@@ -25,15 +25,13 @@ import (
2525 appsv1 "k8s.io/api/apps/v1"
2626 authzv1 "k8s.io/api/authorization/v1"
2727 corev1 "k8s.io/api/core/v1"
28- rbacv1 "k8s.io/api/rbac/v1"
2928 apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
3029 "k8s.io/apimachinery/pkg/api/errors"
3130 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
3231 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
3332 "k8s.io/apimachinery/pkg/labels"
3433 "k8s.io/apimachinery/pkg/runtime/schema"
3534 "k8s.io/apimachinery/pkg/types"
36- "k8s.io/apimachinery/pkg/util/intstr"
3735 "k8s.io/apimachinery/pkg/util/wait"
3836 "k8s.io/client-go/kubernetes/scheme"
3937 authorizationv1 "k8s.io/client-go/kubernetes/typed/authorization/v1"
@@ -569,122 +567,26 @@ func (m *Manager) ApplyToConsumer(
569567func (m * Manager ) ensureKonnector (ctx context.Context , c client.Client , konnectorImage string ) (bool , error ) {
570568 // Check if konnector deployment already exists
571569 existing := & appsv1.Deployment {}
572- err := c .Get (ctx , types.NamespacedName {Name : "konnector" , Namespace : "kube-bind" }, existing )
570+ err := c .Get (ctx , types.NamespacedName {Name : kuberesources . KonnectorDeploymentName , Namespace : kuberesources . KonnectorNamespace }, existing )
573571 if err == nil {
574572 return false , nil // already deployed
575573 }
576574 if ! errors .IsNotFound (err ) {
577575 return false , fmt .Errorf ("failed to check for existing konnector: %w" , err )
578576 }
579577
580- // ServiceAccount
581- sa := & corev1.ServiceAccount {
582- ObjectMeta : metav1.ObjectMeta {
583- Name : "konnector" ,
584- Namespace : "kube-bind" ,
585- },
586- }
587- if err := c .Create (ctx , sa ); err != nil && ! errors .IsAlreadyExists (err ) {
588- return false , fmt .Errorf ("failed to create konnector service account: %w" , err )
589- }
578+ manifests := kuberesources .NewKonnectorManifests (konnectorImage )
590579
591- // ClusterRole
592- cr := & rbacv1.ClusterRole {
593- ObjectMeta : metav1.ObjectMeta {
594- Name : "kube-bind-konnector" ,
595- },
596- Rules : []rbacv1.PolicyRule {
597- {
598- APIGroups : []string {"*" },
599- Resources : []string {"*" },
600- Verbs : []string {"*" },
601- },
602- },
580+ if err := c .Create (ctx , manifests .ServiceAccount ); err != nil && ! errors .IsAlreadyExists (err ) {
581+ return false , fmt .Errorf ("failed to create konnector service account: %w" , err )
603582 }
604- if err := c .Create (ctx , cr ); err != nil && ! errors .IsAlreadyExists (err ) {
583+ if err := c .Create (ctx , manifests . ClusterRole ); err != nil && ! errors .IsAlreadyExists (err ) {
605584 return false , fmt .Errorf ("failed to create konnector cluster role: %w" , err )
606585 }
607-
608- // ClusterRoleBinding
609- crb := & rbacv1.ClusterRoleBinding {
610- ObjectMeta : metav1.ObjectMeta {
611- Name : "kube-bind-konnector" ,
612- },
613- RoleRef : rbacv1.RoleRef {
614- APIGroup : "rbac.authorization.k8s.io" ,
615- Kind : "ClusterRole" ,
616- Name : "kube-bind-konnector" ,
617- },
618- Subjects : []rbacv1.Subject {
619- {
620- Kind : "ServiceAccount" ,
621- Name : "konnector" ,
622- Namespace : "kube-bind" ,
623- },
624- },
625- }
626- if err := c .Create (ctx , crb ); err != nil && ! errors .IsAlreadyExists (err ) {
586+ if err := c .Create (ctx , manifests .ClusterRoleBinding ); err != nil && ! errors .IsAlreadyExists (err ) {
627587 return false , fmt .Errorf ("failed to create konnector cluster role binding: %w" , err )
628588 }
629-
630- // Deployment
631- replicas := int32 (2 )
632- httpPort := intstr .FromInt (8090 )
633- deploy := & appsv1.Deployment {
634- ObjectMeta : metav1.ObjectMeta {
635- Name : "konnector" ,
636- Namespace : "kube-bind" ,
637- Labels : map [string ]string {"app" : "konnector" },
638- },
639- Spec : appsv1.DeploymentSpec {
640- Replicas : & replicas ,
641- Selector : & metav1.LabelSelector {
642- MatchLabels : map [string ]string {"app" : "konnector" },
643- },
644- Template : corev1.PodTemplateSpec {
645- ObjectMeta : metav1.ObjectMeta {
646- Labels : map [string ]string {"app" : "konnector" },
647- },
648- Spec : corev1.PodSpec {
649- RestartPolicy : corev1 .RestartPolicyAlways ,
650- ServiceAccountName : "konnector" ,
651- Containers : []corev1.Container {
652- {
653- Name : "konnector" ,
654- Image : konnectorImage ,
655- Env : []corev1.EnvVar {
656- {
657- Name : "POD_NAME" ,
658- ValueFrom : & corev1.EnvVarSource {
659- FieldRef : & corev1.ObjectFieldSelector {
660- FieldPath : "metadata.name" ,
661- },
662- },
663- },
664- {
665- Name : "POD_NAMESPACE" ,
666- ValueFrom : & corev1.EnvVarSource {
667- FieldRef : & corev1.ObjectFieldSelector {
668- FieldPath : "metadata.namespace" ,
669- },
670- },
671- },
672- },
673- ReadinessProbe : & corev1.Probe {
674- ProbeHandler : corev1.ProbeHandler {
675- HTTPGet : & corev1.HTTPGetAction {
676- Path : "/healthz" ,
677- Port : httpPort ,
678- },
679- },
680- },
681- },
682- },
683- },
684- },
685- },
686- }
687- if err := c .Create (ctx , deploy ); err != nil {
589+ if err := c .Create (ctx , manifests .Deployment ); err != nil {
688590 return false , fmt .Errorf ("failed to create konnector deployment: %w" , err )
689591 }
690592
0 commit comments