From 1e9dd6172837657b7c8ddd1897fec361da1a8fd7 Mon Sep 17 00:00:00 2001 From: bartoszmajsak Date: Tue, 23 Jul 2024 17:55:08 +0200 Subject: [PATCH 1/2] fix: fixes authz patch injection feature precondition If the authorization provider namespace is not specified in the DSCI the default is constructed to be `application-namespace-auth-provider`, e.g. `opendatahub-auth-provider`. With the #1052 refactoring, the regression has been introduced where the value is directly read from the spec instead of being dynamically constructed based on the rule described above. This is manifested with the following error, as the feature mistakenly waits for pods across all namespaces (because of list option for namespace being `corev1.NamespaceAll == ""`). This obviously rarely is true, especially for large clusters. ```json Failed applying [enable-proxy-injection-in-authorino-deployment]: 1 error occurred: * client rate limiter Wait returned an error: context deadline exceeded ``` leading to failure of reconciling this feature. The fix is to read the namespace from `FeatureData` instead, where the defaulting logic is defined. Fixes https://issues.redhat.com/browse/RHOAIENG-10268 --- controllers/dscinitialization/servicemesh_setup.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/controllers/dscinitialization/servicemesh_setup.go b/controllers/dscinitialization/servicemesh_setup.go index 819f2570800..a34bba73a42 100644 --- a/controllers/dscinitialization/servicemesh_setup.go +++ b/controllers/dscinitialization/servicemesh_setup.go @@ -219,7 +219,12 @@ func (r *DSCInitializationReconciler) authorizationFeatures(instance *dsciv1.DSC ). PreConditions( func(ctx context.Context, f *feature.Feature) error { - return feature.WaitForPodsToBeReady(serviceMeshSpec.Auth.Namespace)(ctx, f) + namespace, err := servicemesh.FeatureData.Authorization.Namespace.Extract(f) + if err != nil { + return err + } + + return feature.WaitForPodsToBeReady(namespace)(ctx, f) }, ). WithData(servicemesh.FeatureData.ControlPlane.Define(&instance.Spec).AsAction()). From 8dd83b627222af0903f4ade9d25735ea0f75022f Mon Sep 17 00:00:00 2001 From: Bartosz Majsak Date: Tue, 23 Jul 2024 18:41:56 +0200 Subject: [PATCH 2/2] Update controllers/dscinitialization/servicemesh_setup.go Co-authored-by: Wen Zhou --- controllers/dscinitialization/servicemesh_setup.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/dscinitialization/servicemesh_setup.go b/controllers/dscinitialization/servicemesh_setup.go index a34bba73a42..fb8168db122 100644 --- a/controllers/dscinitialization/servicemesh_setup.go +++ b/controllers/dscinitialization/servicemesh_setup.go @@ -221,7 +221,7 @@ func (r *DSCInitializationReconciler) authorizationFeatures(instance *dsciv1.DSC func(ctx context.Context, f *feature.Feature) error { namespace, err := servicemesh.FeatureData.Authorization.Namespace.Extract(f) if err != nil { - return err + return fmt.Errorf("failed trying to resolve authorization provider namespace for feature '%s': %w", f.Name, err) } return feature.WaitForPodsToBeReady(namespace)(ctx, f)