Remove sync of pod service accounts

23f89364 · Sergey Dudoladov · 214ae04a · 23f89364 · 23f89364 · 23f89364
Commit 23f89364 authored Apr 19, 2018 by Sergey Dudoladov
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@@ -194,6 +194,36 @@ func (c *Cluster) initUsers() error {
 	return nil
 }

+/*
+  Ensures the service account required by StatefulSets to create pods exists in a namespace before a PG cluster is created there so that a user does not have to deploy the account manually.
+
+  The operator does not sync these accounts.
+*/
+func (c *Cluster) createPodServiceAccounts() error {
+
+	podServiceAccount := c.Config.OpConfig.PodServiceAccountName
+	c.setProcessName("creating pod service account in the watched namespaces")
+
+	_, err := c.KubeClient.ServiceAccounts(c.Namespace).Get(podServiceAccount, metav1.GetOptions{})
+
+	if err != nil {
+		c.logger.Warnf("the pod service account %q is absent from the namespace %q. Stateful sets in the namespace are unable to create pods.", podServiceAccount, c.Namespace)
+
+		c.OpConfig.PodServiceAccount.SetNamespace(c.Namespace)
+
+		_, err = c.KubeClient.ServiceAccounts(c.Namespace).Create(c.OpConfig.PodServiceAccount)
+		if err != nil {
+			c.logger.Warnf("cannot deploy the pod service account %q defined in the config map to the %q namespace: %v", podServiceAccount, c.Namespace, err)
+		} else {
+			c.logger.Infof("successfully deployed the pod service account %q to the %q namespace", podServiceAccount, c.Namespace)
+		}
+	} else {
+		c.logger.Infof("successfully found the service account %q used to create pods to the namespace %q", podServiceAccount, c.Namespace)
+	}
+
+	return err
+}
+
 // Create creates the new kubernetes objects associated with the cluster.
 func (c *Cluster) Create() error {
 	c.mu.Lock()
@@ -256,7 +286,7 @@ func (c *Cluster) Create() error {
 	}
 	c.logger.Infof("pod disruption budget %q has been successfully created", util.NameFromMeta(pdb.ObjectMeta))

-	if err = c.syncPodServiceAccounts(); err != nil {
+	if err = c.createPodServiceAccounts(); err != nil {
 		return fmt.Errorf("could not sync pod service accounts: %v", err)
 	}
 	c.logger.Infof("pod service accounts have been successfully synced")

--- a/pkg/cluster/sync.go
+++ b/pkg/cluster/sync.go
@@ -44,12 +44,6 @@ func (c *Cluster) Sync(newSpec *spec.Postgresql) (err error) {
 		return
 	}

-	c.logger.Debugf("syncing service accounts")
-	if err = c.syncPodServiceAccounts(); err != nil {
-		err = fmt.Errorf("could not sync service accounts: %v", err)
-		return
-	}
-
 	c.logger.Debugf("syncing services")
 	if err = c.syncServices(); err != nil {
 		err = fmt.Errorf("could not sync services: %v", err)
@@ -109,34 +103,6 @@ func (c *Cluster) syncServices() error {
 	return nil
 }

-/*
-  Ensures the service account required by StatefulSets to create pods exists in all namespaces watched by the operator.
-*/
-func (c *Cluster) syncPodServiceAccounts() error {
-
-	podServiceAccount := c.Config.OpConfig.PodServiceAccountName
-	c.setProcessName("syncing pod service account in the watched namespaces")
-
-	_, err := c.KubeClient.ServiceAccounts(c.Namespace).Get(podServiceAccount, metav1.GetOptions{})
-
-	if err != nil {
-		c.logger.Warnf("the pod service account %q is absent from the namespace %q. Stateful sets in the namespace are unable to create pods.", podServiceAccount, c.Namespace)
-
-		c.OpConfig.PodServiceAccount.SetNamespace(c.Namespace)
-
-		_, err = c.KubeClient.ServiceAccounts(c.Namespace).Create(c.OpConfig.PodServiceAccount)
-		if err != nil {
-			c.logger.Warnf("cannot deploy the pod service account %q defined in the config map to the %q namespace: %v", podServiceAccount, c.Namespace, err)
-		} else {
-			c.logger.Infof("successfully deployed the pod service account %q to the %q namespace", podServiceAccount, c.Namespace)
-		}
-	} else {
-		c.logger.Infof("successfully found the service account %q used to create pods to the namespace %q", podServiceAccount, c.Namespace)
-	}
-
-	return err
-}
-
 func (c *Cluster) syncService(role PostgresRole) error {
 	c.setProcessName("syncing %s service", role)


--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@@ -131,7 +131,7 @@ func (c *Controller) initPodServiceAccount() {
 		c.opConfig.PodServiceAccount = obj.(*v1.ServiceAccount)
 	}

-	// actual service accounts are deployed lazily at the time of cluster creation or sync
+	// actual service accounts are deployed at the time of Postgres/Spilo cluster creation
 }

 func (c *Controller) initController() {