This is an automated email from the ASF dual-hosted git repository.
pcongiusti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
The following commit(s) were added to refs/heads/main by this push:
new 9b5782684 chore(controller): builder permissions static
9b5782684 is described below
commit 9b5782684c3cc4aacf11a1004d1669f36a205cae
Author: Pasquale Congiusti <pasquale.congiu...@gmail.com>
AuthorDate: Sat Nov 23 09:21:18 2024 +0100
chore(controller): builder permissions static
We better move the definition of builder SA permissions (required by Pod
strategy) statically at installation time to simplify role management and
remove any dynamic setting.
---
pkg/controller/integrationkit/build.go | 7 ---
pkg/install/builder.go | 57 ----------------------
pkg/platform/defaults.go | 26 ----------
.../manager}/builder-role-binding-openshift.yaml | 0
.../manager}/builder-role-binding.yaml | 0
.../manager}/builder-role-openshift.yaml | 0
.../builder => config/manager}/builder-role.yaml | 0
.../manager}/builder-service-account.yaml | 0
pkg/resources/config/manager/kustomization.yaml | 5 ++
.../manager/patch-image-pull-policy-always.yaml | 27 ----------
10 files changed, 5 insertions(+), 117 deletions(-)
diff --git a/pkg/controller/integrationkit/build.go
b/pkg/controller/integrationkit/build.go
index 9973c2043..da534c672 100644
--- a/pkg/controller/integrationkit/build.go
+++ b/pkg/controller/integrationkit/build.go
@@ -155,13 +155,6 @@ func (action *buildAction) createBuild(ctx
context.Context, kit *v1.IntegrationK
}
}
- //nolint:contextcheck
- if buildConfig.Strategy == v1.BuildStrategyPod {
- err = platform.CreateBuilderServiceAccount(env.Ctx, env.Client,
env.Platform)
- if err != nil {
- return nil, fmt.Errorf("error while creating Camel K
Builder service account: %w", err)
- }
- }
// The build operation, when executed as a Pod, should be executed by a
container image containing the
// `kamel builder` command. Likely the same image running the operator
should be fine.
buildConfig.ToolImage = platform.OperatorImage
diff --git a/pkg/install/builder.go b/pkg/install/builder.go
deleted file mode 100644
index 44a9f238c..000000000
--- a/pkg/install/builder.go
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package install
-
-import (
- "context"
-
- v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1"
- "github.com/apache/camel-k/v2/pkg/client"
-)
-
-// BuilderServiceAccountRoles installs the builder service account and related
roles in the given namespace.
-func BuilderServiceAccountRoles(ctx context.Context, c client.Client,
namespace string, cluster v1.IntegrationPlatformCluster) error {
- if cluster == v1.IntegrationPlatformClusterOpenShift {
- if err := installBuilderServiceAccountRolesOpenShift(ctx, c,
namespace); err != nil {
- return err
- }
- } else {
- if err := installBuilderServiceAccountRolesKubernetes(ctx, c,
namespace); err != nil {
- return err
- }
- }
- return nil
-}
-
-func installBuilderServiceAccountRolesOpenShift(ctx context.Context, c
client.Client, namespace string) error {
- return ResourcesOrCollect(ctx, c, namespace, nil, true,
IdentityResourceCustomizer,
- "/resources/builder/builder-service-account.yaml",
- "/resources/builder/builder-role.yaml",
- "/resources/builder/builder-role-binding.yaml",
- "/resources/builder/builder-role-openshift.yaml",
- "/resources/builder/builder-role-binding-openshift.yaml",
- )
-}
-
-func installBuilderServiceAccountRolesKubernetes(ctx context.Context, c
client.Client, namespace string) error {
- return ResourcesOrCollect(ctx, c, namespace, nil, true,
IdentityResourceCustomizer,
- "/resources/builder/builder-service-account.yaml",
- "/resources/builder/builder-role.yaml",
- "/resources/builder/builder-role-binding.yaml",
- )
-}
diff --git a/pkg/platform/defaults.go b/pkg/platform/defaults.go
index 66398013a..ebb09c3d7 100644
--- a/pkg/platform/defaults.go
+++ b/pkg/platform/defaults.go
@@ -19,7 +19,6 @@ package platform
import (
"context"
- "fmt"
"runtime"
"strings"
"time"
@@ -30,11 +29,8 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
- ctrl "sigs.k8s.io/controller-runtime/pkg/client"
-
