Skip to content

Commit 9e7031f

Browse files
stevekuznetsovstevekuznetsov
authored
OCPBUGS-17157: label non-OLM resources (#3017)
* add a round-tripper to ensure we label non-OLM resources This round-tripper is added to our *rest.Config when it's possible to detect that we're in a CI environment. Developers should set $CI=true to get this behavior locally. Signed-off-by: Steve Kuznetsov <[email protected]> * *: label non-OLM resources Today, our controllers use un-filtered LIST+WATCH calls to monitor the state of the cluster. For OLM-specific resource types, that's fine, since we need to know (for instance) about every CSV. For non-OLM resource groups, though, that is needlessly wasteful in memory consumption and makes our controller's footprint scale with the size of the cluster itself, irrespective of the usage of OLM. Adding a label to every resource we create is the first step in being able to filter down all of those requests to only those objects with our label. Signed-off-by: Steve Kuznetsov <[email protected]> --------- Signed-off-by: Steve Kuznetsov <[email protected]>
1 parent 0dbf79d commit 9e7031f

23 files changed

+275
-47
lines changed

cmd/olm/main.go

+5-1
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111

1212
configclientset "github.com/openshift/client-go/config/clientset/versioned"
1313
configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
14+
"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/operators/validatingroundtripper"
1415
"github.com/sirupsen/logrus"
1516
"github.com/spf13/pflag"
1617
corev1 "k8s.io/api/core/v1"
@@ -139,6 +140,9 @@ func main() {
139140
}
140141
config := mgr.GetConfig()
141142

143+
// create a config that validates we're creating objects with labels
144+
validatingConfig := validatingroundtripper.Wrap(config)
145+
142146
versionedConfigClient, err := configclientset.NewForConfig(config)
143147
if err != nil {
144148
logger.WithError(err).Fatal("error configuring openshift proxy client")
@@ -147,7 +151,7 @@ func main() {
147151
if err != nil {
148152
logger.WithError(err).Fatal("error configuring config client")
149153
}
150-
opClient, err := operatorclient.NewClientFromRestConfig(config)
154+
opClient, err := operatorclient.NewClientFromRestConfig(validatingConfig)
151155
if err != nil {
152156
logger.WithError(err).Fatal("error configuring operator client")
153157
}

pkg/controller/bundle/bundle_unpacker.go

+10
Original file line numberDiff line numberDiff line change
@@ -86,11 +86,19 @@ func newBundleUnpackResult(lookup *operatorsv1alpha1.BundleLookup) *BundleUnpack
8686

8787
func (c *ConfigMapUnpacker) job(cmRef *corev1.ObjectReference, bundlePath string, secrets []corev1.LocalObjectReference, annotationUnpackTimeout time.Duration) *batchv1.Job {
8888
job := &batchv1.Job{
89+
ObjectMeta: metav1.ObjectMeta{
90+
Labels: map[string]string{
91+
install.OLMManagedLabelKey: install.OLMManagedLabelValue,
92+
},
93+
},
8994
Spec: batchv1.JobSpec{
9095
//ttlSecondsAfterFinished: 0 // can use in the future to not have to clean up job
9196
Template: corev1.PodTemplateSpec{
9297
ObjectMeta: metav1.ObjectMeta{
9398
Name: cmRef.Name,
99+
Labels: map[string]string{
100+
install.OLMManagedLabelKey: install.OLMManagedLabelValue,
101+
},
94102
},
95103
Spec: corev1.PodSpec{
96104
// With restartPolicy = "OnFailure" when the spec.backoffLimit is reached, the job controller will delete all
@@ -687,6 +695,7 @@ func (c *ConfigMapUnpacker) ensureRole(cmRef *corev1.ObjectReference) (role *rba
687695
fresh.SetNamespace(cmRef.Namespace)
688696
fresh.SetName(cmRef.Name)
689697
fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)})
698+
fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue})
690699

691700
role, err = c.roleLister.Roles(fresh.GetNamespace()).Get(fresh.GetName())
692701
if err != nil {
@@ -730,6 +739,7 @@ func (c *ConfigMapUnpacker) ensureRoleBinding(cmRef *corev1.ObjectReference) (ro
730739
fresh.SetNamespace(cmRef.Namespace)
731740
fresh.SetName(cmRef.Name)
732741
fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)})
742+
fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue})
733743

