From 4f530ce2402db720b3078b03c10a4b2992816686 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 18 Nov 2021 11:42:58 -0600 Subject: [PATCH 01/29] ignore events that are outside of namespaces that the controller manages. --- cmd/manager/main.go | 1 + pkg/controller/association/controller.go | 7 +-- .../controller/agent_fleetserver.go | 3 ++ .../association/controller/agent_kibana.go | 3 ++ .../association/controller/apm_es.go | 3 ++ .../association/controller/apm_kibana.go | 3 ++ .../association/controller/beat_es.go | 3 ++ .../association/controller/beat_kibana.go | 3 ++ .../association/controller/ent_es.go | 3 ++ .../association/controller/es_monitoring.go | 7 ++- .../controller/es_monitoring_test.go | 3 +- .../association/controller/kb_monitoring.go | 3 ++ .../association/controller/kibana_ent.go | 3 ++ .../association/controller/kibana_es.go | 3 ++ .../association/controller/maps_es.go | 3 ++ pkg/controller/association/reconciler.go | 4 ++ pkg/controller/autoscaling/elasticsearch.go | 2 +- pkg/controller/common/operator/parameters.go | 2 + pkg/controller/common/predicate.go | 43 +++++++++++++++++++ .../elasticsearch/elasticsearch_controller.go | 6 +-- pkg/controller/license/license_controller.go | 6 +-- pkg/controller/remoteca/controller.go | 2 +- pkg/controller/remoteca/watches.go | 5 ++- 23 files changed, 105 insertions(+), 16 deletions(-) create mode 100644 pkg/controller/common/predicate.go diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 41b43857d7..ad8d3608b5 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -553,6 +553,7 @@ func startOperator(ctx context.Context) error { Dialer: dialer, ExposedNodeLabels: exposedNodeLabels, IPFamily: ipFamily, + ManagedNamespaces: managedNamespaces, OperatorNamespace: operatorNamespace, OperatorInfo: operatorInfo, CACertRotation: certificates.RotationParams{ diff --git a/pkg/controller/association/controller.go b/pkg/controller/association/controller.go index 73a8fbef42..d4eb7fad38 100644 --- a/pkg/controller/association/controller.go +++ b/pkg/controller/association/controller.go @@ -9,6 +9,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/source" "github.com/elastic/cloud-on-k8s/pkg/controller/common" @@ -44,12 +45,12 @@ func AddAssociationController( if err != nil { return err } - return addWatches(c, r) + return addWatches(c, r, associationInfo.Predicates) } -func addWatches(c controller.Controller, r *Reconciler) error { +func addWatches(c controller.Controller, r *Reconciler, predicates []predicate.Predicate) error { // Watch the associated resource (e.g. Kibana for a Kibana -> Elasticsearch association) - if err := c.Watch(&source.Kind{Type: r.AssociatedObjTemplate()}, &handler.EnqueueRequestForObject{}); err != nil { + if err := c.Watch(&source.Kind{Type: r.AssociatedObjTemplate()}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { return err } diff --git a/pkg/controller/association/controller/agent_fleetserver.go b/pkg/controller/association/controller/agent_fleetserver.go index 1a0e0ddb02..448967708b 100644 --- a/pkg/controller/association/controller/agent_fleetserver.go +++ b/pkg/controller/association/controller/agent_fleetserver.go @@ -10,11 +10,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" agentv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/agent/v1alpha1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/agent" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" @@ -40,6 +42,7 @@ func AddAgentFleetServer(mgr manager.Manager, accessReviewer rbac.AccessReviewer AssociationConfAnnotationNameBase: commonv1.FleetServerConfigAnnotationNameBase, AssociationResourceNameLabelName: agent.NameLabelName, AssociationResourceNamespaceLabelName: agent.NamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: nil, }) diff --git a/pkg/controller/association/controller/agent_kibana.go b/pkg/controller/association/controller/agent_kibana.go index 2b2b8128d0..fb49dc54c3 100644 --- a/pkg/controller/association/controller/agent_kibana.go +++ b/pkg/controller/association/controller/agent_kibana.go @@ -8,11 +8,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" agentv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/agent/v1alpha1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/controller/kibana" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" @@ -38,6 +40,7 @@ func AddAgentKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, par AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/apm_es.go b/pkg/controller/association/controller/apm_es.go index 132b0aeaa0..0dd8c3ca09 100644 --- a/pkg/controller/association/controller/apm_es.go +++ b/pkg/controller/association/controller/apm_es.go @@ -12,11 +12,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" apmv1 "github.com/elastic/cloud-on-k8s/pkg/apis/apm/v1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" @@ -56,6 +58,7 @@ func AddApmES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/apm_kibana.go b/pkg/controller/association/controller/apm_kibana.go index 40918a8ea8..c20774989a 100644 --- a/pkg/controller/association/controller/apm_kibana.go +++ b/pkg/controller/association/controller/apm_kibana.go @@ -11,11 +11,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" apmv1 "github.com/elastic/cloud-on-k8s/pkg/apis/apm/v1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/controller/kibana" @@ -43,6 +45,7 @@ func AddApmKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/beat_es.go b/pkg/controller/association/controller/beat_es.go index 74ed170c15..9cd7b2b88a 100644 --- a/pkg/controller/association/controller/beat_es.go +++ b/pkg/controller/association/controller/beat_es.go @@ -12,11 +12,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" beatv1beta1 "github.com/elastic/cloud-on-k8s/pkg/apis/beat/v1beta1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" @@ -57,6 +59,7 @@ func AddBeatES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/beat_kibana.go b/pkg/controller/association/controller/beat_kibana.go index 6646eedf1b..417e86f678 100644 --- a/pkg/controller/association/controller/beat_kibana.go +++ b/pkg/controller/association/controller/beat_kibana.go @@ -12,11 +12,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" beatv1beta1 "github.com/elastic/cloud-on-k8s/pkg/apis/beat/v1beta1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" esuser "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" @@ -44,6 +46,7 @@ func AddBeatKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, para AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/ent_es.go b/pkg/controller/association/controller/ent_es.go index 5efb1e37c0..0682bebb78 100644 --- a/pkg/controller/association/controller/ent_es.go +++ b/pkg/controller/association/controller/ent_es.go @@ -8,11 +8,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" entv1 "github.com/elastic/cloud-on-k8s/pkg/apis/enterprisesearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" esuser "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" @@ -52,6 +54,7 @@ func AddEntES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/es_monitoring.go b/pkg/controller/association/controller/es_monitoring.go index b05fb331d6..d50942ae39 100644 --- a/pkg/controller/association/controller/es_monitoring.go +++ b/pkg/controller/association/controller/es_monitoring.go @@ -8,10 +8,12 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" @@ -35,10 +37,10 @@ const ( // Beats are configured to collect monitoring metrics and logs data of the associated Elasticsearch and send // them to the Elasticsearch referenced in the association. func AddEsMonitoring(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params operator.Parameters) error { - return association.AddAssociationController(mgr, accessReviewer, params, esMonitoringAssociationInfo()) + return association.AddAssociationController(mgr, accessReviewer, params, esMonitoringAssociationInfo(params)) } -func esMonitoringAssociationInfo() association.AssociationInfo { +func esMonitoringAssociationInfo(params operator.Parameters) association.AssociationInfo { return association.AssociationInfo{ AssociatedObjTemplate: func() commonv1.Associated { return &esv1.Elasticsearch{} }, ReferencedObjTemplate: func() client.Object { return &esv1.Elasticsearch{} }, @@ -58,6 +60,7 @@ func esMonitoringAssociationInfo() association.AssociationInfo { AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/es_monitoring_test.go b/pkg/controller/association/controller/es_monitoring_test.go index bd628975e8..fd03b63d63 100644 --- a/pkg/controller/association/controller/es_monitoring_test.go +++ b/pkg/controller/association/controller/es_monitoring_test.go @@ -14,6 +14,7 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" ) @@ -32,7 +33,7 @@ var ( func Test_EsMonitoringReconciler_NoAssociation(t *testing.T) { es := sampleES resourceVersion := es.ResourceVersion - r := association.NewTestAssociationReconciler(esMonitoringAssociationInfo(), &es) + r := association.NewTestAssociationReconciler(esMonitoringAssociationInfo(operator.Parameters{}), &es) _, err := r.Reconcile(context.Background(), reconcile.Request{NamespacedName: k8s.ExtractNamespacedName(&es)}) require.NoError(t, err) // should not update the Elasticsearch resource diff --git a/pkg/controller/association/controller/kb_monitoring.go b/pkg/controller/association/controller/kb_monitoring.go index 4cf24635d2..d29aa5451a 100644 --- a/pkg/controller/association/controller/kb_monitoring.go +++ b/pkg/controller/association/controller/kb_monitoring.go @@ -8,11 +8,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" @@ -43,6 +45,7 @@ func AddKbMonitoring(mgr manager.Manager, accessReviewer rbac.AccessReviewer, pa AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/kibana_ent.go b/pkg/controller/association/controller/kibana_ent.go index 2c5fb5ee5b..0216d906d3 100644 --- a/pkg/controller/association/controller/kibana_ent.go +++ b/pkg/controller/association/controller/kibana_ent.go @@ -10,11 +10,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" entv1 "github.com/elastic/cloud-on-k8s/pkg/apis/enterprisesearch/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" entctl "github.com/elastic/cloud-on-k8s/pkg/controller/enterprisesearch" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -41,6 +43,7 @@ func AddKibanaEnt(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.EntConfigAnnotationNameBase, AssociationResourceNameLabelName: entctl.EnterpriseSearchNameLabelName, AssociationResourceNamespaceLabelName: entctl.EnterpriseSearchNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: nil, // no dedicated ES user required for Kibana->Ent connection }) } diff --git a/pkg/controller/association/controller/kibana_es.go b/pkg/controller/association/controller/kibana_es.go index a311bcb604..80f421635a 100644 --- a/pkg/controller/association/controller/kibana_es.go +++ b/pkg/controller/association/controller/kibana_es.go @@ -10,11 +10,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -56,6 +58,7 @@ func AddKibanaES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/maps_es.go b/pkg/controller/association/controller/maps_es.go index 660d82a4d0..f9750ba0d4 100644 --- a/pkg/controller/association/controller/maps_es.go +++ b/pkg/controller/association/controller/maps_es.go @@ -8,11 +8,13 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" emsv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/maps/v1alpha1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" + "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" @@ -55,6 +57,7 @@ func AddMapsES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, + Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/reconciler.go b/pkg/controller/association/reconciler.go index c82520f9c1..92186a2894 100644 --- a/pkg/controller/association/reconciler.go +++ b/pkg/controller/association/reconciler.go @@ -18,6 +18,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/tools/record" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "github.com/elastic/cloud-on-k8s/pkg/about" @@ -79,6 +80,9 @@ type AssociationInfo struct { // namespace of the associated resource (eg. user secret allowing to connect Beat to Kibana will have this label // pointing to the Beat resource). AssociationResourceNamespaceLabelName string + // Predicates are a set of predicates (functions that return true/false that filter events that are sent to controllers) + // that should be applied when creating a controller for the associated resource. + Predicates []predicate.Predicate // ElasticsearchUserCreation specifies settings to create an Elasticsearch user as part of the association. // May be nil if no user creation is required. diff --git a/pkg/controller/autoscaling/elasticsearch.go b/pkg/controller/autoscaling/elasticsearch.go index 136fb57924..4568a2b88a 100644 --- a/pkg/controller/autoscaling/elasticsearch.go +++ b/pkg/controller/autoscaling/elasticsearch.go @@ -28,5 +28,5 @@ func Add(mgr manager.Manager, p operator.Parameters) error { return err } // Watch for changes on Elasticsearch clusters. - return c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}) + return c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)) } diff --git a/pkg/controller/common/operator/parameters.go b/pkg/controller/common/operator/parameters.go index 86002d951c..08530c8591 100644 --- a/pkg/controller/common/operator/parameters.go +++ b/pkg/controller/common/operator/parameters.go @@ -18,6 +18,8 @@ import ( type Parameters struct { // ExposedNodeLabels holds regular expressions of node labels which are allowed to be automatically set as annotations on Elasticsearch Pods. ExposedNodeLabels esvalidation.NodeLabels + // ManagedNamespaces are the list of namespaces that the operator manages. + ManagedNamespaces []string // OperatorNamespace is the control plane namespace of the operator. OperatorNamespace string // OperatorInfo is information about the operator diff --git a/pkg/controller/common/predicate.go b/pkg/controller/common/predicate.go new file mode 100644 index 0000000000..15ff1ac48c --- /dev/null +++ b/pkg/controller/common/predicate.go @@ -0,0 +1,43 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License 2.0; +// you may not use this file except in compliance with the Elastic License 2.0. + +package common + +import ( + "sigs.k8s.io/controller-runtime/pkg/event" + "sigs.k8s.io/controller-runtime/pkg/predicate" +) + +func in(s string, slice []string) bool { + // If the operator is managing all namespaces, we need to never ignore + // any namespace. + if len(slice) == 0 { + return true + } + for _, candidate := range slice { + if s == candidate { + return true + } + } + return false +} + +// ManagedNamespacesPredicate will return a predicate that will ignore events +// that exist outside of the given managed namespaces, +func ManagedNamespacesPredicate(managedNamespaces []string) predicate.Predicate { + return predicate.Funcs{ + CreateFunc: func(e event.CreateEvent) bool { + // Ignore resources that do not exist within the managed namespaces + return in(e.Object.GetNamespace(), managedNamespaces) + }, + UpdateFunc: func(e event.UpdateEvent) bool { + // Ignore resources that do not exist within the managed namespaces + return in(e.ObjectNew.GetNamespace(), managedNamespaces) + }, + DeleteFunc: func(e event.DeleteEvent) bool { + // Ignore resources that do not exist within the managed namespaces + return in(e.Object.GetNamespace(), managedNamespaces) + }, + } +} diff --git a/pkg/controller/elasticsearch/elasticsearch_controller.go b/pkg/controller/elasticsearch/elasticsearch_controller.go index 0be81b68b6..2a9af9e907 100644 --- a/pkg/controller/elasticsearch/elasticsearch_controller.go +++ b/pkg/controller/elasticsearch/elasticsearch_controller.go @@ -60,7 +60,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler) + return addWatches(c, reconciler, params) } // newReconciler returns a new reconcile.Reconciler @@ -79,10 +79,10 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEl } } -func addWatches(c controller.Controller, r *ReconcileElasticsearch) error { +func addWatches(c controller.Controller, r *ReconcileElasticsearch, p operator.Parameters) error { // Watch for changes to Elasticsearch if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces), ); err != nil { return err } diff --git a/pkg/controller/license/license_controller.go b/pkg/controller/license/license_controller.go index f1d6d07dae..03d0f13b0c 100644 --- a/pkg/controller/license/license_controller.go +++ b/pkg/controller/license/license_controller.go @@ -65,7 +65,7 @@ func Add(mgr manager.Manager, p operator.Parameters) error { if err != nil { return err } - return addWatches(c, r.Client) + return addWatches(c, r.Client, p) } // newReconciler returns a new reconcile.Reconciler @@ -99,10 +99,10 @@ func nextReconcileRelativeTo(now, expiry time.Time, safety time.Duration) reconc } // addWatches adds a new Controller to mgr with r as the reconcile.Reconciler -func addWatches(c controller.Controller, k8sClient k8s.Client) error { +func addWatches(c controller.Controller, k8sClient k8s.Client, parameters operator.Parameters) error { // Watch for changes to Elasticsearch clusters. if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(parameters.ManagedNamespaces), ); err != nil { return err } diff --git a/pkg/controller/remoteca/controller.go b/pkg/controller/remoteca/controller.go index a07dbd8dc9..66328758c0 100644 --- a/pkg/controller/remoteca/controller.go +++ b/pkg/controller/remoteca/controller.go @@ -49,7 +49,7 @@ func Add(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params operato if err != nil { return err } - return AddWatches(c, r) + return AddWatches(c, r, params) } // NewReconciler returns a new reconcile.Reconciler diff --git a/pkg/controller/remoteca/watches.go b/pkg/controller/remoteca/watches.go index 0971caf9c3..14d9e47ac3 100644 --- a/pkg/controller/remoteca/watches.go +++ b/pkg/controller/remoteca/watches.go @@ -17,6 +17,7 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/common" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/certificates/remoteca" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/certificates/transport" @@ -24,9 +25,9 @@ import ( ) // AddWatches set watches on objects needed to manage the association between a local and a remote cluster. -func AddWatches(c controller.Controller, r *ReconcileRemoteCa) error { +func AddWatches(c controller.Controller, r *ReconcileRemoteCa, p operator.Parameters) error { // Watch for changes to RemoteCluster - if err := c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}); err != nil { + if err := c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } From 36b7e42a6f0671063d2eb323a5b9b9c8f95a7271 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Fri, 19 Nov 2021 15:10:46 -0600 Subject: [PATCH 02/29] Add a test for ignoring unmanaged namespaces --- pkg/controller/common/predicate_test.go | 171 ++++++++++++++++++ .../license_controller_integration_test.go | 2 +- 2 files changed, 172 insertions(+), 1 deletion(-) create mode 100644 pkg/controller/common/predicate_test.go diff --git a/pkg/controller/common/predicate_test.go b/pkg/controller/common/predicate_test.go new file mode 100644 index 0000000000..2536b6be75 --- /dev/null +++ b/pkg/controller/common/predicate_test.go @@ -0,0 +1,171 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License 2.0; +// you may not use this file except in compliance with the Elastic License 2.0. + +// +build integration + +package common_test + +import ( + "context" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/kubernetes/scheme" + "sigs.k8s.io/controller-runtime/pkg/builder" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + "github.com/elastic/cloud-on-k8s/pkg/controller/common" + "github.com/elastic/cloud-on-k8s/pkg/utils/test" +) + +const ( + managedNamespace = "managed" + unManagedNamespace = "unmanaged" +) + +// testReconciler is a fake reconciler to just test whether the Reconcile function is called or not. +type testReconciler struct { + reconcileCallCount int +} + +func (r *testReconciler) Reconcile(context.Context, reconcile.Request) (reconcile.Result, error) { + r.reconcileCallCount++ + return reconcile.Result{}, nil +} + +func TestMain(m *testing.M) { + test.RunWithK8s(m) +} + +func TestManagedNamespacesPredicate(t *testing.T) { + require.NoError(t, corev1.AddToScheme(scheme.Scheme)) + require.NoError(t, appsv1.AddToScheme(scheme.Scheme)) + + reconciler := &testReconciler{} + mgr, err := manager.New(test.Config, manager.Options{ + Scheme: scheme.Scheme, + }) + require.NoError(t, err) + + bldr := builder.ControllerManagedBy(mgr). + For(&appsv1.Deployment{}, builder. + WithPredicates(common.ManagedNamespacesPredicate([]string{managedNamespace}))) + require.NoError(t, bldr.Complete(reconciler)) + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + go func() { + require.NoError(t, mgr.Start(ctx)) + }() + + require.True(t, mgr.GetCache().WaitForCacheSync(ctx)) + + tests := []struct { + name string + objects []client.Object + expectedReconcilerCallCount int + }{ + { + "Reconcile is not called for deployment in un-managed namespace", + []client.Object{ + &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: unManagedNamespace, + }, + }, + &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "testdeployment", + Namespace: unManagedNamespace, + }, + Spec: appsv1.DeploymentSpec{ + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "key": "value", + }, + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + "key": "value", + }, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "nginx", + Image: "nginx", + }, + }, + }, + }, + }, + }, + }, + 0, + }, + { + "Reconcile is called for deployment in managed namespace", + []client.Object{ + &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: managedNamespace, + }, + }, + &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "testmanageddeployment", + Namespace: managedNamespace, + }, + Spec: appsv1.DeploymentSpec{ + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "key": "value", + }, + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + "key": "value", + }, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "nginx", + Image: "nginx", + }, + }, + }, + }, + }, + }, + }, + 1, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + client := mgr.GetClient() + for _, object := range tt.objects { + require.NoError(t, client.Create(context.TODO(), object)) + assert.Eventually(t, func() bool { + err := client.Get(context.TODO(), types.NamespacedName{Namespace: object.GetNamespace(), Name: object.GetName()}, object) + return err == nil + }, 30*time.Second, 2*time.Second) + } + assert.Equal(t, tt.expectedReconcilerCallCount, reconciler.reconcileCallCount) + }) + } +} diff --git a/pkg/controller/license/license_controller_integration_test.go b/pkg/controller/license/license_controller_integration_test.go index 8a101b3c59..c2062aaa01 100644 --- a/pkg/controller/license/license_controller_integration_test.go +++ b/pkg/controller/license/license_controller_integration_test.go @@ -49,7 +49,7 @@ func TestReconcile(t *testing.T) { if err != nil { return err } - return addWatches(c, r.Client) + return addWatches(c, r.Client, p) }, operator.Parameters{}) defer stop() From 7039574e5c01b2486e0df53364cdc07e32aaae61 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Fri, 19 Nov 2021 15:15:23 -0600 Subject: [PATCH 03/29] Fix newline issues --- pkg/controller/common/predicate_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/controller/common/predicate_test.go b/pkg/controller/common/predicate_test.go index 2536b6be75..6862ac8a27 100644 --- a/pkg/controller/common/predicate_test.go +++ b/pkg/controller/common/predicate_test.go @@ -57,8 +57,7 @@ func TestManagedNamespacesPredicate(t *testing.T) { require.NoError(t, err) bldr := builder.ControllerManagedBy(mgr). - For(&appsv1.Deployment{}, builder. - WithPredicates(common.ManagedNamespacesPredicate([]string{managedNamespace}))) + For(&appsv1.Deployment{}, builder.WithPredicates(common.ManagedNamespacesPredicate([]string{managedNamespace}))) require.NoError(t, bldr.Complete(reconciler)) ctx, cancel := context.WithCancel(context.Background()) From 518bf9e4372d1fed8c24a3043de9a333300939ba Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Fri, 19 Nov 2021 15:44:16 -0600 Subject: [PATCH 04/29] Add helper method to cleanup the code a bit. --- pkg/controller/association/controller/agent_fleetserver.go | 3 +-- pkg/controller/association/controller/agent_kibana.go | 3 +-- pkg/controller/association/controller/apm_es.go | 3 +-- pkg/controller/association/controller/apm_kibana.go | 3 +-- pkg/controller/association/controller/beat_es.go | 3 +-- pkg/controller/association/controller/beat_kibana.go | 3 +-- pkg/controller/association/controller/ent_es.go | 3 +-- pkg/controller/association/controller/es_monitoring.go | 3 +-- pkg/controller/association/controller/kb_monitoring.go | 3 +-- pkg/controller/association/controller/kibana_ent.go | 3 +-- pkg/controller/association/controller/kibana_es.go | 3 +-- pkg/controller/association/controller/maps_es.go | 3 +-- pkg/controller/common/predicate.go | 6 ++++++ 13 files changed, 18 insertions(+), 24 deletions(-) diff --git a/pkg/controller/association/controller/agent_fleetserver.go b/pkg/controller/association/controller/agent_fleetserver.go index 448967708b..b245f0700d 100644 --- a/pkg/controller/association/controller/agent_fleetserver.go +++ b/pkg/controller/association/controller/agent_fleetserver.go @@ -10,7 +10,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" agentv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/agent/v1alpha1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" @@ -42,7 +41,7 @@ func AddAgentFleetServer(mgr manager.Manager, accessReviewer rbac.AccessReviewer AssociationConfAnnotationNameBase: commonv1.FleetServerConfigAnnotationNameBase, AssociationResourceNameLabelName: agent.NameLabelName, AssociationResourceNamespaceLabelName: agent.NamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: nil, }) diff --git a/pkg/controller/association/controller/agent_kibana.go b/pkg/controller/association/controller/agent_kibana.go index fb49dc54c3..444aad0973 100644 --- a/pkg/controller/association/controller/agent_kibana.go +++ b/pkg/controller/association/controller/agent_kibana.go @@ -8,7 +8,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" agentv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/agent/v1alpha1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" @@ -40,7 +39,7 @@ func AddAgentKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, par AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/apm_es.go b/pkg/controller/association/controller/apm_es.go index 0dd8c3ca09..d87e05df90 100644 --- a/pkg/controller/association/controller/apm_es.go +++ b/pkg/controller/association/controller/apm_es.go @@ -12,7 +12,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" apmv1 "github.com/elastic/cloud-on-k8s/pkg/apis/apm/v1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" @@ -58,7 +57,7 @@ func AddApmES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/apm_kibana.go b/pkg/controller/association/controller/apm_kibana.go index c20774989a..06e4bb0472 100644 --- a/pkg/controller/association/controller/apm_kibana.go +++ b/pkg/controller/association/controller/apm_kibana.go @@ -11,7 +11,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" apmv1 "github.com/elastic/cloud-on-k8s/pkg/apis/apm/v1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" @@ -45,7 +44,7 @@ func AddApmKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/beat_es.go b/pkg/controller/association/controller/beat_es.go index 9cd7b2b88a..8a4661f681 100644 --- a/pkg/controller/association/controller/beat_es.go +++ b/pkg/controller/association/controller/beat_es.go @@ -12,7 +12,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" beatv1beta1 "github.com/elastic/cloud-on-k8s/pkg/apis/beat/v1beta1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" @@ -59,7 +58,7 @@ func AddBeatES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/beat_kibana.go b/pkg/controller/association/controller/beat_kibana.go index 417e86f678..6b48715467 100644 --- a/pkg/controller/association/controller/beat_kibana.go +++ b/pkg/controller/association/controller/beat_kibana.go @@ -12,7 +12,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" beatv1beta1 "github.com/elastic/cloud-on-k8s/pkg/apis/beat/v1beta1" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" @@ -46,7 +45,7 @@ func AddBeatKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, para AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/ent_es.go b/pkg/controller/association/controller/ent_es.go index 0682bebb78..05f94a3457 100644 --- a/pkg/controller/association/controller/ent_es.go +++ b/pkg/controller/association/controller/ent_es.go @@ -8,7 +8,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" @@ -54,7 +53,7 @@ func AddEntES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/es_monitoring.go b/pkg/controller/association/controller/es_monitoring.go index d50942ae39..2cdc5f56bd 100644 --- a/pkg/controller/association/controller/es_monitoring.go +++ b/pkg/controller/association/controller/es_monitoring.go @@ -8,7 +8,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" @@ -60,7 +59,7 @@ func esMonitoringAssociationInfo(params operator.Parameters) association.Associa AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/kb_monitoring.go b/pkg/controller/association/controller/kb_monitoring.go index d29aa5451a..22788edab9 100644 --- a/pkg/controller/association/controller/kb_monitoring.go +++ b/pkg/controller/association/controller/kb_monitoring.go @@ -8,7 +8,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" @@ -45,7 +44,7 @@ func AddKbMonitoring(mgr manager.Manager, accessReviewer rbac.AccessReviewer, pa AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/kibana_ent.go b/pkg/controller/association/controller/kibana_ent.go index 0216d906d3..531c979a9e 100644 --- a/pkg/controller/association/controller/kibana_ent.go +++ b/pkg/controller/association/controller/kibana_ent.go @@ -10,7 +10,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" entv1 "github.com/elastic/cloud-on-k8s/pkg/apis/enterprisesearch/v1" @@ -43,7 +42,7 @@ func AddKibanaEnt(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.EntConfigAnnotationNameBase, AssociationResourceNameLabelName: entctl.EnterpriseSearchNameLabelName, AssociationResourceNamespaceLabelName: entctl.EnterpriseSearchNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: nil, // no dedicated ES user required for Kibana->Ent connection }) } diff --git a/pkg/controller/association/controller/kibana_es.go b/pkg/controller/association/controller/kibana_es.go index 80f421635a..2145c0b201 100644 --- a/pkg/controller/association/controller/kibana_es.go +++ b/pkg/controller/association/controller/kibana_es.go @@ -10,7 +10,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" @@ -58,7 +57,7 @@ func AddKibanaES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/maps_es.go b/pkg/controller/association/controller/maps_es.go index f9750ba0d4..f1271b69b6 100644 --- a/pkg/controller/association/controller/maps_es.go +++ b/pkg/controller/association/controller/maps_es.go @@ -8,7 +8,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" @@ -57,7 +56,7 @@ func AddMapsES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: []predicate.Predicate{common.ManagedNamespacesPredicate(params.ManagedNamespaces)}, + Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/common/predicate.go b/pkg/controller/common/predicate.go index 15ff1ac48c..c1b6bb1dd7 100644 --- a/pkg/controller/common/predicate.go +++ b/pkg/controller/common/predicate.go @@ -23,6 +23,12 @@ func in(s string, slice []string) bool { return false } +// WithPredicates is a helper function to convert one or more predicates +// into a slice of predicates. +func WithPredicates(predicates ...predicate.Predicate) []predicate.Predicate { + return predicates +} + // ManagedNamespacesPredicate will return a predicate that will ignore events // that exist outside of the given managed namespaces, func ManagedNamespacesPredicate(managedNamespaces []string) predicate.Predicate { From 0e7f728c9da4c817ae077a2a98cc22addba30fb7 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Fri, 19 Nov 2021 15:49:44 -0600 Subject: [PATCH 05/29] Better name function --- pkg/controller/common/predicate.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/controller/common/predicate.go b/pkg/controller/common/predicate.go index c1b6bb1dd7..9621e44a50 100644 --- a/pkg/controller/common/predicate.go +++ b/pkg/controller/common/predicate.go @@ -9,14 +9,14 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" ) -func in(s string, slice []string) bool { - // If the operator is managing all namespaces, we need to never ignore - // any namespace. - if len(slice) == 0 { +func namespaceInSlice(namespace string, namespaces []string) bool { + // If the operator is managing all namespaces, + // never ignore any namespace. + if len(namespaces) == 0 { return true } - for _, candidate := range slice { - if s == candidate { + for _, ns := range namespaces { + if namespace == ns { return true } } @@ -35,15 +35,15 @@ func ManagedNamespacesPredicate(managedNamespaces []string) predicate.Predicate return predicate.Funcs{ CreateFunc: func(e event.CreateEvent) bool { // Ignore resources that do not exist within the managed namespaces - return in(e.Object.GetNamespace(), managedNamespaces) + return namespaceInSlice(e.Object.GetNamespace(), managedNamespaces) }, UpdateFunc: func(e event.UpdateEvent) bool { // Ignore resources that do not exist within the managed namespaces - return in(e.ObjectNew.GetNamespace(), managedNamespaces) + return namespaceInSlice(e.ObjectNew.GetNamespace(), managedNamespaces) }, DeleteFunc: func(e event.DeleteEvent) bool { // Ignore resources that do not exist within the managed namespaces - return in(e.Object.GetNamespace(), managedNamespaces) + return namespaceInSlice(e.Object.GetNamespace(), managedNamespaces) }, } } From d74e34b703a9e762c5a2ad22d35ee65a38cd45a3 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Fri, 19 Nov 2021 15:57:21 -0600 Subject: [PATCH 06/29] Add predicate to additional missing CRD types. --- pkg/controller/agent/controller.go | 6 +++--- pkg/controller/apmserver/controller.go | 6 +++--- pkg/controller/beat/controller.go | 6 +++--- .../enterprisesearch/enterprisesearch_controller.go | 6 +++--- pkg/controller/kibana/controller.go | 6 +++--- pkg/controller/maps/controller.go | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/pkg/controller/agent/controller.go b/pkg/controller/agent/controller.go index 48f238454e..7ae00bde25 100644 --- a/pkg/controller/agent/controller.go +++ b/pkg/controller/agent/controller.go @@ -43,7 +43,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, r) + return addWatches(c, r, params) } // newReconciler returns a new reconcile.Reconciler. @@ -58,9 +58,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAg } // addWatches adds watches for all resources this controller cares about -func addWatches(c controller.Controller, r *ReconcileAgent) error { +func addWatches(c controller.Controller, r *ReconcileAgent, p operator.Parameters) error { // Watch for changes to Agent - if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}); err != nil { + if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } diff --git a/pkg/controller/apmserver/controller.go b/pkg/controller/apmserver/controller.go index e3e9654de5..0f67f6532a 100644 --- a/pkg/controller/apmserver/controller.go +++ b/pkg/controller/apmserver/controller.go @@ -82,7 +82,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler) + return addWatches(c, reconciler, params) } // newReconciler returns a new reconcile.Reconciler @@ -96,9 +96,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAp } } -func addWatches(c controller.Controller, r *ReconcileApmServer) error { +func addWatches(c controller.Controller, r *ReconcileApmServer, p operator.Parameters) error { // Watch for changes to ApmServer - err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}) + err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)) if err != nil { return err } diff --git a/pkg/controller/beat/controller.go b/pkg/controller/beat/controller.go index 1d6c26321f..3fe3cc5cb6 100644 --- a/pkg/controller/beat/controller.go +++ b/pkg/controller/beat/controller.go @@ -54,7 +54,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, r) + return addWatches(c, r, params) } // newReconciler returns a new reconcile.Reconciler. @@ -69,9 +69,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileBe } // addWatches adds watches for all resources this controller cares about -func addWatches(c controller.Controller, r *ReconcileBeat) error { +func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters) error { // Watch for changes to Beat - if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}); err != nil { + if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } diff --git a/pkg/controller/enterprisesearch/enterprisesearch_controller.go b/pkg/controller/enterprisesearch/enterprisesearch_controller.go index a13c343b47..eb6e5d01fb 100644 --- a/pkg/controller/enterprisesearch/enterprisesearch_controller.go +++ b/pkg/controller/enterprisesearch/enterprisesearch_controller.go @@ -55,7 +55,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler) + return addWatches(c, reconciler, params) } // newReconciler returns a new reconcile.Reconciler @@ -69,9 +69,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEn } } -func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch) error { +func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, p operator.Parameters) error { // Watch for changes to EnterpriseSearch - err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}) + err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)) if err != nil { return err } diff --git a/pkg/controller/kibana/controller.go b/pkg/controller/kibana/controller.go index f7acf94efb..7e6c3f78df 100644 --- a/pkg/controller/kibana/controller.go +++ b/pkg/controller/kibana/controller.go @@ -51,7 +51,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler) + return addWatches(c, reconciler, params) } // newReconciler returns a new reconcile.Reconciler @@ -65,9 +65,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileKi } } -func addWatches(c controller.Controller, r *ReconcileKibana) error { +func addWatches(c controller.Controller, r *ReconcileKibana, p operator.Parameters) error { // Watch for changes to Kibana - if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}); err != nil { + if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } diff --git a/pkg/controller/maps/controller.go b/pkg/controller/maps/controller.go index 6cef7df16d..0a644d8520 100644 --- a/pkg/controller/maps/controller.go +++ b/pkg/controller/maps/controller.go @@ -57,7 +57,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler) + return addWatches(c, reconciler, params) } // newReconciler returns a new reconcile.Reconciler @@ -72,9 +72,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileMa } } -func addWatches(c controller.Controller, r *ReconcileMapsServer) error { +func addWatches(c controller.Controller, r *ReconcileMapsServer, p operator.Parameters) error { // Watch for changes to MapsServer - if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}); err != nil { + if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } From fb8459de3491323c35a3b5e32ceb9a51eaf43557 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 22 Nov 2021 09:29:49 -0600 Subject: [PATCH 07/29] Ignore other objects outside managed namespaces in beats controller. --- pkg/controller/beat/controller.