jandre/formol
1
1
Fork 0
Code Issues 6 Pull Requests Projects Releases 1 Wiki Activity

Remove the RBAC once the last sidecar from the namespace is removed

Browse Source
This commit is contained in:
Jean-Marc ANDRE 2023-02-21 20:48:59 +01:00
parent cfea083594
commit 0c2d2d8f54
2 changed files with 35 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
controllers/backupconfiguration_controller.go
View File

@ -64,6 +64,7 @@ func (r *BackupConfigurationReconciler) Reconcile(ctx context.Context, req ctrl.
if controllerutil.ContainsFinalizer(&backupConf, finalizerName) { if controllerutil.ContainsFinalizer(&backupConf, finalizerName) {
_ = r.DeleteSidecar(backupConf) _ = r.DeleteSidecar(backupConf)
_ = r.DeleteCronJob(backupConf) _ = r.DeleteCronJob(backupConf)
_ = r.deleteRBACSidecar(backupConf.Namespace)
controllerutil.RemoveFinalizer(&backupConf, finalizerName) controllerutil.RemoveFinalizer(&backupConf, finalizerName)
if err := r.Update(ctx, &backupConf); err != nil { if err := r.Update(ctx, &backupConf); err != nil {
r.Log.Error(err, "unable to remove finalizer") r.Log.Error(err, "unable to remove finalizer")
@ -96,16 +97,15 @@ func (r *BackupConfigurationReconciler) Reconcile(ctx context.Context, req ctrl.
for _, target := range backupConf.Spec.Targets { for _, target := range backupConf.Spec.Targets {
switch target.BackupType { switch target.BackupType {
case formolv1alpha1.OnlineKind: case formolv1alpha1.OnlineKind:
// TODO: add a sidecar to the pod with the target.Containers[].Paths mounted
if err := r.addOnlineSidecar(backupConf, target); err != nil { if err := r.addOnlineSidecar(backupConf, target); err != nil {
r.Log.Error(err, "unable to add online sidecar") r.Log.Error(err, "unable to add online sidecar")
return ctrl.Result{}, err return ctrl.Result{}, err
} }
backupConf.Status.ActiveSidecar = true backupConf.Status.ActiveSidecar = true
case formolv1alpha1.JobKind: case formolv1alpha1.JobKind:
// TODO: add a sidecar to the pod with a shared // TODO: add a sidecar to the pod with a shared volume
case formolv1alpha1.SnapshotKind: case formolv1alpha1.SnapshotKind:
// TOD: add a sidecar to run the steps // TODO: add a sidecar to run the steps
} }
} }

49
controllers/backupconfiguration_controller_helpers.go
View File

@ -336,24 +336,39 @@ func (r *BackupConfigurationReconciler) addOnlineSidecar(backupConf formolv1alph
return return
} }
func (r *BackupConfigurationReconciler) deleteRBACSidecar(namespace string) error {
podList := corev1.PodList{}
if err := r.List(r.Context, &podList, &client.ListOptions{
Namespace: namespace,
}); err != nil {
r.Log.Error(err, "unable to get the list of pods", "namespace", namespace)
return err
}
for _, pod := range podList.Items {
for _, container := range pod.Spec.Containers {
for _, env := range container.Env {
if env.Name == formolv1alpha1.SIDECARCONTAINER_NAME {
// There is still a sidecar in the namespace.
// cannot delete the sidecar role
return nil
}
}
}
}
role := rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{
Namespace: namespace,
Name: FORMOL_SIDECAR_ROLE,
},
}
if err := r.Delete(r.Context, &role); err != nil {
r.Log.Error(err, "unable to delete sidecar role")
return err
}
return nil
}
func (r *BackupConfigurationReconciler) createRBACSidecar(sa corev1.ServiceAccount) error { func (r *BackupConfigurationReconciler) createRBACSidecar(sa corev1.ServiceAccount) error {
// sa := corev1.ServiceAccount {}
// if err := r.Get(r.Context, client.ObjectKey {
// Namespace: backupConf.Namespace,
// Name: FORMOL_SA,
// }, &sa); err != nil && errors.IsNotFound(err) {
// sa = corev1.ServiceAccount {
// ObjectMeta: metav1.ObjectMeta {
// Namespace: backupConf.Namespace,
// Name: FORMOL_SA,
// },
// }
// r.Log.V(0).Info("Creating formol service account", "sa", sa)
// if err = r.Create(r.Context, &sa); err != nil {
// r.Log.Error(err, "unable to create service account")
// return err
// }
// }
if sa.Name == "" { if sa.Name == "" {
sa.Name = "default" sa.Name = "default"
} }