diff --git a/charts/catalog/templates/rbac.yaml b/charts/catalog/templates/rbac.yaml index 1553cfa3865..8b142922125 100644 --- a/charts/catalog/templates/rbac.yaml +++ b/charts/catalog/templates/rbac.yaml @@ -16,7 +16,7 @@ rules: # TODO: do not grant global access, limit to particular secrets referenced from servicebindings - apiGroups: [""] resources: ["secrets"] - verbs: ["get","create","update","delete", "list", "watch"] + verbs: ["get","create","update","delete"] - apiGroups: [""] resources: ["pods"] verbs: ["get","list","update", "patch", "watch", "delete", "initialize"] diff --git a/cmd/controller-manager/app/controller_manager.go b/cmd/controller-manager/app/controller_manager.go index d451412057c..20fa4eee9c9 100644 --- a/cmd/controller-manager/app/controller_manager.go +++ b/cmd/controller-manager/app/controller_manager.go @@ -59,7 +59,6 @@ import ( "github.com/spf13/cobra" "github.com/spf13/pflag" - "k8s.io/client-go/informers" "k8s.io/klog" ) @@ -303,10 +302,7 @@ func StartControllers(s *options.ControllerManagerServer, if err != nil { klog.Fatal(err) } - klog.V(5).Infof("Creating shared informers; resync interval: %v", s.ResyncInterval) - - coreInformerFactory := informers.NewSharedInformerFactory(coreClient, s.ResyncInterval) - coreInformers := coreInformerFactory.Core() + klog.V(5).Infof("Creating shared informer; resync interval: %v", s.ResyncInterval) // Build the informer factory for service-catalog resources informerFactory := servicecataloginformers.NewSharedInformerFactory( @@ -319,7 +315,6 @@ func StartControllers(s *options.ControllerManagerServer, klog.V(5).Infof("Creating controller; broker relist interval: %v", s.ServiceBrokerRelistInterval) serviceCatalogController, err := controller.NewController( coreClient, - coreInformers.V1().Secrets(), serviceCatalogClientBuilder.ClientOrDie(controllerManagerAgentName).ServicecatalogV1beta1(), serviceCatalogSharedInformers.ClusterServiceBrokers(), serviceCatalogSharedInformers.ServiceBrokers(), @@ -345,11 +340,9 @@ func StartControllers(s *options.ControllerManagerServer, klog.V(1).Info("Starting shared informers") informerFactory.Start(stop) - coreInformerFactory.Start(stop) klog.V(5).Info("Waiting for caches to sync") informerFactory.WaitForCacheSync(stop) - coreInformerFactory.WaitForCacheSync(stop) klog.V(5).Info("Running controller") go serviceCatalogController.Run(s.ConcurrentSyncs, stop) diff --git a/pkg/controller/case_test.go b/pkg/controller/case_test.go index b0c7b318708..5efe12c9473 100644 --- a/pkg/controller/case_test.go +++ b/pkg/controller/case_test.go @@ -48,7 +48,6 @@ import ( "k8s.io/apimachinery/pkg/util/uuid" "k8s.io/apimachinery/pkg/util/wait" utilfeature "k8s.io/apiserver/pkg/util/feature" - k8sinformers "k8s.io/client-go/informers" fakek8s "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/tools/record" ) @@ -107,9 +106,6 @@ func newControllerTest(t *testing.T) *controllerTest { fakeOSBClient := fakeosb.NewFakeClient(fixtureHappyPathBrokerClientConfig()) - coreInformerFactory := k8sinformers.NewSharedInformerFactory(k8sClient, time.Minute) - coreInformers := coreInformerFactory.Core() - scClient := fakesc.NewSimpleClientset() informerFactory := scinformers.NewSharedInformerFactory(scClient, 0) serviceCatalogSharedInformers := informerFactory.Servicecatalog().V1beta1() @@ -136,7 +132,6 @@ func newControllerTest(t *testing.T) *controllerTest { testController, err := controller.NewController( k8sClient, - coreInformers.V1().Secrets(), scClient.ServicecatalogV1beta1(), serviceCatalogSharedInformers.ClusterServiceBrokers(), serviceCatalogSharedInformers.ServiceBrokers(), @@ -167,9 +162,7 @@ func newControllerTest(t *testing.T) *controllerTest { // start and sync informers testCase.stopCh = make(chan struct{}) informerFactory.Start(testCase.stopCh) - coreInformerFactory.Start(testCase.stopCh) informerFactory.WaitForCacheSync(testCase.stopCh) - coreInformerFactory.WaitForCacheSync(testCase.stopCh) // start the controller go testController.Run(1, testCase.stopCh) diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 9143d42f87e..95c1175a17e 