refactor cluster policy controller and NamespaceSCCAllocationController

.gitignore

@@ -16,3 +16,5 @@
 vendor/github.com/prometheus/client_model/.classpath
 vendor/github.com/prometheus/client_model/.project
 vendor/github.com/prometheus/client_model/.settings/
+
+.idea

cmd/cluster-policy-controller/main.go

@@ -11,13 +11,10 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	genericapiserver "k8s.io/apiserver/pkg/server"
 	utilflag "k8s.io/component-base/cli/flag"
 	"k8s.io/component-base/logs"
 	"k8s.io/kubernetes/pkg/api/legacyscheme"
 
-	"github.com/openshift/library-go/pkg/serviceability"
-
 	"github.com/openshift/api/apps"
 	"github.com/openshift/api/authorization"
 	"github.com/openshift/api/build"
@@ -29,7 +26,6 @@ import (
 	"github.com/openshift/api/user"
 
 	cluster_policy_controller "github.com/openshift/cluster-policy-controller/pkg/cmd/cluster-policy-controller"
-	"github.com/openshift/cluster-policy-controller/pkg/version"
 )
 
 func init() {
@@ -47,30 +43,26 @@ func init() {
 }
 
 func main() {
-	stopCh := genericapiserver.SetupSignalHandler()
-
 	rand.Seed(time.Now().UTC().UnixNano())
 
 	pflag.CommandLine.SetNormalizeFunc(utilflag.WordSepNormalizeFunc)
 	pflag.CommandLine.AddGoFlagSet(goflag.CommandLine)
 
 	logs.InitLogs()
 	defer logs.FlushLogs()
-	defer serviceability.BehaviorOnPanic(os.Getenv("OPENSHIFT_ON_PANIC"), version.Get())()
-	defer serviceability.Profile(os.Getenv("OPENSHIFT_PROFILE")).Stop()
 
 	if len(os.Getenv("GOMAXPROCS")) == 0 {
 		runtime.GOMAXPROCS(runtime.NumCPU())
 	}
 
-	command := NewClusterPolicyControllerCommand(stopCh)
+	command := NewClusterPolicyControllerCommand()
 	if err := command.Execute(); err != nil {
 		fmt.Fprintf(os.Stderr, "%v\n", err)
 		os.Exit(1)
 	}
 }
 
-func NewClusterPolicyControllerCommand(stopCh <-chan struct{}) *cobra.Command {
+func NewClusterPolicyControllerCommand() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "cluster-policy-controller",
 		Short: "Command for the OpenShift Cluster Policy Controller",
@@ -79,7 +71,7 @@ func NewClusterPolicyControllerCommand(stopCh <-chan struct{}) *cobra.Command {
 			os.Exit(1)
 		},
 	}
-	start := cluster_policy_controller.NewClusterPolicyControllerCommand("start", os.Stdout, os.Stderr, stopCh)
+	start := cluster_policy_controller.NewClusterPolicyControllerCommand("start")
 	cmd.AddCommand(start)
 
 	return cmd

pkg/cmd/cluster-policy-controller/cmd.go

@@ -1,119 +1,32 @@
 package cluster_policy_controller
 
 import (
-	"fmt"
-	"io"
-	"io/ioutil"
+	"context"
 	"os"
-	"path"
 
-	configv1 "github.com/openshift/api/config/v1"
-	openshiftcontrolplanev1 "github.com/openshift/api/openshiftcontrolplane/v1"
-	"github.com/openshift/library-go/pkg/config/helpers"
-	"github.com/openshift/library-go/pkg/serviceability"
 	"github.com/spf13/cobra"
-	kerrors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	"k8s.io/client-go/tools/clientcmd/api"
-	"k8s.io/klog/v2"
-)
-
-const RecommendedStartControllerName = "cluster-policy-controller"
-
-type ClusterPolicyController struct {
-	ConfigFilePath string
-	// KubeConfigFile points to a kubeconfig file if you don't want to use the in cluster config
-	KubeConfigFile string
-	// TODO: remove - dummy variable to support config format update
-	Namespace string
-
-	Output io.Writer
-}
+	corev1 "k8s.io/api/core/v1"
 
