Merge pull request #23 from replicatedhq/windows

Windows binaries

Author: marccampbell

Makefile

@@ -87,7 +87,7 @@ release:
 
 .PHONY: local-release
 local-release:
-	curl -sL https://git.io/goreleaser | bash -s -- --rm-dist --snapshot --config deploy/.goreleaser.snapshot.yml
+	curl -sL https://git.io/goreleaser | bash -s -- --rm-dist --snapshot --config deploy/.goreleaser.local.yml
 	docker tag replicated/troubleshoot:alpha localhost:32000/troubleshoot:alpha
 	docker tag replicated/preflight:alpha localhost:32000/preflight:alpha
 	docker tag replicated/troubleshoot-manager:alpha localhost:32000/troubleshoot-manager:alpha

cmd/preflight/cli/run.go

@@ -40,6 +40,8 @@ func Run() *cobra.Command {
 	cmd.Flags().String("collector-image", "", "the full name of the collector image to use")
 	cmd.Flags().String("collector-pullpolicy", "", "the pull policy of the collector image")
 
+	cmd.Flags().String("serviceaccount", "", "name of the service account to use. if not provided, one will be created")
+
 	viper.BindPFlags(cmd.Flags())
 
 	return cmd

cmd/preflight/cli/run_nocrd.go

@@ -125,6 +125,17 @@ func runCollectors(v *viper.Viper, preflight troubleshootv1beta1.Preflight) (map
 	}
 	restClient := clientset.CoreV1().RESTClient()
 
+	serviceAccountName := v.GetString("serviceaccount")
+	if serviceAccountName == "" {
+		generatedServiceAccountName, err := createServiceAccount(preflight, v.GetString("namespace"), clientset)
+		if err != nil {
+			return nil, err
+		}
+		defer removeServiceAccount(generatedServiceAccountName, v.GetString("namespace"), clientset)
+
+		serviceAccountName = generatedServiceAccountName
+	}
+
 	// deploy an object that "owns" everything to aid in cleanup
 	owner := corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
@@ -186,6 +197,11 @@ func runCollectors(v *viper.Viper, preflight troubleshootv1beta1.Preflight) (map
 					return
 				}
 
+				if newPod.Status.Phase == corev1.PodFailed {
+					podsDeleted = append(podsDeleted, newPod)
+					return
+				}
+
 				if newPod.Status.Phase != corev1.PodSucceeded {
 					return
 				}
@@ -229,7 +245,7 @@ func runCollectors(v *viper.Viper, preflight troubleshootv1beta1.Preflight) (map
 	s := runtime.NewScheme()
 	s.AddKnownTypes(schema.GroupVersion{Group: "", Version: "v1"}, &corev1.ConfigMap{})
 	for _, collector := range desiredCollectors {
-		_, pod, err := collectrunner.CreateCollector(client, s, &owner, preflight.Name, v.GetString("namespace"), "preflight", collector, v.GetString("image"), v.GetString("pullpolicy"))
+		_, pod, err := collectrunner.CreateCollector(client, s, &owner, preflight.Name, v.GetString("namespace"), serviceAccountName, "preflight", collector, v.GetString("image"), v.GetString("pullpolicy"))
 		if err != nil {
 			return nil, err
 		}

