Merge pull request #1 from phsiao/phsiao_kubebuilder2

remove the use of Client.Get() so we don't need to list/watch ServiceAccounts/ConfigMaps/Secrets at cluster level
SeldonIO · Sep 27, 2019 · d95448f · d95448f
2 parents 041a216 + 54645bf
commit d95448f
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 43 deletions.
diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml
@@ -6,30 +6,6 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-  - list
-  - watch
 - apiGroups:
   - ""
   resources:

diff --git a/operator/controllers/model_initializer_injector.go b/operator/controllers/model_initializer_injector.go
@@ -14,17 +14,20 @@ limitations under the License.
 package controllers
 
 import (
-	"context"
+
 	//	"encoding/json"
 	"fmt"
+	"strings"
+
 	"github.com/seldonio/seldon-core/operator/controllers/resources/credentials"
 	"github.com/seldonio/seldon-core/operator/utils"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/types"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"strings"
 )
 
 // TODO: change image to seldon
@@ -47,8 +50,8 @@ var (
 
 func credentialsBuilder(Client client.Client) (credentialsBuilder *credentials.CredentialBuilder, err error) {
 
-	configMap := &corev1.ConfigMap{}
-	err = Client.Get(context.TODO(), types.NamespacedName{Name: ControllerConfigMapName, Namespace: ControllerNamespace}, configMap)
+	clientset := kubernetes.NewForConfigOrDie(ctrl.GetConfigOrDie())
+	configMap, err := clientset.CoreV1().ConfigMaps(ControllerNamespace).Get(ControllerConfigMapName, metav1.GetOptions{})
 	if err != nil {
 		//log.Error(err, "Failed to find config map", "name", ControllerConfigMapName)
 		return nil, err

diff --git a/operator/controllers/resources/credentials/service_account_credentials.go b/operator/controllers/resources/credentials/service_account_credentials.go
@@ -17,13 +17,15 @@ limitations under the License.
 package credentials
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
+
 	"github.com/seldonio/seldon-core/operator/controllers/resources/credentials/gcs"
 	"github.com/seldonio/seldon-core/operator/controllers/resources/credentials/s3"
 	v1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/types"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
 )
@@ -75,17 +77,14 @@ func (c *CredentialBuilder) CreateSecretVolumeAndEnv(namespace string, serviceAc
 		gcsCredentialFileName = c.config.GCS.GCSCredentialFileName
 	}
 
-	serviceAccount := &v1.ServiceAccount{}
-	err := c.client.Get(context.TODO(), types.NamespacedName{Name: serviceAccountName,
-		Namespace: namespace}, serviceAccount)
+	clientset := kubernetes.NewForConfigOrDie(ctrl.GetConfigOrDie())
+	serviceAccount, err := clientset.CoreV1().ServiceAccounts(namespace).Get(serviceAccountName, metav1.GetOptions{})
 	if err != nil {
 		log.Error(err, "Failed to find service account", "ServiceAccountName", serviceAccountName)
 		return nil
 	}
 	for _, secretRef := range serviceAccount.Secrets {
-		secret := &v1.Secret{}
-		err := c.client.Get(context.TODO(), types.NamespacedName{Name: secretRef.Name,
-			Namespace: namespace}, secret)
+		secret, err := clientset.CoreV1().Secrets(namespace).Get(secretRef.Name, metav1.GetOptions{})
 		if err != nil {
 			log.Error(err, "Failed to find secret", "SecretName", secretRef.Name)
 			continue

diff --git a/operator/controllers/seldondeployment_controller.go b/operator/controllers/seldondeployment_controller.go
@@ -20,15 +20,16 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"strconv"
+	"strings"
+
 	"github.com/seldonio/seldon-core/operator/constants"
 	"github.com/seldonio/seldon-core/operator/utils"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
-	"strconv"
-	"strings"
 
 	"github.com/go-logr/logr"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -38,13 +39,14 @@ import (
 
 	"encoding/json"
 
+	"reflect"
+
 	appsv1 "k8s.io/api/apps/v1"
 	autoscaling "k8s.io/api/autoscaling/v2beta1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"knative.dev/pkg/apis/istio/common/v1alpha1"
 	istio "knative.dev/pkg/apis/istio/v1alpha3"
-	"reflect"
 )
 
 const (
@@ -1053,9 +1055,6 @@ func createDeployments(r *SeldonDeploymentReconciler, components *components, in
 // +kubebuilder:rbac:groups=networking.istio.io,resources=destinationrules/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch
-// +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;watch
-// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 // +kubebuilder:rbac:groups=machinelearning.seldon.io,resources=seldondeployments,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=machinelearning.seldon.io,resources=seldondeployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=machinelearning.seldon.io,resources=seldondeployments/finalizers,verbs=get;update;patch