-func NewClusterPolicyControllerCommand(name string, out, errout io.Writer, stopCh <-chan struct{}) *cobra.Command {
-	options := &ClusterPolicyController{Output: out}
+	"github.com/openshift/library-go/pkg/controller/controllercmd"
 
-	cmd := &cobra.Command{
-		Use:   name,
-		Short: "Start the cluster policy controller",
-		Run: func(c *cobra.Command, args []string) {
-			serviceability.StartProfiler()
+	clusterpolicyversion "github.com/openshift/cluster-policy-controller/pkg/version"
+)
 
-			if err := options.RunPolicyController(stopCh); err != nil {
-				if kerrors.IsInvalid(err) {
-					if details := err.(*kerrors.StatusError).ErrStatus.Details; details != nil {
-						fmt.Fprintf(errout, "Invalid %s %s\n", details.Kind, details.Name)
-						for _, cause := range details.Causes {
-							fmt.Fprintf(errout, "  %s: %s\n", cause.Field, cause.Message)
-						}
-						os.Exit(255)
-					}
-				}
-				klog.Fatal(err)
-			}
-		},
-	}
+const (
+	podNameEnv      = "POD_NAME"
+	podNamespaceEnv = "POD_NAMESPACE"
+)
 
-	flags := cmd.Flags()
-	// This command only supports reading from config
-	flags.StringVar(&options.ConfigFilePath, "config", options.ConfigFilePath, "Location of the master configuration file to run from.")
-	cmd.MarkFlagFilename("config", "yaml", "yml")
-	flags.StringVar(&options.KubeConfigFile, "kubeconfig", options.KubeConfigFile, "Location of the master configuration file to run from.")
-	cmd.MarkFlagFilename("kubeconfig", "kubeconfig")
-	// TODO: remove - dummy variable to support config format update
-	flags.StringVar(&options.Namespace, "namespace", options.Namespace, "To be removed")
+func NewClusterPolicyControllerCommand(name string) *cobra.Command {
+	cmd := controllercmd.NewControllerCommandConfig("cluster-policy-controller", clusterpolicyversion.Get(), RunClusterPolicyController).
+		WithComponentOwnerReference(&corev1.ObjectReference{
+			Kind:      "Pod",
+			Name:      os.Getenv(podNameEnv),
+			Namespace: os.Getenv(podNamespaceEnv),
+		}).
+		NewCommandWithContext(context.Background())
+	cmd.Use = name
+	cmd.Short = "Start the cluster policy controller"
 
 	return cmd
 }
-
-// RunPolicyController takes the options and starts the controller.  blocks until the process is finished or the leader lease is lost
-func (o *ClusterPolicyController) RunPolicyController(stopCh <-chan struct{}) error {
-
-	config := &openshiftcontrolplanev1.OpenShiftControllerManagerConfig{
-		/// this isn't allowed to be nil when by itself.
-		ServingInfo: &configv1.HTTPServingInfo{},
-	}
-
-	if len(o.ConfigFilePath) != 0 {
-		// try to decode into our new types first.  right now there is no validation, no file path resolution.  this unsticks the operator to start.
-		// TODO add those things
-		configContent, err := ioutil.ReadFile(o.ConfigFilePath)
-		if err != nil {
-			return err
-		}
-		scheme := runtime.NewScheme()
-		utilruntime.Must(openshiftcontrolplanev1.Install(scheme))
-		codecs := serializer.NewCodecFactory(scheme)
-		obj, err := runtime.Decode(codecs.UniversalDecoder(openshiftcontrolplanev1.GroupVersion, configv1.GroupVersion), configContent)
-		if err != nil {
-			return err
-		}
-
-		// Resolve relative to CWD
-		absoluteConfigFile, err := api.MakeAbs(o.ConfigFilePath, "")
-		if err != nil {
-			return err
-		}
-		configFileLocation := path.Dir(absoluteConfigFile)
-
-		config = obj.(*openshiftcontrolplanev1.OpenShiftControllerManagerConfig)
-		/// this isn't allowed to be nil when by itself.
-		// TODO remove this when the old path is gone.
-		if config.ServingInfo == nil {
-			config.ServingInfo = &configv1.HTTPServingInfo{}
-		}
-		if err := helpers.ResolvePaths(getOpenShiftControllerConfigFileReferences(config), configFileLocation); err != nil {
-			return err
-		}
-	}
-
-	setRecommendedOpenShiftControllerConfigDefaults(config)
-
-	clientConfig, err := helpers.GetKubeConfigOrInClusterConfig(config.KubeClientConfig.KubeConfig, config.KubeClientConfig.ConnectionOverrides)
-	if err != nil {
-		return err
-	}
-	return RunClusterPolicyController(config, clientConfig, stopCh)
-}

