Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic serviceaccount/role/rolebinding creation #198

Merged
merged 1 commit into from
May 3, 2023
Merged

Dynamic serviceaccount/role/rolebinding creation #198

merged 1 commit into from
May 3, 2023

Conversation

dprince
Copy link
Contributor

@dprince dprince commented Apr 25, 2023

This PR dyamically creates the above resources within the namespace of the requested Cinder instance.

The above resources are no longer created via OLM.

This allows the operator to deploy openstack service into any namespace within the OpenShift cluster.

@dprince
Dynamic serviceaccount/role/rolebinding creation
5e9fae6 
This PR dyamically creates the above resources within the
namespace of the requested Cinder instance.

The above resources are no longer created via OLM.

This allows the operator to deploy openstack service into any
namespace within the OpenShift cluster.
abays
abays reviewed May 2, 2023
View reviewed changes
Copy link
Contributor

@abays abays left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 from me

@dprince dprince requested a review from fmount May 3, 2023 13:45
fmount
fmount approved these changes May 3, 2023
View reviewed changes
Copy link
Contributor

@fmount fmount left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's basically aligned to [1] and the CI around this change is green

[1] openstack-k8s-operators/glance-operator#210

@openshift-ci openshift-ci bot added the lgtm label May 3, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 3, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprince, fmount

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit feac84f into openstack-k8s-operators:master May 3, 2023
ASBishop
ASBishop reviewed May 3, 2023
View reviewed changes
Copy link
Contributor

@ASBishop ASBishop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, though I see an opportunity to dedup some stuff.

api/v1beta1/cinderapi_types.go

// +kubebuilder:validation:Required
// ServiceAccount - service account name used internally to provide Cinder services the default SA name
ServiceAccount string `json:"serviceAccount"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry that I'm late to the party (code merged already), but I wonder if these common fields should be included in the CinderServiceTemplate struct. We've been trying to dedup a lot of redundant data structures and code. @fmount I think you are more familiar with this effort, and am curious to hear your thoughts.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ASBishop in theory you're right in terms of data structure it can easily be absorbed in CinderServiceTemplate. However, given it's not a field populated by the Spec (but the result of RbacResourceName() function), we should properly populate this field when the Template is generated.
This was the reason DatabaseHostname and a few other fields are still part of the Spec instead of being passed from the upper layer, but I agree we can follow up providing a unified strategy that allows more dedup.

controllers/cinder_controller.go
@@ -852,6 +887,7 @@ func (r *CinderReconciler) apiDeploymentCreateOrUpdate(ctx context.Context, inst
ExtraMounts: instance.Spec.ExtraMounts,
DatabaseHostname: instance.Status.DatabaseHostname,
TransportURLSecret: instance.Status.TransportURLSecret,
ServiceAccount: instance.RbacResourceName(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per my previous comment, if the ServiceAccount were part of the CinderServiceTemplate struct, then this field would be automatically populated by L886. Lines L890, L925, L960 and L994 could be eliminated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmount fmount fmount approved these changes

@abays abays abays left review comments

@ASBishop ASBishop ASBishop left review comments

@eharney eharney Awaiting requested review from eharney

@olliewalsh olliewalsh Awaiting requested review from olliewalsh

Assignees

@fmount fmount

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@dprince @fmount @abays @ASBishop @openshift-merge-robot