func()

in operator/pkg/controllers/master/authenticatorconfig.go [54:139]

• 86 lines of code
• 1 McCabe index (conditional complexity)

func (c *Controller) reconcileAuthenticatorDaemonSet(ctx context.Context, controlPlane *v1alpha1.ControlPlane) error {
	return c.kubeClient.EnsurePatch(ctx, &appsv1.DaemonSet{},
		&appsv1.DaemonSet{
			ObjectMeta: metav1.ObjectMeta{
				Name:      AuthenticatorDaemonSetName(controlPlane.ClusterName()),
				Namespace: controlPlane.Namespace,
				Labels:    authenticatorLabels(),
			},
			Spec: appsv1.DaemonSetSpec{
				UpdateStrategy: appsv1.DaemonSetUpdateStrategy{Type: appsv1.RollingUpdateDaemonSetStrategyType},
				Selector: &metav1.LabelSelector{
					MatchLabels: authenticatorLabels(),
				},
				Template: v1.PodTemplateSpec{
					ObjectMeta: metav1.ObjectMeta{Labels: authenticatorLabels()},
					Spec: v1.PodSpec{
						HostNetwork:  true,
						NodeSelector: APIServerLabels(controlPlane.ClusterName()),
						Tolerations:  []v1.Toleration{{Operator: v1.TolerationOpExists}},
						InitContainers: []v1.Container{{
							Name:  "chown",
							Image: imageprovider.BusyBox(),
							Command: []string{
								"sh",
								"-c",
								"chown -R 10000:10000 /var/aws-iam-authenticator/state/ && chown -R 10000:10000 /var/aws-iam-authenticator/kubeconfig && ls -lrt /var/",
							},
							SecurityContext: &v1.SecurityContext{AllowPrivilegeEscalation: ptr.Bool(true)},
							VolumeMounts: []v1.VolumeMount{{
								Name:      "state",
								MountPath: "/var/aws-iam-authenticator/state/",
							}, {
								Name:      "kubeconfig",
								MountPath: "/var/aws-iam-authenticator/kubeconfig/",
							}},
						}},
						Containers: []v1.Container{{
							Name:  "aws-iam-authenticator",
							Image: imageprovider.AWSIamAuthenticator(),
							Args: []string{
								"server",
								"--master=https://localhost/",
								"--config=/etc/aws-iam-authenticator/config.yaml",
								"--state-dir=/var/aws-iam-authenticator/state/",
								"--generate-kubeconfig=/var/aws-iam-authenticator/kubeconfig/kubeconfig.yaml",
							},
							SecurityContext: &v1.SecurityContext{AllowPrivilegeEscalation: ptr.Bool(true)},
							VolumeMounts: []v1.VolumeMount{{
								Name:      "config",
								MountPath: "/etc/aws-iam-authenticator/",
							}, {
								Name:      "state",
								MountPath: "/var/aws-iam-authenticator/state/",
							}, {
								Name:      "kubeconfig",
								MountPath: "/var/aws-iam-authenticator/kubeconfig/",
							}},
						}},
						Volumes: []v1.Volume{{
							Name: "config",
							VolumeSource: v1.VolumeSource{
								ConfigMap: &v1.ConfigMapVolumeSource{
									LocalObjectReference: v1.LocalObjectReference{Name: AuthenticatorConfigMapName(controlPlane.ClusterName())},
								},
							},
						}, {
							Name: "kubeconfig",
							VolumeSource: v1.VolumeSource{
								HostPath: &v1.HostPathVolumeSource{
									Path: "/var/aws-iam-authenticator/kubeconfig/",
								},
							},
						}, {
							Name: "state",
							VolumeSource: v1.VolumeSource{
								HostPath: &v1.HostPathVolumeSource{
									Path: "/var/aws-iam-authenticator/state/",
								},
							},
						}},
					},
				},
			},
		},
	)
}