Skip to content

Commit 56c9884

Browse files
andrewlecuyerjkatz
andrewlecuyer
authored and
jkatz
committed
Move Initial RBAC Reconcile Attempt
The first RBAC reconciliation is now attempted when a controller group is first created, immediately giving the Operator an opportunity to create it's own RBAC within a target namespace if it has the ability to do so, e.g. when using the "dynamic" namespace operating mode
1 parent 943ec36 commit 56c9884

File tree

1 file changed

+21
-20
lines changed

1 file changed

+21
-20
lines changed

controller/manager/controllermanager.go

Lines changed: 21 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -369,6 +369,27 @@ func (c *ControllerManager) addControllerGroup(namespace string) error {
369369

370370
log.Debugf("Controller Manager: added controller group for namespace %s", namespace)
371371

372+
// check if we can create RBAC in the namespace in order to the reconcile RBAC
373+
// as needed to ensure proper operator functionality. If we can't reconcile at this point
374+
// we will try again on the next namespace refresh interval.
375+
canCreateRBACInNamespace, err := ns.CanCreateRBACInNamespace(
376+
c.controllers[namespace].kubeClientset,
377+
namespace, c.namespaceOperatingMode)
378+
if err != nil {
379+
return err
380+
}
381+
382+
log.Debugf("Controller Manager: canCreateRBACInNamespace is '%t' for namespace %s",
383+
canCreateRBACInNamespace, namespace)
384+
385+
// now reconcile RBAC in the namespace if allowed
386+
if canCreateRBACInNamespace {
387+
if err := ns.ReconcileTargetRBAC(c.controllers[namespace].kubeClientset, c.pgoNamespace,
388+
namespace); err != nil {
389+
return err
390+
}
391+
}
392+
372393
return nil
373394
}
374395

@@ -481,26 +502,6 @@ func (c *ControllerManager) runControllerGroup(namespace string) error {
481502
"refresh interval", namespace)
482503
}
483504

484-
// check if we can create RBAC in the namespace in order to the reconcile RBAC
485-
// as needed to ensure proper operator functionality
486-
canCreateRBACInNamespace, err := ns.CanCreateRBACInNamespace(
487-
c.controllers[namespace].kubeClientset,
488-
namespace, c.namespaceOperatingMode)
489-
if err != nil {
490-
return err
491-
}
492-
493-
log.Debugf("Controller Manager: canCreateRBACInNamespace is '%t' for namespace %s",
494-
canCreateRBACInNamespace, namespace)
495-
496-
// now reconcile RBAC in the namespace if allowed
497-
if canCreateRBACInNamespace {
498-
if err := ns.ReconcileTargetRBAC(c.controllers[namespace].kubeClientset, c.pgoNamespace,
499-
namespace); err != nil {
500-
return err
501-
}
502-
}
503-
504505
controllerGroup.kubeInformerFactory.Start(controllerGroup.stopCh)
505506
controllerGroup.pgoInformerFactory.Start(controllerGroup.stopCh)
506507
controllerGroup.kubeInformerFactoryWithRefresh.Start(controllerGroup.stopCh)

0 commit comments

Comments
 (0)