From 5db688acbc13c34a5242e4b44339ca6054a00d29 Mon Sep 17 00:00:00 2001 From: cuttingedge1109 Date: Mon, 12 Apr 2021 10:23:54 +0200 Subject: [PATCH 1/2] Remove watching for existing underline resources at init stage --- controllers/groupconfig_controller.go | 19 +++++++- controllers/namespaceconfig_controller.go | 21 ++++++++- controllers/userconfig_controller.go | 40 ++++++++++++++++- main.go | 55 +++++++++++++++++++++-- 4 files changed, 128 insertions(+), 7 deletions(-) diff --git a/controllers/groupconfig_controller.go b/controllers/groupconfig_controller.go index 6eb0a415..b4be3e8e 100644 --- a/controllers/groupconfig_controller.go +++ b/controllers/groupconfig_controller.go @@ -18,7 +18,6 @@ package controllers import ( "context" - "github.com/go-logr/logr" userv1 "github.com/openshift/api/user/v1" redhatcopv1alpha1 "github.com/redhat-cop/namespace-configuration-operator/api/v1alpha1" @@ -45,6 +44,8 @@ type GroupConfigReconciler struct { lockedresourcecontroller.EnforcingReconciler Log logr.Logger controllerName string + InitGroupCount int16 + groupCounter int16 } // +kubebuilder:rbac:groups=redhatcop.redhat.io,resources=groupconfigs,verbs=get;list;watch;create;update;patch;delete @@ -249,6 +250,22 @@ func (r *GroupConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { Kind: "Group", }, }}, handler.EnqueueRequestsFromMapFunc(func(a client.Object) []reconcile.Request { + + // Skip watching pre-existing namespaces + if r.InitGroupCount == -1 { + gl := &userv1.GroupList{} + if err := r.GetClient().List(context.TODO(), gl); err != nil { + r.Log.Error(err, "unable to list groups") + return []reconcile.Request{} + } + r.InitGroupCount = int16(len(gl.Items)) + } + if r.groupCounter < r.InitGroupCount { + r.groupCounter++ + return []reconcile.Request{} + } + + // Main watcher reconcileRequests := []reconcile.Request{} group := a.(*userv1.Group) groupConfigs, err := r.findApplicableGroupConfigsFromGroup(*group) diff --git a/controllers/namespaceconfig_controller.go b/controllers/namespaceconfig_controller.go index 66f74c45..ea416569 100644 --- a/controllers/namespaceconfig_controller.go +++ b/controllers/namespaceconfig_controller.go @@ -18,6 +18,7 @@ package controllers import ( "context" + "k8s.io/apimachinery/pkg/types" "strings" "github.com/go-logr/logr" @@ -32,7 +33,6 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" @@ -47,6 +47,8 @@ type NamespaceConfigReconciler struct { Log logr.Logger controllerName string AllowSystemNamespaces bool + InitNamespaceCount int16 + namespaceCounter int16 } // +kubebuilder:rbac:groups=redhatcop.redhat.io,resources=namespaceconfigs,verbs=get;list;watch;create;update;patch;delete @@ -251,8 +253,25 @@ func (r *NamespaceConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { Kind: "Namespace", }, }}, handler.EnqueueRequestsFromMapFunc(func(a client.Object) []reconcile.Request { + // Skip watching pre-existing namespaces + if r.InitNamespaceCount == -1 { + nl := &corev1.NamespaceList{} + if err := r.GetClient().List(context.TODO(), nl); err != nil { + r.Log.Error(err, "unable to list namespaces") + return []reconcile.Request{} + } + r.InitNamespaceCount = int16(len(nl.Items)) + } + if r.namespaceCounter < r.InitNamespaceCount { + r.namespaceCounter++ + return []reconcile.Request{} + } + + // Main watcher res := []reconcile.Request{} ns := a.(*corev1.Namespace) + + r.Log.Info("namespace watcher:" + ns.Name) ncl, err := r.findApplicableNameSpaceConfigs(*ns) if err != nil { r.Log.Error(err, "unable to find applicable NamespaceConfig for namespace", "namespace", ns.Name) diff --git a/controllers/userconfig_controller.go b/controllers/userconfig_controller.go index 7031de50..a41a0fbc 100644 --- a/controllers/userconfig_controller.go +++ b/controllers/userconfig_controller.go @@ -44,8 +44,12 @@ import ( // UserConfigReconciler reconciles a UserConfig object type UserConfigReconciler struct { lockedresourcecontroller.EnforcingReconciler - Log logr.Logger - controllerName string + Log logr.Logger + controllerName string + InitUserCount int16 + userCounter int16 + InitIdentityCount int16 + identityCounter int16 } // +kubebuilder:rbac:groups=redhatcop.redhat.io,resources=userconfigs,verbs=get;list;watch;create;update;patch;delete @@ -288,6 +292,22 @@ func (r *UserConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { Kind: "User", }, }}, handler.EnqueueRequestsFromMapFunc(func(a client.Object) []reconcile.Request { + + // Skip watching pre-existing namespaces + if r.InitUserCount == -1 { + ul := &userv1.UserList{} + if err := r.GetClient().List(context.TODO(), ul); err != nil { + r.Log.Error(err, "unable to list groups") + return []reconcile.Request{} + } + r.InitUserCount = int16(len(ul.Items)) + } + if r.userCounter < r.InitUserCount { + r.userCounter++ + return []reconcile.Request{} + } + + // Main watcher reconcileRequests := []reconcile.Request{} user := a.