RuntimeSDK: add index for ExtensionConfigs having ca injection annotation set

Author: chrischdi

exp/runtime/internal/controllers/extensionconfig_controller.go

@@ -74,6 +74,10 @@ func (r *Reconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager, opt
 		return errors.Wrap(err, "failed setting up with a controller manager")
 	}
 
+	if err := indexByExtensionInjectCAFromSecretName(ctx, mgr); err != nil {
+		return err
+	}
+
 	// warmupRunnable will attempt to sync the RuntimeSDK registry with existing ExtensionConfig objects to ensure extensions
 	// are discovered before controllers begin reconciling.
 	err = mgr.Add(&warmupRunnable{
@@ -180,19 +184,19 @@ func (r *Reconciler) secretToExtensionConfig(secret client.Object) []reconcile.R
 	result := []ctrl.Request{}
 
 	extensionConfigs := runtimev1.ExtensionConfigList{}
-	if err := r.Client.List(context.Background(), &extensionConfigs); err != nil {
+	indexKey := secret.GetNamespace() + "/" + secret.GetName()
+
+	if err := r.Client.List(
+		context.Background(),
+		&extensionConfigs,
+		client.MatchingFields{injectCAFromSecretAnnotationField: indexKey},
+	); err != nil {
 		return nil
 	}
 
 	for _, ext := range extensionConfigs.Items {
-		if secretNameRaw, ok := ext.GetAnnotations()[runtimev1.InjectCAFromSecretAnnotation]; ok {
-			secretName := splitNamespacedName(secretNameRaw)
-			// append all extensions to the result which refer the object as secret
-			if secretName.Namespace == secret.GetNamespace() && secretName.Name == secret.GetName() {
-				name := client.ObjectKey{Namespace: ext.GetNamespace(), Name: ext.GetName()}
-				result = append(result, ctrl.Request{NamespacedName: name})
-			}
-		}
+		name := client.ObjectKey{Namespace: ext.GetNamespace(), Name: ext.GetName()}
+		result = append(result, ctrl.Request{NamespacedName: name})
 	}
 
 	return result

exp/runtime/internal/controllers/index.go

@@ -0,0 +1,58 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package index provides indexes for the api.
+package controllers
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/pkg/errors"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	runtimev1 "sigs.k8s.io/cluster-api/exp/runtime/api/v1alpha1"
+)
+
+const (
+	// injectCAFromSecretAnnotationField is used by the Extension controller for indexing ExtensionConfigs
+	// which have the InjectCAFromSecretAnnotation set.
+	injectCAFromSecretAnnotationField = "metadata.annotations[" + runtimev1.InjectCAFromSecretAnnotation + "]"
+)
+
+// indexByExtensionInjectCAFromSecretName adds the index by InjectCAFromSecretAnnotation to the
+// managers cache.
+func indexByExtensionInjectCAFromSecretName(ctx context.Context, mgr ctrl.Manager) error {
+	if err := mgr.GetCache().IndexField(ctx, &runtimev1.ExtensionConfig{},
+		injectCAFromSecretAnnotationField,
+		extensionConfigByInjectCAFromSecretName,
+	); err != nil {
+		return errors.Wrap(err, "error setting index field for InjectCAFromSecretAnnotation")
+	}
+	return nil
+}
+
+func extensionConfigByInjectCAFromSecretName(o client.Object) []string {
+	extensionConfig, ok := o.(*runtimev1.ExtensionConfig)
+	if !ok {
+		panic(fmt.Sprintf("Expected Cluster but got a %T", o))
+	}
+	if value, ok := extensionConfig.Annotations[runtimev1.InjectCAFromSecretAnnotation]; ok {
+		return []string{value}
+	}
+	return nil
+}

exp/runtime/internal/controllers/index_test.go

@@ -0,0 +1,60 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	"testing"
+
+	. "github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	runtimev1 "sigs.k8s.io/cluster-api/exp/runtime/api/v1alpha1"
+)
+
+func TestExtensionConfigByInjectCAFromSecretName(t *testing.T) {
+	testCases := []struct {
+		name     string
+		object   client.Object
+		expected []string
+	}{
+		{
+			name:     "when extensionConfig has no inject annotation",
+			object:   &runtimev1.ExtensionConfig{},
+			expected: nil,
+		},
+		{
+			name: "when cluster has a valid Topology",
+			object: &runtimev1.ExtensionConfig{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						runtimev1.InjectCAFromSecretAnnotation: "foo/bar",
+					},
+				},
+			},
+			expected: []string{"foo/bar"},
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.name, func(t *testing.T) {
+			g := NewWithT(t)
+			got := extensionConfigByInjectCAFromSecretName(test.object)
+			g.Expect(got).To(Equal(test.expected))
+		})
+	}
+}