cmd/preflight/cli/serviceaccount.go

@@ -0,0 +1,131 @@
+package cli
+
+import (
+	"fmt"
+
+	troubleshootv1beta1 "github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta1"
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+)
+
+func createServiceAccount(preflight troubleshootv1beta1.Preflight, namespace string, clientset *kubernetes.Clientset) (string, error) {
+	name := fmt.Sprintf("preflight-%s", preflight.Name)
+
+	serviceAccount := corev1.ServiceAccount{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ServiceAccount",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		Secrets: []corev1.ObjectReference{
+			{
+				APIVersion: "v1",
+				Kind:       "Secret",
+				Name:       name,
+				Namespace:  namespace,
+			},
+		},
+	}
+	_, err := clientset.CoreV1().ServiceAccounts(namespace).Create(&serviceAccount)
+	if err != nil {
+		return "", err
+	}
+
+	role := rbacv1.ClusterRole{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ClusterRole",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		Rules: []rbacv1.PolicyRule{
+			{
+				APIGroups: []string{""},
+				Resources: []string{
+					"namespaces",
+					"pods",
+					"services",
+					"secrets",
+				},
+				Verbs: metav1.Verbs{"list"},
+			},
+			{
+				APIGroups: []string{"apps"},
+				Resources: []string{"deployments"},
+				Verbs:     metav1.Verbs{"list"},
+			},
+			{
+				APIGroups: []string{"extensions"},
+				Resources: []string{"ingresses"},
+				Verbs:     metav1.Verbs{"list"},
+			},
+			{
+				APIGroups: []string{"storage.k8s.io"},
+				Resources: []string{"storageclasses"},
+				Verbs:     metav1.Verbs{"list"},
+			},
+			{
+				APIGroups: []string{"apiextensions.k8s.io"},
+				Resources: []string{"customresourcedefinitions"},
+				Verbs:     metav1.Verbs{"list"},
+			},
+		},
+	}
+	_, err = clientset.RbacV1().ClusterRoles().Create(&role)
+	if err != nil {
+		return "", err
+	}
+
+	roleBinding := rbacv1.ClusterRoleBinding{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ClusterRoleBinding",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				Kind:      "ServiceAccount",
+				Name:      name,
+				Namespace: namespace,
+			},
+		},
+		RoleRef: rbacv1.RoleRef{
+			APIGroup: "rbac.authorization.k8s.io",
+			Kind:     "ClusterRole",
+			Name:     name,
+		},
+	}
+	_, err = clientset.RbacV1().ClusterRoleBindings().Create(&roleBinding)
+	if err != nil {
+		return "", err
+	}
+
+	return name, nil
+}
+
+func removeServiceAccount(name string, namespace string, clientset *kubernetes.Clientset) error {
+	if err := clientset.RbacV1().ClusterRoleBindings().Delete(name, &metav1.DeleteOptions{}); err != nil {
+		return err
+	}
+
+	if err := clientset.RbacV1().ClusterRoles().Delete(name, &metav1.DeleteOptions{}); err != nil {
+		return err
+	}
+
+	if err := clientset.CoreV1().ServiceAccounts(namespace).Delete(name, &metav1.DeleteOptions{}); err != nil {
+		return err
+	}
+
+
+	return nil
+}

cmd/troubleshoot/cli/run.go

@@ -19,12 +19,7 @@ For example:
 troubleshoot run --collectors application --wait
 		`,
 		PreRun: func(cmd *cobra.Command, args []string) {
-			viper.BindPFlag("collectors", cmd.Flags().Lookup("collectors"))
-			viper.BindPFlag("namespace", cmd.Flags().Lookup("namespace"))
-			viper.BindPFlag("kubecontext", cmd.Flags().Lookup("kubecontext"))
-			viper.BindPFlag("image", cmd.Flags().Lookup("image"))
-			viper.BindPFlag("pullpolicy", cmd.Flags().Lookup("pullpolicy"))
-			viper.BindPFlag("redact", cmd.Flags().Lookup("redact"))
+			viper.BindPFlags(cmd.Flags())
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 			v := viper.GetViper()
@@ -46,6 +41,7 @@ troubleshoot run --collectors application --wait
 	cmd.Flags().String("pullpolicy", "", "the pull policy of the collector image")
 	cmd.Flags().Bool("redact", true, "enable/disable default redactions")
 
+	cmd.Flags().String("serviceaccount", "", "name of the service account to use. if not provided, one will be created")
 	viper.BindPFlags(cmd.Flags())
 
 	return cmd

cmd/troubleshoot/cli/run_nocrd.go

@@ -88,6 +88,17 @@ func runCollectors(v *viper.Viper, collector troubleshootv1beta1.Collector) (str
 	}
 	restClient := clientset.CoreV1().RESTClient()
 
+	serviceAccountName := v.GetString("serviceaccount")
+	if serviceAccountName == "" {
+		generatedServiceAccountName, err := createServiceAccount(collector, v.GetString("namespace"), clientset)
+		if err != nil {
+			return "", err
+		}
+		defer removeServiceAccount(generatedServiceAccountName, v.GetString("namespace"), clientset)
+
+		serviceAccountName = generatedServiceAccountName
+	}
+
 	// deploy an object that "owns" everything to aid in cleanup
 	owner := corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
@@ -126,7 +137,7 @@ func runCollectors(v *viper.Viper, collector troubleshootv1beta1.Collector) (str
 	if err != nil {
 		return "", err
 	}
-	// defer os.RemoveAll(bundlePath)
+	defer os.RemoveAll(bundlePath)
 
 	resyncPeriod := time.Second
 	ctx := context.Background()
@@ -158,6 +169,11 @@ func runCollectors(v *viper.Viper, collector troubleshootv1beta1.Collector) (str
 					return
 				}
 
