diff --git a/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml b/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml index 55c9da6eaf7..997018b915f 100644 --- a/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml +++ b/bundle/manifests/opendatahub-operator.clusterserviceversion.yaml @@ -359,16 +359,11 @@ spec: resources: - authentications - clusterversions + - ingresses verbs: - get - list - watch - - apiGroups: - - config.openshift.io - resources: - - ingresses - verbs: - - get - apiGroups: - console.openshift.io resources: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 477990d94d5..6d9cf8182f5 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -173,16 +173,11 @@ rules: resources: - authentications - clusterversions + - ingresses verbs: - get - list - watch -- apiGroups: - - config.openshift.io - resources: - - ingresses - verbs: - - get - apiGroups: - console.openshift.io resources: diff --git a/controllers/datasciencecluster/datasciencecluster_controller.go b/controllers/datasciencecluster/datasciencecluster_controller.go index 6e9bf5305b4..454d6f084d8 100644 --- a/controllers/datasciencecluster/datasciencecluster_controller.go +++ b/controllers/datasciencecluster/datasciencecluster_controller.go @@ -27,6 +27,7 @@ import ( "github.com/go-logr/logr" "github.com/hashicorp/go-multierror" buildv1 "github.com/openshift/api/build/v1" + configv1 "github.com/openshift/api/config/v1" imagev1 "github.com/openshift/api/image/v1" operatorv1 "github.com/openshift/api/operator/v1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" @@ -57,6 +58,7 @@ import ( "github.com/opendatahub-io/opendatahub-operator/v2/components/modelregistry" "github.com/opendatahub-io/opendatahub-operator/v2/controllers/status" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster" + "github.com/opendatahub-io/opendatahub-operator/v2/pkg/cluster/gvk" annotations "github.com/opendatahub-io/opendatahub-operator/v2/pkg/metadata/annotations" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/metadata/labels" "github.com/opendatahub-io/opendatahub-operator/v2/pkg/upgrade" @@ -501,7 +503,6 @@ func (r *DataScienceClusterReconciler) SetupWithManager(ctx context.Context, mgr Owns(&imagev1.ImageStream{}). Owns(&buildv1.BuildConfig{}). Owns(&apiregistrationv1.APIService{}). - Owns(&operatorv1.IngressController{}). Owns(&admissionregistrationv1.MutatingWebhookConfiguration{}). Owns( &admissionregistrationv1.ValidatingWebhookConfiguration{}, @@ -531,12 +532,20 @@ func (r *DataScienceClusterReconciler) SetupWithManager(ctx context.Context, mgr }), builder.WithPredicates(argoWorkflowCRDPredicates), ). + Watches( // ingress + &configv1.Ingress{}, + handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { + return r.watchIngressResources(ctx, a) + }), + builder.WithPredicates(generalUpdatePredicates), + ). Watches( &corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, a client.Object) []reconcile.Request { return r.watchDefaultIngressSecret(ctx, a) }), - builder.WithPredicates(defaultIngressCertSecretPredicates)). + builder.WithPredicates(defaultIngressCertSecretPredicates), + ). // this predicates prevents meaningless reconciliations from being triggered WithEventFilter(predicate.Or(predicate.GenerationChangedPredicate{}, predicate.LabelChangedPredicate{})). Complete(r) @@ -635,6 +644,22 @@ func (r *DataScienceClusterReconciler) watchDefaultIngressSecret(ctx context.Con return nil } +func (r *DataScienceClusterReconciler) watchIngressResources(ctx context.Context, a client.Object) []reconcile.Request { + requestName, err := r.getRequestName(ctx) + if err != nil || a.GetName() != "cluster" || a.GetObjectKind().GroupVersionKind() != gvk.OpenshiftIngress { + return nil + } + return []reconcile.Request{{ + NamespacedName: types.NamespacedName{Name: requestName}, + }} +} + +var generalUpdatePredicates = predicate.Funcs{ + UpdateFunc: func(e event.UpdateEvent) bool { + return true + }, +} + // defaultIngressCertSecretPredicates filters delete and create events to trigger reconcile when default ingress cert secret is expired // or created. var defaultIngressCertSecretPredicates = predicate.Funcs{ diff --git a/controllers/datasciencecluster/kubebuilder_rbac.go b/controllers/datasciencecluster/kubebuilder_rbac.go index c00f1f2a3e9..4d7f8c4d36a 100644 --- a/controllers/datasciencecluster/kubebuilder_rbac.go +++ b/controllers/datasciencecluster/kubebuilder_rbac.go @@ -7,7 +7,7 @@ package datasciencecluster /* Serverless prerequisite */ // +kubebuilder:rbac:groups="networking.istio.io",resources=gateways,verbs=* // +kubebuilder:rbac:groups="operator.knative.dev",resources=knativeservings,verbs=* -// +kubebuilder:rbac:groups="config.openshift.io",resources=ingresses,verbs=get +// +kubebuilder:rbac:groups="config.openshift.io",resources=ingresses,verbs=get;watch;list /* Service Mesh Integration */ // +kubebuilder:rbac:groups="maistra.io",resources=servicemeshcontrolplanes,verbs=create;get;list;patch;update;use;watch diff --git a/main.go b/main.go index 443f8006785..88d8bee6548 100644 --- a/main.go +++ b/main.go @@ -179,9 +179,14 @@ func main() { //nolint:funlen,maintidx secretCache := createSecretCacheConfig(platform) deploymentCache := createDeploymentCacheConfig(platform) + cacheOptions := cache.Options{ Scheme: scheme, ByObject: map[client.Object]cache.ByObject{ + // for Ingress from config.openshift.io/v1 + &configv1.Ingress{}: { + Field: fields.Set{"metadata.name": "cluster"}.AsSelector(), + }, // all CRD: mainly for pipeline v1 teckon and v2 argo and dashboard's own CRD &apiextensionsv1.CustomResourceDefinition{}: {}, // Cannot find a label on various screts, so we need to watch all secrets