v1 "github.com/apache/camel-k/v2/pkg/apis/camel/v1"
"github.com/apache/camel-k/v2/pkg/client"
- "github.com/apache/camel-k/v2/pkg/install"
"github.com/apache/camel-k/v2/pkg/kamelet/repository"
"github.com/apache/camel-k/v2/pkg/util/defaults"
"github.com/apache/camel-k/v2/pkg/util/log"
@@ -109,12 +105,6 @@ func ConfigureDefaults(ctx context.Context, c
client.Client, p *v1.IntegrationPl
return err
}
- if p.Status.Build.BuildConfiguration.Strategy == v1.BuildStrategyPod {
- if err := CreateBuilderServiceAccount(ctx, c, p); err != nil {
- return fmt.Errorf("cannot ensure service account is
present: %w", err)
- }
- }
-
err = configureRegistry(ctx, c, p, verbose)
if err != nil {
return err
@@ -131,22 +121,6 @@ func ConfigureDefaults(ctx context.Context, c
client.Client, p *v1.IntegrationPl
return nil
}
-func CreateBuilderServiceAccount(ctx context.Context, client client.Client, p
*v1.IntegrationPlatform) error {
- log.Debugf("Integration Platform %s [%s]: creating build service
account", p.Name, p.Namespace)
- sa := corev1.ServiceAccount{}
- key := ctrl.ObjectKey{
- Name: BuilderServiceAccount,
- Namespace: p.Namespace,
- }
-
- err := client.Get(ctx, key, &sa)
- if err != nil && k8serrors.IsNotFound(err) {
- return install.BuilderServiceAccountRoles(ctx, client,
p.Namespace, p.Status.Cluster)
- }
-
- return err
-}
-
func configureRegistry(ctx context.Context, c client.Client, p
*v1.IntegrationPlatform, verbose bool) error {
if p.Status.Cluster == v1.IntegrationPlatformClusterOpenShift &&
p.Status.Build.PublishStrategy !=
v1.IntegrationPlatformBuildPublishStrategyS2I &&
diff --git
a/pkg/resources/resources/builder/builder-role-binding-openshift.yaml
b/pkg/resources/config/manager/builder-role-binding-openshift.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-role-binding-openshift.yaml
rename to pkg/resources/config/manager/builder-role-binding-openshift.yaml
diff --git a/pkg/resources/resources/builder/builder-role-binding.yaml
b/pkg/resources/config/manager/builder-role-binding.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-role-binding.yaml
rename to pkg/resources/config/manager/builder-role-binding.yaml
diff --git a/pkg/resources/resources/builder/builder-role-openshift.yaml
b/pkg/resources/config/manager/builder-role-openshift.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-role-openshift.yaml
rename to pkg/resources/config/manager/builder-role-openshift.yaml
diff --git a/pkg/resources/resources/builder/builder-role.yaml
b/pkg/resources/config/manager/builder-role.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-role.yaml
rename to pkg/resources/config/manager/builder-role.yaml
diff --git a/pkg/resources/resources/builder/builder-service-account.yaml
b/pkg/resources/config/manager/builder-service-account.yaml
similarity index 100%
rename from pkg/resources/resources/builder/builder-service-account.yaml
rename to pkg/resources/config/manager/builder-service-account.yaml
diff --git a/pkg/resources/config/manager/kustomization.yaml
b/pkg/resources/config/manager/kustomization.yaml
index 895978ab4..1ad4421c3 100644
--- a/pkg/resources/config/manager/kustomization.yaml
+++ b/pkg/resources/config/manager/kustomization.yaml
@@ -21,3 +21,8 @@ kind: Kustomization
resources:
- operator-deployment.yaml
- operator-service-account.yaml
+- builder-service-account.yaml
+- builder-role.yaml
+- builder-role-openshift.yaml
+- builder-role-binding.yaml
+- builder-role-binding-openshift.yaml
diff --git a/pkg/resources/config/manager/patch-image-pull-policy-always.yaml
b/pkg/resources/config/manager/patch-image-pull-policy-always.yaml
deleted file mode 100644
index e03b90dc7..000000000
--- a/pkg/resources/config/manager/patch-image-pull-policy-always.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# ---------------------------------------------------------------------------
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ---------------------------------------------------------------------------
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: camel-k-operator
-spec:
- template:
- spec:
- containers:
- - name: camel-k-operator
- imagePullPolicy: Always
