fix rbac related issues (#71)

cmd/controller/main.go

@@ -35,7 +35,9 @@ import (
 	"github.com/kubermatic/machine-controller/pkg/signals"
 	"github.com/kubermatic/machine-controller/pkg/ssh"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+
 	apiextclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kubeinformers "k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
@@ -89,8 +91,13 @@ func main() {
 		glog.Fatalf("Error building example clientset: %v", err)
 	}
 
-	kubeInformerFactory := kubeinformers.NewSharedInformerFactory(kubeClient, time.Second*30)
 	machineInformerFactory := machineinformers.NewSharedInformerFactory(machineClient, time.Second*30)
+	kubeInformerFactory := kubeinformers.NewSharedInformerFactory(kubeClient, time.Second*30)
+	kubePublicKubeInformerFactory := kubeinformers.NewFilteredSharedInformerFactory(kubeClient, time.Second*30, metav1.NamespacePublic, nil)
+
+	nodeInformer := kubeInformerFactory.Core().V1().Nodes()
+	configMapInformer := kubePublicKubeInformerFactory.Core().V1().ConfigMaps()
+	machineInformer := machineInformerFactory.Machine().V1alpha1().Machines()
 
 	key, err := ssh.EnsureSSHKeypairSecret(sshKeyName, kubeClient)
 	if err != nil {
@@ -107,12 +114,13 @@ func main() {
 		NodeJoinDuration:    metrics.NodeJoinDuration,
 	}
 
-	c := controller.NewMachineController(kubeClient, machineClient, kubeInformerFactory, machineInformerFactory, key, ips, machineMetrics)
+	c := controller.NewMachineController(kubeClient, machineClient, nodeInformer, configMapInformer, machineInformer, key, ips, machineMetrics)
 
 	go kubeInformerFactory.Start(stopCh)
+	go kubePublicKubeInformerFactory.Start(stopCh)
 	go machineInformerFactory.Start(stopCh)
 
-	for _, syncsMap := range []map[reflect.Type]bool{kubeInformerFactory.WaitForCacheSync(stopCh), machineInformerFactory.WaitForCacheSync(stopCh)} {
+	for _, syncsMap := range []map[reflect.Type]bool{kubeInformerFactory.WaitForCacheSync(stopCh), kubePublicKubeInformerFactory.WaitForCacheSync(stopCh), machineInformerFactory.WaitForCacheSync(stopCh)} {
 		for key, synced := range syncsMap {
 			if !synced {
 				glog.Fatalf("unable to sync %s", key)

examples/machine-controller.yaml

@@ -24,7 +24,7 @@ subjects:
   kind: Group
   name: system:bootstrappers:machine-controller:default-node-token
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1beta2
 kind: Deployment
 metadata:
   name: machine-controller
@@ -37,9 +37,9 @@ spec:
   template:
     metadata:
       annotations:
-        prometheus.io/scrape: true
-        prometheus.io/port: 8085
-        prometheus.io/path: /metrics
+        "prometheus.io/scrape": "true"
+        "prometheus.io/port": "8085"
+        "prometheus.io/path": "/metrics"
       labels:
         app: machine-controller
     spec:
@@ -50,19 +50,21 @@ spec:
           command:
             - /usr/local/bin/machine-controller
             - -logtostderr
-            - -v=8
+            - -v=6
             - -cluster-dns=10.10.10.10
             - -internal-listen-address=0.0.0.0:8085
+          ports:
+          - containerPort: 8085
           livenessProbe:
             httpGet:
               path: /live
-              port: 8086
+              port: 8085
             initialDelaySeconds: 5
             periodSeconds: 5
           readinessProbe:
             httpGet:
               path: /ready
-              port: 8086
+              port: 8085
             periodSeconds: 5
 ---
 apiVersion: v1
@@ -102,10 +104,10 @@ rules:
   - ""
   resources:
   - configmaps
-  resourceNames:
-  - "cluster-info"
   verbs:
   - get
+  - watch
+  - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding

pkg/controller/machine.go

@@ -27,7 +27,7 @@ import (
 	"github.com/golang/glog"
 	"github.com/heptiolabs/healthcheck"
 	machineclientset "github.com/kubermatic/machine-controller/pkg/client/clientset/versioned"
-	"github.com/kubermatic/machine-controller/pkg/client/informers/externalversions"
+	"github.com/kubermatic/machine-controller/pkg/client/informers/externalversions/machines/v1alpha1"
 	machinelistersv1alpha1 "github.com/kubermatic/machine-controller/pkg/client/listers/machines/v1alpha1"
 	"github.com/kubermatic/machine-controller/pkg/cloudprovider"
 	"github.com/kubermatic/machine-controller/pkg/cloudprovider/cloud"
@@ -49,7 +49,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
-	kubeinformers "k8s.io/client-go/informers"
+	corev1informers "k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/scheme"
 	listerscorev1 "k8s.io/client-go/listers/core/v1"
@@ -98,16 +98,13 @@ type MetricsCollection struct {
 func NewMachineController(
 	kubeClient kubernetes.Interface,
 	machineClient machineclientset.Interface,
-	kubeInformerFactory kubeinformers.SharedInformerFactory,
-	machineInformerFactory externalversions.SharedInformerFactory,
+	nodeInformer corev1informers.NodeInformer,
+	configMapInformer corev1informers.ConfigMapInformer,
+	machineInformer v1alpha1.MachineInformer,
 	sshKeypair *ssh.PrivateKey,
 	clusterDNSIPs []net.IP,
 	metrics MetricsCollection) *Controller {
 
-	nodeInformer := kubeInformerFactory.Core().V1().Nodes()
-	configMapInformer := kubeInformerFactory.Core().V1().ConfigMaps()
-	machineInformer := machineInformerFactory.Machine().V1alpha1().Machines()
-
 	controller := &Controller{
 		kubeClient:      kubeClient,
 		nodesLister:     nodeInformer.Lister(),
@@ -639,6 +636,8 @@ func (c *Controller) ReadinessChecks() map[string]healthcheck.Check {
 		"valid-info-kubeconfig": func() error {
 			cm, err := c.getClusterInfoKubeconfig()
 			if err != nil {
+				err := fmt.Errorf("failed to get cluster-info configmap: %v", err)
+				glog.V(2).Info(err)
 				return err
 			}
 			if len(cm.Clusters) != 1 {

pkg/health/readiness.go

@@ -8,7 +8,7 @@ import (
 
 func ApiserverReachable(client kubernetes.Interface) healthcheck.Check {
 	return func() error {
-		_, err := client.CoreV1().Namespaces().List(metav1.ListOptions{})
+		_, err := client.CoreV1().Nodes().List(metav1.ListOptions{})
 		return err
 	}
 }