Skip to content

Commit 561b097

Browse files
stevekuznetsovstevekuznetsov
committed
*: label non-OLM resources
Today, our controllers use un-filtered LIST+WATCH calls to monitor the state of the cluster. For OLM-specific resource types, that's fine, since we need to know (for instance) about every CSV. For non-OLM resource groups, though, that is needlessly wasteful in memory consumption and makes our controller's footprint scale with the size of the cluster itself, irrespective of the usage of OLM. Adding a label to every resource we create is the first step in being able to filter down all of those requests to only those objects with our label. Signed-off-by: Steve Kuznetsov <[email protected]>
1 parent 3b6c7a2 commit 561b097

21 files changed

+211
-44
lines changed

pkg/controller/bundle/bundle_unpacker.go

+10
Original file line numberDiff line numberDiff line change
@@ -86,11 +86,19 @@ func newBundleUnpackResult(lookup *operatorsv1alpha1.BundleLookup) *BundleUnpack
8686

8787
func (c *ConfigMapUnpacker) job(cmRef *corev1.ObjectReference, bundlePath string, secrets []corev1.LocalObjectReference, annotationUnpackTimeout time.Duration) *batchv1.Job {
8888
job := &batchv1.Job{
89+
ObjectMeta: metav1.ObjectMeta{
90+
Labels: map[string]string{
91+
install.OLMManagedLabelKey: install.OLMManagedLabelValue,
92+
},
93+
},
8994
Spec: batchv1.JobSpec{
9095
//ttlSecondsAfterFinished: 0 // can use in the future to not have to clean up job
9196
Template: corev1.PodTemplateSpec{
9297
ObjectMeta: metav1.ObjectMeta{
9398
Name: cmRef.Name,
99+
Labels: map[string]string{
100+
install.OLMManagedLabelKey: install.OLMManagedLabelValue,
101+
},
94102
},
95103
Spec: corev1.PodSpec{
96104
// With restartPolicy = "OnFailure" when the spec.backoffLimit is reached, the job controller will delete all
@@ -687,6 +695,7 @@ func (c *ConfigMapUnpacker) ensureRole(cmRef *corev1.ObjectReference) (role *rba
687695
fresh.SetNamespace(cmRef.Namespace)
688696
fresh.SetName(cmRef.Name)
689697
fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)})
698+
fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue})
690699

691700
role, err = c.roleLister.Roles(fresh.GetNamespace()).Get(fresh.GetName())
692701
if err != nil {
@@ -730,6 +739,7 @@ func (c *ConfigMapUnpacker) ensureRoleBinding(cmRef *corev1.ObjectReference) (ro
730739
fresh.SetNamespace(cmRef.Namespace)
731740
fresh.SetName(cmRef.Name)
732741
fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)})
742+
fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue})
733743

734744
roleBinding, err = c.rbLister.RoleBindings(fresh.GetNamespace()).Get(fresh.GetName())
735745
if err != nil {

