From 301c3efc2c154829a87e3ee77c459f6a70401487 Mon Sep 17 00:00:00 2001 From: Benjamin Ernst Date: Mon, 18 Nov 2024 08:57:38 +0100 Subject: [PATCH] #71 Remove leader-election The leader-election was not used, but needed special RBAC permissions. --- CHANGELOG.md | 1 + k8s/helm/templates/deployment.yaml | 1 - k8s/helm/templates/leader-election-rbac.yaml | 53 -------------- k8s/helm/templates/manager-config.yaml | 3 - main.go | 12 +--- pkg/controllers/componentController.go | 1 - pkg/labels/testdata/doguOp.yaml | 70 ------------------- pkg/labels/testdata/doguOpWithLabels.yaml | 72 -------------------- 8 files changed, 4 insertions(+), 209 deletions(-) delete mode 100644 k8s/helm/templates/leader-election-rbac.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 325255c..d0833b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Removed - [#71] Remove unused ClusterRole for reading metrics +- [#71] Remove unused leader-election along with its RBAC permissions ## [v1.2.1] - 2024-11-04 ### Fixed diff --git a/k8s/helm/templates/deployment.yaml b/k8s/helm/templates/deployment.yaml index 9a05762..385c49e 100644 --- a/k8s/helm/templates/deployment.yaml +++ b/k8s/helm/templates/deployment.yaml @@ -47,7 +47,6 @@ spec: - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect env: - name: STAGE value: {{ quote .Values.manager.env.stage | default "production" }} diff --git a/k8s/helm/templates/leader-election-rbac.yaml b/k8s/helm/templates/leader-election-rbac.yaml deleted file mode 100644 index 8e94415..0000000 --- a/k8s/helm/templates/leader-election-rbac.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "k8s-component-operator.name" . }}-leader-election-role - labels: - {{- include "k8s-component-operator.labels" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "k8s-component-operator.name" . }}-leader-election-rolebinding - labels: - {{- include "k8s-component-operator.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: '{{ include "k8s-component-operator.name" . }}-leader-election-role' -subjects: - - kind: ServiceAccount - name: '{{ include "k8s-component-operator.name" . }}-controller-manager' - namespace: '{{ .Release.Namespace }}' diff --git a/k8s/helm/templates/manager-config.yaml b/k8s/helm/templates/manager-config.yaml index d020356..e74a048 100644 --- a/k8s/helm/templates/manager-config.yaml +++ b/k8s/helm/templates/manager-config.yaml @@ -14,6 +14,3 @@ data: bindAddress: 127.0.0.1:8080 webhook: port: 9443 - leaderElection: - leaderElect: true - resourceName: 951e217a.cloudogu.com diff --git a/main.go b/main.go index 462f35c..110fc21 100644 --- a/main.go +++ b/main.go @@ -35,10 +35,9 @@ var ( scheme = runtime.NewScheme() // set up the logger before the actual logger is instantiated // the logger will be replaced later-on with a more sophisticated instance - operatorLog = ctrl.Log.WithName("component-operator") - metricsAddr string - enableLeaderElection bool - probeAddr string + operatorLog = ctrl.Log.WithName("component-operator") + metricsAddr string + probeAddr string ) var ( @@ -132,9 +131,6 @@ func addRunners(k8sManager manager.Manager, clientSet ecosystem.ComponentEcosyst func getK8sManagerOptions(operatorConfig *config.OperatorConfig) manager.Options { flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") - flag.BoolVar(&enableLeaderElection, "leader-elect", false, - "Enable leader election for controller manager. "+ - "Enabling this will ensure there is only one active controller manager.") options := ctrl.Options{ Scheme: scheme, @@ -148,8 +144,6 @@ func getK8sManagerOptions(operatorConfig *config.OperatorConfig) manager.Options }}, WebhookServer: webhook.NewServer(webhook.Options{Port: 9443}), HealthProbeBindAddress: probeAddr, - LeaderElection: enableLeaderElection, - LeaderElectionID: "951e217a.cloudogu.com", } return options diff --git a/pkg/controllers/componentController.go b/pkg/controllers/componentController.go index 7351732..b4a7b46 100644 --- a/pkg/controllers/componentController.go +++ b/pkg/controllers/componentController.go @@ -335,7 +335,6 @@ func (r *ComponentReconciler) SetupWithManager(mgr ctrl.Manager) error { options := controller.TypedOptions[reconcile.Request]{ SkipNameValidation: controllerOptions.SkipNameValidation, RecoverPanic: controllerOptions.RecoverPanic, - NeedLeaderElection: controllerOptions.NeedLeaderElection, } return ctrl.NewControllerManagedBy(mgr). diff --git a/pkg/labels/testdata/doguOp.yaml b/pkg/labels/testdata/doguOp.yaml index 5c13456..dd74c66 100644 --- a/pkg/labels/testdata/doguOp.yaml +++ b/pkg/labels/testdata/doguOp.yaml @@ -49,9 +49,6 @@ data: bindAddress: 127.0.0.1:8080 webhook: port: 9443 - leaderElection: - leaderElect: true - resourceName: 951e217a.cloudogu.com --- # Source: k8s-dogu-operator/templates/cluster-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -113,51 +110,6 @@ subjects: name: 'k8s-dogu-operator-controller-manager' namespace: 'ecosystem' --- -# Source: k8s-dogu-operator/templates/leader-election-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: k8s-dogu-operator-leader-election-role - labels: - app: ces - app.kubernetes.io/name: k8s-dogu-operator - app.kubernetes.io/instance: release-name - helm.sh/chart: k8s-dogu-operator-0.40.0-dev - app.kubernetes.io/version: "0.40.0-dev" - app.kubernetes.io/managed-by: Helm -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- # Source: k8s-dogu-operator/templates/manager-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -204,27 +156,6 @@ rules: verbs: - create --- -# Source: k8s-dogu-operator/templates/leader-election-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: k8s-dogu-operator-leader-election-rolebinding - labels: - app: ces - app.kubernetes.io/name: k8s-dogu-operator - app.kubernetes.io/instance: release-name - helm.sh/chart: k8s-dogu-operator-0.40.0-dev - app.kubernetes.io/version: "0.40.0-dev" - app.kubernetes.io/managed-by: Helm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 'k8s-dogu-operator-leader-election-role' -subjects: - - kind: ServiceAccount - name: 'k8s-dogu-operator-controller-manager' - namespace: 'ecosystem' ---- # Source: k8s-dogu-operator/templates/manager-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -344,7 +275,6 @@ spec: - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect env: - name: STAGE value: "development" diff --git a/pkg/labels/testdata/doguOpWithLabels.yaml b/pkg/labels/testdata/doguOpWithLabels.yaml index 0605b30..ce11fce 100644 --- a/pkg/labels/testdata/doguOpWithLabels.yaml +++ b/pkg/labels/testdata/doguOpWithLabels.yaml @@ -41,9 +41,6 @@ data: bindAddress: 127.0.0.1:8080 webhook: port: 9443 - leaderElection: - leaderElect: true - resourceName: 951e217a.cloudogu.com kind: ConfigMap metadata: labels: @@ -123,53 +120,6 @@ subjects: name: k8s-dogu-operator-controller-manager namespace: ecosystem ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: ces - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: k8s-dogu-operator - app.kubernetes.io/version: 0.40.0-dev - helm.sh/chart: k8s-dogu-operator-0.40.0-dev - k8s.cloudogu.com/component.name: k8s-dogu-operator - k8s.cloudogu.com/component.version: 1.2.3-4 - name: k8s-dogu-operator-leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -221,27 +171,6 @@ rules: - create --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: ces - app.kubernetes.io/instance: release-name - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: k8s-dogu-operator - app.kubernetes.io/version: 0.40.0-dev - helm.sh/chart: k8s-dogu-operator-0.40.0-dev - k8s.cloudogu.com/component.name: k8s-dogu-operator - k8s.cloudogu.com/component.version: 1.2.3-4 - name: k8s-dogu-operator-leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: k8s-dogu-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: k8s-dogu-operator-controller-manager - namespace: ecosystem --- apiVersion: rbac.authorization.k8s.io/v1 @@ -370,7 +299,6 @@ spec: - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect env: - name: STAGE value: development