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/controller/beat/controller.go b/pkg/controller/beat/controller.go index 3fe3cc5cb6..5e4f97a9ca 100644 --- a/pkg/controller/beat/controller.go +++ b/pkg/controller/beat/controller.go @@ -79,7 +79,7 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters if err := c.Watch(&source.Kind{Type: &appsv1.DaemonSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }); err != nil { + }, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } @@ -87,7 +87,7 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }); err != nil { + }, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } @@ -101,7 +101,7 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }); err != nil { + }, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } if err := watches.WatchSoftOwnedSecrets(c, beatv1beta1.Kind); err != nil { @@ -109,7 +109,7 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters } // Watch dynamically referenced Secrets - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, common.ManagedNamespacesPredicate(p.ManagedNamespaces)) } var _ reconcile.Reconciler = &ReconcileBeat{} From a23d82bbf9f4f0e229f9f840c39275bf148ceda6 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 22 Nov 2021 10:25:54 -0600 Subject: [PATCH 08/29] Move predicates to it's own package to avoid import cycles --- pkg/controller/agent/controller.go | 5 +++-- pkg/controller/apmserver/controller.go | 7 ++++--- .../association/controller/agent_fleetserver.go | 4 ++-- .../association/controller/agent_kibana.go | 4 ++-- pkg/controller/association/controller/apm_es.go | 4 ++-- .../association/controller/apm_kibana.go | 4 ++-- pkg/controller/association/controller/beat_es.go | 4 ++-- .../association/controller/beat_kibana.go | 4 ++-- pkg/controller/association/controller/ent_es.go | 4 ++-- .../association/controller/es_monitoring.go | 4 ++-- .../association/controller/kb_monitoring.go | 4 ++-- .../association/controller/kibana_ent.go | 4 ++-- .../association/controller/kibana_es.go | 4 ++-- pkg/controller/association/controller/maps_es.go | 4 ++-- pkg/controller/autoscaling/elasticsearch.go | 3 ++- pkg/controller/beat/controller.go | 15 ++++++++------- .../common/{ => predicates}/predicate_test.go | 6 +++--- .../{predicate.go => predicates/predicates.go} | 2 +- pkg/controller/common/watches/pods.go | 5 ++++- pkg/controller/common/watches/secrets.go | 4 +++- .../elasticsearch/elasticsearch_controller.go | 7 ++++--- .../enterprisesearch_controller.go | 7 ++++--- pkg/controller/kibana/controller.go | 7 ++++--- pkg/controller/license/license_controller.go | 3 ++- pkg/controller/maps/controller.go | 7 ++++--- pkg/controller/remoteca/watches.go | 3 ++- 26 files changed, 72 insertions(+), 57 deletions(-) rename pkg/controller/common/{ => predicates}/predicate_test.go (95%) rename pkg/controller/common/{predicate.go => predicates/predicates.go} (98%) diff --git a/pkg/controller/agent/controller.go b/pkg/controller/agent/controller.go index 7ae00bde25..38607ff82e 100644 --- a/pkg/controller/agent/controller.go +++ b/pkg/controller/agent/controller.go @@ -24,6 +24,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/events" "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" @@ -60,7 +61,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAg // addWatches adds watches for all resources this controller cares about func addWatches(c controller.Controller, r *ReconcileAgent, p operator.Parameters) error { // Watch for changes to Agent - if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } @@ -82,7 +83,7 @@ func addWatches(c controller.Controller, r *ReconcileAgent, p operator.Parameter // Watch Pods, to ensure `status.version` is correctly reconciled on any change. // Watching Deployments or DaemonSets only may lead to missing some events. - if err := watches.WatchPods(c, NameLabelName); err != nil { + if err := watches.WatchPods(c, NameLabelName, p.ManagedNamespaces); err != nil { return err } diff --git a/pkg/controller/apmserver/controller.go b/pkg/controller/apmserver/controller.go index 0f67f6532a..a900f0c323 100644 --- a/pkg/controller/apmserver/controller.go +++ b/pkg/controller/apmserver/controller.go @@ -34,6 +34,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/finalizer" "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" @@ -98,7 +99,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAp func addWatches(c controller.Controller, r *ReconcileApmServer, p operator.Parameters) error { // Watch for changes to ApmServer - err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)) + err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) if err != nil { return err } @@ -113,7 +114,7 @@ func addWatches(c controller.Controller, r *ReconcileApmServer, p operator.Param // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, ApmServerNameLabelName); err != nil { + if err := watches.WatchPods(c, ApmServerNameLabelName, p.ManagedNamespaces); err != nil { return err } @@ -132,7 +133,7 @@ func addWatches(c controller.Controller, r *ReconcileApmServer, p operator.Param }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, apmv1.Kind); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, apmv1.Kind, p.ManagedNamespaces); err != nil { return err } diff --git a/pkg/controller/association/controller/agent_fleetserver.go b/pkg/controller/association/controller/agent_fleetserver.go index b245f0700d..60e7850df0 100644 --- a/pkg/controller/association/controller/agent_fleetserver.go +++ b/pkg/controller/association/controller/agent_fleetserver.go @@ -15,8 +15,8 @@ import ( commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/agent" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" ) @@ -41,7 +41,7 @@ func AddAgentFleetServer(mgr manager.Manager, accessReviewer rbac.AccessReviewer AssociationConfAnnotationNameBase: commonv1.FleetServerConfigAnnotationNameBase, AssociationResourceNameLabelName: agent.NameLabelName, AssociationResourceNamespaceLabelName: agent.NamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: nil, }) diff --git a/pkg/controller/association/controller/agent_kibana.go b/pkg/controller/association/controller/agent_kibana.go index 444aad0973..d89ad35358 100644 --- a/pkg/controller/association/controller/agent_kibana.go +++ b/pkg/controller/association/controller/agent_kibana.go @@ -13,8 +13,8 @@ import ( commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/kibana" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" ) @@ -39,7 +39,7 @@ func AddAgentKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, par AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/apm_es.go b/pkg/controller/association/controller/apm_es.go index d87e05df90..ff83fc6cc4 100644 --- a/pkg/controller/association/controller/apm_es.go +++ b/pkg/controller/association/controller/apm_es.go @@ -17,8 +17,8 @@ import ( commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/services" @@ -57,7 +57,7 @@ func AddApmES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/apm_kibana.go b/pkg/controller/association/controller/apm_kibana.go index 06e4bb0472..092797cc9c 100644 --- a/pkg/controller/association/controller/apm_kibana.go +++ b/pkg/controller/association/controller/apm_kibana.go @@ -16,8 +16,8 @@ import ( commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/controller/kibana" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -44,7 +44,7 @@ func AddApmKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/beat_es.go b/pkg/controller/association/controller/beat_es.go index 8a4661f681..750f8b42cf 100644 --- a/pkg/controller/association/controller/beat_es.go +++ b/pkg/controller/association/controller/beat_es.go @@ -17,8 +17,8 @@ import ( commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" esuser "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" @@ -58,7 +58,7 @@ func AddBeatES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/beat_kibana.go b/pkg/controller/association/controller/beat_kibana.go index 6b48715467..69574e8ec8 100644 --- a/pkg/controller/association/controller/beat_kibana.go +++ b/pkg/controller/association/controller/beat_kibana.go @@ -17,8 +17,8 @@ import ( commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" esuser "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/controller/kibana" @@ -45,7 +45,7 @@ func AddBeatKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, para AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/ent_es.go b/pkg/controller/association/controller/ent_es.go index 05f94a3457..f9b68e47bb 100644 --- a/pkg/controller/association/controller/ent_es.go +++ b/pkg/controller/association/controller/ent_es.go @@ -13,8 +13,8 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" entv1 "github.com/elastic/cloud-on-k8s/pkg/apis/enterprisesearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" esuser "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -53,7 +53,7 @@ func AddEntES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/es_monitoring.go b/pkg/controller/association/controller/es_monitoring.go index 2cdc5f56bd..ca517c71fb 100644 --- a/pkg/controller/association/controller/es_monitoring.go +++ b/pkg/controller/association/controller/es_monitoring.go @@ -12,8 +12,8 @@ import ( commonv1 "github.com/elastic/cloud-on-k8s/pkg/apis/common/v1" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -59,7 +59,7 @@ func esMonitoringAssociationInfo(params operator.Parameters) association.Associa AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/kb_monitoring.go b/pkg/controller/association/controller/kb_monitoring.go index 22788edab9..d561e74de0 100644 --- a/pkg/controller/association/controller/kb_monitoring.go +++ b/pkg/controller/association/controller/kb_monitoring.go @@ -13,8 +13,8 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -44,7 +44,7 @@ func AddKbMonitoring(mgr manager.Manager, accessReviewer rbac.AccessReviewer, pa AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/kibana_ent.go b/pkg/controller/association/controller/kibana_ent.go index 531c979a9e..fa43e43abf 100644 --- a/pkg/controller/association/controller/kibana_ent.go +++ b/pkg/controller/association/controller/kibana_ent.go @@ -15,8 +15,8 @@ import ( entv1 "github.com/elastic/cloud-on-k8s/pkg/apis/enterprisesearch/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" entctl "github.com/elastic/cloud-on-k8s/pkg/controller/enterprisesearch" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" @@ -42,7 +42,7 @@ func AddKibanaEnt(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.EntConfigAnnotationNameBase, AssociationResourceNameLabelName: entctl.EnterpriseSearchNameLabelName, AssociationResourceNamespaceLabelName: entctl.EnterpriseSearchNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: nil, // no dedicated ES user required for Kibana->Ent connection }) } diff --git a/pkg/controller/association/controller/kibana_es.go b/pkg/controller/association/controller/kibana_es.go index 2145c0b201..769f201d1b 100644 --- a/pkg/controller/association/controller/kibana_es.go +++ b/pkg/controller/association/controller/kibana_es.go @@ -15,8 +15,8 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" @@ -57,7 +57,7 @@ func AddKibanaES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/maps_es.go b/pkg/controller/association/controller/maps_es.go index f1271b69b6..73db2627d2 100644 --- a/pkg/controller/association/controller/maps_es.go +++ b/pkg/controller/association/controller/maps_es.go @@ -13,8 +13,8 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" emsv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/maps/v1alpha1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -56,7 +56,7 @@ func AddMapsES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: common.WithPredicates(common.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/autoscaling/elasticsearch.go b/pkg/controller/autoscaling/elasticsearch.go index 4568a2b88a..288f1a7a67 100644 --- a/pkg/controller/autoscaling/elasticsearch.go +++ b/pkg/controller/autoscaling/elasticsearch.go @@ -13,6 +13,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/autoscaling/elasticsearch" "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" ) const ( @@ -28,5 +29,5 @@ func Add(mgr manager.Manager, p operator.Parameters) error { return err } // Watch for changes on Elasticsearch clusters. - return c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)) + return c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) } diff --git a/pkg/controller/beat/controller.go b/pkg/controller/beat/controller.go index 5e4f97a9ca..2df22e13a6 100644 --- a/pkg/controller/beat/controller.go +++ b/pkg/controller/beat/controller.go @@ -33,6 +33,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/events" "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" @@ -71,7 +72,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileBe // addWatches adds watches for all resources this controller cares about func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters) error { // Watch for changes to Beat - if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } @@ -79,7 +80,7 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters if err := c.Watch(&source.Kind{Type: &appsv1.DaemonSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + }, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } @@ -87,13 +88,13 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + }, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } // Watch Pods, to ensure `status.version` is correctly reconciled on any change. // Watching Deployments or DaemonSets only may lead to missing some events. - if err := watches.WatchPods(c, beatcommon.NameLabelName); err != nil { + if err := watches.WatchPods(c, beatcommon.NameLabelName, p.ManagedNamespaces); err != nil { return err } @@ -101,15 +102,15 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + }, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, beatv1beta1.Kind); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, beatv1beta1.Kind, p.ManagedNamespaces); err != nil { return err } // Watch dynamically referenced Secrets - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, common.ManagedNamespacesPredicate(p.ManagedNamespaces)) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) } var _ reconcile.Reconciler = &ReconcileBeat{} diff --git a/pkg/controller/common/predicate_test.go b/pkg/controller/common/predicates/predicate_test.go similarity index 95% rename from pkg/controller/common/predicate_test.go rename to pkg/controller/common/predicates/predicate_test.go index 6862ac8a27..b2c5f9ad77 100644 --- a/pkg/controller/common/predicate_test.go +++ b/pkg/controller/common/predicates/predicate_test.go @@ -4,7 +4,7 @@ // +build integration -package common_test +package predicates_test import ( "context" @@ -23,7 +23,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/manager" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "github.com/elastic/cloud-on-k8s/pkg/controller/common" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/utils/test" ) @@ -57,7 +57,7 @@ func TestManagedNamespacesPredicate(t *testing.T) { require.NoError(t, err) bldr := builder.ControllerManagedBy(mgr). - For(&appsv1.Deployment{}, builder.WithPredicates(common.ManagedNamespacesPredicate([]string{managedNamespace}))) + For(&appsv1.Deployment{}, builder.WithPredicates(predicates.ManagedNamespacesPredicate([]string{managedNamespace}))) require.NoError(t, bldr.Complete(reconciler)) ctx, cancel := context.WithCancel(context.Background()) diff --git a/pkg/controller/common/predicate.go b/pkg/controller/common/predicates/predicates.go similarity index 98% rename from pkg/controller/common/predicate.go rename to pkg/controller/common/predicates/predicates.go index 9621e44a50..b7f1a5c6ab 100644 --- a/pkg/controller/common/predicate.go +++ b/pkg/controller/common/predicates/predicates.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License 2.0; // you may not use this file except in compliance with the Elastic License 2.0. -package common +package predicates import ( "sigs.k8s.io/controller-runtime/pkg/event" diff --git a/pkg/controller/common/watches/pods.go b/pkg/controller/common/watches/pods.go index e8dbecb261..3d76c45084 100644 --- a/pkg/controller/common/watches/pods.go +++ b/pkg/controller/common/watches/pods.go @@ -12,14 +12,17 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" ) // WatchPods updates the given controller to enqueue reconciliation requests triggered by changes on Pods. // The resource to reconcile is identified by a label on the Pods. -func WatchPods(c controller.Controller, objNameLabel string) error { +func WatchPods(c controller.Controller, objNameLabel string, managedNamespaces []string) error { return c.Watch( &source.Kind{Type: &corev1.Pod{}}, handler.EnqueueRequestsFromMapFunc(objToReconcileRequest(objNameLabel)), + predicates.ManagedNamespacesPredicate(managedNamespaces), ) } diff --git a/pkg/controller/common/watches/secrets.go b/pkg/controller/common/watches/secrets.go index e6664ed1e3..2fc981377d 100644 --- a/pkg/controller/common/watches/secrets.go +++ b/pkg/controller/common/watches/secrets.go @@ -13,6 +13,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" ) @@ -45,10 +46,11 @@ func WatchUserProvidedSecrets( } // WatchSoftOwnedSecrets triggers reconciliations on secrets referencing a soft owner. -func WatchSoftOwnedSecrets(c controller.Controller, ownerKind string) error { +func WatchSoftOwnedSecrets(c controller.Controller, ownerKind string, managedNamespaces []string) error { return c.Watch( &source.Kind{Type: &corev1.Secret{}}, handler.EnqueueRequestsFromMapFunc(reconcileReqForSoftOwner(ownerKind)), + predicates.ManagedNamespacesPredicate(managedNamespaces), ) } diff --git a/pkg/controller/elasticsearch/elasticsearch_controller.go b/pkg/controller/elasticsearch/elasticsearch_controller.go index 2a9af9e907..4d8b1e8e86 100644 --- a/pkg/controller/elasticsearch/elasticsearch_controller.go +++ b/pkg/controller/elasticsearch/elasticsearch_controller.go @@ -31,6 +31,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" commonversion "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" @@ -82,7 +83,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEl func addWatches(c controller.Controller, r *ReconcileElasticsearch, p operator.Parameters) error { // Watch for changes to Elasticsearch if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces), + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces), ); err != nil { return err } @@ -98,7 +99,7 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch, p operator.P } // Watch pods belonging to ES clusters - if err := watches.WatchPods(c, label.ClusterNameLabelName); err != nil { + if err := watches.WatchPods(c, label.ClusterNameLabelName, p.ManagedNamespaces); err != nil { return err } @@ -122,7 +123,7 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch, p operator.P }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, esv1.Kind); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, esv1.Kind, p.ManagedNamespaces); err != nil { return err } diff --git a/pkg/controller/enterprisesearch/enterprisesearch_controller.go b/pkg/controller/enterprisesearch/enterprisesearch_controller.go index eb6e5d01fb..ffecfec0eb 100644 --- a/pkg/controller/enterprisesearch/enterprisesearch_controller.go +++ b/pkg/controller/enterprisesearch/enterprisesearch_controller.go @@ -31,6 +31,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/driver" "github.com/elastic/cloud-on-k8s/pkg/controller/common/events" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" @@ -71,7 +72,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEn func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, p operator.Parameters) error { // Watch for changes to EnterpriseSearch - err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)) + err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) if err != nil { return err } @@ -86,7 +87,7 @@ func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, p operato // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, EnterpriseSearchNameLabelName); err != nil { + if err := watches.WatchPods(c, EnterpriseSearchNameLabelName, p.ManagedNamespaces); err != nil { return err } @@ -105,7 +106,7 @@ func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, p operato }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, entv1.Kind); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, entv1.Kind, p.ManagedNamespaces); err != nil { return err } diff --git a/pkg/controller/kibana/controller.go b/pkg/controller/kibana/controller.go index 7e6c3f78df..3e2681b0df 100644 --- a/pkg/controller/kibana/controller.go +++ b/pkg/controller/kibana/controller.go @@ -29,6 +29,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/finalizer" "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" @@ -67,7 +68,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileKi func addWatches(c controller.Controller, r *ReconcileKibana, p operator.Parameters) error { // Watch for changes to Kibana - if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } @@ -81,7 +82,7 @@ func addWatches(c controller.Controller, r *ReconcileKibana, p operator.Paramete // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, KibanaNameLabelName); err != nil { + if err := watches.WatchPods(c, KibanaNameLabelName, p.ManagedNamespaces); err != nil { return err } @@ -100,7 +101,7 @@ func addWatches(c controller.Controller, r *ReconcileKibana, p operator.Paramete }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, kbv1.Kind); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, kbv1.Kind, p.ManagedNamespaces); err != nil { return err } diff --git a/pkg/controller/license/license_controller.go b/pkg/controller/license/license_controller.go index 03d0f13b0c..8ac88d65c1 100644 --- a/pkg/controller/license/license_controller.go +++ b/pkg/controller/license/license_controller.go @@ -25,6 +25,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" esclient "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/client" @@ -102,7 +103,7 @@ func nextReconcileRelativeTo(now, expiry time.Time, safety time.Duration) reconc func addWatches(c controller.Controller, k8sClient k8s.Client, parameters operator.Parameters) error { // Watch for changes to Elasticsearch clusters. if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(parameters.ManagedNamespaces), + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(parameters.ManagedNamespaces), ); err != nil { return err } diff --git a/pkg/controller/maps/controller.go b/pkg/controller/maps/controller.go index 0a644d8520..be3b210f89 100644 --- a/pkg/controller/maps/controller.go +++ b/pkg/controller/maps/controller.go @@ -34,6 +34,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/events" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" @@ -74,7 +75,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileMa func addWatches(c controller.Controller, r *ReconcileMapsServer, p operator.Parameters) error { // Watch for changes to MapsServer - if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } @@ -88,7 +89,7 @@ func addWatches(c controller.Controller, r *ReconcileMapsServer, p operator.Para // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, NameLabelName); err != nil { + if err := watches.WatchPods(c, NameLabelName, p.ManagedNamespaces); err != nil { return err } @@ -107,7 +108,7 @@ func addWatches(c controller.Controller, r *ReconcileMapsServer, p operator.Para }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, emsv1alpha1.Kind); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, emsv1alpha1.Kind, p.ManagedNamespaces); err != nil { return err } diff --git a/pkg/controller/remoteca/watches.go b/pkg/controller/remoteca/watches.go index 14d9e47ac3..68ab0f3877 100644 --- a/pkg/controller/remoteca/watches.go +++ b/pkg/controller/remoteca/watches.go @@ -18,6 +18,7 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/certificates/remoteca" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/certificates/transport" @@ -27,7 +28,7 @@ import ( // AddWatches set watches on objects needed to manage the association between a local and a remote cluster. func AddWatches(c controller.Controller, r *ReconcileRemoteCa, p operator.Parameters) error { // Watch for changes to RemoteCluster - if err := c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, common.