pkg/controller/bundle/bundle_unpacker_test.go

+25-6
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,7 @@ func TestConfigMapUnpacker(t *testing.T) {
208208
ObjectMeta: metav1.ObjectMeta{
209209
Name: pathHash,
210210
Namespace: "ns-a",
211+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
211212
OwnerReferences: []metav1.OwnerReference{
212213
{
213214
APIVersion: "v1",
@@ -224,7 +225,8 @@ func TestConfigMapUnpacker(t *testing.T) {
224225
BackoffLimit: &backoffLimit,
225226
Template: corev1.PodTemplateSpec{
226227
ObjectMeta: metav1.ObjectMeta{
227-
Name: pathHash,
228+
Name: pathHash,
229+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
228230
},
229231
Spec: corev1.PodSpec{
230232
RestartPolicy: corev1.RestartPolicyNever,
@@ -369,6 +371,7 @@ func TestConfigMapUnpacker(t *testing.T) {
369371
ObjectMeta: metav1.ObjectMeta{
370372
Name: pathHash,
371373
Namespace: "ns-a",
374+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
372375
OwnerReferences: []metav1.OwnerReference{
373376
{
374377
APIVersion: "v1",
@@ -402,6 +405,7 @@ func TestConfigMapUnpacker(t *testing.T) {
402405
ObjectMeta: metav1.ObjectMeta{
403406
Name: pathHash,
404407
Namespace: "ns-a",
408+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
405409
OwnerReferences: []metav1.OwnerReference{
406410
{
407411
APIVersion: "v1",
@@ -437,6 +441,7 @@ func TestConfigMapUnpacker(t *testing.T) {
437441
ObjectMeta: metav1.ObjectMeta{
438442
Name: digestHash,
439443
Namespace: "ns-a",
444+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
440445
OwnerReferences: []metav1.OwnerReference{
441446
{
442447
APIVersion: "v1",
@@ -452,7 +457,8 @@ func TestConfigMapUnpacker(t *testing.T) {
452457
BackoffLimit: &backoffLimit,
453458
Template: corev1.PodTemplateSpec{
454459
ObjectMeta: metav1.ObjectMeta{
455-
Name: digestHash,
460+
Name: digestHash,
461+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
456462
},
457463
Spec: corev1.PodSpec{
458464
RestartPolicy: corev1.RestartPolicyNever,
@@ -607,6 +613,7 @@ func TestConfigMapUnpacker(t *testing.T) {
607613
ObjectMeta: metav1.ObjectMeta{
608614
Name: digestHash,
609615
Namespace: "ns-a",
616+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
610617
OwnerReferences: []metav1.OwnerReference{
611618
{
612619
APIVersion: "operators.coreos.com/v1alpha1",
@@ -705,6 +712,7 @@ func TestConfigMapUnpacker(t *testing.T) {
705712
ObjectMeta: metav1.ObjectMeta{
706713
Name: digestHash,
707714
Namespace: "ns-a",
715+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
708716
OwnerReferences: []metav1.OwnerReference{
709717
{
710718
APIVersion: "v1",
@@ -720,7 +728,8 @@ func TestConfigMapUnpacker(t *testing.T) {
720728
BackoffLimit: &backoffLimit,
721729
Template: corev1.PodTemplateSpec{
722730
ObjectMeta: metav1.ObjectMeta{
723-
Name: digestHash,
731+
Name: digestHash,
732+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
724733
},
725734
Spec: corev1.PodSpec{
726735
RestartPolicy: corev1.RestartPolicyNever,
@@ -877,6 +886,7 @@ func TestConfigMapUnpacker(t *testing.T) {
877886
ObjectMeta: metav1.ObjectMeta{
878887
Name: digestHash,
879888
Namespace: "ns-a",
889+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
880890
OwnerReferences: []metav1.OwnerReference{
881891
{
882892
APIVersion: "v1",
@@ -910,6 +920,7 @@ func TestConfigMapUnpacker(t *testing.T) {
910920
ObjectMeta: metav1.ObjectMeta{
911921
Name: digestHash,
912922
Namespace: "ns-a",
923+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
913924
OwnerReferences: []metav1.OwnerReference{
914925
{
915926
APIVersion: "v1",
@@ -967,6 +978,7 @@ func TestConfigMapUnpacker(t *testing.T) {
967978
ObjectMeta: metav1.ObjectMeta{
968979
Name: pathHash,
969980
Namespace: "ns-a",
981+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
970982
OwnerReferences: []metav1.OwnerReference{
971983
{
972984
APIVersion: "v1",
@@ -982,7 +994,8 @@ func TestConfigMapUnpacker(t *testing.T) {
982994
BackoffLimit: &backoffLimit,
983995
Template: corev1.PodTemplateSpec{
984996
ObjectMeta: metav1.ObjectMeta{
985-
Name: pathHash,
997+
Name: pathHash,
998+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
986999
},
9871000
Spec: corev1.PodSpec{
9881001
RestartPolicy: corev1.RestartPolicyNever,
@@ -1124,6 +1137,7 @@ func TestConfigMapUnpacker(t *testing.T) {
11241137
ObjectMeta: metav1.ObjectMeta{
11251138
Name: pathHash,
11261139
Namespace: "ns-a",
1140+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
11271141
OwnerReferences: []metav1.OwnerReference{
11281142
{
11291143
APIVersion: "operators.coreos.com/v1alpha1",
@@ -1199,6 +1213,7 @@ func TestConfigMapUnpacker(t *testing.T) {
11991213
ObjectMeta: metav1.ObjectMeta{
12001214
Name: pathHash,
12011215
Namespace: "ns-a",
1216+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
12021217
OwnerReferences: []metav1.OwnerReference{
12031218
{
12041219
APIVersion: "v1",
@@ -1214,7 +1229,8 @@ func TestConfigMapUnpacker(t *testing.T) {
12141229
BackoffLimit: &backoffLimit,
12151230
Template: corev1.PodTemplateSpec{
12161231
ObjectMeta: metav1.ObjectMeta{
1217-
Name: pathHash,
1232+
Name: pathHash,
1233+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
12181234
},
12191235
Spec: corev1.PodSpec{
12201236
RestartPolicy: corev1.RestartPolicyNever,
@@ -1368,6 +1384,7 @@ func TestConfigMapUnpacker(t *testing.T) {
13681384
ObjectMeta: metav1.ObjectMeta{
13691385
Name: pathHash,
13701386
Namespace: "ns-a",
1387+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
13711388
OwnerReferences: []metav1.OwnerReference{
13721389
{
13731390
APIVersion: "operators.coreos.com/v1alpha1",
@@ -1442,6 +1459,7 @@ func TestConfigMapUnpacker(t *testing.T) {
14421459
ObjectMeta: metav1.ObjectMeta{
14431460
Name: pathHash,
14441461
Namespace: "ns-a",
1462+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
14451463
OwnerReferences: []metav1.OwnerReference{
14461464
{
14471465
APIVersion: "v1",
@@ -1457,7 +1475,8 @@ func TestConfigMapUnpacker(t *testing.T) {
14571475
BackoffLimit: &backoffLimit,
14581476
Template: corev1.PodTemplateSpec{
14591477
ObjectMeta: metav1.ObjectMeta{
1460-
Name: pathHash,
1478+
Name: pathHash,
1479+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
14611480
},
14621481
Spec: corev1.PodSpec{
14631482
RestartPolicy: corev1.RestartPolicyNever,