(*userv1.User) userConfigs, err := r.findApplicableUserConfigsFromUser(user) @@ -311,6 +331,22 @@ func (r *UserConfigReconciler) SetupWithManager(mgr ctrl.Manager) error { Kind: "Identity", }, }}, handler.EnqueueRequestsFromMapFunc(func(a client.Object) []reconcile.Request { + + // Skip watching pre-existing namespaces + if r.InitIdentityCount == -1 { + il := &userv1.IdentityList{} + if err := r.GetClient().List(context.TODO(), il); err != nil { + r.Log.Error(err, "unable to list groups") + return []reconcile.Request{} + } + r.InitIdentityCount = int16(len(il.Items)) + } + if r.identityCounter < r.InitIdentityCount { + r.identityCounter++ + return []reconcile.Request{} + } + + // Main watcher reconcileRequests := []reconcile.Request{} identity := a.(*userv1.Identity) user, err := r.findUserFromIdentity(identity) diff --git a/main.go b/main.go index b5c575f9..b1f9d577 100644 --- a/main.go +++ b/main.go @@ -40,6 +40,9 @@ import ( const ( AllowSystemNamespacesEnvVarKey = "ALLOW_SYSTEM_NAMESPACES" + EnableGroupConfigEnvVarKey = "ENABLE_GROUPCONFIG_CONTROLLER" + EnableUserConfigEnvVarKey = "ENABLE_USERCONFIG_CONTROLLER" + EnableNamespaceConfigEnvVarKey = "ENABLE_NAMESPACECONFIG_CONTROLLER" ) var ( @@ -86,10 +89,14 @@ func main() { os.Exit(1) } - if err = (&controllers.NamespaceConfigReconciler{ + if !isNamespaceConfigControllerEnabled() { + setupLog.Info("NamespaceConfig controller disabled!") + + } else if err = (&controllers.NamespaceConfigReconciler{ EnforcingReconciler: lockedresourcecontroller.NewEnforcingReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetConfig(), mgr.GetAPIReader(), mgr.GetEventRecorderFor("NamespaceConfig_controller"), true), Log: ctrl.Log.WithName("controllers").WithName("NamespaceConfig"), AllowSystemNamespaces: checkNamespaceScope(), + InitNamespaceCount: -1, }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "NamespaceConfig") os.Exit(1) @@ -98,9 +105,12 @@ func main() { userConfigController := &controllers.UserConfigReconciler{ EnforcingReconciler: lockedresourcecontroller.NewEnforcingReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetConfig(), mgr.GetAPIReader(), mgr.GetEventRecorderFor("UserConfig_controller"), true), Log: ctrl.Log.WithName("controllers").WithName("UserConfig"), + InitUserCount: -1, } - if ok, err := userConfigController.IsAPIResourceAvailable(schema.GroupVersionKind{ + if !isUserConfigControllerEnabled() { + setupLog.Info("UserConfig controller disabled!") + } else if ok, err := userConfigController.IsAPIResourceAvailable(schema.GroupVersionKind{ Group: "user.openshift.io", Version: "v1", Kind: "User", @@ -119,9 +129,12 @@ func main() { groupConfigController := &controllers.GroupConfigReconciler{ EnforcingReconciler: lockedresourcecontroller.NewEnforcingReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetConfig(), mgr.GetAPIReader(), mgr.GetEventRecorderFor("GroupConfig_controller"), true), Log: ctrl.Log.WithName("controllers").WithName("GroupConfig"), + InitGroupCount: -1, } - if ok, err := groupConfigController.IsAPIResourceAvailable(schema.GroupVersionKind{ + if !isGroupConfigControllerEnabled() { + setupLog.Info("GroupConfig controller disabled!") + } else if ok, err := groupConfigController.IsAPIResourceAvailable(schema.GroupVersionKind{ Group: "user.openshift.io", Version: "v1", Kind: "Group", @@ -154,6 +167,42 @@ func main() { } } +func isGroupConfigControllerEnabled() bool { + value := os.Getenv(EnableGroupConfigEnvVarKey) + if len(value) == 0 { + return true + } + res, err := strconv.ParseBool(value) + if err != nil { + return false + } + return res +} + +func isUserConfigControllerEnabled() bool { + value := os.Getenv(EnableUserConfigEnvVarKey) + if len(value) == 0 { + return true + } + res, err := strconv.ParseBool(value) + if err != nil { + return false + } + return res +} + +func isNamespaceConfigControllerEnabled() bool { + value := os.Getenv(EnableNamespaceConfigEnvVarKey) + if len(value) == 0 { + return true + } + res, err := strconv.ParseBool(value) + if err != nil { + return false + } + return res +} + func checkNamespaceScope() bool { value := os.Getenv(AllowSystemNamespacesEnvVarKey) if len(value) == 0 { From d9d0b7c21fe7639f91f6cc381b04dbdec0890554 Mon Sep 17 00:00:00 2001 From: cuttingedge1109 <53085803+cuttingedge1109@users.noreply.github.com> Date: Mon, 12 Apr 2021 15:34:19 +0200 Subject: [PATCH 2/2] Update main.go Add InitIdentityCount --- main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/main.go b/main.go index b1f9d577..961821d1 100644 --- a/main.go +++ b/main.go @@ -106,6 +106,7 @@ func main() { EnforcingReconciler: lockedresourcecontroller.NewEnforcingReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetConfig(), mgr.GetAPIReader(), mgr.GetEventRecorderFor("UserConfig_controller"), true), Log: ctrl.Log.WithName("controllers").WithName("UserConfig"), InitUserCount: -1, + InitIdentityCount: -1, } if !isUserConfigControllerEnabled() {