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { return err } From 5c2ec07430b9903b338f87a2dcb44bda89c14dca Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 22 Nov 2021 10:59:11 -0600 Subject: [PATCH 09/29] Clean up the code a bit by providing the predicates as a variadic argument to the 'addWatches' functions in most of the packages. --- cmd/manager/main.go | 16 ++++++---------- pkg/controller/agent/controller.go | 19 ++++++++++--------- pkg/controller/apmserver/controller.go | 19 ++++++++++--------- pkg/controller/association/controller.go | 8 ++++---- pkg/controller/beat/controller.go | 19 ++++++++++--------- pkg/controller/common/watches/pods.go | 7 +++---- pkg/controller/common/watches/secrets.go | 6 +++--- .../elasticsearch/elasticsearch_controller.go | 19 ++++++++++--------- .../enterprisesearch_controller.go | 11 ++++++----- pkg/controller/kibana/controller.go | 19 ++++++++++--------- pkg/controller/maps/controller.go | 11 ++++++----- pkg/controller/remoteca/controller.go | 3 ++- pkg/controller/remoteca/watches.go | 11 +++++------ .../webhook_certificates_controller.go | 5 +++-- 14 files changed, 88 insertions(+), 85 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index ad8d3608b5..a85f507c2a 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -58,6 +58,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/container" commonlicense "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" controllerscheme "github.com/elastic/cloud-on-k8s/pkg/controller/common/scheme" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" @@ -571,7 +572,7 @@ func startOperator(ctx context.Context) error { } if viper.GetBool(operator.EnableWebhookFlag) { - setupWebhook(mgr, params.CertRotation, params.ValidateStorageClass, clientset, exposedNodeLabels) + setupWebhook(mgr, params, clientset) } enforceRbacOnRefs := viper.GetBool(operator.EnforceRBACOnRefsFlag) @@ -783,12 +784,7 @@ func garbageCollectSoftOwnedSecrets(k8sClient k8s.Client) { log.Info("Orphan secrets garbage collection complete") } -func setupWebhook( - mgr manager.Manager, - certRotation certificates.RotationParams, - validateStorageClass bool, - clientset kubernetes.Interface, - exposedNodeLabels esvalidation.NodeLabels) { +func setupWebhook(mgr manager.Manager, params operator.Parameters, clientset kubernetes.Interface) { manageWebhookCerts := viper.GetBool(operator.ManageWebhookCertsFlag) if manageWebhookCerts { log.Info("Automatic management of the webhook certificates enabled") @@ -797,7 +793,7 @@ func setupWebhook( Name: viper.GetString(operator.WebhookNameFlag), Namespace: viper.GetString(operator.OperatorNamespaceFlag), SecretName: viper.GetString(operator.WebhookSecretFlag), - Rotation: certRotation, + Rotation: params.CertRotation, } // retrieve the current webhook configuration interface @@ -813,7 +809,7 @@ func setupWebhook( os.Exit(1) } - if err := webhook.Add(mgr, webhookParams, clientset, wh); err != nil { + if err := webhook.Add(mgr, webhookParams, clientset, wh, predicates.NewManagedNamespacesPredicate(params.ManagedNamespaces)); err != nil { log.Error(err, "unable to create controller", "controller", webhook.ControllerName) os.Exit(1) } @@ -843,7 +839,7 @@ func setupWebhook( } // esv1 validating webhook is wired up differently, in order to access the k8s client - esvalidation.RegisterWebhook(mgr, validateStorageClass, exposedNodeLabels) + esvalidation.RegisterWebhook(mgr, params.ValidateStorageClass, params.ExposedNodeLabels) // wait for the secret to be populated in the local filesystem before returning interval := time.Second * 1 diff --git a/pkg/controller/agent/controller.go b/pkg/controller/agent/controller.go index 38607ff82e..b9b3550c88 100644 --- a/pkg/controller/agent/controller.go +++ b/pkg/controller/agent/controller.go @@ -15,6 +15,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -44,7 +45,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, r, params) + return addWatches(c, r, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) } // newReconciler returns a new reconcile.Reconciler. @@ -59,9 +60,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAg } // addWatches adds watches for all resources this controller cares about -func addWatches(c controller.Controller, r *ReconcileAgent, p operator.Parameters) error { +func addWatches(c controller.Controller, r *ReconcileAgent, predicates ...predicate.Predicate) error { // Watch for changes to Agent - if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { return err } @@ -69,7 +70,7 @@ func addWatches(c controller.Controller, r *ReconcileAgent, p operator.Parameter if err := c.Watch(&source.Kind{Type: &appsv1.DaemonSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }); err != nil { + }, predicates...); err != nil { return err } @@ -77,13 +78,13 @@ func addWatches(c controller.Controller, r *ReconcileAgent, p operator.Parameter if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }); err != nil { + }, predicates...); err != nil { return err } // Watch Pods, to ensure `status.version` is correctly reconciled on any change. // Watching Deployments or DaemonSets only may lead to missing some events. - if err := watches.WatchPods(c, NameLabelName, p.ManagedNamespaces); err != nil { + if err := watches.WatchPods(c, NameLabelName, predicates...); err != nil { return err } @@ -91,7 +92,7 @@ func addWatches(c controller.Controller, r *ReconcileAgent, p operator.Parameter if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }); err != nil { + }, predicates...); err != nil { return err } @@ -100,12 +101,12 @@ func addWatches(c controller.Controller, r *ReconcileAgent, p operator.Parameter if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }); err != nil { + }, predicates...); err != nil { return err } // Watch dynamically referenced Secrets - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...) } var _ reconcile.Reconciler = &ReconcileAgent{} diff --git a/pkg/controller/apmserver/controller.go b/pkg/controller/apmserver/controller.go index a900f0c323..4d44a6f89f 100644 --- a/pkg/controller/apmserver/controller.go +++ b/pkg/controller/apmserver/controller.go @@ -21,6 +21,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -83,7 +84,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, params) + return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) } // newReconciler returns a new reconcile.Reconciler @@ -97,9 +98,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAp } } -func addWatches(c controller.Controller, r *ReconcileApmServer, p operator.Parameters) error { +func addWatches(c controller.Controller, r *ReconcileApmServer, predicates ...predicate.Predicate) error { // Watch for changes to ApmServer - err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) + err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}, predicates...) if err != nil { return err } @@ -108,13 +109,13 @@ func addWatches(c controller.Controller, r *ReconcileApmServer, p operator.Param if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &apmv1.ApmServer{}, - }); err != nil { + }, predicates...); err != nil { return err } // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, ApmServerNameLabelName, p.ManagedNamespaces); err != nil { + if err := watches.WatchPods(c, ApmServerNameLabelName, predicates...); err != nil { return err } @@ -122,7 +123,7 @@ func addWatches(c controller.Controller, r *ReconcileApmServer, p operator.Param if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &apmv1.ApmServer{}, - }); err != nil { + }, predicates...); err != nil { return err } @@ -130,15 +131,15 @@ func addWatches(c controller.Controller, r *ReconcileApmServer, p operator.Param if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &apmv1.ApmServer{}, - }); err != nil { + }, predicates...); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, apmv1.Kind, p.ManagedNamespaces); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, apmv1.Kind, predicates...); err != nil { return err } // dynamically watch referenced secrets to connect to Elasticsearch - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...) } var _ reconcile.Reconciler = &ReconcileApmServer{} diff --git a/pkg/controller/association/controller.go b/pkg/controller/association/controller.go index d4eb7fad38..f188d142c2 100644 --- a/pkg/controller/association/controller.go +++ b/pkg/controller/association/controller.go @@ -58,20 +58,20 @@ func addWatches(c controller.Controller, r *Reconciler, predicates []predicate.P if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ OwnerType: r.AssociatedObjTemplate(), IsController: true, - }); err != nil { + }, predicates...); err != nil { return err } // Dynamically watch the referenced resources (e.g. Elasticsearch B for a Kibana A -> Elasticsearch B association) - if err := c.Watch(&source.Kind{Type: r.ReferencedObjTemplate()}, r.watches.ReferencedResources); err != nil { + if err := c.Watch(&source.Kind{Type: r.ReferencedObjTemplate()}, r.watches.ReferencedResources, predicates...); err != nil { return err } // Dynamically watch Secrets (CA Secret of the referenced resource and ES user secret) - if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.watches.Secrets); err != nil { + if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.watches.Secrets, predicates...); err != nil { return err } // Dynamically watch Service objects for custom services setup by the user - return c.Watch(&source.Kind{Type: &corev1.Service{}}, r.watches.Services) + return c.Watch(&source.Kind{Type: &corev1.Service{}}, r.watches.Services, predicates...) } diff --git a/pkg/controller/beat/controller.go b/pkg/controller/beat/controller.go index 2df22e13a6..57abd7ec2f 100644 --- a/pkg/controller/beat/controller.go +++ b/pkg/controller/beat/controller.go @@ -16,6 +16,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -55,7 +56,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, r, params) + return addWatches(c, r, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) } // newReconciler returns a new reconcile.Reconciler. @@ -70,9 +71,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileBe } // addWatches adds watches for all resources this controller cares about -func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters) error { +func addWatches(c controller.Controller, r *ReconcileBeat, predicates ...predicate.Predicate) error { // Watch for changes to Beat - if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { return err } @@ -80,7 +81,7 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters if err := c.Watch(&source.Kind{Type: &appsv1.DaemonSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + }, predicates...); err != nil { return err } @@ -88,13 +89,13 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + }, predicates...); err != nil { return err } // Watch Pods, to ensure `status.version` is correctly reconciled on any change. // Watching Deployments or DaemonSets only may lead to missing some events. - if err := watches.WatchPods(c, beatcommon.NameLabelName, p.ManagedNamespaces); err != nil { + if err := watches.WatchPods(c, beatcommon.NameLabelName, predicates...); err != nil { return err } @@ -102,15 +103,15 @@ func addWatches(c controller.Controller, r *ReconcileBeat, p operator.Parameters if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + }, predicates...); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, beatv1beta1.Kind, p.ManagedNamespaces); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, beatv1beta1.Kind, predicates...); err != nil { return err } // Watch dynamically referenced Secrets - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...) } var _ reconcile.Reconciler = &ReconcileBeat{} diff --git a/pkg/controller/common/watches/pods.go b/pkg/controller/common/watches/pods.go index 3d76c45084..33f593a319 100644 --- a/pkg/controller/common/watches/pods.go +++ b/pkg/controller/common/watches/pods.go @@ -10,19 +10,18 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" - - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" ) // WatchPods updates the given controller to enqueue reconciliation requests triggered by changes on Pods. // The resource to reconcile is identified by a label on the Pods. -func WatchPods(c controller.Controller, objNameLabel string, managedNamespaces []string) error { +func WatchPods(c controller.Controller, objNameLabel string, predicates ...predicate.Predicate) error { return c.Watch( &source.Kind{Type: &corev1.Pod{}}, handler.EnqueueRequestsFromMapFunc(objToReconcileRequest(objNameLabel)), - predicates.ManagedNamespacesPredicate(managedNamespaces), + predicates..., ) } diff --git a/pkg/controller/common/watches/secrets.go b/pkg/controller/common/watches/secrets.go index 2fc981377d..121c0fbfa9 100644 --- a/pkg/controller/common/watches/secrets.go +++ b/pkg/controller/common/watches/secrets.go @@ -10,10 +10,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" ) @@ -46,11 +46,11 @@ func WatchUserProvidedSecrets( } // WatchSoftOwnedSecrets triggers reconciliations on secrets referencing a soft owner. -func WatchSoftOwnedSecrets(c controller.Controller, ownerKind string, managedNamespaces []string) error { +func WatchSoftOwnedSecrets(c controller.Controller, ownerKind string, predicates ...predicate.Predicate) error { return c.Watch( &source.Kind{Type: &corev1.Secret{}}, handler.EnqueueRequestsFromMapFunc(reconcileReqForSoftOwner(ownerKind)), - predicates.ManagedNamespacesPredicate(managedNamespaces), + predicates..., ) } diff --git a/pkg/controller/elasticsearch/elasticsearch_controller.go b/pkg/controller/elasticsearch/elasticsearch_controller.go index 4d8b1e8e86..5ba475ab9d 100644 --- a/pkg/controller/elasticsearch/elasticsearch_controller.go +++ b/pkg/controller/elasticsearch/elasticsearch_controller.go @@ -18,6 +18,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -61,7 +62,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, params) + return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) } // newReconciler returns a new reconcile.Reconciler @@ -80,10 +81,10 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEl } } -func addWatches(c controller.Controller, r *ReconcileElasticsearch, p operator.Parameters) error { +func addWatches(c controller.Controller, r *ReconcileElasticsearch, predicates ...predicate.Predicate) error { // Watch for changes to Elasticsearch if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces), + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates..., ); err != nil { return err } @@ -93,13 +94,13 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch, p operator.P &source.Kind{Type: &appsv1.StatefulSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &esv1.Elasticsearch{}, - }, + }, predicates..., ); err != nil { return err } // Watch pods belonging to ES clusters - if err := watches.WatchPods(c, label.ClusterNameLabelName, p.ManagedNamespaces); err != nil { + if err := watches.WatchPods(c, label.ClusterNameLabelName, predicates...); err != nil { return err } @@ -107,12 +108,12 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch, p operator.P if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &esv1.Elasticsearch{}, - }); err != nil { + }, predicates...); err != nil { return err } // Watch owned and soft-owned secrets - if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets); err != nil { + if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...); err != nil { return err } if err := r.dynamicWatches.Secrets.AddHandler(&watches.OwnerWatch{ @@ -123,12 +124,12 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch, p operator.P }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, esv1.Kind, p.ManagedNamespaces); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, esv1.Kind, predicates...); err != nil { return err } // Trigger a reconciliation when observers report a cluster health change - return c.Watch(observer.WatchClusterHealthChange(r.esObservers), reconciler.GenericEventHandler()) + return c.Watch(observer.WatchClusterHealthChange(r.esObservers), reconciler.GenericEventHandler(), predicates...) } var _ reconcile.Reconciler = &ReconcileElasticsearch{} diff --git a/pkg/controller/enterprisesearch/enterprisesearch_controller.go b/pkg/controller/enterprisesearch/enterprisesearch_controller.go index ffecfec0eb..01d5a3ed1d 100644 --- a/pkg/controller/enterprisesearch/enterprisesearch_controller.go +++ b/pkg/controller/enterprisesearch/enterprisesearch_controller.go @@ -20,6 +20,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -56,7 +57,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, params) + return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) } // newReconciler returns a new reconcile.Reconciler @@ -70,9 +71,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEn } } -func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, p operator.Parameters) error { +func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, predicates ...predicate.Predicate) error { // Watch for changes to EnterpriseSearch - err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) + err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}, predicates...) if err != nil { return err } @@ -87,7 +88,7 @@ func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, p operato // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, EnterpriseSearchNameLabelName, p.ManagedNamespaces); err != nil { + if err := watches.WatchPods(c, EnterpriseSearchNameLabelName, predicates...); err != nil { return err } @@ -106,7 +107,7 @@ func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, p operato }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, entv1.Kind, p.ManagedNamespaces); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, entv1.Kind, predicates...); err != nil { return err } diff --git a/pkg/controller/kibana/controller.go b/pkg/controller/kibana/controller.go index 3e2681b0df..80777bc1e9 100644 --- a/pkg/controller/kibana/controller.go +++ b/pkg/controller/kibana/controller.go @@ -18,6 +18,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -52,7 +53,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, params) + return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) } // newReconciler returns a new reconcile.Reconciler @@ -66,9 +67,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileKi } } -func addWatches(c controller.Controller, r *ReconcileKibana, p operator.Parameters) error { +func addWatches(c controller.Controller, r *ReconcileKibana, predicates ...predicate.Predicate) error { // Watch for changes to Kibana - if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { return err } @@ -76,13 +77,13 @@ func addWatches(c controller.Controller, r *ReconcileKibana, p operator.Paramete if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &kbv1.Kibana{}, - }); err != nil { + }, predicates...); err != nil { return err } // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, KibanaNameLabelName, p.ManagedNamespaces); err != nil { + if err := watches.WatchPods(c, KibanaNameLabelName, predicates...); err != nil { return err } @@ -90,7 +91,7 @@ func addWatches(c controller.Controller, r *ReconcileKibana, p operator.Paramete if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &kbv1.Kibana{}, - }); err != nil { + }, predicates...); err != nil { return err } @@ -98,15 +99,15 @@ func addWatches(c controller.Controller, r *ReconcileKibana, p operator.Paramete if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &kbv1.Kibana{}, - }); err != nil { + }, predicates...); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, kbv1.Kind, p.ManagedNamespaces); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, kbv1.Kind, predicates...); err != nil { return err } // dynamically watch referenced secrets to connect to Elasticsearch - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...) } var _ reconcile.Reconciler = &ReconcileKibana{} diff --git a/pkg/controller/maps/controller.go b/pkg/controller/maps/controller.go index be3b210f89..bed5e209ae 100644 --- a/pkg/controller/maps/controller.go +++ b/pkg/controller/maps/controller.go @@ -21,6 +21,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -58,7 +59,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, params) + return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) } // newReconciler returns a new reconcile.Reconciler @@ -73,9 +74,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileMa } } -func addWatches(c controller.Controller, r *ReconcileMapsServer, p operator.Parameters) error { +func addWatches(c controller.Controller, r *ReconcileMapsServer, predicates ...predicate.Predicate) error { // Watch for changes to MapsServer - if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { return err } @@ -89,7 +90,7 @@ func addWatches(c controller.Controller, r *ReconcileMapsServer, p operator.Para // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, NameLabelName, p.ManagedNamespaces); err != nil { + if err := watches.WatchPods(c, NameLabelName, predicates...); err != nil { return err } @@ -108,7 +109,7 @@ func addWatches(c controller.Controller, r *ReconcileMapsServer, p operator.Para }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, emsv1alpha1.Kind, p.ManagedNamespaces); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, emsv1alpha1.Kind, predicates...); err != nil { return err } diff --git a/pkg/controller/remoteca/controller.go b/pkg/controller/remoteca/controller.go index 66328758c0..79da534d39 100644 --- a/pkg/controller/remoteca/controller.go +++ b/pkg/controller/remoteca/controller.go @@ -23,6 +23,7 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" @@ -49,7 +50,7 @@ func Add(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params operato if err != nil { return err } - return AddWatches(c, r, params) + return