Deployments first the api services...

operator-framework · Mar 2, 2020 · e98deb2 · e98deb2
1 parent 7066e9a
commit e98deb2
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 28 deletions.
diff --git a/go.mod b/go.mod
@@ -16,6 +16,7 @@ require (
 	github.com/openshift/client-go v0.0.0-20190923180330-3b6373338c9b
 	github.com/operator-framework/operator-registry v1.5.8
 	github.com/otiai10/copy v1.0.1
+	github.com/otiai10/curr v0.0.0-20190513014714-f5a3d24e5776 // indirect
 	github.com/pkg/errors v0.8.1
 	github.com/prometheus/client_golang v1.2.1
 	github.com/sirupsen/logrus v1.4.2

diff --git a/pkg/controller/operators/olm/apiservices.go b/pkg/controller/operators/olm/apiservices.go
@@ -127,7 +127,7 @@ func (a *Operator) checkAPIServiceResources(csv *v1alpha1.ClusterServiceVersion,
 		}
 
 		// Check if serving cert is active
-		secretName := apiServiceName + "-cert"
+		secretName := serviceName + "-cert"
 		secret, err := a.lister.CoreV1().SecretLister().Secrets(csv.GetNamespace()).Get(secretName)
 		if err != nil {
 			logger.WithField("secret", secretName).Warnf("could not retrieve generated Secret")
@@ -276,6 +276,15 @@ func (a *Operator) areAPIServicesAvailable(csv *v1alpha1.ClusterServiceVersion)
 	return true, nil
 }
 
+func apiServiceDescriptionsForSSD(deploymentName string, descs []v1alpha1.APIServiceDescription) []v1alpha1.APIServiceDescription {
+	result := []v1alpha1.APIServiceDescription{}
+	for _, desc := range descs {
+		if desc.DeploymentName == deploymentName {
+			result = append(result, desc)
+		}
+	}
+	return result
+}
 func (a *Operator) installOwnedAPIServiceRequirements(csv *v1alpha1.ClusterServiceVersion, strategy install.Strategy) (install.Strategy, error) {
 	logger := log.WithFields(log.Fields{
 		"csv":       csv.GetName(),
@@ -302,37 +311,35 @@ func (a *Operator) installOwnedAPIServiceRequirements(csv *v1alpha1.ClusterServi
 	}
 	rotateAt := expiration.Add(-1 * DefaultCertMinFresh)
 
+	apiDescs := csv.GetOwnedAPIServiceDescriptions()
 	depSpecs := make(map[string]appsv1.DeploymentSpec)
 	for _, sddSpec := range strategyDetailsDeployment.DeploymentSpecs {
+		descs := apiServiceDescriptionsForSSD(sddSpec.Name, apiDescs)
 		depSpecs[sddSpec.Name] = sddSpec.Spec
-	}
-
-	// Create all resources required, and update the matching DeploymentSpec's Volume and VolumeMounts
-	apiDescs := csv.GetOwnedAPIServiceDescriptions()
-	for _, desc := range apiDescs {
-		depSpec, ok := depSpecs[desc.DeploymentName]
-		if !ok {
-			return nil, fmt.Errorf("StrategyDetailsDeployment missing deployment %s for owned APIService %s", desc.DeploymentName, fmt.Sprintf("%s.%s", desc.Version, desc.Group))
+		if len(descs) == 0 {
+			continue
 		}
 
 		// Update the deployment for each api service desc
-		newDepSpec, err := a.installAPIServiceRequirements(desc, ca, rotateAt, depSpec, csv, getPorts(apiDescs, desc.DeploymentName))
+		newDepSpec, err := a.installAPIServiceRequirements(sddSpec.Name, ca, rotateAt, sddSpec.Spec, csv, getPorts(descs))
 		if err != nil {
 			return nil, err
 		}
 
 		caPEM, _, err := ca.ToPEM()
 		if err != nil {
-			logger.Warnf("unable to convert CA certificate to PEM format for APIService %s", desc.Name)
+			logger.Warnf("unable to convert CA certificate to PEM format for Deployment %s", sddSpec.Name)
 			return nil, err
 		}
 
-		err = a.createOrUpdateAPIService(caPEM, desc, csv)
-		if err != nil {
-			return nil, err
+		for _, desc := range descs {
+			err = a.createOrUpdateAPIService(caPEM, desc, csv)
+			if err != nil {
+				return nil, err
+			}
 		}
 
-		depSpecs[desc.DeploymentName] = *newDepSpec
+		depSpecs[sddSpec.Name] = *newDepSpec
 	}
 
 	// Replace all matching DeploymentSpecs in the strategy
@@ -351,10 +358,10 @@ func (a *Operator) installOwnedAPIServiceRequirements(csv *v1alpha1.ClusterServi
 	return strategyDetailsDeployment, nil
 }
 
