From cc8409d2bfde121f77de09d5383818ed9211d843 Mon Sep 17 00:00:00 2001 From: Oleksandr Andriienko Date: Mon, 23 Mar 2020 21:31:28 +0200 Subject: [PATCH 1/2] Installation of multiple CRW instances with 'oAuth' on the same cluster Signed-off-by: Oleksandr Andriienko --- src/api/kube.ts | 13 +++++++-- src/tasks/installers/operator.ts | 46 ++++++++++++++++++-------------- 2 files changed, 37 insertions(+), 22 deletions(-) diff --git a/src/api/kube.ts b/src/api/kube.ts index d7c6f3328..0bd62321d 100644 --- a/src/api/kube.ts +++ b/src/api/kube.ts @@ -255,8 +255,14 @@ export class KubeHelper { } } - async createClusterRoleFromFile(filePath: string) { + async createClusterRoleFromFile(filePath: string, roleName?: string) { const yamlRole = this.safeLoadFromYamlFile(filePath) as V1ClusterRole + if (!yamlRole.metadata || !yamlRole.metadata.name) { + throw new Error(`Cluster Role read from ${filePath} must have name specified`) + } + if (roleName) { + yamlRole.metadata!.name = roleName + } const k8sRbacAuthApi = this.kc.makeApiClient(RbacAuthorizationV1Api) try { const res = await k8sRbacAuthApi.createClusterRole(yamlRole) @@ -270,12 +276,15 @@ export class KubeHelper { } } - async replaceClusterRoleFromFile(filePath: string) { + async replaceClusterRoleFromFile(filePath: string, roleName?: string) { const yamlRole = this.safeLoadFromYamlFile(filePath) as V1ClusterRole const k8sRbacAuthApi = this.kc.makeApiClient(RbacAuthorizationV1Api) if (!yamlRole.metadata || !yamlRole.metadata.name) { throw new Error(`Cluster Role read from ${filePath} must have name specified`) } + if (roleName) { + yamlRole.metadata!.name = roleName + } try { const res = await k8sRbacAuthApi.replaceClusterRole(yamlRole.metadata.name, yamlRole) return res.response.statusCode diff --git a/src/tasks/installers/operator.ts b/src/tasks/installers/operator.ts index 99ae78f31..e1bd59ed3 100644 --- a/src/tasks/installers/operator.ts +++ b/src/tasks/installers/operator.ts @@ -35,6 +35,8 @@ export class OperatorTasks { * Returns tasks list which perform preflight platform checks. */ startTasks(flags: any, command: Command): Listr { + const clusterRoleName = `${this.operatorClusterRole}-${flags.chenamespace}` + const clusterRoleBindingName = `${this.operatorClusterRoleBinding}-${flags.chenamespace}` const che = new CheHelper(flags) const kube = new KubeHelper(flags) return new Listr([ @@ -90,14 +92,14 @@ export class OperatorTasks { } }, { - title: `Create ClusterRole ${this.operatorClusterRole}`, + title: `Create ClusterRole ${clusterRoleName}`, task: async (_ctx: any, task: any) => { - const exist = await kube.clusterRoleExist(this.operatorClusterRole) + const exist = await kube.clusterRoleExist(clusterRoleName) if (exist) { task.title = `${task.title}...It already exists.` } else { const yamlFilePath = this.resourcesPath + 'cluster_role.yaml' - const statusCode = await kube.createClusterRoleFromFile(yamlFilePath) + const statusCode = await kube.createClusterRoleFromFile(yamlFilePath, clusterRoleName) if (statusCode === 403) { command.error('ERROR: It looks like you don\'t have enough privileges. You need to grant more privileges to current user or use a different user. If you are using minishift you can "oc login -u system:admin"') } @@ -119,13 +121,13 @@ export class OperatorTasks { } }, { - title: `Create ClusterRoleBinding ${this.operatorClusterRoleBinding}`, + title: `Create ClusterRoleBinding ${clusterRoleBindingName}`, task: async (_ctx: any, task: any) => { - const exist = await kube.clusterRoleBindingExist(this.operatorRoleBinding) + const exist = await kube.clusterRoleBindingExist(clusterRoleBindingName) if (exist) { task.title = `${task.title}...It already exists.` } else { - await kube.createClusterRoleBinding(this.operatorClusterRoleBinding, this.operatorServiceAccount, flags.chenamespace, this.operatorClusterRole) + await kube.createClusterRoleBinding(clusterRoleBindingName, this.operatorServiceAccount, flags.chenamespace, clusterRoleName) task.title = `${task.title}...done.