add recycler pod template as a configmap

openshift · Dec 15, 2020 · ce58a65 · ce58a65
1 parent b77bf06
commit ce58a65
Show file tree

Hide file tree

Showing 7 changed files with 122 additions and 3 deletions.
diff --git a/bindata/v4.1.0/config/defaultconfig.yaml b/bindata/v4.1.0/config/defaultconfig.yaml
@@ -11,6 +11,10 @@ extendedArguments:
   - "true"
   flex-volume-plugin-dir:
   - "/etc/kubernetes/kubelet-plugins/volume/exec" # created by machine-config-operator, owned by storage team/hekumar@redhat.com
+  pv-recycler-pod-template-filepath-nfs:
+  - "/etc/kubernetes/static-pod-resources/configmaps/recycler-config/recycler-pod.yaml"
+  pv-recycler-pod-template-filepath-hostpath:
+  - "/etc/kubernetes/static-pod-resources/configmaps/recycler-config/recycler-pod.yaml"
   leader-elect:
   - "true"
   leader-elect-retry-period:
@@ -42,4 +46,3 @@ extendedArguments:
   - "150" # this is a historical values
   kube-api-burst:
   - "300" # this is a historical values
-
diff --git a/bindata/v4.1.0/kube-controller-manager/recycler-cm.yaml b/bindata/v4.1.0/kube-controller-manager/recycler-cm.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: openshift-kube-controller-manager
+  name: recycler-config
+data:
+  recycler-pod.yaml: |
+    apiVersion: v1
+    kind: Pod
+    metadata:
+      name: recycler-pod
+      namespace: openshift-infra
+    spec:
+      activeDeadlineSeconds: 60
+      restartPolicy: Never
+      serviceAccountName: pv-recycler-controller
+      containers:
+        -
+          name: recycler-container
+          image: "${TOOLS_IMAGE}"
+          command:
+          - "/bin/bash"
+          args:
+          - "-c"
+          - "test -e /scrub && rm -rf /scrub/..?* /scrub/.[!.]* /scrub/*  && test -z \"$(ls -A /scrub)\" || exit 1"
+          volumeMounts:
+            -
+              mountPath: /scrub
+              name: vol
+          securityContext:
+            runAsUser: 0
+      volumes:
+        -
+          name: vol
diff --git a/manifests/0000_25_kube-controller-manager-operator_06_deployment.yaml b/manifests/0000_25_kube-controller-manager-operator_06_deployment.yaml
@@ -49,6 +49,8 @@ spec:
           value: docker.io/openshift/origin-cluster-kube-controller-manager-operator:v4.0
         - name: CLUSTER_POLICY_CONTROLLER_IMAGE
           value: quay.io/openshift/origin-cluster-policy-controller:v4.3
+        - name: TOOLS_IMAGE
+          value: quay.io/openshift/origin-tools:latest
         - name: OPERATOR_IMAGE_VERSION
           value: "0.0.1-snapshot"
         - name: OPERAND_IMAGE_VERSION

diff --git a/manifests/image-references b/manifests/image-references
@@ -14,3 +14,7 @@ spec:
     from:
       kind: DockerImage
       name: quay.io/openshift/origin-cluster-policy-controller:v4.3
+  - name: tools
+    from:
+      kind: DockerImage
+      name: quay.io/openshift/origin-tools:latest
diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go
@@ -104,6 +104,7 @@ func RunOperator(ctx context.Context, cc *controllercmd.ControllerContext) error
 		os.Getenv("IMAGE"),
 		os.Getenv("OPERATOR_IMAGE"),
 		os.Getenv("CLUSTER_POLICY_CONTROLLER_IMAGE"),
+		os.Getenv("TOOLS_IMAGE"),
 		kubeInformersForNamespaces,
 		operatorClient,
 		kubeClient,
@@ -218,6 +219,7 @@ var deploymentConfigMaps = []revision.RevisionResource{
 	{Name: "kube-controller-cert-syncer-kubeconfig"},
 	{Name: "serviceaccount-ca"},
 	{Name: "service-ca"},
+	{Name: "recycler-config"},
 }
 
