This is an automated email from the ASF dual-hosted git repository.

pcongiusti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git


The following commit(s) were added to refs/heads/main by this push:
     new 9b5782684 chore(controller): builder permissions static
9b5782684 is described below

commit 9b5782684c3cc4aacf11a1004d1669f36a205cae
Author: Pasquale Congiusti <pasquale.congiu...@gmail.com>
AuthorDate: Sat Nov 23 09:21:18 2024 +0100

    chore(controller): builder permissions static
    
    We better move the definition of builder SA permissions (required by Pod 
strategy) statically at installation time to simplify role management and 
remove any dynamic setting.
---
 pkg/controller/integrationkit/build.go             |  7 ---
 pkg/install/builder.go                             | 57 ----------------------
 pkg/platform/defaults.go                           | 26 ----------
 .../manager}/builder-role-binding-openshift.yaml   |  0
 .../manager}/builder-role-binding.yaml             |  0
 .../manager}/builder-role-openshift.yaml           |  0
 .../builder => config/manager}/builder-role.yaml   |  0
 .../manager}/builder-service-account.yaml          |  0
 pkg/resources/config/manager/kustomization.yaml    |  5 ++
 .../manager/patch-image-pull-policy-always.yaml    | 27 ----------
 10 files changed, 5 insertions(+), 117 deletions(-)

diff --git a/pkg/controller/integrationkit/build.go 
b/pkg/controller/integrationkit/build.go
index 9973c2043..da534c672 100644
--- a/pkg/controller/integrationkit/build.go
+++ b/pkg/controller/integrationkit/build.go
@@ -155,13 +155,6 @@ func (action *buildAction) createBuild(ctx 
context.Context, kit *v1.IntegrationK
                }
        }
 
-       //nolint:contextcheck
-       if buildConfig.Strategy == v1.BuildStrategyPod {
-               err = platform.CreateBuilderServiceAccount(env.Ctx, env.Client, 
env.Platform)
-               if err != nil {
-                       return nil, fmt.Errorf("error while creating Camel K 
Builder service account: %w", err)
-               }
-       }
        // The build operation, when executed as a Pod, should be executed by a 
container image containing the
        // `kamel builder` command. Likely the same image running the operator 
should be fine.
        buildConfig.ToolImage = platform.OperatorImage
diff --git a/pkg/install/builder.go b/pkg/install/builder.go
deleted file mode 100644
index 44a9f238c..000000000
--- a/pkg/install/builder.go
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements.  See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License.  You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package install
-
-import (
-       "context"
-
-       v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1"
-       "github.com/apache/camel-k/v2/pkg/client"
-)
-
-// BuilderServiceAccountRoles installs the builder service account and related 
roles in the given namespace.
-func BuilderServiceAccountRoles(ctx context.Context, c client.Client, 
namespace string, cluster v1.IntegrationPlatformCluster) error {
-       if cluster == v1.IntegrationPlatformClusterOpenShift {
-               if err := installBuilderServiceAccountRolesOpenShift(ctx, c, 
namespace); err != nil {
-                       return err
-               }
-       } else {
-               if err := installBuilderServiceAccountRolesKubernetes(ctx, c, 
namespace); err != nil {
-                       return err
-               }
-       }
-       return nil
-}
-
-func installBuilderServiceAccountRolesOpenShift(ctx context.Context, c 
client.Client, namespace string) error {
-       return ResourcesOrCollect(ctx, c, namespace, nil, true, 
IdentityResourceCustomizer,
-               "/resources/builder/builder-service-account.yaml",
-               "/resources/builder/builder-role.yaml",
-               "/resources/builder/builder-role-binding.yaml",
-               "/resources/builder/builder-role-openshift.yaml",
-               "/resources/builder/builder-role-binding-openshift.yaml",
-       )
-}
-
-func installBuilderServiceAccountRolesKubernetes(ctx context.Context, c 
client.Client, namespace string) error {
-       return ResourcesOrCollect(ctx, c, namespace, nil, true, 
IdentityResourceCustomizer,
-               "/resources/builder/builder-service-account.yaml",
-               "/resources/builder/builder-role.yaml",
-               "/resources/builder/builder-role-binding.yaml",
-       )
-}
diff --git a/pkg/platform/defaults.go b/pkg/platform/defaults.go
index 66398013a..ebb09c3d7 100644
--- a/pkg/platform/defaults.go
+++ b/pkg/platform/defaults.go
@@ -19,7 +19,6 @@ package platform
 
 import (
        "context"
-       "fmt"
        "runtime"
        "strings"
        "time"
@@ -30,11 +29,8 @@ import (
        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
        "k8s.io/apimachinery/pkg/types"
 