734744
roleBinding, err = c.rbLister.RoleBindings(fresh.GetNamespace()).Get(fresh.GetName())
735745
if err != nil {

pkg/controller/bundle/bundle_unpacker_test.go

+25-6
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,7 @@ func TestConfigMapUnpacker(t *testing.T) {
208208
ObjectMeta: metav1.ObjectMeta{
209209
Name: pathHash,
210210
Namespace: "ns-a",
211+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
211212
OwnerReferences: []metav1.OwnerReference{
212213
{
213214
APIVersion: "v1",
@@ -224,7 +225,8 @@ func TestConfigMapUnpacker(t *testing.T) {
224225
BackoffLimit: &backoffLimit,
225226
Template: corev1.PodTemplateSpec{
226227
ObjectMeta: metav1.ObjectMeta{
227-
Name: pathHash,
228+
Name: pathHash,
229+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
228230
},
229231
Spec: corev1.PodSpec{
230232
RestartPolicy: corev1.RestartPolicyNever,
@@ -369,6 +371,7 @@ func TestConfigMapUnpacker(t *testing.T) {
369371
ObjectMeta: metav1.ObjectMeta{
370372
Name: pathHash,
371373
Namespace: "ns-a",
374+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
372375
OwnerReferences: []metav1.OwnerReference{
373376
{
374377
APIVersion: "v1",
@@ -402,6 +405,7 @@ func TestConfigMapUnpacker(t *testing.T) {
402405
ObjectMeta: metav1.ObjectMeta{
403406
Name: pathHash,
404407
Namespace: "ns-a",
408+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
405409
OwnerReferences: []metav1.OwnerReference{
406410
{
407411
APIVersion: "v1",
@@ -437,6 +441,7 @@ func TestConfigMapUnpacker(t *testing.T) {
437441
ObjectMeta: metav1.ObjectMeta{
438442
Name: digestHash,
439443
Namespace: "ns-a",
444+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
440445
OwnerReferences: []metav1.OwnerReference{
441446
{
442447
APIVersion: "v1",
@@ -452,7 +457,8 @@ func TestConfigMapUnpacker(t *testing.T) {
452457
BackoffLimit: &backoffLimit,
453458
Template: corev1.PodTemplateSpec{
454459
ObjectMeta: metav1.ObjectMeta{
455-
Name: digestHash,
460+
Name: digestHash,
461+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
456462
},
457463
Spec: corev1.PodSpec{
458464
RestartPolicy: corev1.RestartPolicyNever,
@@ -607,6 +613,7 @@ func TestConfigMapUnpacker(t *testing.T) {
607613
ObjectMeta: metav1.ObjectMeta{
608614
Name: digestHash,
609615
Namespace: "ns-a",
616+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
610617
OwnerReferences: []metav1.OwnerReference{
611618
{
612619
APIVersion: "operators.coreos.com/v1alpha1",
@@ -705,6 +712,7 @@ func TestConfigMapUnpacker(t *testing.T) {
705712
ObjectMeta: metav1.ObjectMeta{
706713
Name: digestHash,
707714
Namespace: "ns-a",
715+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
708716
OwnerReferences: []metav1.OwnerReference{
709717
{
710718
APIVersion: "v1",
@@ -720,7 +728,8 @@ func TestConfigMapUnpacker(t *testing.T) {
720728
BackoffLimit: &backoffLimit,
721729
Template: corev1.PodTemplateSpec{
722730
ObjectMeta: metav1.ObjectMeta{
723-
Name: digestHash,
731+
Name: digestHash,
732+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
724733
},
725734
Spec: corev1.PodSpec{
726735
RestartPolicy: corev1.RestartPolicyNever,
@@ -877,6 +886,7 @@ func TestConfigMapUnpacker(t *testing.T) {
877886
ObjectMeta: metav1.ObjectMeta{
878887
Name: digestHash,
879888
Namespace: "ns-a",
889+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
880890
OwnerReferences: []metav1.OwnerReference{
881891
{
882892
APIVersion: "v1",
@@ -910,6 +920,7 @@ func TestConfigMapUnpacker(t *testing.T) {
910920
ObjectMeta: metav1.ObjectMeta{
911921
Name: digestHash,
912922
Namespace: "ns-a",
923+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
913924
OwnerReferences: []metav1.OwnerReference{
914925
{
915926
APIVersion: "v1",
@@ -967,6 +978,7 @@ func TestConfigMapUnpacker(t *testing.T) {
967978
ObjectMeta: metav1.ObjectMeta{
968979
Name: pathHash,
969980
Namespace: "ns-a",
981+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
970982
OwnerReferences: []metav1.OwnerReference{
971983
{
972984
APIVersion: "v1",
@@ -982,7 +994,8 @@ func TestConfigMapUnpacker(t *testing.T) {
982994
BackoffLimit: &backoffLimit,
983995
Template: corev1.PodTemplateSpec{
984996
ObjectMeta: metav1.ObjectMeta{
985-
Name: pathHash,
997+
Name: pathHash,
998+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
986999
},
9871000
Spec: corev1.PodSpec{
9881001
RestartPolicy: corev1.RestartPolicyNever,
@@ -1124,6 +1137,7 @@ func TestConfigMapUnpacker(t *testing.T) {
11241137
ObjectMeta: metav1.ObjectMeta{
11251138
Name: pathHash,
11261139
Namespace: "ns-a",
1140+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
11271141
OwnerReferences: []metav1.OwnerReference{
11281142
{
11291143
APIVersion: "operators.coreos.com/v1alpha1",
@@ -1199,6 +1213,7 @@ func TestConfigMapUnpacker(t *testing.T) {
11991213
ObjectMeta: metav1.ObjectMeta{
12001214
Name: pathHash,
12011215
Namespace: "ns-a",
1216+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
12021217
OwnerReferences: []metav1.OwnerReference{
12031218
{
12041219
APIVersion: "v1",
@@ -1214,7 +1229,8 @@ func TestConfigMapUnpacker(t *testing.T) {
12141229
BackoffLimit: &backoffLimit,
12151230
Template: corev1.PodTemplateSpec{
12161231
ObjectMeta: metav1.ObjectMeta{
1217-
Name: pathHash,
1232+
Name: pathHash,
1233+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
12181234
},
12191235
Spec: corev1.PodSpec{
12201236
RestartPolicy: corev1.RestartPolicyNever,
@@ -1368,6 +1384,7 @@ func TestConfigMapUnpacker(t *testing.T) {
13681384
ObjectMeta: metav1.ObjectMeta{
13691385
Name: pathHash,
13701386
Namespace: "ns-a",
1387+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
13711388
OwnerReferences: []metav1.OwnerReference{
13721389
{
13731390
APIVersion: "operators.coreos.com/v1alpha1",
@@ -1442,6 +1459,7 @@ func TestConfigMapUnpacker(t *testing.T) {
14421459
ObjectMeta: metav1.ObjectMeta{
14431460
Name: pathHash,
14441461
Namespace: "ns-a",
1462+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
14451463
OwnerReferences: []metav1.OwnerReference{
14461464
{
14471465
APIVersion: "v1",
@@ -1457,7 +1475,8 @@ func TestConfigMapUnpacker(t *testing.T) {
14571475
BackoffLimit: &backoffLimit,
14581476
Template: corev1.PodTemplateSpec{
14591477
ObjectMeta: metav1.ObjectMeta{
1460-
Name: pathHash,
1478+
Name: pathHash,
1479+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
14611480
},
14621481
Spec: corev1.PodSpec{
14631482
RestartPolicy: corev1.RestartPolicyNever,

