feat: watch Ingress CR updates

- if user set appsDomain, we need to trigger changes to reflect it - only on update event - only check cluster CR - set in cache - move ingresscontroller to watch than own it Signed-off-by: Wen Zhou <[email protected]>
opendatahub-io · Oct 25, 2024 · 259c0e7 · 259c0e7
1 parent bde4b4e
commit 259c0e7
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 14 deletions.
diff --git a/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml b/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml
@@ -67,8 +67,13 @@ spec:
                   Internal development useful field to test customizations.
                   This is not recommended to be used in production environment.
                 properties:
+                  logLevel:
+                    description: Override Zap log level. Can be "debug", "info", "error"
+                      or a number (more verbose).
+                    type: string
                   logmode:
                     default: production
+                    description: '## DEPRECATED ##: Ignored, use LogLevel instead'
                     enum:
                     - devel
                     - development

diff --git a/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml b/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml
@@ -359,16 +359,11 @@ spec:
           resources:
           - authentications
           - clusterversions
+          - ingresses
           verbs:
           - get
           - list
           - watch
-        - apiGroups:
-          - config.openshift.io
-          resources:
-          - ingresses
-          verbs:
-          - get
         - apiGroups:
           - console.openshift.io
           resources:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -173,16 +173,11 @@ rules:
   resources:
   - authentications
   - clusterversions
+  - ingresses
   verbs:
   - get
   - list
   - watch
-- apiGroups:
-  - config.openshift.io
-  resources:
-  - ingresses
-  verbs:
-  - get
 - apiGroups:
   - console.openshift.io
   resources:

diff --git a/controllers/datasciencecluster/datasciencecluster_controller.go b/controllers/datasciencecluster/datasciencecluster_controller.go
@@ -36,6 +36,7 @@ import (
 	rbacv1 "k8s.io/api/rbac/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	k8serr "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/record"
@@ -57,6 +58,7 @@ import (
 	"github.com/opendatahub-io/opendatahub-operator/v2/components/modelregistry"
 	"github.com/opendatahub-io/opendatahub-operator/v2/controllers/status"
 	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster"
+	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster/gvk"
 	annotations "github.com/opendatahub-io/opendatahub-operator/v2/pkg/metadata/annotations"
 	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/metadata/labels"
 	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/upgrade"
@@ -501,7 +503,6 @@ func (r *DataScienceClusterReconciler) SetupWithManager(ctx context.Context, mgr
 		Owns(&imagev1.ImageStream{}).
 		Owns(&buildv1.BuildConfig{}).
 		Owns(&apiregistrationv1.APIService{}).
-		Owns(&networkingv1.Ingress{}).
 		Owns(&admissionregistrationv1.MutatingWebhookConfiguration{}).
 		Owns(
 			&admissionregistrationv1.ValidatingWebhookConfiguration{},
@@ -531,6 +532,24 @@ func (r *DataScienceClusterReconciler) SetupWithManager(ctx context.Context, mgr
 			}),
 			builder.WithPredicates(argoWorkflowCRDPredicates),
 		).
+		Watches( // ingresscontroller
+			&networkingv1.Ingress{},
+			handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request {
+				return r.watchDefaultIngressSecret(ctx, a)
+			}),
+		).
+		Watches( // ingress
+			&unstructured.Unstructured{
+				Object: map[string]interface{}{
+					"apiVersion": "config.openshift.io/v1",
+					"kind":       "Ingress",
+				},
+			},
+			handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request {
+				return r.watchIngressResources(ctx, a)
+			}),
+			builder.WithPredicates(updatePredicates),
+		).
 		Watches(
 			&corev1.Secret{},
 			handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request {
@@ -635,6 +654,22 @@ func (r *DataScienceClusterReconciler) watchDefaultIngressSecret(ctx context.Con
 	return nil
 }
 
+func (r *DataScienceClusterReconciler) watchIngressResources(ctx context.Context, a client.Object) []reconcile.Request {
+	requestName, err := r.getRequestName(ctx)
+	if err != nil || a.GetName() != "cluster" || a.GetObjectKind().GroupVersionKind() != gvk.OpenshiftIngress {
+		return nil
+	}
+	return []reconcile.Request{{
+		NamespacedName: types.NamespacedName{Name: requestName},
+	}}
+}
+
+var updatePredicates = predicate.Funcs{
+	UpdateFunc: func(e event.UpdateEvent) bool {
+		return true
+	},
+}
+
 // defaultIngressCertSecretPredicates filters delete and create events to trigger reconcile when default ingress cert secret is expired
 // or created.
 var defaultIngressCertSecretPredicates = predicate.Funcs{

diff --git a/controllers/datasciencecluster/kubebuilder_rbac.go b/controllers/datasciencecluster/kubebuilder_rbac.go
@@ -7,7 +7,7 @@ package datasciencecluster
 /* Serverless prerequisite */
 // +kubebuilder:rbac:groups="networking.istio.io",resources=gateways,verbs=*
 // +kubebuilder:rbac:groups="operator.knative.dev",resources=knativeservings,verbs=*
-// +kubebuilder:rbac:groups="config.openshift.io",resources=ingresses,verbs=get
+// +kubebuilder:rbac:groups="config.openshift.io",resources=ingresses,verbs=get;watch;list
 
 /* Service Mesh Integration */
 // +kubebuilder:rbac:groups="maistra.io",resources=servicemeshcontrolplanes,verbs=create;get;list;patch;update;use;watch

diff --git a/main.go b/main.go
@@ -40,6 +40,7 @@ import (
 	networkingv1 "k8s.io/api/networking/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -67,6 +68,7 @@ import (
 	"github.com/opendatahub-io/opendatahub-operator/v2/controllers/secretgenerator"
 	"github.com/opendatahub-io/opendatahub-operator/v2/controllers/webhook"
 	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster"
+	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster/gvk"
 	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/logger"
 	"github.com/opendatahub-io/opendatahub-operator/v2/pkg/upgrade"
 )
@@ -179,9 +181,14 @@ func main() { //nolint:funlen,maintidx
 
 	secretCache := createSecretCacheConfig(platform)
 	deploymentCache := createDeploymentCacheConfig(platform)
+
+	uingress := &unstructured.Unstructured{}
+	uingress.SetGroupVersionKind(gvk.OpenshiftIngress)
+
 	cacheOptions := cache.Options{
 		Scheme: scheme,
 		ByObject: map[client.Object]cache.ByObject{
+			uingress: {},
 			// all CRD: mainly for pipeline v1 teckon and v2 argo and dashboard's own CRD
 			&apiextensionsv1.CustomResourceDefinition{}: {},
 			// Cannot find a label on various screts, so we need to watch all secrets