forked from openshift/cluster-kube-apiserver-operator
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request openshift#1536 from benluddy/runtime-config
Set runtime-config in lockstep with feature-gates, if needed.
- Loading branch information
Showing
7 changed files
with
316 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
86 changes: 86 additions & 0 deletions
86
pkg/operator/configobservation/apienablement/observe_runtime_config.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
package apienablement | ||
|
||
import ( | ||
"fmt" | ||
"sort" | ||
|
||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" | ||
"k8s.io/apimachinery/pkg/runtime/schema" | ||
"k8s.io/apimachinery/pkg/util/sets" | ||
|
||
configv1 "github.com/openshift/api/config/v1" | ||
"github.com/openshift/library-go/pkg/operator/configobserver" | ||
"github.com/openshift/library-go/pkg/operator/configobserver/featuregates" | ||
"github.com/openshift/library-go/pkg/operator/events" | ||
) | ||
|
||
var DefaultGroupVersionsByFeatureGate = map[configv1.FeatureGateName][]schema.GroupVersion{ | ||
"ValidatingAdmissionPolicy": {{Group: "admissionregistration.k8s.io", Version: "v1alpha1"}}, | ||
} | ||
|
||
var ( | ||
featureGatesPath = []string{"apiServerArguments", "feature-gates"} | ||
runtimeConfigPath = []string{"apiServerArguments", "runtime-config"} | ||
) | ||
|
||
// NewFeatureGateObserverWithRuntimeConfig returns a config observation function that observes | ||
// feature gates and sets the --feature-gates and --runtime-config options accordingly. Since a | ||
// mismatch between these two options can result in an unstable config, the observed value for | ||
// either will only be set if both can be successfully set. Otherwise, the existing config is | ||
// returned pruned but otherwise unmodified. | ||
func NewFeatureGateObserverWithRuntimeConfig(featureWhitelist sets.Set[configv1.FeatureGateName], featureBlacklist sets.Set[configv1.FeatureGateName], featureGateAccessor featuregates.FeatureGateAccess, groupVersionsByFeatureGate map[configv1.FeatureGateName][]schema.GroupVersion) configobserver.ObserveConfigFunc { | ||
|
||
featureGateObserver := featuregates.NewObserveFeatureFlagsFunc( | ||
featureWhitelist, | ||
featureBlacklist, | ||
featureGatesPath, | ||
featureGateAccessor, | ||
) | ||
|
||
return newFeatureGateObserverWithRuntimeConfig(featureGateObserver, featureGateAccessor, groupVersionsByFeatureGate) | ||
} | ||
|
||
func newFeatureGateObserverWithRuntimeConfig(featureGateObserver configobserver.ObserveConfigFunc, featureGateAccessor featuregates.FeatureGateAccess, groupVersionsByFeatureGate map[configv1.FeatureGateName][]schema.GroupVersion) configobserver.ObserveConfigFunc { | ||
return func(listers configobserver.Listers, recorder events.Recorder, existingConfig map[string]interface{}) (observedConfig map[string]interface{}, errs []error) { | ||
defer func() { | ||
observedConfig = configobserver.Pruned(observedConfig, featureGatesPath, runtimeConfigPath) | ||
}() | ||
|
||
if !featureGateAccessor.AreInitialFeatureGatesObserved() { | ||
return existingConfig, nil | ||
} | ||
|
||
featureGates, err := featureGateAccessor.CurrentFeatureGates() | ||
if err != nil { | ||
return existingConfig, []error{err} | ||
} | ||
|
||
observedConfig, errs = featureGateObserver(listers, recorder, existingConfig) | ||
|
||
runtimeConfig := RuntimeConfigFromFeatureGates(featureGates, groupVersionsByFeatureGate) | ||
if len(runtimeConfig) == 0 { | ||
return observedConfig, errs | ||
} | ||
|
||
if err := unstructured.SetNestedStringSlice(observedConfig, runtimeConfig, runtimeConfigPath...); err != nil { | ||
// The new feature gate config is broken without its required APIs. | ||
return existingConfig, append(errs, err) | ||
} | ||
|
||
return observedConfig, errs | ||
} | ||
} | ||
|
||
func RuntimeConfigFromFeatureGates(featureGates featuregates.FeatureGate, groupVersionsByFeatureGate map[configv1.FeatureGateName][]schema.GroupVersion) []string { | ||
var entries []string | ||
for name, gvs := range groupVersionsByFeatureGate { | ||
if !featureGates.Enabled(name) { | ||
continue | ||
} | ||
for _, gv := range gvs { | ||
entries = append(entries, fmt.Sprintf("%s=true", gv.String())) | ||
} | ||
} | ||
sort.Strings(entries) | ||
return entries | ||
} |
Oops, something went wrong.