create template-service-broker SA during API server startup

openshift · Jul 31, 2017 · 7059840 · 7059840
1 parent 9bf96f9
commit 7059840
Showing 1 changed file with 39 additions and 4 deletions.
diff --git a/pkg/openservicebroker/server/apiserver.go b/pkg/openservicebroker/server/apiserver.go
@@ -1,15 +1,26 @@
 package server
 
 import (
+	"fmt"
+	"time"
+
+	kapierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	genericapiserver "k8s.io/apiserver/pkg/server"
+	"k8s.io/kubernetes/pkg/api"
 	kclientsetinternal "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
 
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
 	templateinformer "github.com/openshift/origin/pkg/template/generated/informers/internalversion"
 	templateservicebroker "github.com/openshift/origin/pkg/template/servicebroker"
-	genericapiserver "k8s.io/apiserver/pkg/server"
 )
 
+// TODO: this file breaks the layering of pkg/openservicebroker and
+// pkg/template/servicebroker; assuming that the latter will move out of origin
+// in 3.7, will leave as is for now.
+
 type TemplateServiceBrokerConfig struct {
 	GenericConfig *genericapiserver.Config
 
@@ -64,9 +75,33 @@ func (c completedTemplateServiceBrokerConfig) New(delegationTarget genericapiser
 
 	// TODO, when/if the TSB becomes a separate entity, this should stop creating the SA and instead die if it cannot find it
 	s.GenericAPIServer.AddPostStartHook("template-service-broker-ensure-service-account", func(context genericapiserver.PostStartHookContext) error {
-		// TODO jim-minter - this is the spot to create the namespace if needed and create the SA if needed.
-		// be tolerant of failures and retry a few times.
-		return nil
+		kc, err := kclientsetinternal.NewForConfig(context.LoopbackClientConfig)
+		if err != nil {
+			utilruntime.HandleError(fmt.Errorf("template service broker: failed to get client: %v", err))
+			return err
+		}
+
+		sa := &api.ServiceAccount{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: bootstrappolicy.InfraTemplateServiceBrokerServiceAccountName,
+			},
+		}
+
+	out:
+		for i := 0; i < 30; i++ {
+			_, err = kc.ServiceAccounts(bootstrappolicy.DefaultOpenShiftInfraNamespace).Create(sa)
+			switch {
+			case err == nil || kapierrors.IsAlreadyExists(err):
+				return nil
+			case kapierrors.IsNotFound(err): // namespace not created yet
+				time.Sleep(time.Second)
+			default:
+				break out
+			}
+		}
+
+		utilruntime.HandleError(fmt.Errorf("creation of template-service-broker SA failed: %v", err))
+		return err
 	})
 
 	return s, nil