` } } @@ -220,6 +222,8 @@ export class OperatorTasks { } updateTasks(flags: any, command: Command): Listr { + const clusterRoleName = `${this.operatorClusterRole}-${flags.chenamespace}` + const clusterRoleBindingName = `${this.operatorClusterRoleBinding}-${flags.chenamespace}` const kube = new KubeHelper(flags) return new Listr([ { @@ -264,18 +268,18 @@ export class OperatorTasks { } }, { - title: `Updating ClusterRole ${this.operatorClusterRole}`, + title: `Updating ClusterRole ${clusterRoleName}`, task: async (_ctx: any, task: any) => { - const exist = await kube.clusterRoleExist(this.operatorClusterRole) + const exist = await kube.clusterRoleExist(clusterRoleName) const yamlFilePath = this.resourcesPath + 'cluster_role.yaml' if (exist) { - const statusCode = await kube.replaceClusterRoleFromFile(yamlFilePath) + const statusCode = await kube.replaceClusterRoleFromFile(yamlFilePath, clusterRoleName) if (statusCode === 403) { command.error('ERROR: It looks like you don\'t have enough privileges. You need to grant more privileges to current user or use a different user. If you are using minishift you can "oc login -u system:admin"') } task.title = `${task.title}...updated.` } else { - const statusCode = await kube.createClusterRoleFromFile(yamlFilePath) + const statusCode = await kube.createClusterRoleFromFile(yamlFilePath, clusterRoleName) if (statusCode === 403) { command.error('ERROR: It looks like you don\'t have enough privileges. You need to grant more privileges to current user or use a different user. If you are using minishift you can "oc login -u system:admin"') } @@ -298,14 +302,14 @@ export class OperatorTasks { } }, { - title: `Updating ClusterRoleBinding ${this.operatorClusterRoleBinding}`, + title: `Updating ClusterRoleBinding ${clusterRoleBindingName}`, task: async (_ctx: any, task: any) => { - const exist = await kube.clusterRoleBindingExist(this.operatorRoleBinding) + const exist = await kube.clusterRoleBindingExist(clusterRoleBindingName) if (exist) { - await kube.replaceClusterRoleBinding(this.operatorClusterRoleBinding, this.operatorServiceAccount, flags.chenamespace, this.operatorClusterRole) + await kube.replaceClusterRoleBinding(clusterRoleBindingName, this.operatorServiceAccount, flags.chenamespace, clusterRoleName) task.title = `${task.title}...updated.` } else { - await kube.createClusterRoleBinding(this.operatorClusterRoleBinding, this.operatorServiceAccount, flags.chenamespace, this.operatorClusterRole) + await kube.createClusterRoleBinding(clusterRoleBindingName, this.operatorServiceAccount, flags.chenamespace, clusterRoleName) task.title = `${task.title}...created new one.` } } @@ -363,6 +367,8 @@ export class OperatorTasks { */ deleteTasks(flags: any): ReadonlyArray { let kh = new KubeHelper(flags) + const clusterRoleName = `${this.operatorClusterRole}-${flags.chenamespace}` + const clusterRoleBindingName = `${this.operatorClusterRoleBinding}-${flags.chenamespace}` return [{ title: `Delete the CR ${this.operatorCheCluster} of type ${this.cheClusterCrd}`, task: async (_ctx: any, task: any) => { @@ -404,19 +410,19 @@ export class OperatorTasks { } }, { - title: `Delete cluster role binding ${this.operatorClusterRoleBinding}`, + title: `Delete cluster role binding ${clusterRoleBindingName}`, task: async (_ctx: any, task: any) => { - if (await kh.clusterRoleBindingExist(this.operatorClusterRoleBinding)) { - await kh.deleteClusterRoleBinding(this.operatorClusterRoleBinding) + if (await kh.clusterRoleBindingExist(clusterRoleBindingName)) { + await kh.deleteClusterRoleBinding(clusterRoleBindingName) } task.title = await `${task.title}...OK` } }, { - title: `Delete cluster role ${this.operatorClusterRole}`, + title: `Delete cluster role ${clusterRoleName}`, task: async (_ctx: any, task: any) => { - if (await kh.clusterRoleExist(this.operatorClusterRole)) { - await kh.deleteClusterRole(this.operatorClusterRole) + if (await kh.clusterRoleExist(clusterRoleName)) { + await kh.deleteClusterRole(clusterRoleName) } task.title = await `${task.title}...OK` } From 0bc7cb9f20c6a640d27f1deb72b932d948d5dba0 Mon Sep 17 00:00:00 2001 From: Oleksandr Andriienko Date: Mon, 23 Mar 2020 21:32:56 +0200 Subject: [PATCH 2/2] Don't remove CRD resources to avoid breaking another cheCluster crs Signed-off-by: Oleksandr Andriienko --- src/tasks/installers/operator.ts | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/tasks/installers/operator.ts b/src/tasks/installers/operator.ts index e1bd59ed3..a8b46a4fb 100644 --- a/src/tasks/installers/operator.ts +++ b/src/tasks/installers/operator.ts @@ -382,15 +382,6 @@ export class OperatorTasks { } } }, - { - title: `Delete CRD ${this.cheClusterCrd}`, - task: async (_ctx: any, task: any) => { - if (await kh.crdExist(this.cheClusterCrd)) { - await kh.deleteCrd(this.cheClusterCrd) - } - task.title = await `${task.title}...OK` - } - }, { title: `Delete role binding ${this.operatorRoleBinding}`, task: async (_ctx: any, task: any) => {