-
Notifications
You must be signed in to change notification settings - Fork 142
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* adds watching for owned resources, it must prevent bug for #159 in case of kubernetes-controller manager removes object, it will be recreated after sync. NOTE cluster wide objects cannot be owned by namespaced objects, in this case operator creates orphaned objects, that cannot be deleted with garbage collection. Need to bind it to related CRD in future. * fixes vmalert config * adds finalizers for objects it must fix #164 #159 * fixes rbac * Fixes naming and docs * Fixes incorrect prometheus converter start, fixes tests * commeneted test
- Loading branch information
Showing
22 changed files
with
206 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
package psp | ||
|
||
import ( | ||
"context" | ||
|
||
"k8s.io/api/policy/v1beta1" | ||
v1 "k8s.io/api/rbac/v1" | ||
"k8s.io/apimachinery/pkg/api/errors" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
"sigs.k8s.io/controller-runtime/pkg/client" | ||
) | ||
|
||
// DeletePSPChain - removes psp, cluster role and cluster role binding, | ||
// on finalize request for given CRD | ||
func DeletePSPChain(ctx context.Context, rclient client.Client, crd CRDObject) error { | ||
if err := ensurePSPRemoved(ctx, rclient, crd); err != nil { | ||
return err | ||
} | ||
if err := ensureCRBRemoved(ctx, rclient, crd); err != nil { | ||
return err | ||
} | ||
return ensureCRRemoved(ctx, rclient, crd) | ||
} | ||
|
||
func ensurePSPRemoved(ctx context.Context, rclient client.Client, crd CRDObject) error { | ||
return safeDelete(ctx, rclient, &v1beta1.PodSecurityPolicy{ObjectMeta: metav1.ObjectMeta{ | ||
Name: crd.GetPSPName()}}) | ||
} | ||
|
||
func ensureCRRemoved(ctx context.Context, rclient client.Client, crd CRDObject) error { | ||
return safeDelete(ctx, rclient, &v1.ClusterRole{ObjectMeta: metav1.ObjectMeta{Name: crd.PrefixedName()}}) | ||
} | ||
|
||
func ensureCRBRemoved(ctx context.Context, rclient client.Client, crd CRDObject) error { | ||
return safeDelete(ctx, rclient, &v1.ClusterRoleBinding{ObjectMeta: metav1.ObjectMeta{Name: crd.PrefixedName()}}) | ||
} | ||
|
||
func safeDelete(ctx context.Context, rclient client.Client, r client.Object) error { | ||
if err := rclient.Delete(ctx, r); err != nil { | ||
if !errors.IsNotFound(err) { | ||
return err | ||
} | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.