pkg/controller/install/certresources.go

+5
Original file line numberDiff line numberDiff line change
@@ -251,6 +251,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
251251
service.SetName(ServiceName(deploymentName))
252252
service.SetNamespace(i.owner.GetNamespace())
253253
ownerutil.AddNonBlockingOwner(service, i.owner)
254+
service.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
254255

255256
existingService, err := i.strategyClient.GetOpLister().CoreV1().ServiceLister().Services(i.owner.GetNamespace()).Get(service.GetName())
256257
if err == nil {
@@ -366,6 +367,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
366367
}
367368
secretRole.SetName(secret.GetName())
368369
secretRole.SetNamespace(i.owner.GetNamespace())
370+
secretRole.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
369371

370372
existingSecretRole, err := i.strategyClient.GetOpLister().RbacV1().RoleLister().Roles(i.owner.GetNamespace()).Get(secretRole.GetName())
371373
if err == nil {
@@ -412,6 +414,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
412414
}
413415
secretRoleBinding.SetName(secret.GetName())
414416
secretRoleBinding.SetNamespace(i.owner.GetNamespace())
417+
secretRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
415418

416419
existingSecretRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(i.owner.GetNamespace()).Get(secretRoleBinding.GetName())
417420
if err == nil {
@@ -454,6 +457,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
454457
},
455458
}
456459
authDelegatorClusterRoleBinding.SetName(service.GetName() + "-system:auth-delegator")
460+
authDelegatorClusterRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
457461

458462
existingAuthDelegatorClusterRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().ClusterRoleBindingLister().Get(authDelegatorClusterRoleBinding.GetName())
459463
if err == nil {
@@ -502,6 +506,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
502506
}
503507
authReaderRoleBinding.SetName(service.GetName() + "-auth-reader")
504508
authReaderRoleBinding.SetNamespace(KubeSystem)
509+
authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
505510

506511
existingAuthReaderRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(KubeSystem).Get(authReaderRoleBinding.GetName())
507512
if err == nil {

0 commit comments

Comments
 (0)