Skip to content

Commit afd3a10

Browse files
KPostOfficeKPostOffice
committed
add watches for owned resources and CRBs
Signed-off-by: Kevin <[email protected]>
1 parent 3f1166c commit afd3a10

File tree

2 files changed

+31
-7
lines changed

2 files changed

+31
-7
lines changed

config/rbac/role.yaml

+6
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ rules:
2626
- delete
2727
- get
2828
- patch
29+
- watch
2930
- apiGroups:
3031
- ""
3132
resources:
@@ -36,6 +37,7 @@ rules:
3637
- get
3738
- patch
3839
- update
40+
- watch
3941
- apiGroups:
4042
- ""
4143
resources:
@@ -46,6 +48,7 @@ rules:
4648
- get
4749
- patch
4850
- update
51+
- watch
4952
- apiGroups:
5053
- networking.k8s.io
5154
resources:
@@ -56,6 +59,7 @@ rules:
5659
- get
5760
- patch
5861
- update
62+
- watch
5963
- apiGroups:
6064
- ray.io
6165
resources:
@@ -92,6 +96,7 @@ rules:
9296
- get
9397
- patch
9498
- update
99+
- watch
95100
- apiGroups:
96101
- route.openshift.io
97102
resources:
@@ -103,3 +108,4 @@ rules:
103108
- get
104109
- patch
105110
- update
111+
- watch

pkg/controllers/raycluster_controller.go

+25-7
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ import (
2222
"crypto/sha1"
2323
"encoding/base64"
2424

25+
networkingv1 "k8s.io/api/networking/v1"
26+
2527
rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
2628

2729
corev1 "k8s.io/api/core/v1"
@@ -37,6 +39,8 @@ import (
3739
ctrl "sigs.k8s.io/controller-runtime"
3840
"sigs.k8s.io/controller-runtime/pkg/client"
3941
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
42+
"sigs.k8s.io/controller-runtime/pkg/handler"
43+
"sigs.k8s.io/controller-runtime/pkg/reconcile"
4044

4145
routev1 "github.com/openshift/api/route/v1"
4246
routeapply "github.com/openshift/client-go/route/applyconfigurations/route/v1"
@@ -75,12 +79,12 @@ var (
7579
// +kubebuilder:rbac:groups=ray.io,resources=rayclusters,verbs=get;list;watch;create;update;patch;delete
7680
// +kubebuilder:rbac:groups=ray.io,resources=rayclusters/status,verbs=get;update;patch
7781
// +kubebuilder:rbac:groups=ray.io,resources=rayclusters/finalizers,verbs=update
78-
// +kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=get;create;update;patch;delete
79-
// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;create;update;patch;delete
80-
// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get
81-
// +kubebuilder:rbac:groups=core,resources=services,verbs=get;create;update;patch;delete
82-
// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;create;update;patch;delete
83-
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;create;update;patch;delete
82+
// +kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=get;create;update;patch;delete;watch
83+
// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;create;update;patch;delete;watch
84+
// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get;watch
85+
// +kubebuilder:rbac:groups=core,resources=services,verbs=get;create;update;patch;delete;watch
86+
// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;create;update;patch;delete;watch
87+
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;create;update;patch;delete;watch
8488
// +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create;
8589
// +kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create;
8690

@@ -220,7 +224,7 @@ func crbNameFromCluster(cluster *rayv1.RayCluster) string {
220224
func desiredOAuthClusterRoleBinding(cluster *rayv1.RayCluster) *rbacapply.ClusterRoleBindingApplyConfiguration {
221225
return rbacapply.ClusterRoleBinding(
222226
crbNameFromCluster(cluster)).
223-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
227+
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name, "ray.io/cluster-namespace": cluster.Namespace}).
224228
WithSubjects(
225229
rbacapply.Subject().
226230
WithKind("ServiceAccount").
@@ -340,5 +344,19 @@ func (r *RayClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
340344
return ctrl.NewControllerManagedBy(mgr).
341345
Named(controllerName).
342346
For(&rayv1.RayCluster{}).
347+
Owns(&corev1.ServiceAccount{}).
348+
Owns(&corev1.Service{}).
349+
Owns(&corev1.Secret{}).
350+
Owns(&routev1.Route{}).
351+
Owns(&networkingv1.Ingress{}).
352+
Watches(&rbacv1.ClusterRoleBinding{}, handler.EnqueueRequestsFromMapFunc(
353+
func(c context.Context, o client.Object) []reconcile.Request {
354+
return []reconcile.Request{{
355+
NamespacedName: client.ObjectKey{
356+
Name: o.GetLabels()["ray.io/cluster-name"],
357+
Namespace: o.GetLabels()["ray.io/cluster-namespace"],
358+
}}}
359+
}),
360+
).
343361
Complete(r)
344362
}

0 commit comments

Comments
 (0)