL, - "masterCA": "/etc/kubernetes/static-pod-resources/configmaps/client-ca/ca-bundle.crt", - }, - }, - }, - } - expectedOAuthConfigBytes, err := json.Marshal(expectedOAuthConfig) - if err != nil { - return err - } - - mergedBytes, err := resourcemerge.MergeProcessConfig(nil, apiServerOperatorConfigBytes, expectedOAuthConfigBytes) - if err != nil { - return err - } - if bytes.Equal(mergedBytes, apiServerOperatorConfigBytes) { - return nil - } - - out := &unstructured.Unstructured{} - if err := out.UnmarshalJSON(mergedBytes); err != nil { - return err - } - _, updateErr := kubeAPIServerOperatorClient.Update(out, metav1.UpdateOptions{}) - return updateErr -} diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go deleted file mode 100644 index f4203c60cf..0000000000 --- a/pkg/operator/starter.go +++ /dev/null @@ -1,89 +0,0 @@ -package operator - -import ( - "fmt" - "time" - - "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/tools/cache" - - "github.com/openshift/cluster-authentication-operator/pkg/boilerplate/controller" - "github.com/openshift/library-go/pkg/controller/controllercmd" -) - -const resync = 20 * time.Minute - -var oldKubeAPIServerOperatorConfigGVR = schema.GroupVersionResource{ - Group: "kubeapiserver.operator.openshift.io", - Version: "v1alpha1", - Resource: "kubeapiserveroperatorconfigs", -} -var kubeAPIServerOperatorConfigGVR = schema.GroupVersionResource{ - Group: "operator.openshift.io", - Version: "v1", - Resource: "kubeapiservers", -} -var infrastructureConfigGVR = schema.GroupVersionResource{ - Group: "config.openshift.io", - Version: "v1", - Resource: "infrastructures", -} - -func RunOperator(ctx *controllercmd.ControllerContext) error { - dynamicClient, err := dynamic.NewForConfig(ctx.KubeConfig) - if err != nil { - return err - } - - oldKubeAPIServerOperatorConfig := dynamicClient.Resource(oldKubeAPIServerOperatorConfigGVR) - oldKubeAPIServerOperatorConfigInformer := dynamicInformer(oldKubeAPIServerOperatorConfig) - kubeAPIServerOperatorConfig := dynamicClient.Resource(kubeAPIServerOperatorConfigGVR) - kubeAPIServerOperatorConfigInformer := dynamicInformer(kubeAPIServerOperatorConfig) - infrastructureConfig := dynamicClient.Resource(infrastructureConfigGVR) - infrastructureConfigInformer := dynamicInformer(infrastructureConfig) - - operator := NewOsinOperator( - oldKubeAPIServerOperatorConfigInformer, - oldKubeAPIServerOperatorConfig, - kubeAPIServerOperatorConfigInformer, - kubeAPIServerOperatorConfig, - infrastructureConfigInformer, - infrastructureConfig, - ) - - go oldKubeAPIServerOperatorConfigInformer.Informer().Run(ctx.Context.Done()) - go kubeAPIServerOperatorConfigInformer.Informer().Run(ctx.Context.Done()) - go infrastructureConfigInformer.Informer().Run(ctx.Context.Done()) - - go operator.Run(ctx.Context.Done()) - - <-ctx.Context.Done() - - return fmt.Errorf("stopped") -} - -func dynamicInformer(resource dynamic.ResourceInterface) controller.InformerGetter { - lw := &cache.ListWatch{ - ListFunc: func(opts v1.ListOptions) (runtime.Object, error) { - return resource.List(opts) - }, - WatchFunc: func(opts v1.ListOptions) (watch.Interface, error) { - return resource.Watch(opts) - }, - } - informer := cache.NewSharedIndexInformer(lw, &unstructured.Unstructured{}, resync, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}) - return &toInformerGetter{informer: informer} -} - -type toInformerGetter struct { - informer cache.SharedIndexInformer -} - -func (g *toInformerGetter) Informer() cache.SharedIndexInformer { - return g.informer -} From a201aa8087afa963340bb04f6d0d878bd125a865 Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Sat, 9 Feb 2019 19:30:03 -0500 Subject: [PATCH 2/2] Set operator 2 to Managed Since operator 1 is gone, operator 2 needs to run by default to allow kube:admin to work. Signed-off-by: Monis Khan --- pkg/operator2/starter.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/operator2/starter.go b/pkg/operator2/starter.go index 05c0cefc91..8a93072539 100644 --- a/pkg/operator2/starter.go +++ b/pkg/operator2/starter.go @@ -28,14 +28,13 @@ import ( const ( resync = 20 * time.Minute - // TODO unpause when ready defaultOperatorConfig = ` apiVersion: operator.openshift.io/v1 kind: Authentication metadata: name: ` + globalConfigName + ` spec: - managementState: Paused + managementState: Managed ` // TODO figure out the permanent home for top level CRDs and default CRs