Skip to content

Commit

Permalink
*: label non-OLM resources
Browse files Browse the repository at this point in the history 
Today, our controllers use un-filtered LIST+WATCH calls to monitor the
state of the cluster. For OLM-specific resource types, that's fine,
since we need to know (for instance) about every CSV. For non-OLM
resource groups, though, that is needlessly wasteful in memory
consumption and makes our controller's footprint scale with the size of
the cluster itself, irrespective of the usage of OLM. Adding a label to
every resource we create is the first step in being able to filter down
all of those requests to only those objects with our label.

Signed-off-by: Steve Kuznetsov <[email protected]>
  • Loading branch information
@stevekuznetsov
stevekuznetsov committed Aug 23, 2023
1 parent dd247bd commit 7e445f6
Show file tree
Hide file tree
Showing 21 changed files with 220 additions and 44 deletions.
10 changes: 10 additions & 0 deletions pkg/controller/bundle/bundle_unpacker.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,11 +86,19 @@ func newBundleUnpackResult(lookup *operatorsv1alpha1.BundleLookup) *BundleUnpack

func (c *ConfigMapUnpacker) job(cmRef *corev1.ObjectReference, bundlePath string, secrets []corev1.LocalObjectReference, annotationUnpackTimeout time.Duration) *batchv1.Job {
job := &batchv1.Job{
ObjectMeta: metav1.ObjectMeta{
Labels: map[string]string{
install.OLMManagedLabelKey: install.OLMManagedLabelValue,
},
},
Spec: batchv1.JobSpec{
//ttlSecondsAfterFinished: 0 // can use in the future to not have to clean up job
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: cmRef.Name,
Labels: map[string]string{
install.OLMManagedLabelKey: install.OLMManagedLabelValue,
},
},
Spec: corev1.PodSpec{
// With restartPolicy = "OnFailure" when the spec.backoffLimit is reached, the job controller will delete all
Expand Down Expand Up @@ -687,6 +695,7 @@ func (c *ConfigMapUnpacker) ensureRole(cmRef *corev1.ObjectReference) (role *rba
fresh.SetNamespace(cmRef.Namespace)
fresh.SetName(cmRef.Name)
fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)})
fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue})

role, err = c.roleLister.Roles(fresh.GetNamespace()).Get(fresh.GetName())
if err != nil {
Expand Down Expand Up @@ -730,6 +739,7 @@ func (c *ConfigMapUnpacker) ensureRoleBinding(cmRef *corev1.ObjectReference) (ro
fresh.SetNamespace(cmRef.Namespace)
fresh.SetName(cmRef.Name)
fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)})
fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue})

roleBinding, err = c.rbLister.RoleBindings(fresh.GetNamespace()).Get(fresh.GetName())
if err != nil {
Expand Down
31 changes: 25 additions & 6 deletions pkg/controller/bundle/bundle_unpacker_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand All @@ -224,7 +225,8 @@ func TestConfigMapUnpacker(t *testing.T) {
BackoffLimit: &backoffLimit,
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Name: pathHash,
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
},
Spec: corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyNever,
Expand Down Expand Up @@ -369,6 +371,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand Down Expand Up @@ -402,6 +405,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand Down Expand Up @@ -437,6 +441,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: digestHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand All @@ -452,7 +457,8 @@ func TestConfigMapUnpacker(t *testing.T) {
BackoffLimit: &backoffLimit,
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: digestHash,
Name: digestHash,
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
},
Spec: corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyNever,
Expand Down Expand Up @@ -607,6 +613,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: digestHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "operators.coreos.com/v1alpha1",
Expand Down Expand Up @@ -705,6 +712,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: digestHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand All @@ -720,7 +728,8 @@ func TestConfigMapUnpacker(t *testing.T) {
BackoffLimit: &backoffLimit,
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: digestHash,
Name: digestHash,
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
},
Spec: corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyNever,
Expand Down Expand Up @@ -877,6 +886,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: digestHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand Down Expand Up @@ -910,6 +920,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: digestHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand Down Expand Up @@ -967,6 +978,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand All @@ -982,7 +994,8 @@ func TestConfigMapUnpacker(t *testing.T) {
BackoffLimit: &backoffLimit,
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Name: pathHash,
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
},
Spec: corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyNever,
Expand Down Expand Up @@ -1124,6 +1137,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "operators.coreos.com/v1alpha1",
Expand Down Expand Up @@ -1199,6 +1213,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand All @@ -1214,7 +1229,8 @@ func TestConfigMapUnpacker(t *testing.T) {
BackoffLimit: &backoffLimit,
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Name: pathHash,
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
},
Spec: corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyNever,
Expand Down Expand Up @@ -1368,6 +1384,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "operators.coreos.com/v1alpha1",
Expand Down Expand Up @@ -1442,6 +1459,7 @@ func TestConfigMapUnpacker(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Namespace: "ns-a",
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "v1",
Expand All @@ -1457,7 +1475,8 @@ func TestConfigMapUnpacker(t *testing.T) {
BackoffLimit: &backoffLimit,
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: pathHash,
Name: pathHash,
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
},
Spec: corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyNever,
Expand Down
5 changes: 5 additions & 0 deletions pkg/controller/install/certresources.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
service.SetName(ServiceName(deploymentName))
service.SetNamespace(i.owner.GetNamespace())
ownerutil.AddNonBlockingOwner(service, i.owner)
service.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})

existingService, err := i.strategyClient.GetOpLister().CoreV1().ServiceLister().Services(i.owner.GetNamespace()).Get(service.GetName())
if err == nil {
Expand Down Expand Up @@ -366,6 +367,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
}
secretRole.SetName(secret.GetName())
secretRole.SetNamespace(i.owner.GetNamespace())
secretRole.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})

existingSecretRole, err := i.strategyClient.GetOpLister().RbacV1().RoleLister().Roles(i.owner.GetNamespace()).Get(secretRole.GetName())
if err == nil {
Expand Down Expand Up @@ -412,6 +414,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
}
secretRoleBinding.SetName(secret.GetName())
secretRoleBinding.SetNamespace(i.owner.GetNamespace())
secretRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})

existingSecretRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(i.owner.GetNamespace()).Get(secretRoleBinding.GetName())
if err == nil {
Expand Down Expand Up @@ -454,6 +457,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
},
}
authDelegatorClusterRoleBinding.SetName(service.GetName() + "-system:auth-delegator")
authDelegatorClusterRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})

existingAuthDelegatorClusterRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().ClusterRoleBindingLister().Get(authDelegatorClusterRoleBinding.GetName())
if err == nil {
Expand Down Expand Up @@ -502,6 +506,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
}
authReaderRoleBinding.SetName(service.GetName() + "-auth-reader")
authReaderRoleBinding.SetNamespace(KubeSystem)
authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})

existingAuthReaderRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(KubeSystem).Get(authReaderRoleBinding.GetName())
if err == nil {
Expand Down
Loading

0 comments on commit 7e445f6

Please sign in to comment.