chore: simplifies watch

by narrowing it to only annotated ns which are not reserved by the cluser (kube-*, openshift-* or istio-system)
maistra · Dec 5, 2023 · 7c1f1e5 · 7c1f1e5
1 parent 1cee7e0
commit 7c1f1e5
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 7 deletions.
diff --git a/controllers/enable_mesh.go b/controllers/enable_mesh.go
@@ -81,7 +81,7 @@ func newServiceMeshMember(namespace *v1.Namespace) *maistrav1.ServiceMeshMember
  controlPlaneName := getControlPlaneName()
  meshNamespace := getMeshNamespace()
 
- return &maistrav1.ServiceMeshMember{
+ smm := &maistrav1.ServiceMeshMember{
  TypeMeta: metav1.TypeMeta{},
  ObjectMeta: metav1.ObjectMeta{
  Name: "default", // The name MUST be default, per the maistra docs
@@ -94,6 +94,8 @@ func newServiceMeshMember(namespace *v1.Namespace) *maistrav1.ServiceMeshMember
  },
  },
  }
+
+ return smm
 }
 
 func compareMeshMembers(m1, m2 maistrav1.ServiceMeshMember) bool {

diff --git a/controllers/project_mesh_controller.go b/controllers/project_mesh_controller.go
@@ -5,15 +5,16 @@ import (
  "regexp"
 
  "github.com/go-logr/logr"
- "github.com/kuadrant/authorino/api/v1beta1"
  "github.com/pkg/errors"
  v1 "k8s.io/api/core/v1"
  apierrs "k8s.io/apimachinery/pkg/api/errors"
  "k8s.io/apimachinery/pkg/runtime"
  k8serrs "k8s.io/apimachinery/pkg/util/errors"
  maistrav1 "maistra.io/api/core/v1"
  ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/builder"
  "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/predicate"
 )
 
 // OpenshiftServiceMeshReconciler holds the controller configuration.
@@ -49,9 +50,7 @@ func (r *OpenshiftServiceMeshReconciler) Reconcile(ctx context.Context, req ctrl
  return ctrl.Result{}, errors.Wrap(err, "failed getting namespace")
  }
 
- if IsReservedNamespace(namespace.Name) || serviceMeshIsNotEnabled(namespace.ObjectMeta) {
- log.Info("Skipped")
-
+ if serviceMeshIsNotEnabled(namespace.ObjectMeta) {
  return ctrl.Result{}, nil
  }
 
@@ -66,12 +65,25 @@ func (r *OpenshiftServiceMeshReconciler) Reconcile(ctx context.Context, req ctrl
 func (r *OpenshiftServiceMeshReconciler) SetupWithManager(mgr ctrl.Manager) error {
  //nolint:wrapcheck //reason there is no point in wrapping it
  return ctrl.NewControllerManagedBy(mgr).
- For(&v1.Namespace{}).
+ For(&v1.Namespace{}, builder.WithPredicates(predicate.NewPredicateFuncs(meshAwareNamespaces))).
  Owns(&maistrav1.ServiceMeshMember{}).
- Owns(&v1beta1.AuthConfig{}).
  Complete(r)
 }
 
+func meshAwareNamespaces(object client.Object) bool {
+ if IsReservedNamespace(object.GetName()) {
+ return false
+ }
+
+ for annotation := range object.GetAnnotations() {
+ if annotation == AnnotationServiceMesh {
+ return true
+ }
+ }
+
+ return false
+}
+
 var reservedNamespaceRegex = regexp.MustCompile(`^(openshift|istio-system)$|^(kube|openshift)-.*$`)
 
 func IsReservedNamespace(namepace string) bool {

diff --git a/controllers/project_mesh_controller_test.go b/controllers/project_mesh_controller_test.go
@@ -102,6 +102,39 @@ var _ = When("Namespace is created", Label(labels.EnvTest), func() {
  })
  })
 
+ It("should not register it in the mesh if annotation is absent", func() {
+ // given
+ testNs = &corev1.Namespace{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "almost-meshified-namespace",
+ Annotations: map[string]string{
+ controllers.AnnotationServiceMesh: "false",
+ },
+ },
+ }
+
+ // when
+ Expect(cli.Create(context.Background(), testNs)).To(Succeed())
+
+ // then
+ By("ensuring no service mesh member created", func() {
+ members := &maistrav1.ServiceMeshMemberList{}
+
+ Consistently(func() bool {
+ if err := cli.List(context.Background(), members, client.InNamespace(testNs.Name)); err != nil {
+ fmt.Printf("failed ensuring no service mesh member created: %+v\n", err)
+
+ return false
+ }
+
+ return len(members.Items) == 0
+ }).
+ WithTimeout(timeout).
+ WithPolling(interval).
+ Should(BeTrue())
+ })
+ })
+
  It("should not register it in the mesh if annotation is absent", func() {
  // given
  testNs = &corev1.Namespace{