use sets to track certs to install, revert to checking for installPlan

timeouts after API availability checks, add service FQDN to list of
hostnames.

Signed-off-by: Ankita Thomas <[email protected]>

Author: ankitathomas

Diff for: pkg/controller/install/certresources.go

@@ -12,6 +12,7 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/apimachinery/pkg/util/sets"
 	corev1ac "k8s.io/client-go/applyconfigurations/core/v1"
 	rbacv1ac "k8s.io/client-go/applyconfigurations/rbac/v1"
 
@@ -161,6 +162,7 @@ func HostnamesForService(serviceName, namespace string) []string {
 	return []string{
 		fmt.Sprintf("%s.%s", serviceName, namespace),
 		fmt.Sprintf("%s.%s.svc", serviceName, namespace),
+		fmt.Sprintf("%s.%s.svc.cluster.local", serviceName, namespace),
 	}
 }
 
@@ -274,15 +276,15 @@ func shouldRotateCerts(certSecret *corev1.Secret, hosts []string) bool {
 func (i *StrategyDeploymentInstaller) ShouldRotateCerts(s Strategy) (bool, error) {
 	strategy, ok := s.(*v1alpha1.StrategyDetailsDeployment)
 	if !ok {
-		return false, fmt.Errorf("attempted to install %s strategy with deployment installer", strategy.GetStrategyName())
+		return false, fmt.Errorf("failed to install %s strategy with deployment installer: unsupported deployment install strategy", strategy.GetStrategyName())
 	}
 
-	hasCerts := map[string]struct{}{}
+	hasCerts := sets.New[string]()
 	for _, c := range i.getCertResources() {
-		hasCerts[c.getDeploymentName()] = struct{}{}
+		hasCerts.Insert(c.getDeploymentName())
 	}
 	for _, sddSpec := range strategy.DeploymentSpecs {
-		if _, ok := hasCerts[sddSpec.Name]; ok {
+		if hasCerts.Has(sddSpec.Name) {
 			certSecret, err := i.strategyClient.GetOpLister().CoreV1().SecretLister().Secrets(i.owner.GetNamespace()).Get(SecretName(ServiceName(sddSpec.Name)))
 			if err == nil {
 				if shouldRotateCerts(certSecret, HostnamesForService(ServiceName(sddSpec.Name), i.owner.GetNamespace())) {

Diff for: pkg/controller/operators/olm/operator.go

@@ -2207,18 +2207,18 @@ func (a *Operator) transitionCSVState(in v1alpha1.ClusterServiceVersion) (out *v
 			return
 		}
 		if installErr := a.updateInstallStatus(out, installer, strategy, v1alpha1.CSVPhaseInstalling, v1alpha1.CSVReasonWaiting); installErr != nil {
-			// Set phase to failed if it's been a long time since the last transition (5 minutes)
-			if out.Status.LastTransitionTime != nil && a.now().Sub(out.Status.LastTransitionTime.Time) >= 5*time.Minute {
-				logger.Warn("install timed out")
-				out.SetPhaseWithEvent(v1alpha1.CSVPhaseFailed, v1alpha1.CSVReasonInstallCheckFailed, "install timeout", now, a.recorder)
-				return
-			}
 			// Re-sync if kube-apiserver was unavailable
 			if apierrors.IsServiceUnavailable(installErr) {
 				logger.WithError(installErr).Info("could not update install status")
 				syncError = installErr
 				return
 			}
+			// Set phase to failed if it's been a long time since the last transition (5 minutes)
+			if out.Status.LastTransitionTime != nil && a.now().Sub(out.Status.LastTransitionTime.Time) >= 5*time.Minute {
+				logger.Warn("install timed out")
+				out.SetPhaseWithEvent(v1alpha1.CSVPhaseFailed, v1alpha1.CSVReasonInstallCheckFailed, "install timeout", now, a.recorder)
+				return
+			}
 		}
 		logger.WithField("strategy", out.Spec.InstallStrategy.StrategyName).Infof("install strategy successful")