AddWatches(c, r, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) } // NewReconciler returns a new reconcile.Reconciler diff --git a/pkg/controller/remoteca/watches.go b/pkg/controller/remoteca/watches.go index 68ab0f3877..50c30e8101 100644 --- a/pkg/controller/remoteca/watches.go +++ b/pkg/controller/remoteca/watches.go @@ -12,13 +12,12 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/common" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/certificates/remoteca" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/certificates/transport" @@ -26,19 +25,19 @@ import ( ) // AddWatches set watches on objects needed to manage the association between a local and a remote cluster. -func AddWatches(c controller.Controller, r *ReconcileRemoteCa, p operator.Parameters) error { +func AddWatches(c controller.Controller, r *ReconcileRemoteCa, predicates ...predicate.Predicate) error { // Watch for changes to RemoteCluster - if err := c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)); err != nil { + if err := c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { return err } // Watch Secrets that contain remote certificate authorities managed by this controller - if err := c.Watch(&source.Kind{Type: &v1.Secret{}}, handler.EnqueueRequestsFromMapFunc(newRequestsFromMatchedLabels())); err != nil { + if err := c.Watch(&source.Kind{Type: &v1.Secret{}}, handler.EnqueueRequestsFromMapFunc(newRequestsFromMatchedLabels()), predicates...); err != nil { return err } // Dynamically watches the certificate authorities involved in a cluster relationship - if err := c.Watch(&source.Kind{Type: &v1.Secret{}}, r.watches.Secrets); err != nil { + if err := c.Watch(&source.Kind{Type: &v1.Secret{}}, r.watches.Secrets, predicates...); err != nil { return err } diff --git a/pkg/controller/webhook/webhook_certificates_controller.go b/pkg/controller/webhook/webhook_certificates_controller.go index a4a5bf72a6..3deece5f4f 100644 --- a/pkg/controller/webhook/webhook_certificates_controller.go +++ b/pkg/controller/webhook/webhook_certificates_controller.go @@ -15,6 +15,7 @@ import ( "k8s.io/client-go/kubernetes" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -92,7 +93,7 @@ func newReconciler(mgr manager.Manager, webhookParams Params, clientset kubernet } // Add adds a new Controller to mgr with r as the reconcile.Reconciler -func Add(mgr manager.Manager, webhookParams Params, clientset kubernetes.Interface, webhook AdmissionControllerInterface) error { +func Add(mgr manager.Manager, webhookParams Params, clientset kubernetes.Interface, webhook AdmissionControllerInterface, predicates ...predicate.Predicate) error { r := newReconciler(mgr, webhookParams, clientset) // Create a new controller c, err := controller.New(ControllerName, mgr, controller.Options{Reconciler: r}) @@ -109,7 +110,7 @@ func Add(mgr manager.Manager, webhookParams Params, clientset kubernetes.Interfa Name: "webhook-server-cert", Watched: []types.NamespacedName{secret}, Watcher: secret, - }); err != nil { + }, predicates...); err != nil { return err } From c4ad5f987f2e70f2f7449b4268f090d6c1f12c21 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 22 Nov 2021 11:25:58 -0600 Subject: [PATCH 10/29] Adjust how garbage collection of secrets is handled on startup, taking into account managed namespaces --- cmd/manager/main.go | 6 +++--- cmd/manager/main_test.go | 2 +- pkg/controller/common/reconciler/secret.go | 22 ++++++++++++++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index a85f507c2a..8f618e0cf1 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -667,7 +667,7 @@ func asyncTasks( // - association user secrets garbageCollectUsers(cfg, managedNamespaces) // - soft-owned secrets - garbageCollectSoftOwnedSecrets(mgr.GetClient()) + garbageCollectSoftOwnedSecrets(mgr.GetClient(), managedNamespaces) } func chooseAndValidateIPFamily(ipFamilyStr string, ipFamilyDefault corev1.IPFamily) (corev1.IPFamily, error) { @@ -768,7 +768,7 @@ func garbageCollectUsers(cfg *rest.Config, managedNamespaces []string) { } } -func garbageCollectSoftOwnedSecrets(k8sClient k8s.Client) { +func garbageCollectSoftOwnedSecrets(k8sClient k8s.Client, managedNamespaces []string) { if err := reconciler.GarbageCollectAllSoftOwnedOrphanSecrets(k8sClient, map[string]client.Object{ esv1.Kind: &esv1.Elasticsearch{}, apmv1.Kind: &apmv1.ApmServer{}, @@ -777,7 +777,7 @@ func garbageCollectSoftOwnedSecrets(k8sClient k8s.Client) { beatv1beta1.Kind: &beatv1beta1.Beat{}, agentv1alpha1.Kind: &agentv1alpha1.Agent{}, emsv1alpha1.Kind: &emsv1alpha1.ElasticMapsServer{}, - }); err != nil { + }, managedNamespaces); err != nil { log.Error(err, "Orphan secrets garbage collection failed, will be attempted again at next operator restart.") return } diff --git a/cmd/manager/main_test.go b/cmd/manager/main_test.go index d60ddda432..929ed145ab 100644 --- a/cmd/manager/main_test.go +++ b/cmd/manager/main_test.go @@ -187,7 +187,7 @@ func Test_garbageCollectSoftOwnedSecrets(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := k8s.NewFakeClient(tt.runtimeObjs...) - garbageCollectSoftOwnedSecrets(c) + garbageCollectSoftOwnedSecrets(c, []string{}) tt.assert(c, t) }) } diff --git a/pkg/controller/common/reconciler/secret.go b/pkg/controller/common/reconciler/secret.go index bfd46bab9d..7322415c35 100644 --- a/pkg/controller/common/reconciler/secret.go +++ b/pkg/controller/common/reconciler/secret.go @@ -25,6 +25,8 @@ const ( SoftOwnerNamespaceLabel = "eck.k8s.elastic.co/owner-namespace" SoftOwnerNameLabel = "eck.k8s.elastic.co/owner-name" SoftOwnerKindLabel = "eck.k8s.elastic.co/owner-kind" + + secretsGarbageCollectionFailedMessage = "Orphan secrets garbage collection failed, will be attempted again at next operator restart." ) // ReconcileSecret creates or updates the actual secret to match the expected one. @@ -170,17 +172,33 @@ func GarbageCollectSoftOwnedSecrets(c k8s.Client, deletedOwner types.NamespacedN return nil } -// GarbageCollectAllSoftOwnedOrphanSecrets iterates over all Secrets that reference a soft owner. If the owner +// GarbageCollectAllSoftOwnedOrphanSecrets iterates over all Secrets in the namespaces that the operator +// manages that reference a soft owner. If the owner // doesn't exist anymore, it deletes the secrets. // Should be called on operator startup, after cache warm-up, to cover cases where // the operator is down when the owner is deleted. // If the operator is up, garbage collection is already handled by GarbageCollectSoftOwnedSecrets on owner deletion. -func GarbageCollectAllSoftOwnedOrphanSecrets(c k8s.Client, ownerKinds map[string]client.Object) error { +func GarbageCollectAllSoftOwnedOrphanSecrets(c k8s.Client, ownerKinds map[string]client.Object, managedNamespaces []string) error { + if len(managedNamespaces) == 0 { + return garbageCollectSecrets(c, ownerKinds, "") + } + for _, namespace := range managedNamespaces { + if err := garbageCollectSecrets(c, ownerKinds, namespace); err != nil { + log.Error(err, secretsGarbageCollectionFailedMessage, "namespace", namespace) + continue + } + } + + return nil +} + +func garbageCollectSecrets(c k8s.Client, ownerKinds map[string]client.Object, namespace string) error { // retrieve all secrets that reference a soft owner var secrets corev1.SecretList if err := c.List(context.Background(), &secrets, client.HasLabels{SoftOwnerNamespaceLabel, SoftOwnerNameLabel, SoftOwnerKindLabel}, + client.InNamespace(namespace), ); err != nil { return err } From ddbc8207d31f26aca98bc69ae0302e3af1039501 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 22 Nov 2021 11:37:37 -0600 Subject: [PATCH 11/29] Prevent empty namespace "Orphan secrets garbage collection failed" error message when storage class validation is enabled during secrets garbage collection. --- pkg/controller/common/reconciler/secret.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/controller/common/reconciler/secret.go b/pkg/controller/common/reconciler/secret.go index 7322415c35..8462a369ec 100644 --- a/pkg/controller/common/reconciler/secret.go +++ b/pkg/controller/common/reconciler/secret.go @@ -183,6 +183,12 @@ func GarbageCollectAllSoftOwnedOrphanSecrets(c k8s.Client, ownerKinds map[string return garbageCollectSecrets(c, ownerKinds, "") } for _, namespace := range managedNamespaces { + // The empty namespace is added to the managed namespaces when storage class validation is enabled to + // allow watching cluster-scoped resources, but since this isn't applicable to secrets, we ignore this + // namespace to prevent invalid "Orphan secrets garbage collection failed" error message. + if namespace == "" { + continue + } if err := garbageCollectSecrets(c, ownerKinds, namespace); err != nil { log.Error(err, secretsGarbageCollectionFailedMessage, "namespace", namespace) continue From 78d8419857a747fb21810f2b2f2e29645b600c24 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 22 Nov 2021 11:45:23 -0600 Subject: [PATCH 12/29] Adding some comments around corev1.Namespaceall --- pkg/controller/common/reconciler/secret.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/controller/common/reconciler/secret.go b/pkg/controller/common/reconciler/secret.go index 8462a369ec..05ea323fa1 100644 --- a/pkg/controller/common/reconciler/secret.go +++ b/pkg/controller/common/reconciler/secret.go @@ -204,6 +204,8 @@ func garbageCollectSecrets(c k8s.Client, ownerKinds map[string]client.Object, na if err := c.List(context.Background(), &secrets, client.HasLabels{SoftOwnerNamespaceLabel, SoftOwnerNameLabel, SoftOwnerKindLabel}, + // since corev1.NamespaceAll is a string == "", this will also work when managing all namespaces + // and namespace == "". client.InNamespace(namespace), ); err != nil { return err From ce19a370b5910226bea33f198fc5e91772e5e3c0 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 22 Nov 2021 11:48:04 -0600 Subject: [PATCH 13/29] Making license controller consistent with other packages --- pkg/controller/license/license_controller.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/controller/license/license_controller.go b/pkg/controller/license/license_controller.go index 8ac88d65c1..4e4dfc0fff 100644 --- a/pkg/controller/license/license_controller.go +++ b/pkg/controller/license/license_controller.go @@ -18,6 +18,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -66,7 +67,7 @@ func Add(mgr manager.Manager, p operator.Parameters) error { if err != nil { return err } - return addWatches(c, r.Client, p) + return addWatches(c, r.Client, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) } // newReconciler returns a new reconcile.Reconciler @@ -100,10 +101,10 @@ func nextReconcileRelativeTo(now, expiry time.Time, safety time.Duration) reconc } // addWatches adds a new Controller to mgr with r as the reconcile.Reconciler -func addWatches(c controller.Controller, k8sClient k8s.Client, parameters operator.Parameters) error { +func addWatches(c controller.Controller, k8sClient k8s.Client, predicates ...predicate.Predicate) error { // Watch for changes to Elasticsearch clusters. if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(parameters.ManagedNamespaces), + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates..., ); err != nil { return err } @@ -129,7 +130,7 @@ func addWatches(c controller.Controller, k8sClient k8s.Client, parameters operat return nil } return rs - }), + }), predicates..., ); err != nil { return err } From a78898c188070de6ced579a9520bfd88b28b4b29 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Tue, 23 Nov 2021 14:33:54 -0600 Subject: [PATCH 14/29] Fix garbage collection test --- pkg/controller/common/reconciler/secret_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/common/reconciler/secret_test.go b/pkg/controller/common/reconciler/secret_test.go index 4dbc6dcba1..73f826b81f 100644 --- a/pkg/controller/common/reconciler/secret_test.go +++ b/pkg/controller/common/reconciler/secret_test.go @@ -412,7 +412,7 @@ func TestGarbageCollectAllSoftOwnedOrphanSecrets(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := k8s.NewFakeClient(tt.runtimeObjs...) - err := GarbageCollectAllSoftOwnedOrphanSecrets(c, ownerKinds) + err := GarbageCollectAllSoftOwnedOrphanSecrets(c, ownerKinds, nil) require.NoError(t, err) var retrievedSecrets corev1.SecretList err = c.List(context.Background(), &retrievedSecrets) From b41c1bb2cfd42b0aad980602c80452e403b5804f Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Wed, 1 Dec 2021 11:08:47 -0600 Subject: [PATCH 15/29] Also ignore generic events in unmanaged namespaces Co-authored-by: Michael Morello --- pkg/controller/common/predicates/predicates.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/controller/common/predicates/predicates.go b/pkg/controller/common/predicates/predicates.go index b7f1a5c6ab..2fb7b66953 100644 --- a/pkg/controller/common/predicates/predicates.go +++ b/pkg/controller/common/predicates/predicates.go @@ -45,5 +45,8 @@ func ManagedNamespacesPredicate(managedNamespaces []string) predicate.Predicate // Ignore resources that do not exist within the managed namespaces return namespaceInSlice(e.Object.GetNamespace(), managedNamespaces) }, + GenericFunc: func(e event.GenericEvent) bool { + return namespaceInSlice(e.Object.GetNamespace(), managedNamespaces) + }, } } From 672067bab44a5e5fad39f0f415f8ab8e7b22ff48 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Wed, 1 Dec 2021 11:42:48 -0600 Subject: [PATCH 16/29] Cleanup predicate calling code per @barkbay suggestion. Fix test --- cmd/manager/main.go | 5 ++- pkg/controller/agent/controller.go | 2 +- pkg/controller/apmserver/controller.go | 2 +- .../controller/agent_fleetserver.go | 2 +- .../association/controller/agent_kibana.go | 2 +- .../association/controller/apm_es.go | 2 +- .../association/controller/apm_kibana.go | 2 +- .../association/controller/beat_es.go | 2 +- .../association/controller/beat_kibana.go | 2 +- .../association/controller/ent_es.go | 2 +- .../association/controller/es_monitoring.go | 2 +- .../association/controller/kb_monitoring.go | 2 +- .../association/controller/kibana_ent.go | 2 +- .../association/controller/kibana_es.go | 2 +- .../association/controller/maps_es.go | 2 +- pkg/controller/autoscaling/elasticsearch.go | 2 +- pkg/controller/beat/controller.go | 2 +- .../common/predicates/predicate_test.go | 2 +- .../common/predicates/predicates.go | 44 +++++++++---------- .../elasticsearch/elasticsearch_controller.go | 2 +- .../enterprisesearch_controller.go | 2 +- pkg/controller/kibana/controller.go | 2 +- pkg/controller/license/license_controller.go | 2 +- .../license_controller_integration_test.go | 2 +- pkg/controller/maps/controller.go | 2 +- pkg/controller/remoteca/controller.go | 2 +- 26 files changed, 48 insertions(+), 49 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 8f618e0cf1..ab26c2cfcb 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -467,6 +467,9 @@ func startOperator(ctx context.Context) error { // configure the manager cache based on the number of managed namespaces managedNamespaces := viper.GetStringSlice(operator.NamespacesFlag) + // initialize the managed namespace predicate to ignore events outside of the namespaces the operator is concerned with + predicates.ManagedNamespacePredicate = predicates.NewManagedNamespacesPredicate(managedNamespaces) + switch { case len(managedNamespaces) == 0: log.Info("Operator configured to manage all namespaces") @@ -809,7 +812,7 @@ func setupWebhook(mgr manager.Manager, params operator.Parameters, clientset kub os.Exit(1) } - if err := webhook.Add(mgr, webhookParams, clientset, wh, predicates.NewManagedNamespacesPredicate(params.ManagedNamespaces)); err != nil { + if err := webhook.Add(mgr, webhookParams, clientset, wh, predicates.ManagedNamespacePredicate); err != nil { log.Error(err, "unable to create controller", "controller", webhook.ControllerName) os.Exit(1) } diff --git a/pkg/controller/agent/controller.go b/pkg/controller/agent/controller.go index b9b3550c88..481d7caf16 100644 --- a/pkg/controller/agent/controller.go +++ b/pkg/controller/agent/controller.go @@ -45,7 +45,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, r, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) + return addWatches(c, r, predicates.ManagedNamespacePredicate) } // newReconciler returns a new reconcile.Reconciler. diff --git a/pkg/controller/apmserver/controller.go b/pkg/controller/apmserver/controller.go index 4d44a6f89f..ad9d076397 100644 --- a/pkg/controller/apmserver/controller.go +++ b/pkg/controller/apmserver/controller.go @@ -84,7 +84,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) + return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) } // newReconciler returns a new reconcile.Reconciler diff --git a/pkg/controller/association/controller/agent_fleetserver.go b/pkg/controller/association/controller/agent_fleetserver.go index 60e7850df0..ecf7a94b56 100644 --- a/pkg/controller/association/controller/agent_fleetserver.go +++ b/pkg/controller/association/controller/agent_fleetserver.go @@ -41,7 +41,7 @@ func AddAgentFleetServer(mgr manager.Manager, accessReviewer rbac.AccessReviewer AssociationConfAnnotationNameBase: commonv1.FleetServerConfigAnnotationNameBase, AssociationResourceNameLabelName: agent.NameLabelName, AssociationResourceNamespaceLabelName: agent.NamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: nil, }) diff --git a/pkg/controller/association/controller/agent_kibana.go b/pkg/controller/association/controller/agent_kibana.go index d89ad35358..319f75a653 100644 --- a/pkg/controller/association/controller/agent_kibana.go +++ b/pkg/controller/association/controller/agent_kibana.go @@ -39,7 +39,7 @@ func AddAgentKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, par AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/apm_es.go b/pkg/controller/association/controller/apm_es.go index ff83fc6cc4..5f0441bc30 100644 --- a/pkg/controller/association/controller/apm_es.go +++ b/pkg/controller/association/controller/apm_es.go @@ -57,7 +57,7 @@ func AddApmES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/apm_kibana.go b/pkg/controller/association/controller/apm_kibana.go index 092797cc9c..d8c9c8ca66 100644 --- a/pkg/controller/association/controller/apm_kibana.go +++ b/pkg/controller/association/controller/apm_kibana.go @@ -44,7 +44,7 @@ func AddApmKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/beat_es.go b/pkg/controller/association/controller/beat_es.go index 750f8b42cf..eb6d6f8c2b 100644 --- a/pkg/controller/association/controller/beat_es.go +++ b/pkg/controller/association/controller/beat_es.go @@ -58,7 +58,7 @@ func AddBeatES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/beat_kibana.go b/pkg/controller/association/controller/beat_kibana.go index 69574e8ec8..e485d0b726 100644 --- a/pkg/controller/association/controller/beat_kibana.go +++ b/pkg/controller/association/controller/beat_kibana.go @@ -45,7 +45,7 @@ func AddBeatKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, para AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, diff --git a/pkg/controller/association/controller/ent_es.go b/pkg/controller/association/controller/ent_es.go index f9b68e47bb..3c6aadc435 100644 --- a/pkg/controller/association/controller/ent_es.go +++ b/pkg/controller/association/controller/ent_es.go @@ -53,7 +53,7 @@ func AddEntES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/es_monitoring.go b/pkg/controller/association/controller/es_monitoring.go index ca517c71fb..27c3edcafa 100644 --- a/pkg/controller/association/controller/es_monitoring.go +++ b/pkg/controller/association/controller/es_monitoring.go @@ -59,7 +59,7 @@ func esMonitoringAssociationInfo(params operator.Parameters) association.Associa AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/kb_monitoring.go b/pkg/controller/association/controller/kb_monitoring.go index d561e74de0..e8e420e7c7 100644 --- a/pkg/controller/association/controller/kb_monitoring.go +++ b/pkg/controller/association/controller/kb_monitoring.go @@ -44,7 +44,7 @@ func AddKbMonitoring(mgr manager.Manager, accessReviewer rbac.AccessReviewer, pa AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/kibana_ent.go b/pkg/controller/association/controller/kibana_ent.go index fa43e43abf..b4b4e52ae0 100644 --- a/pkg/controller/association/controller/kibana_ent.go +++ b/pkg/controller/association/controller/kibana_ent.go @@ -42,7 +42,7 @@ func AddKibanaEnt(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.EntConfigAnnotationNameBase, AssociationResourceNameLabelName: entctl.EnterpriseSearchNameLabelName, AssociationResourceNamespaceLabelName: entctl.EnterpriseSearchNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: nil, // no dedicated ES user required for Kibana->Ent connection }) } diff --git a/pkg/controller/association/controller/kibana_es.go b/pkg/controller/association/controller/kibana_es.go index 769f201d1b..b9d9fe7fbd 100644 --- a/pkg/controller/association/controller/kibana_es.go +++ b/pkg/controller/association/controller/kibana_es.go @@ -57,7 +57,7 @@ func AddKibanaES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/association/controller/maps_es.go b/pkg/controller/association/controller/maps_es.go index 73db2627d2..5ffa9d2a59 100644 --- a/pkg/controller/association/controller/maps_es.go +++ b/pkg/controller/association/controller/maps_es.go @@ -56,7 +56,7 @@ func AddMapsES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)), + Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { diff --git a/pkg/controller/autoscaling/elasticsearch.go