-func getPorts(descs []v1alpha1.APIServiceDescription, deploymentName string) []corev1.ServicePort {
+func getPorts(descs []v1alpha1.APIServiceDescription) []corev1.ServicePort {
 	result := []corev1.ServicePort{}
 	for _, desc := range descs {
-		if desc.DeploymentName == deploymentName && !contains(result, getPort(desc)) {
+		if !contains(result, getPort(desc)) {
 			result = append(result, getPort(desc))
 		}
 	}
@@ -382,12 +389,11 @@ func contains(list []corev1.ServicePort, element corev1.ServicePort) bool {
 
 	return false
 }
-func (a *Operator) installAPIServiceRequirements(desc v1alpha1.APIServiceDescription, ca *certs.KeyPair, rotateAt time.Time, depSpec appsv1.DeploymentSpec, csv *v1alpha1.ClusterServiceVersion, ports []corev1.ServicePort) (*appsv1.DeploymentSpec, error) {
-	apiServiceName := fmt.Sprintf("%s.%s", desc.Version, desc.Group)
+func (a *Operator) installAPIServiceRequirements(deploymentName string, ca *certs.KeyPair, rotateAt time.Time, depSpec appsv1.DeploymentSpec, csv *v1alpha1.ClusterServiceVersion, ports []corev1.ServicePort) (*appsv1.DeploymentSpec, error) {
 	logger := log.WithFields(log.Fields{
-		"csv":        csv.GetName(),
-		"namespace":  csv.GetNamespace(),
-		"apiservice": apiServiceName,
+		"csv":            csv.GetName(),
+		"namespace":      csv.GetNamespace(),
+		"deploymentName": deploymentName,
 	})
 
 	// Create a service for the deployment
@@ -397,7 +403,7 @@ func (a *Operator) installAPIServiceRequirements(desc v1alpha1.APIServiceDescrip
 			Selector: depSpec.Selector.MatchLabels,
 		},
 	}
-	service.SetName(desc.DeploymentName)
+	service.SetName(deploymentName)
 	service.SetNamespace(csv.GetNamespace())
 	ownerutil.AddNonBlockingOwner(service, csv)
 
@@ -436,7 +442,7 @@ func (a *Operator) installAPIServiceRequirements(desc v1alpha1.APIServiceDescrip
 	// Create Secret for serving cert
 	certPEM, privPEM, err := servingPair.ToPEM()
 	if err != nil {
-		logger.Warnf("unable to convert serving certificate and private key to PEM format for APIService %s", apiServiceName)
+		logger.Warnf("unable to convert serving certificate and private key to PEM format for Deployment %s", deploymentName)
 		return nil, err
 	}
 
@@ -447,13 +453,13 @@ func (a *Operator) installAPIServiceRequirements(desc v1alpha1.APIServiceDescrip
 		},
 		Type: corev1.SecretTypeTLS,
 	}
-	secret.SetName(apiServiceName + "-cert")
+	secret.SetName(deploymentName + "-cert")
 	secret.SetNamespace(csv.GetNamespace())
 
 	// Add olmcasha hash as a label to the
 	caPEM, _, err := ca.ToPEM()
 	if err != nil {
-		logger.Warnf("unable to convert CA certificate to PEM format for APIService %s", apiServiceName)
+		logger.Warnf("unable to convert CA certificate to PEM format for Deployment %s", deploymentName)
 		return nil, err
 	}
 	caHash := certs.PEMSHA256(caPEM)
@@ -583,7 +589,7 @@ func (a *Operator) installAPIServiceRequirements(desc v1alpha1.APIServiceDescrip
 			Name:     "system:auth-delegator",
 		},
 	}
-	authDelegatorClusterRoleBinding.SetName(apiServiceName + "-system:auth-delegator")
+	authDelegatorClusterRoleBinding.SetName(deploymentName + "-system:auth-delegator")
 
 	existingAuthDelegatorClusterRoleBinding, err := a.lister.RbacV1().ClusterRoleBindingLister().Get(authDelegatorClusterRoleBinding.GetName())
 	if err == nil {
@@ -630,7 +636,7 @@ func (a *Operator) installAPIServiceRequirements(desc v1alpha1.APIServiceDescrip
 			Name:     "extension-apiserver-authentication-reader",
 		},
 	}
-	authReaderRoleBinding.SetName(apiServiceName + "-auth-reader")
+	authReaderRoleBinding.SetName(deploymentName + "-auth-reader")
 	authReaderRoleBinding.SetNamespace("kube-system")
 
 	existingAuthReaderRoleBinding, err := a.lister.RbacV1().RoleBindingLister().RoleBindings("kube-system").Get(authReaderRoleBinding.GetName())