+				if newPod.Status.Phase == corev1.PodFailed {
+					podsDeleted = append(podsDeleted, newPod)
+					return
+				}
+
 				if newPod.Status.Phase != corev1.PodSucceeded {
 					return
 				}
@@ -206,7 +222,8 @@ func runCollectors(v *viper.Viper, collector troubleshootv1beta1.Collector) (str
 	s := runtime.NewScheme()
 	s.AddKnownTypes(schema.GroupVersion{Group: "", Version: "v1"}, &corev1.ConfigMap{})
 	for _, collect := range desiredCollectors {
-		_, pod, err := collectrunner.CreateCollector(client, s, &owner, collector.Name, v.GetString("namespace"), "troubleshoot", collect, v.GetString("image"), v.GetString("pullpolicy"))
+		fmt.Printf("creating collector\n")
+		_, pod, err := collectrunner.CreateCollector(client, s, &owner, collector.Name, v.GetString("namespace"), serviceAccountName, "troubleshoot", collect, v.GetString("image"), v.GetString("pullpolicy"))
 		if err != nil {
 			return "", err
 		}

cmd/troubleshoot/cli/serviceaccount.go

@@ -0,0 +1,122 @@
+package cli
+
+import (
+	"fmt"
+
+	troubleshootv1beta1 "github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta1"
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+)
+
+func createServiceAccount(collector troubleshootv1beta1.Collector, namespace string, clientset *kubernetes.Clientset) (string, error) {
+	name := fmt.Sprintf("troubleshoot-%s", collector.Name)
+
+	serviceAccount := corev1.ServiceAccount{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ServiceAccount",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+	}
+	_, err := clientset.CoreV1().ServiceAccounts(namespace).Create(&serviceAccount)
+	if err != nil {
+		return "", err
+	}
+
+	role := rbacv1.ClusterRole{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ClusterRole",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		Rules: []rbacv1.PolicyRule{
+			{
+				APIGroups: []string{""},
+				Resources: []string{
+					"namespaces",
+					"pods",
+					"services",
+					"secrets",
+				},
+				Verbs: metav1.Verbs{"list"},
+			},
+			{
+				APIGroups: []string{"apps"},
+				Resources: []string{"deployments"},
+				Verbs:     metav1.Verbs{"list"},
+			},
+			{
+				APIGroups: []string{"extensions"},
+				Resources: []string{"ingresses"},
+				Verbs:     metav1.Verbs{"list"},
+			},
+			{
+				APIGroups: []string{"storage.k8s.io"},
+				Resources: []string{"storageclasses"},
+				Verbs:     metav1.Verbs{"list"},
+			},
+			{
+				APIGroups: []string{"apiextensions.k8s.io"},
+				Resources: []string{"customresourcedefinitions"},
+				Verbs:     metav1.Verbs{"list"},
+			},
+		},
+	}
+	_, err = clientset.RbacV1().ClusterRoles().Create(&role)
+	if err != nil {
+		return "", err
+	}
+
+	roleBinding := rbacv1.ClusterRoleBinding{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ClusterRoleBinding",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				Kind:      "ServiceAccount",
+				Name:      name,
+				Namespace: namespace,
+			},
+		},
+		RoleRef: rbacv1.RoleRef{
+			APIGroup: "rbac.authorization.k8s.io",
+			Kind:     "ClusterRole",
+			Name:     name,
+		},
+	}
+	_, err = clientset.RbacV1().ClusterRoleBindings().Create(&roleBinding)
+	if err != nil {
+		return "", err
+	}
+
+	return name, nil
+}
+
+func removeServiceAccount(name string, namespace string, clientset *kubernetes.Clientset) error {
+	if err := clientset.RbacV1().ClusterRoleBindings().Delete(name, &metav1.DeleteOptions{}); err != nil {
+		return err
+	}
+
+	if err := clientset.RbacV1().ClusterRoles().Delete(name, &metav1.DeleteOptions{}); err != nil {
+		return err
+	}
+
+	if err := clientset.CoreV1().ServiceAccounts(namespace).Delete(name, &metav1.DeleteOptions{}); err != nil {
+		return err
+	}
+
+	return nil
+}