fix(operator): disable cache for secrets (#727)

Signed-off-by: realanna <anna.reale@dynatrace.com>

operator/main.go

@@ -62,10 +62,12 @@ import (
 	semconv "go.opentelemetry.io/otel/semconv/v1.4.0"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	//+kubebuilder:scaffold:imports
@@ -218,6 +220,8 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
+	disableCacheFor := []ctrlclient.Object{&corev1.Secret{}}
+
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:                 scheme,
 		MetricsBindAddress:     metricsAddr,
@@ -236,6 +240,8 @@ func main() {
 		// if you are doing or is intended to do any operation such as perform cleanups
 		// after the manager stops then its usage might be unsafe.
 		// LeaderElectionReleaseOnCancel: true,
+		ClientDisableCacheFor: disableCacheFor, // due to https://github.com/kubernetes-sigs/controller-runtime/issues/550
+		// We disable secret informer cache so that the operator won't need clusterrole list access to secrets
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")

test/integration/metrics-provider/00-install.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dynatrace
+  namespace: keptn-lifecycle-toolkit-system
+type: Opaque
+data:
+  DT_TOKEN: dG9rZW46IG15dG9rZW4=
+---
+apiVersion: metrics.keptn.sh/v1alpha1
+kind: KeptnMetric
+metadata:
+  name: podtatometric
+  namespace: keptn-lifecycle-toolkit-system
+spec:
+  provider:
+    name: "dynatrace"
+  query: "query"
+  fetchIntervalSeconds: 5
+
+---
+apiVersion: lifecycle.keptn.sh/v1alpha2
+kind: KeptnEvaluationProvider
+metadata:
+  name: dynatrace
+  namespace: keptn-lifecycle-toolkit-system
+spec:
+  secretKeyRef:
+    key: DT_TOKEN
+    name: dynatrace
+  targetServer: "http://localhost:8080" #string

test/integration/metrics-provider/01-test-logs.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1
+kind: TestStep
+commands:
+  - script: ./logs.sh

test/integration/metrics-provider/logs.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+NAMESPACE="keptn-lifecycle-toolkit-system"
+RETRY_COUNT=3
+SLEEP_TIME=5
+
+for i in $(seq 1 $RETRY_COUNT); do
+    VAR=$(kubectl logs -n keptn-lifecycle-toolkit-system deployments/klc-controller-manager | grep -c "Error while parsing response")
+    # shellcheck disable=SC1072
+    if [ "$VAR" -ge 1 ]; then
+      echo "Controller could access secret"
+      exit 0
+    fi
+    if [ "$i" -lt "$RETRY_COUNT" ]; then
+            echo "Sleeping for ${SLEEP_TIME} seconds before retrying..."
+            sleep ${SLEEP_TIME}
+    fi
+done
+echo "Retried ${RETRY_COUNT} times, but custom metric value did not meet the condition. Exiting..."exit 1