pkg/cmd/cluster-policy-controller/openshiftcontrolplane_default.go → pkg/cmd/cluster-policy-controller/openshiftcontrolplane_config.go

@@ -3,16 +3,32 @@ package cluster_policy_controller
 import (
 	"time"
 
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
+
 	openshiftcontrolplanev1 "github.com/openshift/api/openshiftcontrolplane/v1"
 	"github.com/openshift/library-go/pkg/config/configdefaults"
-	"github.com/openshift/library-go/pkg/config/helpers"
-	leaderelectionconverter "github.com/openshift/library-go/pkg/config/leaderelection"
 )
 
+func asOpenshiftControllerManagerConfig(config *unstructured.Unstructured) (*openshiftcontrolplanev1.OpenShiftControllerManagerConfig, error) {
+	result := &openshiftcontrolplanev1.OpenShiftControllerManagerConfig{}
+	if config != nil {
+		// make a copy we can mutate
+		configCopy := config.DeepCopy()
+		// force the config to our version to read it
+		configCopy.SetGroupVersionKind(openshiftcontrolplanev1.GroupVersion.WithKind("OpenShiftControllerManagerConfig"))
+		if err := runtime.DefaultUnstructuredConverter.FromUnstructured(configCopy.Object, result); err != nil {
+			return nil, err
+		}
+	}
+
+	setRecommendedOpenShiftControllerConfigDefaults(result)
+
+	return result, nil
+}
+
 func setRecommendedOpenShiftControllerConfigDefaults(config *openshiftcontrolplanev1.OpenShiftControllerManagerConfig) {
-	configdefaults.SetRecommendedHTTPServingInfoDefaults(config.ServingInfo)
 	configdefaults.SetRecommendedKubeClientConfigDefaults(&config.KubeClientConfig)
-	config.LeaderElection = leaderelectionconverter.LeaderElectionDefaulting(config.LeaderElection, "openshift-kube-controller-manager", "cluster-policy-controller")
 
 	configdefaults.DefaultStringSlice(&config.Controllers, []string{"*"})
 
@@ -32,16 +48,3 @@ func setRecommendedOpenShiftControllerConfigDefaults(config *openshiftcontrolpla
 		config.ResourceQuota.ConcurrentSyncs = 5
 	}
 }
-
-func getOpenShiftControllerConfigFileReferences(config *openshiftcontrolplanev1.OpenShiftControllerManagerConfig) []*string {
-	if config == nil {
-		return []*string{}
-	}
-
-	refs := []*string{}
-
-	refs = append(refs, helpers.GetHTTPServingInfoFileReferences(config.ServingInfo)...)
-	refs = append(refs, helpers.GetKubeClientConfigFileReferences(&config.KubeClientConfig)...)
-
-	return refs
-}