d2b2393d52
@kopf.on.update('secrets') will cause us to attempt to listen to
updates to every secret in the Kubernetes cluster in which we are
running. This is negative because:
* kopf annotates every object it is watching to track last known
state, which will be *every secret in the cluster* if with the
current approach. This is a somewhat obnoxious behaviour.
* if the operator is not running with elevated priviledges, this may
not work correctly anyway, although the current deployment does
provide the operator user with cluster-admin priviledges
Instead, we should only track the secrets that we've expressed
interest in, which is effectively what we're doing anyway, but this
will save us from annotating every secret in the cluster.
Change-Id: I540841ee8b053ae05ca7943aca3f1646b509cfd9
Zuul Operator
Build the image
$ make image
Install the operator
$ make install
kubectl apply -f deploy/crds/zuul-ci_v1alpha2_zuul_crd.yaml -f deploy/rbac.yaml -f deploy/operator.yaml
Look for operator pod and check it's output
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
zuul-operator-c64756f66-rbdmg 2/2 Running 0 3s
$ kubectl logs zuul-operator-c64756f66-rbdmg
[...]
{"level":"info","ts":1554197305.5853095,"logger":"cmd","msg":"Go Version: go1.10.3"}
{"level":"info","ts":1554197305.5854425,"logger":"cmd","msg":"Go OS/Arch: linux/amd64"}
{"level":"info","ts":1554197305.5854564,"logger":"cmd","msg":"Version of operator-sdk: v0.6.0"}
{"level":"info","ts":1554197305.5855,"logger":"cmd","msg":"Watching namespace.","Namespace":"default"}
[...]
Usage
$ kubectl apply -f - <<EOF
apiVersion: operator.zuul-ci.org/v1alpha2
kind: Zuul
metadata:
name: example-zuul
spec:
EOF
zuul.zuul-ci.org/example-zuul created