diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index e2ca41043..4d585c529 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -106,6 +106,12 @@ rules: - list - update - watch +- apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters/finalizers + verbs: + - update - apiGroups: - rabbitmq.com resources: diff --git a/controllers/rabbitmqcluster_controller.go b/controllers/rabbitmqcluster_controller.go index e1e9de5ce..e4f3729c9 100644 --- a/controllers/rabbitmqcluster_controller.go +++ b/controllers/rabbitmqcluster_controller.go @@ -75,13 +75,13 @@ type RabbitmqClusterReconciler struct { // +kubebuilder:rbac:groups="",resources=pods/exec,verbs=create // +kubebuilder:rbac:groups="",resources=pods,verbs=update;get;list;watch // +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update -// +kubebuilder:rbac:groups="",resources=endpoints,verbs=get;watch +// +kubebuilder:rbac:groups="",resources=endpoints,verbs=get;watch;list // +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;delete -// +kubebuilder:rbac:groups="",resources=endpoints,verbs=list // +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update // +kubebuilder:rbac:groups=rabbitmq.com,resources=rabbitmqclusters,verbs=get;list;watch;create;update // +kubebuilder:rbac:groups=rabbitmq.com,resources=rabbitmqclusters/status,verbs=get;update +// +kubebuilder:rbac:groups=rabbitmq.com,resources=rabbitmqclusters/finalizers,verbs=update // +kubebuilder:rbac:groups="",resources=events,verbs=get;create;patch // +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;watch;create;update // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=roles,verbs=get;list;watch;create;update diff --git a/go.mod b/go.mod index 5f1fa159d..582c6554f 100644 --- a/go.mod +++ b/go.mod @@ -25,6 +25,7 @@ require ( k8s.io/api v0.18.6 k8s.io/apimachinery v0.18.6 k8s.io/client-go v0.18.6 + k8s.io/utils v0.0.0-20200603063816-c1c6865ac451 sigs.k8s.io/controller-runtime v0.6.2 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e // indirect ) diff --git a/internal/resource/statefulset.go b/internal/resource/statefulset.go index 2be32e9ed..32aa0f941 100644 --- a/internal/resource/statefulset.go +++ b/internal/resource/statefulset.go @@ -21,6 +21,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/strategicpatch" + "k8s.io/utils/pointer" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" ) @@ -91,6 +92,7 @@ func (builder *StatefulSetBuilder) Build() (runtime.Object, error) { if err := controllerutil.SetControllerReference(builder.Instance, &pvcList[i], builder.Scheme); err != nil { return nil, fmt.Errorf("failed setting controller reference: %v", err) } + disableBlockOwnerDeletion(pvcList[i]) } sts.Spec.VolumeClaimTemplates = pvcList } @@ -121,10 +123,19 @@ func persistentVolumeClaim(instance *rabbitmqv1beta1.RabbitmqCluster, scheme *ru if err := controllerutil.SetControllerReference(instance, &pvc, scheme); err != nil { return []corev1.PersistentVolumeClaim{}, fmt.Errorf("failed setting controller reference: %v", err) } + disableBlockOwnerDeletion(pvc) return []corev1.PersistentVolumeClaim{pvc}, nil } +// required for OpenShift compatibility, see https://github.com/rabbitmq/cluster-operator/issues/234 +func disableBlockOwnerDeletion(pvc corev1.PersistentVolumeClaim) { + refs := pvc.OwnerReferences + for i := range refs { + refs[i].BlockOwnerDeletion = pointer.BoolPtr(false) + } +} + func (builder *StatefulSetBuilder) Update(object runtime.Object) error { sts := object.(*appsv1.StatefulSet) diff --git a/internal/resource/statefulset_test.go b/internal/resource/statefulset_test.go index d4af4b606..450f0be14 100644 --- a/internal/resource/statefulset_test.go +++ b/internal/resource/statefulset_test.go @@ -21,6 +21,7 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" defaultscheme "k8s.io/client-go/kubernetes/scheme" + "k8s.io/utils/pointer" ) var _ = Describe("StatefulSet", func() { @@ -94,7 +95,6 @@ var _ = Describe("StatefulSet", func() { }) Context("PVC template", func() { It("creates the required PersistentVolumeClaim", func() { - truth := true q, _ := k8sresource.ParseQuantity("10Gi") obj, err := stsBuilder.Build() @@ -116,8 +116,8 @@ var _ = Describe("StatefulSet", func() { Kind: "RabbitmqCluster", Name: instance.Name, UID: "", - Controller: &truth, - BlockOwnerDeletion: &truth, + Controller: pointer.BoolPtr(true), + BlockOwnerDeletion: pointer.BoolPtr(false), }, }, Annotations: map[string]string{}, @@ -169,7 +169,6 @@ var _ = Describe("StatefulSet", func() { It("overrides the PVC list", func() { storageClass := "my-storage-class" - truth := true builder.Instance.Spec.Override.StatefulSet = &rabbitmqv1beta1.StatefulSet{ Spec: &rabbitmqv1beta1.StatefulSetSpec{ VolumeClaimTemplates: []rabbitmqv1beta1.PersistentVolumeClaim{ @@ -220,8 +219,8 @@ var _ = Describe("StatefulSet", func() { Kind: "RabbitmqCluster", Name: instance.Name, UID: "", - Controller: &truth, - BlockOwnerDeletion: &truth, + Controller: pointer.BoolPtr(true), + BlockOwnerDeletion: pointer.BoolPtr(false), }, }, }, @@ -244,8 +243,8 @@ var _ = Describe("StatefulSet", func() { Kind: "RabbitmqCluster", Name: instance.Name, UID: "", - Controller: &truth, - BlockOwnerDeletion: &truth, + Controller: pointer.BoolPtr(true), + BlockOwnerDeletion: pointer.BoolPtr(false), }, }, },