Skip to content
Permalink
Browse files

clustersecret controller: may you rest in peace

The clustersecret controller hasn't been used, and has been disabled
directly in our Dockerfile, for quite some time now. Now that shipper
uses service accounts set up by shipperctl to talk to clusters, there's
no longer any need for this controller to remain around.
  • Loading branch information...
juliogreff committed Aug 8, 2019
1 parent 640eb24 commit e4e0338598c06d9fa08c215e71b4f20bd6cf0e1a
@@ -2,4 +2,4 @@ FROM alpine:3.8
LABEL authors="Parham Doustdar <parham.doustdar@booking.com>, Alexey Surikov <alexey.surikov@booking.com>, Igor Sutton <igor.sutton@booking.com>, Ben Tyler <benjamin.tyler@booking.com>"
RUN apk add ca-certificates
ADD build/shipper /bin/shipper
ENTRYPOINT ["shipper", "-disable", "clustersecret", "-v", "4", "-logtostderr"]
ENTRYPOINT ["shipper", "-v", "4", "-logtostderr"]
@@ -36,7 +36,6 @@ import (
"github.com/bookingcom/shipper/pkg/clusterclientstore"
"github.com/bookingcom/shipper/pkg/controller/application"
"github.com/bookingcom/shipper/pkg/controller/capacity"
"github.com/bookingcom/shipper/pkg/controller/clustersecret"
"github.com/bookingcom/shipper/pkg/controller/installation"
"github.com/bookingcom/shipper/pkg/controller/janitor"
"github.com/bookingcom/shipper/pkg/controller/release"
@@ -48,7 +47,6 @@ import (

var controllers = []string{
"application",
"clustersecret",
"release",
"installation",
"capacity",
@@ -63,8 +61,6 @@ const defaultResync time.Duration = 30 * time.Second
var (
masterURL = flag.String("master", "", "The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.")
kubeconfig = flag.String("kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
certPath = flag.String("cert", "", "Path to the TLS certificate for target clusters.")
keyPath = flag.String("key", "", "Path to the TLS private key for target clusters.")
ns = flag.String("namespace", shipper.ShipperNamespace, "Namespace for Shipper resources.")
enabledControllers = flag.String("enable", strings.Join(controllers, ","), "comma-seperated list of controllers to run (if not all)")
disabledControllers = flag.String("disable", "", "comma-seperated list of controllers to disable")
@@ -165,11 +161,6 @@ func main() {
}

enabledControllers := buildEnabledControllers(*enabledControllers, *disabledControllers)
if enabledControllers["clustersecret"] {
if *certPath == "" || *keyPath == "" {
glog.Fatal("--cert and --key must both be specified if the clustersecret controller is running")
}
}

wg := &sync.WaitGroup{}

@@ -229,10 +220,8 @@ func main() {
chartVersionResolver: repo.ResolveChartVersionFunc(repoCatalog),
chartFetcher: repo.FetchChartFunc(repoCatalog),

certPath: *certPath,
keyPath: *keyPath,
ns: *ns,
workers: *workers,
ns: *ns,
workers: *workers,

webhookCertPath: *webhookCertPath,
webhookKeyPath: *webhookKeyPath,
@@ -387,7 +376,6 @@ type initFunc func(*cfg) (bool, error)
func buildInitializers() map[string]initFunc {
controllers := map[string]initFunc{}
controllers["application"] = startApplicationController
controllers["clustersecret"] = startClusterSecretController
controllers["release"] = startReleaseController
controllers["installation"] = startInstallationController
controllers["capacity"] = startCapacityController
@@ -419,31 +407,6 @@ func startApplicationController(cfg *cfg) (bool, error) {
return true, nil
}

func startClusterSecretController(cfg *cfg) (bool, error) {
enabled := cfg.enabledControllers["clustersecret"]
if !enabled {
return false, nil
}

c := clustersecret.NewController(
cfg.shipperInformerFactory,
buildKubeClient(cfg.restCfg, clustersecret.AgentName, cfg.restTimeout),
cfg.kubeInformerFactory,
cfg.certPath,
cfg.keyPath,
cfg.ns,
cfg.recorder(clustersecret.AgentName),
)

cfg.wg.Add(1)
go func() {
c.Run(cfg.workers, cfg.stopCh)
cfg.wg.Done()
}()

return true, nil
}

func startReleaseController(cfg *cfg) (bool, error) {
enabled := cfg.enabledControllers["release"]
if !enabled {
2 go.mod
@@ -28,7 +28,7 @@ require (
github.com/onsi/gomega v1.5.0 // indirect
github.com/pmezard/go-difflib v1.0.0
github.com/prometheus/client_golang v0.9.3
github.com/satori/go.uuid v1.2.0
github.com/satori/go.uuid v1.2.0 // indirect
github.com/spaolacci/murmur3 v1.1.0 // indirect
github.com/spf13/cobra v0.0.3
github.com/spf13/pflag v1.0.3 // indirect
@@ -41,7 +41,6 @@ const (
ReleaseClustersAnnotation = "shipper.booking.com/release.clusters"

SecretChecksumAnnotation = "shipper.booking.com/cluster-secret.checksum"
SecretClusterNameAnnotation = "shipper.booking.com/cluster-secret.clusterName"
SecretClusterSkipTlsVerifyAnnotation = "shipper.booking.com/cluster-secret.insecure-tls-skip-verify"

LBLabel = "shipper-lb"
@@ -323,8 +323,7 @@ func newSecret(name string, crt, key, checksum []byte) *corev1.Secret {
Name: name,
Namespace: shipper.ShipperNamespace,
Annotations: map[string]string{
shipper.SecretClusterNameAnnotation: name,
shipper.SecretChecksumAnnotation: string(checksum),
shipper.SecretChecksumAnnotation: string(checksum),
},
},
Data: map[string][]byte{

This file was deleted.

0 comments on commit e4e0338

Please sign in to comment.
You can’t perform that action at this time.