b/pkg/controller/autoscaling/elasticsearch.go index 288f1a7a67..fa9000981f 100644 --- a/pkg/controller/autoscaling/elasticsearch.go +++ b/pkg/controller/autoscaling/elasticsearch.go @@ -29,5 +29,5 @@ func Add(mgr manager.Manager, p operator.Parameters) error { return err } // Watch for changes on Elasticsearch clusters. - return c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) + return c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate) } diff --git a/pkg/controller/beat/controller.go b/pkg/controller/beat/controller.go index 57abd7ec2f..3d05814efa 100644 --- a/pkg/controller/beat/controller.go +++ b/pkg/controller/beat/controller.go @@ -56,7 +56,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, r, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) + return addWatches(c, r, predicates.ManagedNamespacePredicate) } // newReconciler returns a new reconcile.Reconciler. diff --git a/pkg/controller/common/predicates/predicate_test.go b/pkg/controller/common/predicates/predicate_test.go index b2c5f9ad77..9edeeb3c2b 100644 --- a/pkg/controller/common/predicates/predicate_test.go +++ b/pkg/controller/common/predicates/predicate_test.go @@ -57,7 +57,7 @@ func TestManagedNamespacesPredicate(t *testing.T) { require.NoError(t, err) bldr := builder.ControllerManagedBy(mgr). - For(&appsv1.Deployment{}, builder.WithPredicates(predicates.ManagedNamespacesPredicate([]string{managedNamespace}))) + For(&appsv1.Deployment{}, builder.WithPredicates(predicates.NewManagedNamespacesPredicate([]string{managedNamespace}))) require.NoError(t, bldr.Complete(reconciler)) ctx, cancel := context.WithCancel(context.Background()) diff --git a/pkg/controller/common/predicates/predicates.go b/pkg/controller/common/predicates/predicates.go index 2fb7b66953..12c9560123 100644 --- a/pkg/controller/common/predicates/predicates.go +++ b/pkg/controller/common/predicates/predicates.go @@ -5,48 +5,44 @@ package predicates import ( + "k8s.io/utils/strings/slices" "sigs.k8s.io/controller-runtime/pkg/event" "sigs.k8s.io/controller-runtime/pkg/predicate" ) -func namespaceInSlice(namespace string, namespaces []string) bool { - // If the operator is managing all namespaces, - // never ignore any namespace. - if len(namespaces) == 0 { - return true - } - for _, ns := range namespaces { - if namespace == ns { - return true - } - } - return false -} - -// WithPredicates is a helper function to convert one or more predicates -// into a slice of predicates. -func WithPredicates(predicates ...predicate.Predicate) []predicate.Predicate { - return predicates -} +// ManagedNamespacePredicate is a predicate that will ignore events that exist +// outside of the namespaces that the operator manages. +var ManagedNamespacePredicate predicate.Predicate -// ManagedNamespacesPredicate will return a predicate that will ignore events +// NewManagedNamespacesPredicate will return a predicate that will ignore events // that exist outside of the given managed namespaces, -func ManagedNamespacesPredicate(managedNamespaces []string) predicate.Predicate { +func NewManagedNamespacesPredicate(managedNamespaces []string) predicate.Predicate { return predicate.Funcs{ CreateFunc: func(e event.CreateEvent) bool { // Ignore resources that do not exist within the managed namespaces - return namespaceInSlice(e.Object.GetNamespace(), managedNamespaces) + return IsNamespaceManaged(e.Object.GetNamespace(), managedNamespaces) }, UpdateFunc: func(e event.UpdateEvent) bool { // Ignore resources that do not exist within the managed namespaces - return namespaceInSlice(e.ObjectNew.GetNamespace(), managedNamespaces) + return IsNamespaceManaged(e.ObjectNew.GetNamespace(), managedNamespaces) }, DeleteFunc: func(e event.DeleteEvent) bool { // Ignore resources that do not exist within the managed namespaces - return namespaceInSlice(e.Object.GetNamespace(), managedNamespaces) + return IsNamespaceManaged(e.Object.GetNamespace(), managedNamespaces) }, GenericFunc: func(e event.GenericEvent) bool { return namespaceInSlice(e.Object.GetNamespace(), managedNamespaces) }, } } + +// IsNamespaceManaged returns true if the namespace is managed by the operator. +func IsNamespaceManaged(namespace string, managedNamespaces []string) bool { + return len(managedNamespaces) == 0 || slices.Contains(managedNamespaces, namespace) +} + +// WithPredicates is a helper function to convert one or more predicates +// into a slice of predicates. +func WithPredicates(predicates ...predicate.Predicate) []predicate.Predicate { + return predicates +} diff --git a/pkg/controller/elasticsearch/elasticsearch_controller.go b/pkg/controller/elasticsearch/elasticsearch_controller.go index 5ba475ab9d..6897041519 100644 --- a/pkg/controller/elasticsearch/elasticsearch_controller.go +++ b/pkg/controller/elasticsearch/elasticsearch_controller.go @@ -62,7 +62,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) + return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) } // newReconciler returns a new reconcile.Reconciler diff --git a/pkg/controller/enterprisesearch/enterprisesearch_controller.go b/pkg/controller/enterprisesearch/enterprisesearch_controller.go index 01d5a3ed1d..d11f8f0fde 100644 --- a/pkg/controller/enterprisesearch/enterprisesearch_controller.go +++ b/pkg/controller/enterprisesearch/enterprisesearch_controller.go @@ -57,7 +57,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) + return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) } // newReconciler returns a new reconcile.Reconciler diff --git a/pkg/controller/kibana/controller.go b/pkg/controller/kibana/controller.go index 80777bc1e9..19ff99c936 100644 --- a/pkg/controller/kibana/controller.go +++ b/pkg/controller/kibana/controller.go @@ -53,7 +53,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) + return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) } // newReconciler returns a new reconcile.Reconciler diff --git a/pkg/controller/license/license_controller.go b/pkg/controller/license/license_controller.go index 4e4dfc0fff..d5f75ddf84 100644 --- a/pkg/controller/license/license_controller.go +++ b/pkg/controller/license/license_controller.go @@ -67,7 +67,7 @@ func Add(mgr manager.Manager, p operator.Parameters) error { if err != nil { return err } - return addWatches(c, r.Client, predicates.ManagedNamespacesPredicate(p.ManagedNamespaces)) + return addWatches(c, r.Client, predicates.ManagedNamespacePredicate) } // newReconciler returns a new reconcile.Reconciler diff --git a/pkg/controller/license/license_controller_integration_test.go b/pkg/controller/license/license_controller_integration_test.go index c2062aaa01..8a101b3c59 100644 --- a/pkg/controller/license/license_controller_integration_test.go +++ b/pkg/controller/license/license_controller_integration_test.go @@ -49,7 +49,7 @@ func TestReconcile(t *testing.T) { if err != nil { return err } - return addWatches(c, r.Client, p) + return addWatches(c, r.Client) }, operator.Parameters{}) defer stop() diff --git a/pkg/controller/maps/controller.go b/pkg/controller/maps/controller.go index bed5e209ae..498b930252 100644 --- a/pkg/controller/maps/controller.go +++ b/pkg/controller/maps/controller.go @@ -59,7 +59,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) + return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) } // newReconciler returns a new reconcile.Reconciler diff --git a/pkg/controller/remoteca/controller.go b/pkg/controller/remoteca/controller.go index 79da534d39..67dd627090 100644 --- a/pkg/controller/remoteca/controller.go +++ b/pkg/controller/remoteca/controller.go @@ -50,7 +50,7 @@ func Add(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params operato if err != nil { return err } - return AddWatches(c, r, predicates.ManagedNamespacesPredicate(params.ManagedNamespaces)) + return AddWatches(c, r, predicates.ManagedNamespacePredicate) } // NewReconciler returns a new reconcile.Reconciler From e7c9b235848e8b63ff5b3e2301570074d7c37365 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Wed, 1 Dec 2021 11:53:14 -0600 Subject: [PATCH 17/29] Use IsNamespaceManaged in suggestion --- pkg/controller/common/predicates/predicates.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/common/predicates/predicates.go b/pkg/controller/common/predicates/predicates.go index 12c9560123..9f4a33eb3d 100644 --- a/pkg/controller/common/predicates/predicates.go +++ b/pkg/controller/common/predicates/predicates.go @@ -31,7 +31,7 @@ func NewManagedNamespacesPredicate(managedNamespaces []string) predicate.Predica return IsNamespaceManaged(e.Object.GetNamespace(), managedNamespaces) }, GenericFunc: func(e event.GenericEvent) bool { - return namespaceInSlice(e.Object.GetNamespace(), managedNamespaces) + return IsNamespaceManaged(e.Object.GetNamespace(), managedNamespaces) }, } } From c161c411e0d289fc1f39265e9e32382f9009152a Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Wed, 1 Dec 2021 12:04:02 -0600 Subject: [PATCH 18/29] remove predicate on associationinfo struct always add managedNamespacePredicate in addWatches in association package --- pkg/controller/agent/controller.go | 19 +++++++++---------- pkg/controller/apmserver/controller.go | 19 +++++++++---------- pkg/controller/association/controller.go | 16 ++++++++-------- .../controller/agent_fleetserver.go | 5 +---- .../association/controller/agent_kibana.go | 3 --- .../association/controller/apm_es.go | 3 --- .../association/controller/apm_kibana.go | 3 --- .../association/controller/beat_es.go | 3 --- .../association/controller/beat_kibana.go | 3 --- .../association/controller/ent_es.go | 3 --- .../association/controller/es_monitoring.go | 7 ++----- .../controller/es_monitoring_test.go | 3 +-- .../association/controller/kb_monitoring.go | 3 --- .../association/controller/kibana_ent.go | 2 -- .../association/controller/kibana_es.go | 3 --- .../association/controller/maps_es.go | 3 --- pkg/controller/association/reconciler.go | 5 ----- pkg/controller/beat/controller.go | 19 +++++++++---------- .../elasticsearch/elasticsearch_controller.go | 19 +++++++++---------- .../enterprisesearch_controller.go | 11 +++++------ pkg/controller/kibana/controller.go | 19 +++++++++---------- pkg/controller/license/license_controller.go | 9 ++++----- pkg/controller/maps/controller.go | 11 +++++------ 23 files changed, 71 insertions(+), 120 deletions(-) diff --git a/pkg/controller/agent/controller.go b/pkg/controller/agent/controller.go index 481d7caf16..1d357ea2fb 100644 --- a/pkg/controller/agent/controller.go +++ b/pkg/controller/agent/controller.go @@ -15,7 +15,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -45,7 +44,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, r, predicates.ManagedNamespacePredicate) + return addWatches(c, r) } // newReconciler returns a new reconcile.Reconciler. @@ -60,9 +59,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAg } // addWatches adds watches for all resources this controller cares about -func addWatches(c controller.Controller, r *ReconcileAgent, predicates ...predicate.Predicate) error { +func addWatches(c controller.Controller, r *ReconcileAgent) error { // Watch for changes to Agent - if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -70,7 +69,7 @@ func addWatches(c controller.Controller, r *ReconcileAgent, predicates ...predic if err := c.Watch(&source.Kind{Type: &appsv1.DaemonSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -78,13 +77,13 @@ func addWatches(c controller.Controller, r *ReconcileAgent, predicates ...predic if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } // Watch Pods, to ensure `status.version` is correctly reconciled on any change. // Watching Deployments or DaemonSets only may lead to missing some events. - if err := watches.WatchPods(c, NameLabelName, predicates...); err != nil { + if err := watches.WatchPods(c, NameLabelName, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -92,7 +91,7 @@ func addWatches(c controller.Controller, r *ReconcileAgent, predicates ...predic if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -101,12 +100,12 @@ func addWatches(c controller.Controller, r *ReconcileAgent, predicates ...predic if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } // Watch dynamically referenced Secrets - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate) } var _ reconcile.Reconciler = &ReconcileAgent{} diff --git a/pkg/controller/apmserver/controller.go b/pkg/controller/apmserver/controller.go index ad9d076397..96992efe46 100644 --- a/pkg/controller/apmserver/controller.go +++ b/pkg/controller/apmserver/controller.go @@ -21,7 +21,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -84,7 +83,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) + return addWatches(c, reconciler) } // newReconciler returns a new reconcile.Reconciler @@ -98,9 +97,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAp } } -func addWatches(c controller.Controller, r *ReconcileApmServer, predicates ...predicate.Predicate) error { +func addWatches(c controller.Controller, r *ReconcileApmServer) error { // Watch for changes to ApmServer - err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}, predicates...) + err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate) if err != nil { return err } @@ -109,13 +108,13 @@ func addWatches(c controller.Controller, r *ReconcileApmServer, predicates ...pr if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &apmv1.ApmServer{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, ApmServerNameLabelName, predicates...); err != nil { + if err := watches.WatchPods(c, ApmServerNameLabelName, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -123,7 +122,7 @@ func addWatches(c controller.Controller, r *ReconcileApmServer, predicates ...pr if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &apmv1.ApmServer{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -131,15 +130,15 @@ func addWatches(c controller.Controller, r *ReconcileApmServer, predicates ...pr if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &apmv1.ApmServer{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, apmv1.Kind, predicates...); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, apmv1.Kind, predicates.ManagedNamespacePredicate); err != nil { return err } // dynamically watch referenced secrets to connect to Elasticsearch - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate) } var _ reconcile.Reconciler = &ReconcileApmServer{} diff --git a/pkg/controller/association/controller.go b/pkg/controller/association/controller.go index f188d142c2..27c99d9ede 100644 --- a/pkg/controller/association/controller.go +++ b/pkg/controller/association/controller.go @@ -9,11 +9,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/source" "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" ulog "github.com/elastic/cloud-on-k8s/pkg/utils/log" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" @@ -45,12 +45,12 @@ func AddAssociationController( if err != nil { return err } - return addWatches(c, r, associationInfo.Predicates) + return addWatches(c, r) } -func addWatches(c controller.Controller, r *Reconciler, predicates []predicate.Predicate) error { +func addWatches(c controller.Controller, r *Reconciler) error { // Watch the associated resource (e.g. Kibana for a Kibana -> Elasticsearch association) - if err := c.Watch(&source.Kind{Type: r.AssociatedObjTemplate()}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: r.AssociatedObjTemplate()}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -58,20 +58,20 @@ func addWatches(c controller.Controller, r *Reconciler, predicates []predicate.P if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ OwnerType: r.AssociatedObjTemplate(), IsController: true, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } // Dynamically watch the referenced resources (e.g. Elasticsearch B for a Kibana A -> Elasticsearch B association) - if err := c.Watch(&source.Kind{Type: r.ReferencedObjTemplate()}, r.watches.ReferencedResources, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: r.ReferencedObjTemplate()}, r.watches.ReferencedResources, predicates.ManagedNamespacePredicate); err != nil { return err } // Dynamically watch Secrets (CA Secret of the referenced resource and ES user secret) - if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.watches.Secrets, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.watches.Secrets, predicates.ManagedNamespacePredicate); err != nil { return err } // Dynamically watch Service objects for custom services setup by the user - return c.Watch(&source.Kind{Type: &corev1.Service{}}, r.watches.Services, predicates...) + return c.Watch(&source.Kind{Type: &corev1.Service{}}, r.watches.Services, predicates.ManagedNamespacePredicate) } diff --git a/pkg/controller/association/controller/agent_fleetserver.go b/pkg/controller/association/controller/agent_fleetserver.go index ecf7a94b56..ccc1ec2f78 100644 --- a/pkg/controller/association/controller/agent_fleetserver.go +++ b/pkg/controller/association/controller/agent_fleetserver.go @@ -16,7 +16,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/agent" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" ) @@ -41,9 +40,7 @@ func AddAgentFleetServer(mgr manager.Manager, accessReviewer rbac.AccessReviewer AssociationConfAnnotationNameBase: commonv1.FleetServerConfigAnnotationNameBase, AssociationResourceNameLabelName: agent.NameLabelName, AssociationResourceNamespaceLabelName: agent.NamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - - ElasticsearchUserCreation: nil, + ElasticsearchUserCreation: nil, }) } diff --git a/pkg/controller/association/controller/agent_kibana.go b/pkg/controller/association/controller/agent_kibana.go index 319f75a653..31884d64b5 100644 --- a/pkg/controller/association/controller/agent_kibana.go +++ b/pkg/controller/association/controller/agent_kibana.go @@ -14,7 +14,6 @@ import ( kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/kibana" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" ) @@ -39,8 +38,6 @@ func AddAgentKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, par AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, UserSecretSuffix: "agent-kb-user", diff --git a/pkg/controller/association/controller/apm_es.go b/pkg/controller/association/controller/apm_es.go index 5f0441bc30..7cef7759a2 100644 --- a/pkg/controller/association/controller/apm_es.go +++ b/pkg/controller/association/controller/apm_es.go @@ -18,7 +18,6 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/services" @@ -57,8 +56,6 @@ func AddApmES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { return true, association.AssociationRef(), nil diff --git a/pkg/controller/association/controller/apm_kibana.go b/pkg/controller/association/controller/apm_kibana.go index d8c9c8ca66..c195dc9893 100644 --- a/pkg/controller/association/controller/apm_kibana.go +++ b/pkg/controller/association/controller/apm_kibana.go @@ -17,7 +17,6 @@ import ( kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/controller/kibana" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -44,8 +43,6 @@ func AddApmKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, UserSecretSuffix: "apm-kb-user", diff --git a/pkg/controller/association/controller/beat_es.go b/pkg/controller/association/controller/beat_es.go index eb6d6f8c2b..6514aaadc9 100644 --- a/pkg/controller/association/controller/beat_es.go +++ b/pkg/controller/association/controller/beat_es.go @@ -18,7 +18,6 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" esuser "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" @@ -58,8 +57,6 @@ func AddBeatES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { return true, association.AssociationRef(), nil diff --git a/pkg/controller/association/controller/beat_kibana.go b/pkg/controller/association/controller/beat_kibana.go index e485d0b726..aae4119fb7 100644 --- a/pkg/controller/association/controller/beat_kibana.go +++ b/pkg/controller/association/controller/beat_kibana.go @@ -18,7 +18,6 @@ import ( kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" esuser "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/controller/kibana" @@ -45,8 +44,6 @@ func AddBeatKibana(mgr manager.Manager, accessReviewer rbac.AccessReviewer, para AssociationConfAnnotationNameBase: commonv1.KibanaConfigAnnotationNameBase, AssociationResourceNameLabelName: kibana.KibanaNameLabelName, AssociationResourceNamespaceLabelName: kibana.KibanaNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: getElasticsearchFromKibana, UserSecretSuffix: "beat-kb-user", diff --git a/pkg/controller/association/controller/ent_es.go b/pkg/controller/association/controller/ent_es.go index 3c6aadc435..29f07f1e26 100644 --- a/pkg/controller/association/controller/ent_es.go +++ b/pkg/controller/association/controller/ent_es.go @@ -14,7 +14,6 @@ import ( entv1 "github.com/elastic/cloud-on-k8s/pkg/apis/enterprisesearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" esuser "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -53,8 +52,6 @@ func AddEntES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params op AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { return true, association.AssociationRef(), nil diff --git a/pkg/controller/association/controller/es_monitoring.go b/pkg/controller/association/controller/es_monitoring.go index 27c3edcafa..60a86a46cc 100644 --- a/pkg/controller/association/controller/es_monitoring.go +++ b/pkg/controller/association/controller/es_monitoring.go @@ -13,7 +13,6 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -36,10 +35,10 @@ const ( // Beats are configured to collect monitoring metrics and logs data of the associated Elasticsearch and send // them to the Elasticsearch referenced in the association. func AddEsMonitoring(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params operator.Parameters) error { - return association.AddAssociationController(mgr, accessReviewer, params, esMonitoringAssociationInfo(params)) + return association.AddAssociationController(mgr, accessReviewer, params, esMonitoringAssociationInfo()) } -func esMonitoringAssociationInfo(params operator.Parameters) association.AssociationInfo { +func esMonitoringAssociationInfo() association.AssociationInfo { return association.AssociationInfo{ AssociatedObjTemplate: func() commonv1.Associated { return &esv1.Elasticsearch{} }, ReferencedObjTemplate: func() client.Object { return &esv1.Elasticsearch{} }, @@ -59,8 +58,6 @@ func esMonitoringAssociationInfo(params operator.Parameters) association.Associa AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { return true, association.AssociationRef(), nil diff --git a/pkg/controller/association/controller/es_monitoring_test.go b/pkg/controller/association/controller/es_monitoring_test.go index fd03b63d63..bd628975e8 100644 --- a/pkg/controller/association/controller/es_monitoring_test.go +++ b/pkg/controller/association/controller/es_monitoring_test.go @@ -14,7 +14,6 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" ) @@ -33,7 +32,7 @@ var ( func Test_EsMonitoringReconciler_NoAssociation(t *testing.T) { es := sampleES resourceVersion := es.ResourceVersion - r := association.NewTestAssociationReconciler(esMonitoringAssociationInfo(operator.Parameters{}), &es) + r := association.NewTestAssociationReconciler(esMonitoringAssociationInfo(), &es) _, err := r.Reconcile(context.Background(), reconcile.Request{NamespacedName: k8s.ExtractNamespacedName(&es)}) require.NoError(t, err) // should not update the Elasticsearch resource diff --git a/pkg/controller/association/controller/kb_monitoring.go b/pkg/controller/association/controller/kb_monitoring.go index e8e420e7c7..a699de76f0 100644 --- a/pkg/controller/association/controller/kb_monitoring.go +++ b/pkg/controller/association/controller/kb_monitoring.go @@ -14,7 +14,6 @@ import ( kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -44,8 +43,6 @@ func AddKbMonitoring(mgr manager.Manager, accessReviewer rbac.AccessReviewer, pa AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { return true, association.AssociationRef(), nil diff --git a/pkg/controller/association/controller/kibana_ent.go b/pkg/controller/association/controller/kibana_ent.go index b4b4e52ae0..2c5fb5ee5b 100644 --- a/pkg/controller/association/controller/kibana_ent.go +++ b/pkg/controller/association/controller/kibana_ent.go @@ -16,7 +16,6 @@ import ( kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" entctl "github.com/elastic/cloud-on-k8s/pkg/controller/enterprisesearch" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" @@ -42,7 +41,6 @@ func AddKibanaEnt(mgr manager.Manager, accessReviewer rbac.AccessReviewer, param AssociationConfAnnotationNameBase: commonv1.EntConfigAnnotationNameBase, AssociationResourceNameLabelName: entctl.EnterpriseSearchNameLabelName, AssociationResourceNamespaceLabelName: entctl.EnterpriseSearchNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), ElasticsearchUserCreation: nil, // no dedicated ES user required for Kibana->Ent connection }) } diff --git a/pkg/controller/association/controller/kibana_es.go b/pkg/controller/association/controller/kibana_es.go index b9d9fe7fbd..48c4aa8d96 100644 --- a/pkg/controller/association/controller/kibana_es.go +++ b/pkg/controller/association/controller/kibana_es.go @@ -16,7 +16,6 @@ import ( kbv1 "github.com/elastic/cloud-on-k8s/pkg/apis/kibana/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" @@ -57,8 +56,6 @@ func AddKibanaES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { return true, association.AssociationRef(), nil diff --git a/pkg/controller/association/controller/maps_es.go b/pkg/controller/association/controller/maps_es.go index 5ffa9d2a59..19a72e8d1d 100644 --- a/pkg/controller/association/controller/maps_es.go +++ b/pkg/controller/association/controller/maps_es.go @@ -14,7 +14,6 @@ import ( emsv1alpha1 "github.com/elastic/cloud-on-k8s/pkg/apis/maps/v1alpha1" "github.com/elastic/cloud-on-k8s/pkg/controller/association" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" eslabel "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/label" "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/user" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -56,8 +55,6 @@ func AddMapsES(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params o AssociationConfAnnotationNameBase: commonv1.ElasticsearchConfigAnnotationNameBase, AssociationResourceNameLabelName: eslabel.ClusterNameLabelName, AssociationResourceNamespaceLabelName: eslabel.ClusterNamespaceLabelName, - Predicates: predicates.WithPredicates(predicates.ManagedNamespacePredicate), - ElasticsearchUserCreation: &association.ElasticsearchUserCreation{ ElasticsearchRef: func(c k8s.Client, association commonv1.Association) (bool, commonv1.ObjectSelector, error) { return true, association.AssociationRef(), nil diff --git a/pkg/controller/association/reconciler.go b/pkg/controller/association/reconciler.go index 92186a2894..e82f45f262 100644 --- a/pkg/controller/association/reconciler.go +++ b/pkg/controller/association/reconciler.go @@ -18,7 +18,6 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/tools/record" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "github.com/elastic/cloud-on-k8s/pkg/about" @@ -80,10 +79,6 @@ type AssociationInfo struct { // namespace of the associated resource (eg. user secret allowing to connect Beat to Kibana will have this label // pointing to the Beat resource). AssociationResourceNamespaceLabelName string - // Predicates are a set of predicates (functions that return true/false that filter events that are sent to controllers) - // that should be applied when creating a controller for the associated resource. - Predicates []predicate.Predicate - // ElasticsearchUserCreation specifies settings to create an Elasticsearch user as part of the association. // May be nil if no user creation is required. ElasticsearchUserCreation *ElasticsearchUserCreation diff --git a/pkg/controller/beat/controller.go b/pkg/controller/beat/controller.go index 3d05814efa..7dbf8984a5 100644 --- a/pkg/controller/beat/controller.go +++ b/pkg/controller/beat/controller.go @@ -16,7 +16,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -56,7 +55,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, r, predicates.ManagedNamespacePredicate) + return addWatches(c, r) } // newReconciler returns a new reconcile.Reconciler. @@ -71,9 +70,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileBe } // addWatches adds watches for all resources this controller cares about -func addWatches(c controller.Controller, r *ReconcileBeat, predicates ...predicate.Predicate) error { +func addWatches(c controller.Controller, r *ReconcileBeat) error { // Watch for changes to Beat - if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -81,7 +80,7 @@ func addWatches(c controller.Controller, r *ReconcileBeat, predicates ...predica if err := c.Watch(&source.Kind{Type: &appsv1.DaemonSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -89,13 +88,13 @@ func addWatches(c controller.Controller, r *ReconcileBeat, predicates ...predica if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } // Watch Pods, to ensure `status.version` is correctly reconciled on any change. // Watching Deployments or DaemonSets only may lead to missing some events. - if err := watches.WatchPods(c, beatcommon.NameLabelName, predicates...); err != nil { + if err := watches.WatchPods(c, beatcommon.NameLabelName, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -103,15 +102,15 @@ func addWatches(c controller.Controller, r *ReconcileBeat, predicates ...predica if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, beatv1beta1.Kind, predicates...); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, beatv1beta1.Kind, predicates.ManagedNamespacePredicate); err != nil { return err } // Watch dynamically referenced Secrets - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate) } var _ reconcile.Reconciler = &ReconcileBeat{} diff --git a/pkg/controller/elasticsearch/elasticsearch_controller.go b/pkg/controller/elasticsearch/elasticsearch_controller.go index 6897041519..2f6aa989c7 100644 --- a/pkg/controller/elasticsearch/elasticsearch_controller.go +++ b/pkg/controller/elasticsearch/elasticsearch_controller.go @@ -18,7 +18,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -62,7 +61,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) + return addWatches(c, reconciler) } // newReconciler returns a new reconcile.Reconciler @@ -81,10 +80,10 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEl } } -func addWatches(c controller.Controller, r *ReconcileElasticsearch, predicates ...predicate.Predicate) error { +func addWatches(c controller.Controller, r *ReconcileElasticsearch) error { // Watch for changes to Elasticsearch if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates..., + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate, ); err != nil { return err } @@ -94,13 +93,13 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch, predicates . &source.Kind{Type: &appsv1.StatefulSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &esv1.Elasticsearch{}, - }, predicates..., + }, predicates.ManagedNamespacePredicate, ); err != nil { return err } // Watch pods belonging to ES clusters - if err := watches.WatchPods(c, label.ClusterNameLabelName, predicates...); err != nil { + if err := watches.WatchPods(c, label.ClusterNameLabelName, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -108,12 +107,12 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch, predicates . if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &esv1.Elasticsearch{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } // Watch owned and soft-owned secrets - if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate); err != nil { return err } if err := r.dynamicWatches.Secrets.AddHandler(&watches.OwnerWatch{ @@ -124,12 +123,12 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch, predicates . }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, esv1.Kind, predicates...); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, esv1.Kind, predicates.ManagedNamespacePredicate); err != nil { return err } // Trigger a reconciliation when observers report a cluster health change - return c.Watch(observer.WatchClusterHealthChange(r.esObservers), reconciler.GenericEventHandler(), predicates...) + return c.Watch(observer.WatchClusterHealthChange(r.esObservers), reconciler.GenericEventHandler(), predicates.ManagedNamespacePredicate) } var _ reconcile.Reconciler = &ReconcileElasticsearch{} diff --git a/pkg/controller/enterprisesearch/enterprisesearch_controller.go b/pkg/controller/enterprisesearch/enterprisesearch_controller.go index d11f8f0fde..e6774dd7a4 100644 --- a/pkg/controller/enterprisesearch/enterprisesearch_controller.go +++ b/pkg/controller/enterprisesearch/enterprisesearch_controller.go @@ -20,7 +20,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -57,7 +56,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) + return addWatches(c, reconciler) } // newReconciler returns a new reconcile.Reconciler @@ -71,9 +70,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEn } } -func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, predicates ...predicate.Predicate) error { +func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch) error { // Watch for changes to EnterpriseSearch - err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}, predicates...) + err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate) if err != nil { return err } @@ -88,7 +87,7 @@ func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, predicate // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, EnterpriseSearchNameLabelName, predicates...); err != nil { + if err := watches.WatchPods(c, EnterpriseSearchNameLabelName, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -107,7 +106,7 @@ func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch, predicate }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, entv1.Kind, predicates...); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, entv1.Kind, predicates.ManagedNamespacePredicate); err != nil { return err } diff --git a/pkg/controller/kibana/controller.go b/pkg/controller/kibana/controller.go index 19ff99c936..e72b1def24 100644 --- a/pkg/controller/kibana/controller.go +++ b/pkg/controller/kibana/controller.go @@ -18,7 +18,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -53,7 +52,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) + return addWatches(c, reconciler) } // newReconciler returns a new reconcile.Reconciler @@ -67,9 +66,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileKi } } -func addWatches(c controller.Controller, r *ReconcileKibana, predicates ...predicate.Predicate) error { +func addWatches(c controller.Controller, r *ReconcileKibana) error { // Watch for changes to Kibana - if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -77,13 +76,13 @@ func addWatches(c controller.Controller, r *ReconcileKibana, predicates ...predi if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &kbv1.Kibana{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, KibanaNameLabelName, predicates...); err != nil { + if err := watches.WatchPods(c, KibanaNameLabelName, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -91,7 +90,7 @@ func addWatches(c controller.Controller, r *ReconcileKibana, predicates ...predi if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &kbv1.Kibana{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -99,15 +98,15 @@ func addWatches(c controller.Controller, r *ReconcileKibana, predicates ...predi if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &kbv1.Kibana{}, - }, predicates...); err != nil { + }, predicates.ManagedNamespacePredicate); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, kbv1.Kind, predicates...); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, kbv1.Kind, predicates.ManagedNamespacePredicate); err != nil { return err } // dynamically watch referenced secrets to connect to Elasticsearch - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates...) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate) } var _ reconcile.Reconciler = &ReconcileKibana{} diff --git a/pkg/controller/license/license_controller.go b/pkg/controller/license/license_controller.go index d5f75ddf84..5d6a580861 100644 --- a/pkg/controller/license/license_controller.go +++ b/pkg/controller/license/license_controller.go @@ -18,7 +18,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -67,7 +66,7 @@ func Add(mgr manager.Manager, p operator.Parameters) error { if err != nil { return err } - return addWatches(c, r.Client, predicates.ManagedNamespacePredicate) + return addWatches(c, r.Client) } // newReconciler returns a new reconcile.Reconciler @@ -101,10 +100,10 @@ func nextReconcileRelativeTo(now, expiry time.Time, safety time.Duration) reconc } // addWatches adds a new Controller to mgr with r as the reconcile.Reconciler -func addWatches(c controller.Controller, k8sClient k8s.Client, predicates ...predicate.Predicate) error { +func addWatches(c controller.Controller, k8sClient k8s.Client) error { // Watch for changes to Elasticsearch clusters. if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates..., + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate, ); err != nil { return err } @@ -130,7 +129,7 @@ func addWatches(c controller.Controller, k8sClient k8s.Client, predicates ...pre return nil } return rs - }), predicates..., + }), predicates.ManagedNamespacePredicate, ); err != nil { return err } diff --git a/pkg/controller/maps/controller.go b/pkg/controller/maps/controller.go index 498b930252..14cba556b0 100644 --- a/pkg/controller/maps/controller.go +++ b/pkg/controller/maps/controller.go @@ -21,7 +21,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -59,7 +58,7 @@ func Add(mgr manager.Manager, params operator.Parameters) error { if err != nil { return err } - return addWatches(c, reconciler, predicates.ManagedNamespacePredicate) + return addWatches(c, reconciler) } // newReconciler returns a new reconcile.Reconciler @@ -74,9 +73,9 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileMa } } -func addWatches(c controller.Controller, r *ReconcileMapsServer, predicates ...predicate.Predicate) error { +func addWatches(c controller.Controller, r *ReconcileMapsServer) error { // Watch for changes to MapsServer - if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -90,7 +89,7 @@ func addWatches(c controller.Controller, r *ReconcileMapsServer, predicates ...p // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, NameLabelName, predicates...); err != nil { + if err := watches.WatchPods(c, NameLabelName, predicates.ManagedNamespacePredicate); err != nil { return err } @@ -109,7 +108,7 @@ func addWatches(c controller.Controller, r *ReconcileMapsServer, predicates ...p }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, emsv1alpha1.Kind, predicates...); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, emsv1alpha1.Kind, predicates.ManagedNamespacePredicate); err != nil { return err } From 79d6cc83dafdb581ab84f5e2f59ebf288bc9d043 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Wed, 1 Dec 2021 12:07:37 -0600 Subject: [PATCH 19/29] remove redundant comments --- pkg/controller/common/predicates/predicates.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkg/controller/common/predicates/predicates.go b/pkg/controller/common/predicates/predicates.go index 9f4a33eb3d..c5f3fcded7 100644 --- a/pkg/controller/common/predicates/predicates.go +++ b/pkg/controller/common/predicates/predicates.go @@ -19,15 +19,12 @@ var ManagedNamespacePredicate predicate.Predicate func NewManagedNamespacesPredicate(managedNamespaces []string) predicate.Predicate { return predicate.Funcs{ CreateFunc: func(e event.CreateEvent) bool { - // Ignore resources that do not exist within the managed namespaces return IsNamespaceManaged(e.Object.GetNamespace(), managedNamespaces) }, UpdateFunc: func(e event.UpdateEvent) bool { - // Ignore resources that do not exist within the managed namespaces return IsNamespaceManaged(e.ObjectNew.GetNamespace(), managedNamespaces) }, DeleteFunc: func(e event.DeleteEvent) bool { - // Ignore resources that do not exist within the managed namespaces return IsNamespaceManaged(e.Object.GetNamespace(), managedNamespaces) }, GenericFunc: func(e event.GenericEvent) bool { From 05177140b1a5437f148a9ad411c19c0c8d3e7a83 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 2 Dec 2021 14:40:13 -0600 Subject: [PATCH 20/29] simplify GarbageCollectAllSoftOwnedOrphanSecrets per @barkbay comments --- Makefile | 2 +- pkg/controller/common/reconciler/secret.go | 33 ++++------------------ 2 files changed, 7 insertions(+), 28 deletions(-) diff --git a/Makefile b/Makefile index 590b09247b..9c4dc5f165 100644 --- a/Makefile +++ b/Makefile @@ -193,7 +193,7 @@ go-run: --enable-leader-election=false \ --log-verbosity=$(LOG_VERBOSITY) \ --ca-cert-validity=10h --ca-cert-rotate-before=1h \ - --operator-namespace=default \ + --operator-namespace=elastic-system \ --namespaces=$(MANAGED_NAMESPACES) \ --manage-webhook-certs=false \ 2>&1 | grep -v "dev-portforward" # remove dev-portforward logs from the output diff --git a/pkg/controller/common/reconciler/secret.go b/pkg/controller/common/reconciler/secret.go index 05ea323fa1..d372208cb4 100644 --- a/pkg/controller/common/reconciler/secret.go +++ b/pkg/controller/common/reconciler/secret.go @@ -15,6 +15,7 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" "github.com/elastic/cloud-on-k8s/pkg/utils/maps" ) @@ -25,8 +26,6 @@ const ( SoftOwnerNamespaceLabel = "eck.k8s.elastic.co/owner-namespace" SoftOwnerNameLabel = "eck.k8s.elastic.co/owner-name" SoftOwnerKindLabel = "eck.k8s.elastic.co/owner-kind" - - secretsGarbageCollectionFailedMessage = "Orphan secrets garbage collection failed, will be attempted again at next operator restart." ) // ReconcileSecret creates or updates the actual secret to match the expected one. @@ -172,47 +171,27 @@ func GarbageCollectSoftOwnedSecrets(c k8s.Client, deletedOwner types.NamespacedN return nil } -// GarbageCollectAllSoftOwnedOrphanSecrets iterates over all Secrets in the namespaces that the operator -// manages that reference a soft owner. If the owner +// GarbageCollectAllSoftOwnedOrphanSecrets iterates over all Secrets that reference a soft owner. If the owner // doesn't exist anymore, it deletes the secrets. // Should be called on operator startup, after cache warm-up, to cover cases where // the operator is down when the owner is deleted. // If the operator is up, garbage collection is already handled by GarbageCollectSoftOwnedSecrets on owner deletion. func GarbageCollectAllSoftOwnedOrphanSecrets(c k8s.Client, ownerKinds map[string]client.Object, managedNamespaces []string) error { - if len(managedNamespaces) == 0 { - return garbageCollectSecrets(c, ownerKinds, "") - } - for _, namespace := range managedNamespaces { - // The empty namespace is added to the managed