pkg/controller/install/certresources.go

+5
Original file line numberDiff line numberDiff line change
@@ -251,6 +251,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
251251
service.SetName(ServiceName(deploymentName))
252252
service.SetNamespace(i.owner.GetNamespace())
253253
ownerutil.AddNonBlockingOwner(service, i.owner)
254+
service.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
254255

255256
existingService, err := i.strategyClient.GetOpLister().CoreV1().ServiceLister().Services(i.owner.GetNamespace()).Get(service.GetName())
256257
if err == nil {
@@ -366,6 +367,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
366367
}
367368
secretRole.SetName(secret.GetName())
368369
secretRole.SetNamespace(i.owner.GetNamespace())
370+
secretRole.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
369371

370372
existingSecretRole, err := i.strategyClient.GetOpLister().RbacV1().RoleLister().Roles(i.owner.GetNamespace()).Get(secretRole.GetName())
371373
if err == nil {
@@ -412,6 +414,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
412414
}
413415
secretRoleBinding.SetName(secret.GetName())
414416
secretRoleBinding.SetNamespace(i.owner.GetNamespace())
417+
secretRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
415418

416419
existingSecretRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(i.owner.GetNamespace()).Get(secretRoleBinding.GetName())
417420
if err == nil {
@@ -454,6 +457,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
454457
},
455458
}
456459
authDelegatorClusterRoleBinding.SetName(service.GetName() + "-system:auth-delegator")
460+
authDelegatorClusterRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
457461

458462
existingAuthDelegatorClusterRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().ClusterRoleBindingLister().Get(authDelegatorClusterRoleBinding.GetName())
459463
if err == nil {
@@ -502,6 +506,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
502506
}
503507
authReaderRoleBinding.SetName(service.GetName() + "-auth-reader")
504508
authReaderRoleBinding.SetNamespace(KubeSystem)
509+
authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
505510

506511
existingAuthReaderRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(KubeSystem).Get(authReaderRoleBinding.GetName())
507512
if err == nil {

pkg/controller/install/certresources_test.go

+22-6
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import (
77
"time"
88

99
"github.com/golang/mock/gomock"
10+
"github.com/google/go-cmp/cmp"
1011
"github.com/stretchr/testify/assert"
1112
"github.com/stretchr/testify/require"
1213
appsv1 "k8s.io/api/apps/v1"
@@ -155,7 +156,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
155156
mockOpClient.EXPECT().DeleteService(namespace, "test-service", &metav1.DeleteOptions{}).Return(nil)
156157
service := corev1.Service{
157158
ObjectMeta: metav1.ObjectMeta{
158-
Name: "test-service",
159+
Name: "test-service",
160+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
159161
OwnerReferences: []metav1.OwnerReference{
160162
ownerutil.NonBlockingOwner(&v1alpha1.ClusterServiceVersion{}),
161163
},
@@ -198,6 +200,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
198200
ObjectMeta: metav1.ObjectMeta{
199201
Name: secret.GetName(),
200202
Namespace: namespace,
203+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
201204
},
202205
Rules: []rbacv1.PolicyRule{
203206
{
@@ -214,6 +217,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
214217
ObjectMeta: metav1.ObjectMeta{
215218
Name: secret.GetName(),
216219
Namespace: namespace,
220+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
217221
},
218222
Subjects: []rbacv1.Subject{
219223
{
@@ -233,7 +237,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
233237

234238
authDelegatorClusterRoleBinding := &rbacv1.ClusterRoleBinding{
235239
ObjectMeta: metav1.ObjectMeta{
236-
Name: service.GetName() + "-system:auth-delegator",
240+
Name: service.GetName() + "-system:auth-delegator",
241+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
237242
},
238243
Subjects: []rbacv1.Subject{
239244
{
@@ -269,6 +274,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
269274
}
270275
authReaderRoleBinding.SetName(service.GetName() + "-auth-reader")
271276
authReaderRoleBinding.SetNamespace(KubeSystem)
277+
authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
272278

