Skip to content

Restart controller manager process when certs change on disk #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
mfojtik wants to merge 5 commits into from
Closed

Restart controller manager process when certs change on disk #254

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e6057bc
move to component-base
mfojtik May 17, 2019
ddfe725
update glide.yaml
mfojtik May 17, 2019
4f62825
bump(*): update to kube 1.14.0
mfojtik May 17, 2019
248b437
wire watchdog to controller-manager pod
mfojtik May 6, 2019
3fa8cea
manifests: add role and rolebindings for watchdog
mfojtik May 7, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
36 changes: 34 additions & 2 deletions bindata/v3.11.0/kube-controller-manager/pod.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ metadata:
kube-controller-manager: "true"
revision: "REVISION"
spec:
shareProcessNamespace: true
initContainers:
- name: wait-for-host-port
terminationMessagePolicy: FallbackToLogsOnError
Expand Down Expand Up @@ -71,6 +72,11 @@ spec:
fieldPath: metadata.namespace
image: ${OPERATOR_IMAGE}
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/kubernetes/static-pod-resources
name: resource-dir
- mountPath: /etc/kubernetes/static-pod-certs
name: cert-dir
terminationMessagePolicy: FallbackToLogsOnError
command: ["cluster-kube-controller-manager-operator", "cert-syncer"]
args:
Expand All @@ -81,11 +87,37 @@ spec:
requests:
memory: 50Mi
cpu: 10m
- name: kube-controller-manager-watchdog-REVISION
securityContext:
capabilities:
add:
- SYS_PTRACE
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ${OPERATOR_IMAGE}
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /etc/kubernetes/static-pod-resources
name: resource-dir
- mountPath: /etc/kubernetes/static-pod-certs
name: cert-dir
terminationMessagePolicy: FallbackToLogsOnError
command: ["cluster-kube-controller-manager-operator", "file-watcher-watchdog"]
args:
- --kubeconfig=/etc/kubernetes/static-pod-resources/configmaps/kube-controller-cert-syncer-kubeconfig/kubeconfig
- --namespace=$(POD_NAMESPACE)
- --process-name=hyperkube
- --termination-grace-period=30s
- --files=/etc/kubernetes/static-pod-certs/secrets/kube-controller-manager-client-cert-key/tls.crt,/etc/kubernetes/static-pod-/secrets/kube-controller-manager-client-cert-key/tls.key,/etc/kubernetes/static-pod-resources/secrets/csr-signer/tls.crt,/etc/kubernetes/static-pod-resources/secrets/csr-signer/tls.key,/etc/kubernetes/static-pod-resources/secrets/kube-scheduler-client-cert-key/tls.crt,/etc/kubernetes/static-pod-resources/secrets/csr-signer/tls.key
resources:
requests:
memory: 50Mi
cpu: 10m
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
Expand Down
16 changes: 16 additions & 0 deletions bindata/v3.11.0/kube-controller-manager/watchdog-role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: watchdog-kube-controller-manager
namespace: openshift-kube-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
- pods
verbs:
- get
- list
- watch
- create
11 changes: 11 additions & 0 deletions bindata/v3.11.0/kube-controller-manager/watchdog-rolebinding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: openshift-kube-controller-manager
name: system:openshift:watchdog-kube-controller-manager
roleRef:
kind: Role
name: watchdog-kube-controller-manager
subjects:
- kind: User
name: system:kube-controller-manager
7 changes: 5 additions & 2 deletions cmd/cluster-kube-controller-manager-operator/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,15 @@ import (
"github.com/spf13/cobra"
"github.com/spf13/pflag"

utilflag "k8s.io/apiserver/pkg/util/flag"
"k8s.io/apiserver/pkg/util/logs"
utilflag "k8s.io/component-base/cli/flag"
"k8s.io/component-base/logs"

operatorcmd "github.com/openshift/cluster-kube-controller-manager-operator/pkg/cmd/operator"
"github.com/openshift/cluster-kube-controller-manager-operator/pkg/cmd/render"
"github.com/openshift/cluster-kube-controller-manager-operator/pkg/cmd/resourcegraph"
"github.com/openshift/cluster-kube-controller-manager-operator/pkg/operator"
"github.com/openshift/library-go/pkg/operator/watchdog"

"github.com/openshift/library-go/pkg/operator/staticpod/certsyncpod"
"github.com/openshift/library-go/pkg/operator/staticpod/installerpod"
"github.com/openshift/library-go/pkg/operator/staticpod/prune"
Expand Down Expand Up @@ -52,6 +54,7 @@ func NewSSCSCommand() *cobra.Command {
cmd.AddCommand(render.NewRenderCommand(os.Stderr))
cmd.AddCommand(installerpod.NewInstaller())
cmd.AddCommand(prune.NewPrune())
cmd.AddCommand(watchdog.NewFileWatcherWatchdog())
cmd.AddCommand(resourcegraph.NewResourceChainCommand())
cmd.AddCommand(certsyncpod.NewCertSyncControllerCommand(operator.CertConfigMaps, operator.CertSecrets))

Expand Down
Loading