From 5cc1bfe82ded4614652f7ab002a0e2f95c380476 Mon Sep 17 00:00:00 2001 From: Irbe Krumina Date: Thu, 11 Jan 2024 20:03:53 +0000 Subject: [PATCH] cmd/k8s-operator: remove configuration knob for Connector (#10791) The configuration knob (that defaulted to Connector being disabled) was added largely because the Connector CRD had to be installed in a separate step. Now when the CRD has been added to both chart and static manifest, we can have it on by default. Updates tailscale/tailscale#10878 Signed-off-by: Irbe Krumina --- .../deploy/chart/templates/deployment.yaml | 2 - cmd/k8s-operator/deploy/chart/values.yaml | 4 -- .../deploy/manifests/operator.yaml | 2 - cmd/k8s-operator/operator.go | 39 ++++++++----------- 4 files changed, 17 insertions(+), 30 deletions(-) diff --git a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml index 75a53b51e..a451cf27f 100644 --- a/cmd/k8s-operator/deploy/chart/templates/deployment.yaml +++ b/cmd/k8s-operator/deploy/chart/templates/deployment.yaml @@ -59,8 +59,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: ENABLE_CONNECTOR - value: "{{ .Values.enableConnector }}" - name: CLIENT_ID_FILE value: /oauth/client_id - name: CLIENT_SECRET_FILE diff --git a/cmd/k8s-operator/deploy/chart/values.yaml b/cmd/k8s-operator/deploy/chart/values.yaml index 384831d1a..af16a9ffc 100644 --- a/cmd/k8s-operator/deploy/chart/values.yaml +++ b/cmd/k8s-operator/deploy/chart/values.yaml @@ -8,10 +8,6 @@ oauth: {} # clientId: "" # clientSecret: "" -# enableConnector determines whether the operator should reconcile -# connector.tailscale.com custom resources. -enableConnector: "false" - # installCRDs determines whether tailscale.com CRDs should be installed as part # of chart installation. We do not use Helm's CRD installation mechanism as that # does not allow for upgrading CRDs. diff --git a/cmd/k8s-operator/deploy/manifests/operator.yaml b/cmd/k8s-operator/deploy/manifests/operator.yaml index 1e341105a..afdf47135 100644 --- a/cmd/k8s-operator/deploy/manifests/operator.yaml +++ b/cmd/k8s-operator/deploy/manifests/operator.yaml @@ -286,8 +286,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: ENABLE_CONNECTOR - value: "false" - name: CLIENT_ID_FILE value: /oauth/client_id - name: CLIENT_SECRET_FILE diff --git a/cmd/k8s-operator/operator.go b/cmd/k8s-operator/operator.go index bb9919876..c65ada481 100644 --- a/cmd/k8s-operator/operator.go +++ b/cmd/k8s-operator/operator.go @@ -62,7 +62,6 @@ func main() { priorityClassName = defaultEnv("PROXY_PRIORITY_CLASS_NAME", "") tags = defaultEnv("PROXY_TAGS", "tag:k8s") tsFirewallMode = defaultEnv("PROXY_FIREWALL_MODE", "") - tsEnableConnector = defaultBool("ENABLE_CONNECTOR", false) ) var opts []kzap.Opts @@ -93,7 +92,7 @@ func main() { maybeLaunchAPIServerProxy(zlog, restConfig, s, mode) // TODO (irbekrm): gather the reconciler options into an opts struct // rather than passing a million of them in one by one. - runReconcilers(zlog, s, tsNamespace, restConfig, tsClient, image, priorityClassName, tags, tsFirewallMode, tsEnableConnector) + runReconcilers(zlog, s, tsNamespace, restConfig, tsClient, image, priorityClassName, tags, tsFirewallMode) } // initTSNet initializes the tsnet.Server and logs in to Tailscale. It uses the @@ -201,7 +200,7 @@ waitOnline: // runReconcilers starts the controller-runtime manager and registers the // ServiceReconciler. It blocks forever. -func runReconcilers(zlog *zap.SugaredLogger, s *tsnet.Server, tsNamespace string, restConfig *rest.Config, tsClient *tailscale.Client, image, priorityClassName, tags, tsFirewallMode string, enableConnector bool) { +func runReconcilers(zlog *zap.SugaredLogger, s *tsnet.Server, tsNamespace string, restConfig *rest.Config, tsClient *tailscale.Client, image, priorityClassName, tags, tsFirewallMode string) { var ( isDefaultLoadBalancer = defaultBool("OPERATOR_DEFAULT_LOAD_BALANCER", false) ) @@ -222,9 +221,7 @@ func runReconcilers(zlog *zap.SugaredLogger, s *tsnet.Server, tsNamespace string &appsv1.StatefulSet{}: nsFilter, }, }, - } - if enableConnector { - mgrOpts.Scheme = tsapi.GlobalScheme + Scheme: tsapi.GlobalScheme, } mgr, err := manager.New(restConfig, mgrOpts) if err != nil { @@ -278,22 +275,20 @@ func runReconcilers(zlog *zap.SugaredLogger, s *tsnet.Server, tsNamespace string startlog.Fatalf("could not create controller: %v", err) } - if enableConnector { - connectorFilter := handler.EnqueueRequestsFromMapFunc(managedResourceHandlerForType("subnetrouter")) - err = builder.ControllerManagedBy(mgr). - For(&tsapi.Connector{}). - Watches(&appsv1.StatefulSet{}, connectorFilter). - Watches(&corev1.Secret{}, connectorFilter). - Complete(&ConnectorReconciler{ - ssr: ssr, - recorder: eventRecorder, - Client: mgr.GetClient(), - logger: zlog.Named("connector-reconciler"), - clock: tstime.DefaultClock{}, - }) - if err != nil { - startlog.Fatal("could not create connector reconciler: %v", err) - } + connectorFilter := handler.EnqueueRequestsFromMapFunc(managedResourceHandlerForType("connector")) + err = builder.ControllerManagedBy(mgr). + For(&tsapi.Connector{}). + Watches(&appsv1.StatefulSet{}, connectorFilter). + Watches(&corev1.Secret{}, connectorFilter). + Complete(&ConnectorReconciler{ + ssr: ssr, + recorder: eventRecorder, + Client: mgr.GetClient(), + logger: zlog.Named("connector-reconciler"), + clock: tstime.DefaultClock{}, + }) + if err != nil { + startlog.Fatal("could not create connector reconciler: %v", err) } startlog.Infof("Startup complete, operator running, version: %s", version.Long()) if err := mgr.Start(signals.SetupSignalHandler()); err != nil {