@@ -23,6 +23,8 @@ import (
2323 "encoding/base64"
2424 "fmt"
2525
26+ networkingv1 "k8s.io/api/networking/v1"
27+
2628 rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
2729
2830 corev1 "k8s.io/api/core/v1"
@@ -38,6 +40,8 @@ import (
3840 ctrl "sigs.k8s.io/controller-runtime"
3941 "sigs.k8s.io/controller-runtime/pkg/client"
4042 "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
43+ "sigs.k8s.io/controller-runtime/pkg/handler"
44+ "sigs.k8s.io/controller-runtime/pkg/reconcile"
4145
4246 routev1 "github.com/openshift/api/route/v1"
4347 routeapply "github.com/openshift/client-go/route/applyconfigurations/route/v1"
@@ -75,12 +79,12 @@ var (
7579// +kubebuilder:rbac:groups=ray.io,resources=rayclusters,verbs=get;list;watch;create;update;patch;delete
7680// +kubebuilder:rbac:groups=ray.io,resources=rayclusters/status,verbs=get;update;patch
7781// +kubebuilder:rbac:groups=ray.io,resources=rayclusters/finalizers,verbs=update
78- // +kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=get;create;update;patch;delete
79- // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;create;update;patch;delete
80- // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get
81- // +kubebuilder:rbac:groups=core,resources=services,verbs=get;create;update;patch;delete
82- // +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;create;update;patch;delete
83- // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;create;update;patch;delete
82+ // +kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=get;create;update;patch;delete;watch
83+ // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;create;update;patch;delete;watch
84+ // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get;watch
85+ // +kubebuilder:rbac:groups=core,resources=services,verbs=get;create;update;patch;delete;watch
86+ // +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;create;update;patch;delete;watch
87+ // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;create;update;patch;delete;watch
8488// +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create;
8589// +kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create;
8690
@@ -233,7 +237,7 @@ func crbNameFromCluster(cluster *rayv1.RayCluster) string {
233237func desiredOAuthClusterRoleBinding (cluster * rayv1.RayCluster ) * rbacapply.ClusterRoleBindingApplyConfiguration {
234238 return rbacapply .ClusterRoleBinding (
235239 crbNameFromCluster (cluster )).
236- WithLabels (map [string ]string {"ray.io/cluster-name" : cluster .Name }).
240+ WithLabels (map [string ]string {"ray.io/cluster-name" : cluster .Name , "ray.io/cluster-namespace" : cluster . Namespace }).
237241 WithSubjects (
238242 rbacapply .Subject ().
239243 WithKind ("ServiceAccount" ).
@@ -350,5 +354,19 @@ func (r *RayClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
350354 return ctrl .NewControllerManagedBy (mgr ).
351355 Named (controllerName ).
352356 For (& rayv1.RayCluster {}).
357+ Owns (& corev1.ServiceAccount {}).
358+ Owns (& corev1.Service {}).
359+ Owns (& corev1.Secret {}).
360+ Owns (& routev1.Route {}).
361+ Owns (& networkingv1.Ingress {}).
362+ Watches (& rbacv1.ClusterRoleBinding {}, handler .EnqueueRequestsFromMapFunc (
363+ func (c context.Context , o client.Object ) []reconcile.Request {
364+ return []reconcile.Request {{
365+ NamespacedName : client.ObjectKey {
366+ Name : o .GetLabels ()["ray.io/cluster-name" ],
367+ Namespace : o .GetLabels ()["ray.io/cluster-namespace" ],
368+ }}}
369+ }),
370+ ).
353371 Complete (r )
354372}
0 commit comments