From c658ab6c13d41ba0e123a8f15481b2930e28be66 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Thu, 21 Feb 2019 12:21:02 +0100 Subject: [PATCH] don't do anything if service-ca-operator is running Once the service-ca-operator is running (meaning its configuration says it's in "Managed" state), jump out of operator.Sync() without performing any actions. --- pkg/operator/operator.go | 29 +++++++++++++++++++++++++++-- pkg/operator/starter.go | 9 +++++++++ 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index 989b024e..87139b11 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -9,8 +9,10 @@ import ( apiequality "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" utilerrors "k8s.io/apimachinery/pkg/util/errors" utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/client-go/dynamic" "k8s.io/client-go/informers" appsclientv1 "k8s.io/client-go/kubernetes/typed/apps/v1" coreclientv1 "k8s.io/client-go/kubernetes/typed/core/v1" @@ -29,7 +31,8 @@ import ( const targetNamespaceName = "openshift-service-cert-signer" type serviceCertSignerOperator struct { - operatorConfigClient scsclientv1alpha1.ServiceCertSignerOperatorConfigsGetter + operatorConfigClient scsclientv1alpha1.ServiceCertSignerOperatorConfigsGetter + serviceCAOperatorConfigClient dynamic.ResourceInterface appsv1Client appsclientv1.AppsV1Interface corev1Client coreclientv1.CoreV1Interface @@ -40,12 +43,14 @@ func NewServiceCertSignerOperator( serviceCertSignerConfigInformer scsinformerv1alpha1.ServiceCertSignerOperatorConfigInformer, namespacedKubeInformers informers.SharedInformerFactory, operatorConfigClient scsclientv1alpha1.ServiceCertSignerOperatorConfigsGetter, + serviceCAOperatorConfigClient dynamic.ResourceInterface, appsv1Client appsclientv1.AppsV1Interface, corev1Client coreclientv1.CoreV1Interface, rbacv1Client rbacclientv1.RbacV1Interface, ) operator.Runner { c := &serviceCertSignerOperator{ - operatorConfigClient: operatorConfigClient, + operatorConfigClient: operatorConfigClient, + serviceCAOperatorConfigClient: serviceCAOperatorConfigClient, appsv1Client: appsv1Client, corev1Client: corev1Client, @@ -115,6 +120,11 @@ func (c serviceCertSignerOperator) Sync(obj metav1.Object) error { return nil } + // don't do anything if ServiceCA operator is running, it's the superior operator + if isServiceCARunning(c.serviceCAOperatorConfigClient) { + return nil + } + operatorConfigOriginal := operatorConfig.DeepCopy() var currentActualVerion *semver.Version @@ -194,3 +204,18 @@ func (c serviceCertSignerOperator) Sync(obj metav1.Object) error { return utilerrors.NewAggregate(errors) } + +func isServiceCARunning(serviceCAConfigClient dynamic.ResourceInterface) bool { + serviceCAConfig, err := serviceCAConfigClient.Get("cluster", metav1.GetOptions{}) + if err != nil { + return false + } + + // discard errors parsing the obtained status + servicaCAStatus, found, err := unstructured.NestedString(serviceCAConfig.Object, "spec", "managementState") + if err == nil && found && servicaCAStatus == string(operatorsv1alpha1.Managed) { + return true + } + + return false +} diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go index 17821c2b..26df4269 100644 --- a/pkg/operator/starter.go +++ b/pkg/operator/starter.go @@ -4,6 +4,7 @@ import ( "fmt" "time" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/dynamic" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" @@ -16,6 +17,12 @@ import ( "github.com/openshift/library-go/pkg/operator/status" ) +var serviceCAResource = schema.GroupVersionResource{ + Group: "operator.openshift.io", + Version: "v1", + Resource: "servicecas", +} + func RunOperator(clientConfig *rest.Config, stopCh <-chan struct{}) error { kubeClient, err := kubernetes.NewForConfig(clientConfig) if err != nil { @@ -29,6 +36,7 @@ func RunOperator(clientConfig *rest.Config, stopCh <-chan struct{}) error { if err != nil { return err } + serviceCAConfigClient := dynamicClient.Resource(serviceCAResource) operatorInformers := scsinformers.NewSharedInformerFactory(scsClient, 10*time.Minute) kubeInformersNamespaced := informers.NewFilteredSharedInformerFactory(kubeClient, 10*time.Minute, targetNamespaceName, nil) @@ -44,6 +52,7 @@ func RunOperator(clientConfig *rest.Config, stopCh <-chan struct{}) error { operatorInformers.Servicecertsigner().V1alpha1().ServiceCertSignerOperatorConfigs(), kubeInformersNamespaced, scsClient.ServicecertsignerV1alpha1(), + serviceCAConfigClient, kubeClient.AppsV1(), kubeClient.CoreV1(), kubeClient.RbacV1(),