-       ctrl "sigs.k8s.io/controller-runtime/pkg/client"
-
        v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1"
        "github.com/apache/camel-k/v2/pkg/client"
-       "github.com/apache/camel-k/v2/pkg/install"
        "github.com/apache/camel-k/v2/pkg/kamelet/repository"
        "github.com/apache/camel-k/v2/pkg/util/defaults"
        "github.com/apache/camel-k/v2/pkg/util/log"
@@ -109,12 +105,6 @@ func ConfigureDefaults(ctx context.Context, c 
client.Client, p *v1.IntegrationPl
                return err
        }
 
-       if p.Status.Build.BuildConfiguration.Strategy == v1.BuildStrategyPod {
-               if err := CreateBuilderServiceAccount(ctx, c, p); err != nil {
-                       return fmt.Errorf("cannot ensure service account is 
present: %w", err)
-               }
-       }
-
        err = configureRegistry(ctx, c, p, verbose)
        if err != nil {
                return err
@@ -131,22 +121,6 @@ func ConfigureDefaults(ctx context.Context, c 
client.Client, p *v1.IntegrationPl
        return nil
 }
 
-func CreateBuilderServiceAccount(ctx context.Context, client client.Client, p 
*v1.IntegrationPlatform) error {
-       log.Debugf("Integration Platform %s [%s]: creating build service 
account", p.Name, p.Namespace)
-       sa := corev1.ServiceAccount{}
-       key := ctrl.ObjectKey{
-               Name:      BuilderServiceAccount,
-               Namespace: p.Namespace,
-       }
-
-       err := client.Get(ctx, key, &sa)
-       if err != nil && k8serrors.IsNotFound(err) {
-               return install.BuilderServiceAccountRoles(ctx, client, 
p.Namespace, p.Status.Cluster)
-       }
-
-       return err
-}
-
 func configureRegistry(ctx context.Context, c client.Client, p 
*v1.IntegrationPlatform, verbose bool) error {
        if p.Status.Cluster == v1.IntegrationPlatformClusterOpenShift &&
                p.Status.Build.PublishStrategy != 
v1.IntegrationPlatformBuildPublishStrategyS2I &&
diff --git 
a/pkg/resources/resources/builder/builder-role-binding-openshift.yaml 
b/pkg/resources/config/manager/builder-role-binding-openshift.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-role-binding-openshift.yaml
rename to pkg/resources/config/manager/builder-role-binding-openshift.yaml
diff --git a/pkg/resources/resources/builder/builder-role-binding.yaml 
b/pkg/resources/config/manager/builder-role-binding.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-role-binding.yaml
rename to pkg/resources/config/manager/builder-role-binding.yaml
diff --git a/pkg/resources/resources/builder/builder-role-openshift.yaml 
b/pkg/resources/config/manager/builder-role-openshift.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-role-openshift.yaml
rename to pkg/resources/config/manager/builder-role-openshift.yaml
diff --git a/pkg/resources/resources/builder/builder-role.yaml 
b/pkg/resources/config/manager/builder-role.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-role.yaml
rename to pkg/resources/config/manager/builder-role.yaml
diff --git a/pkg/resources/resources/builder/builder-service-account.yaml 
b/pkg/resources/config/manager/builder-service-account.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-service-account.yaml
rename to pkg/resources/config/manager/builder-service-account.yaml
diff --git a/pkg/resources/config/manager/kustomization.yaml 
b/pkg/resources/config/manager/kustomization.yaml
index 895978ab4..1ad4421c3 100644
--- a/pkg/resources/config/manager/kustomization.yaml
+++ b/pkg/resources/config/manager/kustomization.yaml
@@ -21,3 +21,8 @@ kind: Kustomization
 resources:
 - operator-deployment.yaml
 - operator-service-account.yaml
+- builder-service-account.yaml
+- builder-role.yaml
+- builder-role-openshift.yaml
+- builder-role-binding.yaml
+- builder-role-binding-openshift.yaml
diff --git a/pkg/resources/config/manager/patch-image-pull-policy-always.yaml 
b/pkg/resources/config/manager/patch-image-pull-policy-always.yaml
deleted file mode 100644
index e03b90dc7..000000000
--- a/pkg/resources/config/manager/patch-image-pull-policy-always.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# ---------------------------------------------------------------------------
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ---------------------------------------------------------------------------
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: camel-k-operator
-spec:
-  template:
-    spec:
-      containers:
-        - name: camel-k-operator
-          imagePullPolicy: Always

Reply via email to