273279
mockOpClient.EXPECT().UpdateRoleBinding(authReaderRoleBinding).Return(authReaderRoleBinding, nil)
274280
},
@@ -380,6 +386,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
380386
ObjectMeta: metav1.ObjectMeta{
381387
Name: "test-service",
382388
Namespace: owner.GetNamespace(),
389+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
383390
OwnerReferences: []metav1.OwnerReference{
384391
ownerutil.NonBlockingOwner(owner),
385392
},
@@ -422,6 +429,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
422429
ObjectMeta: metav1.ObjectMeta{
423430
Name: secret.GetName(),
424431
Namespace: namespace,
432+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
425433
},
426434
Rules: []rbacv1.PolicyRule{
427435
{
@@ -438,6 +446,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
438446
ObjectMeta: metav1.ObjectMeta{
439447
Name: secret.GetName(),
440448
Namespace: namespace,
449+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
441450
},
442451
Subjects: []rbacv1.Subject{
443452
{
@@ -457,7 +466,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
457466

458467
authDelegatorClusterRoleBinding := &rbacv1.ClusterRoleBinding{
459468
ObjectMeta: metav1.ObjectMeta{
460-
Name: service.GetName() + "-system:auth-delegator",
469+
Name: service.GetName() + "-system:auth-delegator",
470+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
461471
},
462472
Subjects: []rbacv1.Subject{
463473
{
@@ -493,6 +503,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
493503
}
494504
authReaderRoleBinding.SetName(service.GetName() + "-auth-reader")
495505
authReaderRoleBinding.SetNamespace(KubeSystem)
506+
authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
496507

497508
mockOpClient.EXPECT().UpdateRoleBinding(authReaderRoleBinding).Return(authReaderRoleBinding, nil)
498509
},
@@ -596,7 +607,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
596607
mockOpClient.EXPECT().DeleteService(namespace, "test-service", &metav1.DeleteOptions{}).Return(nil)
597608
service := corev1.Service{
598609
ObjectMeta: metav1.ObjectMeta{
599-
Name: "test-service",
610+
Name: "test-service",
611+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
600612
OwnerReferences: []metav1.OwnerReference{
601613
ownerutil.NonBlockingOwner(&v1alpha1.ClusterServiceVersion{}),
602614
},
@@ -649,6 +661,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
649661
ObjectMeta: metav1.ObjectMeta{
650662
Name: secret.GetName(),
651663
Namespace: namespace,
664+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
652665
},
653666
Rules: []rbacv1.PolicyRule{
654667
{
@@ -665,6 +678,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
665678
ObjectMeta: metav1.ObjectMeta{
666679
Name: secret.GetName(),
667680
Namespace: namespace,
681+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
668682
},
669683
Subjects: []rbacv1.Subject{
670684
{
@@ -684,7 +698,8 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
684698

685699
authDelegatorClusterRoleBinding := &rbacv1.ClusterRoleBinding{
686700
ObjectMeta: metav1.ObjectMeta{
687-
Name: service.GetName() + "-system:auth-delegator",
701+
Name: service.GetName() + "-system:auth-delegator",
702+
Labels: map[string]string{OLMManagedLabelKey: OLMManagedLabelValue},
688703
},
689704
Subjects: []rbacv1.Subject{
690705
{
@@ -720,6 +735,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
720735
}
721736
authReaderRoleBinding.SetName(service.GetName() + "-auth-reader")
722737
authReaderRoleBinding.SetNamespace(KubeSystem)
738+
authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
723739

724740
mockOpClient.EXPECT().UpdateRoleBinding(authReaderRoleBinding).Return(authReaderRoleBinding, nil)
725741
},
@@ -853,7 +869,7 @@ func TestInstallCertRequirementsForDeployment(t *testing.T) {
853869
return
854870
}
855871
if !reflect.DeepEqual(got, tt.want) {
856-
t.Errorf("installCertRequirementsForDeployment() \n got = %v \n want = %v", got, tt.want)
872+
t.Errorf("installCertRequirementsForDeployment() \n got = %v \n want = %v\n diff=%s\n", got, tt.want, cmp.Diff(got, tt.want))
857873
}
858874
})
859875
}

pkg/controller/install/deployment.go

+4
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,10 @@ func (i *StrategyDeploymentInstaller) deploymentForSpec(name string, spec appsv1
152152
dep.Spec.Template.SetAnnotations(annotations)
153153

154154
// Set custom labels before CSV owner labels
155+
if dep.Labels == nil {
156+
dep.Labels = map[string]string{}
157+
}
158+
dep.Labels[OLMManagedLabelKey] = OLMManagedLabelValue
155159
dep.SetLabels(specLabels)
156160

157161
ownerutil.AddNonBlockingOwner(dep, i.owner)

0 commit comments

Comments
 (0)