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -52,8 +52,6 @@ import ( scfeatures "github.com/kubernetes-sigs/service-catalog/pkg/features" "github.com/kubernetes-sigs/service-catalog/pkg/filter" "github.com/kubernetes-sigs/service-catalog/pkg/pretty" - v12 "k8s.io/client-go/informers/core/v1" - "k8s.io/client-go/listers/core/v1" ) const ( @@ -78,7 +76,6 @@ const ( // NewController returns a new Open Service Broker catalog controller. func NewController( kubeClient kubernetes.Interface, - secretInformer v12.SecretInformer, serviceCatalogClient servicecatalogclientset.ServicecatalogV1beta1Interface, clusterServiceBrokerInformer informers.ClusterServiceBrokerInformer, serviceBrokerInformer informers.ServiceBrokerInformer, @@ -100,7 +97,6 @@ func NewController( ) (Controller, error) { controller := &controller{ kubeClient: kubeClient, - secretLister: secretInformer.Lister(), serviceCatalogClient: serviceCatalogClient, brokerRelistInterval: brokerRelistInterval, OSBAPIPreferredVersion: osbAPIPreferredVersion, @@ -205,7 +201,6 @@ type controller struct { bindingLister listers.ServiceBindingLister clusterServicePlanLister listers.ClusterServicePlanLister servicePlanLister listers.ServicePlanLister - secretLister v1.SecretLister brokerRelistInterval time.Duration OSBAPIPreferredVersion string OSBAPITimeOut time.Duration @@ -693,7 +688,7 @@ func (c *controller) getAuthCredentialsFromClusterServiceBroker(broker *v1beta1. authInfo := broker.Spec.AuthInfo if authInfo.Basic != nil { secretRef := authInfo.Basic.SecretRef - secret, err := c.secretLister.Secrets(secretRef.Namespace).Get(secretRef.Name) + secret, err := c.kubeClient.CoreV1().Secrets(secretRef.Namespace).Get(context.TODO(), secretRef.Name, metav1.GetOptions{}) if err != nil { return nil, err } @@ -706,7 +701,7 @@ func (c *controller) getAuthCredentialsFromClusterServiceBroker(broker *v1beta1. }, nil } else if authInfo.Bearer != nil { secretRef := authInfo.Bearer.SecretRef - secret, err := c.secretLister.Secrets(secretRef.Namespace).Get(secretRef.Name) + secret, err := c.kubeClient.CoreV1().Secrets(secretRef.Namespace).Get(context.TODO(), secretRef.Name, metav1.GetOptions{}) if err != nil { return nil, err } @@ -731,7 +726,7 @@ func (c *controller) getAuthCredentialsFromServiceBroker(broker *v1beta1.Service authInfo := broker.Spec.AuthInfo if authInfo.Basic != nil { secretRef := authInfo.Basic.SecretRef - secret, err := c.secretLister.Secrets(broker.Namespace).Get(secretRef.Name) + secret, err := c.kubeClient.CoreV1().Secrets(broker.Namespace).Get(context.TODO(), secretRef.Name, metav1.GetOptions{}) if err != nil { return nil, err } @@ -744,7 +739,7 @@ func (c *controller) getAuthCredentialsFromServiceBroker(broker *v1beta1.Service }, nil } else if authInfo.Bearer != nil { secretRef := authInfo.Bearer.SecretRef - secret, err := c.secretLister.Secrets(broker.Namespace).Get(secretRef.Name) + secret, err := c.kubeClient.CoreV1().Secrets(broker.Namespace).Get(context.TODO(), secretRef.Name, metav1.GetOptions{}) if err != nil { return nil, err } diff --git a/pkg/controller/controller_test.go b/pkg/controller/controller_test.go index 0a58464c0e9..bfe996fb860 100644 --- a/pkg/controller/controller_test.go +++ b/pkg/controller/controller_test.go @@ -46,7 +46,6 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/client-go/informers" clientgofake "k8s.io/client-go/kubernetes/fake" clientgotesting "k8s.io/client-go/testing" "k8s.io/client-go/tools/record" @@ -2429,15 +2428,11 @@ func newTestController(t *testing.T, config fakeosb.FakeClientConfiguration) ( informerFactory := servicecataloginformers.NewSharedInformerFactory(fakeCatalogClient, 0) serviceCatalogSharedInformers := informerFactory.Servicecatalog().V1beta1() - k8sInformerFactory := informers.NewSharedInformerFactory(fakeKubeClient, 0) - k8sInformers := k8sInformerFactory.Core().V1() - fakeRecorder := record.NewFakeRecorder(5) // create a test controller testController, err := NewController( fakeKubeClient, - k8sInformers.Secrets(), fakeCatalogClient.ServicecatalogV1beta1(), serviceCatalogSharedInformers.ClusterServiceBrokers(), serviceCatalogSharedInformers.ServiceBrokers(),