 // deploymentSecrets is a list of secrets that are directly copied for the current values.  A different actor/controller modifies these.

diff --git a/pkg/operator/targetconfigcontroller/targetconfigcontroller.go b/pkg/operator/targetconfigcontroller/targetconfigcontroller.go
@@ -53,6 +53,7 @@ type TargetConfigController struct {
 	targetImagePullSpec             string
 	operatorImagePullSpec           string
 	clusterPolicyControllerPullSpec string
+	toolsImagePullSpec              string
 
 	operatorClient v1helpers.StaticPodOperatorClient
 
@@ -68,7 +69,7 @@ type TargetConfigController struct {
 
 func NewTargetConfigController(
 	ctx context.Context,
-	targetImagePullSpec, operatorImagePullSpec, clusterPolicyControllerPullSpec string,
+	targetImagePullSpec, operatorImagePullSpec, clusterPolicyControllerPullSpec, toolsImagePullSpec string,
 	kubeInformersForNamespaces v1helpers.KubeInformersForNamespaces,
 	operatorClient v1helpers.StaticPodOperatorClient,
 	kubeClient kubernetes.Interface,
@@ -80,6 +81,7 @@ func NewTargetConfigController(
 		targetImagePullSpec:             targetImagePullSpec,
 		operatorImagePullSpec:           operatorImagePullSpec,
 		clusterPolicyControllerPullSpec: clusterPolicyControllerPullSpec,
+		toolsImagePullSpec:              toolsImagePullSpec,
 
 		configMapLister:     kubeInformersForNamespaces.ConfigMapLister(),
 		secretLister:        kubeInformersForNamespaces.SecretLister(),
@@ -196,6 +198,10 @@ func createTargetConfigController(ctx context.Context, c TargetConfigController,
 	if err != nil {
 		errors = append(errors, fmt.Errorf("%q: %v", "configmap/cluster-policy-controller-config", err))
 	}
+	_, _, err = manageRecycler(ctx, c.kubeClient.CoreV1(), recorder, c.toolsImagePullSpec)
+	if err != nil {
+		errors = append(errors, fmt.Errorf("%q: %v", "configmap/recycler-config", err))
+	}
 	_, _, err = ManageCSRIntermediateCABundle(ctx, c.secretLister, c.kubeClient.CoreV1(), recorder)
 	if err != nil {
 		errors = append(errors, fmt.Errorf("%q: %v", "configmap/csr-intermediate-ca", err))
@@ -404,6 +410,17 @@ func manageControllerManagerKubeconfig(ctx context.Context, client corev1client.
 	return resourceapply.ApplyConfigMap(client, recorder, requiredCM)
 }
 
+func manageRecycler(ctx context.Context, configMapsGetter corev1client.ConfigMapsGetter, recorder events.Recorder, imagePullSpec string) (*corev1.ConfigMap, bool, error) {
+	cmString := string(v411_00_assets.MustAsset("v4.1.0/kube-controller-manager/recycler-cm.yaml"))
+	for pattern, value := range map[string]string{
+		"${TOOLS_IMAGE}": imagePullSpec,
+	} {
+		cmString = strings.ReplaceAll(cmString, pattern, value)
+	}
+	requiredCM := resourceread.ReadConfigMapV1OrDie([]byte(cmString))
+	return resourceapply.ApplyConfigMap(configMapsGetter, recorder, requiredCM)
+}
+
 func managePod(ctx context.Context, configMapsGetter corev1client.ConfigMapsGetter, secretsGetter corev1client.SecretsGetter, recorder events.Recorder, operatorSpec *operatorv1.StaticPodOperatorSpec, imagePullSpec, operatorImagePullSpec, clusterPolicyControllerPullSpec string, addServingServiceCAToTokenSecrets bool) (*corev1.ConfigMap, bool, error) {
 	required := resourceread.ReadPodV1OrDie(v411_00_assets.MustAsset("v4.1.0/kube-controller-manager/pod.yaml"))
 	// TODO: If the image pull spec is not specified, the "${IMAGE}" will be used as value and the pod will fail to start.

diff --git a/pkg/operator/v411_00_assets/bindata.go b/pkg/operator/v411_00_assets/bindata.go