namespaces when storage class validation is enabled to - // allow watching cluster-scoped resources, but since this isn't applicable to secrets, we ignore this - // namespace to prevent invalid "Orphan secrets garbage collection failed" error message. - if namespace == "" { - continue - } - if err := garbageCollectSecrets(c, ownerKinds, namespace); err != nil { - log.Error(err, secretsGarbageCollectionFailedMessage, "namespace", namespace) - continue - } - } - - return nil -} - -func garbageCollectSecrets(c k8s.Client, ownerKinds map[string]client.Object, namespace string) error { // retrieve all secrets that reference a soft owner var secrets corev1.SecretList if err := c.List(context.Background(), &secrets, client.HasLabels{SoftOwnerNamespaceLabel, SoftOwnerNameLabel, SoftOwnerKindLabel}, - // since corev1.NamespaceAll is a string == "", this will also work when managing all namespaces - // and namespace == "". - client.InNamespace(namespace), ); err != nil { return err } // remove any secret whose owner in the same namespace doesn't exist for i := range secrets.Items { secret := secrets.Items[i] + // ignore this secret if it's in a namespace the operator doesn't manage + if !predicates.IsNamespaceManaged(secret.Namespace, managedNamespaces) { + continue + } softOwner, referenced := SoftOwnerRefFromLabels(secret.Labels) if !referenced { continue From d0c44e70746e24f8fc00bb00cc85a25eb8ceb95f Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 2 Dec 2021 14:41:03 -0600 Subject: [PATCH 21/29] revert invalid change to Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9c4dc5f165..590b09247b 100644 --- a/Makefile +++ b/Makefile @@ -193,7 +193,7 @@ go-run: --enable-leader-election=false \ --log-verbosity=$(LOG_VERBOSITY) \ --ca-cert-validity=10h --ca-cert-rotate-before=1h \ - --operator-namespace=elastic-system \ + --operator-namespace=default \ --namespaces=$(MANAGED_NAMESPACES) \ --manage-webhook-certs=false \ 2>&1 | grep -v "dev-portforward" # remove dev-portforward logs from the output From 50034ca4b58940d127efdefc0c6a13d4b8efb16d Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 2 Dec 2021 15:13:15 -0600 Subject: [PATCH 22/29] ensure managed namespace predicate is initialized prior to license integration test --- pkg/controller/license/license_controller_integration_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/controller/license/license_controller_integration_test.go b/pkg/controller/license/license_controller_integration_test.go index 8a101b3c59..e66f472612 100644 --- a/pkg/controller/license/license_controller_integration_test.go +++ b/pkg/controller/license/license_controller_integration_test.go @@ -29,6 +29,7 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" esclient "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/client" "github.com/elastic/cloud-on-k8s/pkg/utils/chrono" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -40,6 +41,7 @@ func TestMain(m *testing.M) { } func TestReconcile(t *testing.T) { + predicates.ManagedNamespacePredicate = predicates.NewManagedNamespacesPredicate([]string{"default"}) c, stop := test.StartManager(t, func(mgr manager.Manager, p operator.Parameters) error { r := &ReconcileLicenses{ Client: mgr.GetClient(), From f6742566d09cb2d92610bdea8cfa188b351da25b Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Fri, 3 Dec 2021 14:34:01 -0600 Subject: [PATCH 23/29] Per Suggestion, simplify how predicates get used in Watches. Adjust Webhooks controller to use the common path for creating a controller. --- cmd/manager/main.go | 4 +- pkg/controller/agent/controller.go | 15 ++++---- pkg/controller/apmserver/controller.go | 15 ++++---- pkg/controller/association/controller.go | 11 +++--- pkg/controller/autoscaling/elasticsearch.go | 3 +- pkg/controller/beat/controller.go | 15 ++++---- pkg/controller/common/controller.go | 37 ++++++++++++++++++- pkg/controller/common/watches/pods.go | 4 +- pkg/controller/common/watches/secrets.go | 4 +- .../elasticsearch/elasticsearch_controller.go | 15 ++++---- .../enterprisesearch_controller.go | 7 ++-- pkg/controller/kibana/controller.go | 15 ++++---- pkg/controller/license/license_controller.go | 5 +-- pkg/controller/maps/controller.go | 7 ++-- .../webhook_certificates_controller.go | 9 ++--- 15 files changed, 93 insertions(+), 73 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index ab26c2cfcb..53e329b340 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -812,7 +812,7 @@ func setupWebhook(mgr manager.Manager, params operator.Parameters, clientset kub os.Exit(1) } - if err := webhook.Add(mgr, webhookParams, clientset, wh, predicates.ManagedNamespacePredicate); err != nil { + if err := webhook.Add(mgr, webhookParams, clientset, wh, params); err != nil { log.Error(err, "unable to create controller", "controller", webhook.ControllerName) os.Exit(1) } @@ -842,7 +842,7 @@ func setupWebhook(mgr manager.Manager, params operator.Parameters, clientset kub } // esv1 validating webhook is wired up differently, in order to access the k8s client - esvalidation.RegisterWebhook(mgr, params.ValidateStorageClass, params.ExposedNodeLabels) + esvalidation.RegisterWebhook(mgr, params.ValidateStorageClass, params.ExposedNodeLabels) // wait for the secret to be populated in the local filesystem before returning interval := time.Second * 1 diff --git a/pkg/controller/agent/controller.go b/pkg/controller/agent/controller.go index 1d357ea2fb..48f238454e 100644 --- a/pkg/controller/agent/controller.go +++ b/pkg/controller/agent/controller.go @@ -24,7 +24,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/events" "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" @@ -61,7 +60,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAg // addWatches adds watches for all resources this controller cares about func addWatches(c controller.Controller, r *ReconcileAgent) error { // Watch for changes to Agent - if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { + if err := c.Watch(&source.Kind{Type: &agentv1alpha1.Agent{}}, &handler.EnqueueRequestForObject{}); err != nil { return err } @@ -69,7 +68,7 @@ func addWatches(c controller.Controller, r *ReconcileAgent) error { if err := c.Watch(&source.Kind{Type: &appsv1.DaemonSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } @@ -77,13 +76,13 @@ func addWatches(c controller.Controller, r *ReconcileAgent) error { if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } // Watch Pods, to ensure `status.version` is correctly reconciled on any change. // Watching Deployments or DaemonSets only may lead to missing some events. - if err := watches.WatchPods(c, NameLabelName, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchPods(c, NameLabelName); err != nil { return err } @@ -91,7 +90,7 @@ func addWatches(c controller.Controller, r *ReconcileAgent) error { if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } @@ -100,12 +99,12 @@ func addWatches(c controller.Controller, r *ReconcileAgent) error { if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &agentv1alpha1.Agent{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } // Watch dynamically referenced Secrets - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets) } var _ reconcile.Reconciler = &ReconcileAgent{} diff --git a/pkg/controller/apmserver/controller.go b/pkg/controller/apmserver/controller.go index 96992efe46..e3e9654de5 100644 --- a/pkg/controller/apmserver/controller.go +++ b/pkg/controller/apmserver/controller.go @@ -34,7 +34,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/finalizer" "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" @@ -99,7 +98,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileAp func addWatches(c controller.Controller, r *ReconcileApmServer) error { // Watch for changes to ApmServer - err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate) + err := c.Watch(&source.Kind{Type: &apmv1.ApmServer{}}, &handler.EnqueueRequestForObject{}) if err != nil { return err } @@ -108,13 +107,13 @@ func addWatches(c controller.Controller, r *ReconcileApmServer) error { if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &apmv1.ApmServer{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, ApmServerNameLabelName, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchPods(c, ApmServerNameLabelName); err != nil { return err } @@ -122,7 +121,7 @@ func addWatches(c controller.Controller, r *ReconcileApmServer) error { if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &apmv1.ApmServer{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } @@ -130,15 +129,15 @@ func addWatches(c controller.Controller, r *ReconcileApmServer) error { if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &apmv1.ApmServer{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, apmv1.Kind, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, apmv1.Kind); err != nil { return err } // dynamically watch referenced secrets to connect to Elasticsearch - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets) } var _ reconcile.Reconciler = &ReconcileApmServer{} diff --git a/pkg/controller/association/controller.go b/pkg/controller/association/controller.go index 27c99d9ede..73a8fbef42 100644 --- a/pkg/controller/association/controller.go +++ b/pkg/controller/association/controller.go @@ -13,7 +13,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" ulog "github.com/elastic/cloud-on-k8s/pkg/utils/log" "github.com/elastic/cloud-on-k8s/pkg/utils/rbac" @@ -50,7 +49,7 @@ func AddAssociationController( func addWatches(c controller.Controller, r *Reconciler) error { // Watch the associated resource (e.g. Kibana for a Kibana -> Elasticsearch association) - if err := c.Watch(&source.Kind{Type: r.AssociatedObjTemplate()}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { + if err := c.Watch(&source.Kind{Type: r.AssociatedObjTemplate()}, &handler.EnqueueRequestForObject{}); err != nil { return err } @@ -58,20 +57,20 @@ func addWatches(c controller.Controller, r *Reconciler) error { if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ OwnerType: r.AssociatedObjTemplate(), IsController: true, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } // Dynamically watch the referenced resources (e.g. Elasticsearch B for a Kibana A -> Elasticsearch B association) - if err := c.Watch(&source.Kind{Type: r.ReferencedObjTemplate()}, r.watches.ReferencedResources, predicates.ManagedNamespacePredicate); err != nil { + if err := c.Watch(&source.Kind{Type: r.ReferencedObjTemplate()}, r.watches.ReferencedResources); err != nil { return err } // Dynamically watch Secrets (CA Secret of the referenced resource and ES user secret) - if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.watches.Secrets, predicates.ManagedNamespacePredicate); err != nil { + if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.watches.Secrets); err != nil { return err } // Dynamically watch Service objects for custom services setup by the user - return c.Watch(&source.Kind{Type: &corev1.Service{}}, r.watches.Services, predicates.ManagedNamespacePredicate) + return c.Watch(&source.Kind{Type: &corev1.Service{}}, r.watches.Services) } diff --git a/pkg/controller/autoscaling/elasticsearch.go b/pkg/controller/autoscaling/elasticsearch.go index fa9000981f..136fb57924 100644 --- a/pkg/controller/autoscaling/elasticsearch.go +++ b/pkg/controller/autoscaling/elasticsearch.go @@ -13,7 +13,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/autoscaling/elasticsearch" "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" ) const ( @@ -29,5 +28,5 @@ func Add(mgr manager.Manager, p operator.Parameters) error { return err } // Watch for changes on Elasticsearch clusters. - return c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate) + return c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}) } diff --git a/pkg/controller/beat/controller.go b/pkg/controller/beat/controller.go index 7dbf8984a5..1d6c26321f 100644 --- a/pkg/controller/beat/controller.go +++ b/pkg/controller/beat/controller.go @@ -33,7 +33,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/events" "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" @@ -72,7 +71,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileBe // addWatches adds watches for all resources this controller cares about func addWatches(c controller.Controller, r *ReconcileBeat) error { // Watch for changes to Beat - if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { + if err := c.Watch(&source.Kind{Type: &beatv1beta1.Beat{}}, &handler.EnqueueRequestForObject{}); err != nil { return err } @@ -80,7 +79,7 @@ func addWatches(c controller.Controller, r *ReconcileBeat) error { if err := c.Watch(&source.Kind{Type: &appsv1.DaemonSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } @@ -88,13 +87,13 @@ func addWatches(c controller.Controller, r *ReconcileBeat) error { if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } // Watch Pods, to ensure `status.version` is correctly reconciled on any change. // Watching Deployments or DaemonSets only may lead to missing some events. - if err := watches.WatchPods(c, beatcommon.NameLabelName, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchPods(c, beatcommon.NameLabelName); err != nil { return err } @@ -102,15 +101,15 @@ func addWatches(c controller.Controller, r *ReconcileBeat) error { if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &beatv1beta1.Beat{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, beatv1beta1.Kind, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, beatv1beta1.Kind); err != nil { return err } // Watch dynamically referenced Secrets - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets) } var _ reconcile.Reconciler = &ReconcileBeat{} diff --git a/pkg/controller/common/controller.go b/pkg/controller/common/controller.go index 33d6d4fa1a..099963283e 100644 --- a/pkg/controller/common/controller.go +++ b/pkg/controller/common/controller.go @@ -10,18 +10,53 @@ import ( "sync/atomic" "go.elastic.co/apm" + "k8s.io/utils/strings/slices" "sigs.k8s.io/controller-runtime/pkg/controller" + "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" + "sigs.k8s.io/controller-runtime/pkg/source" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" logconf "github.com/elastic/cloud-on-k8s/pkg/utils/log" ) // NewController creates a new controller with the given name, reconciler and parameters and registers it with the manager. func NewController(mgr manager.Manager, name string, r reconcile.Reconciler, p operator.Parameters) (controller.Controller, error) { - return controller.New(name, mgr, controller.Options{Reconciler: r, MaxConcurrentReconciles: p.MaxConcurrentReconciles}) + c, err := controller.New(name, mgr, controller.Options{Reconciler: r, MaxConcurrentReconciles: p.MaxConcurrentReconciles}) + if err != nil { + return nil, err + } + return newNamespaceAwareWatchersController(c, p.ManagedNamespaces, p.OperatorNamespace), nil +} + +var _ controller.Controller = &namespaceAwareController{} + +// namespaceAwareController implements the controller.Controller interface and automatically include a predicate to filter events +// which are not in a managed namespace. +type namespaceAwareController struct { + controller.Controller + namespacePredicate predicate.Predicate +} + +func newNamespaceAwareWatchersController(c controller.Controller, managedNamespaces []string, operatorNamespace string) controller.Controller { + watchedNamespaces := managedNamespaces + if !slices.Contains(managedNamespaces, operatorNamespace) { + watchedNamespaces = append(watchedNamespaces, operatorNamespace) + } + return &namespaceAwareController{ + Controller: c, + namespacePredicate: predicates.NewManagedNamespacesPredicate(managedNamespaces), + } +} + +// Watch implements controller.Controller interface, and calls the underlying controller's +// watch method, ensuring that the namespace predicate exists. +func (n *namespaceAwareController) Watch(src source.Source, eventhandler handler.EventHandler, predicates ...predicate.Predicate) error { + return n.Controller.Watch(src, eventhandler, append(predicates, n.namespacePredicate)...) } // NewReconciliationContext increments iteration, creates an apm transaction and initiates the logger. Returns context diff --git a/pkg/controller/common/watches/pods.go b/pkg/controller/common/watches/pods.go index 33f593a319..e8dbecb261 100644 --- a/pkg/controller/common/watches/pods.go +++ b/pkg/controller/common/watches/pods.go @@ -10,18 +10,16 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" ) // WatchPods updates the given controller to enqueue reconciliation requests triggered by changes on Pods. // The resource to reconcile is identified by a label on the Pods. -func WatchPods(c controller.Controller, objNameLabel string, predicates ...predicate.Predicate) error { +func WatchPods(c controller.Controller, objNameLabel string) error { return c.Watch( &source.Kind{Type: &corev1.Pod{}}, handler.EnqueueRequestsFromMapFunc(objToReconcileRequest(objNameLabel)), - predicates..., ) } diff --git a/pkg/controller/common/watches/secrets.go b/pkg/controller/common/watches/secrets.go index 121c0fbfa9..e6664ed1e3 100644 --- a/pkg/controller/common/watches/secrets.go +++ b/pkg/controller/common/watches/secrets.go @@ -10,7 +10,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -46,11 +45,10 @@ func WatchUserProvidedSecrets( } // WatchSoftOwnedSecrets triggers reconciliations on secrets referencing a soft owner. -func WatchSoftOwnedSecrets(c controller.Controller, ownerKind string, predicates ...predicate.Predicate) error { +func WatchSoftOwnedSecrets(c controller.Controller, ownerKind string) error { return c.Watch( &source.Kind{Type: &corev1.Secret{}}, handler.EnqueueRequestsFromMapFunc(reconcileReqForSoftOwner(ownerKind)), - predicates..., ) } diff --git a/pkg/controller/elasticsearch/elasticsearch_controller.go b/pkg/controller/elasticsearch/elasticsearch_controller.go index 2f6aa989c7..0be81b68b6 100644 --- a/pkg/controller/elasticsearch/elasticsearch_controller.go +++ b/pkg/controller/elasticsearch/elasticsearch_controller.go @@ -31,7 +31,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" commonversion "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" @@ -83,7 +82,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEl func addWatches(c controller.Controller, r *ReconcileElasticsearch) error { // Watch for changes to Elasticsearch if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate, + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, ); err != nil { return err } @@ -93,13 +92,13 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch) error { &source.Kind{Type: &appsv1.StatefulSet{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &esv1.Elasticsearch{}, - }, predicates.ManagedNamespacePredicate, + }, ); err != nil { return err } // Watch pods belonging to ES clusters - if err := watches.WatchPods(c, label.ClusterNameLabelName, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchPods(c, label.ClusterNameLabelName); err != nil { return err } @@ -107,12 +106,12 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch) error { if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &esv1.Elasticsearch{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } // Watch owned and soft-owned secrets - if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate); err != nil { + if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets); err != nil { return err } if err := r.dynamicWatches.Secrets.AddHandler(&watches.OwnerWatch{ @@ -123,12 +122,12 @@ func addWatches(c controller.Controller, r *ReconcileElasticsearch) error { }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, esv1.Kind, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, esv1.Kind); err != nil { return err } // Trigger a reconciliation when observers report a cluster health change - return c.Watch(observer.WatchClusterHealthChange(r.esObservers), reconciler.GenericEventHandler(), predicates.ManagedNamespacePredicate) + return c.Watch(observer.WatchClusterHealthChange(r.esObservers), reconciler.GenericEventHandler()) } var _ reconcile.Reconciler = &ReconcileElasticsearch{} diff --git a/pkg/controller/enterprisesearch/enterprisesearch_controller.go b/pkg/controller/enterprisesearch/enterprisesearch_controller.go index e6774dd7a4..a13c343b47 100644 --- a/pkg/controller/enterprisesearch/enterprisesearch_controller.go +++ b/pkg/controller/enterprisesearch/enterprisesearch_controller.go @@ -31,7 +31,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/driver" "github.com/elastic/cloud-on-k8s/pkg/controller/common/events" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" @@ -72,7 +71,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileEn func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch) error { // Watch for changes to EnterpriseSearch - err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate) + err := c.Watch(&source.Kind{Type: &entv1.EnterpriseSearch{}}, &handler.EnqueueRequestForObject{}) if err != nil { return err } @@ -87,7 +86,7 @@ func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch) error { // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, EnterpriseSearchNameLabelName, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchPods(c, EnterpriseSearchNameLabelName); err != nil { return err } @@ -106,7 +105,7 @@ func addWatches(c controller.Controller, r *ReconcileEnterpriseSearch) error { }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, entv1.Kind, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, entv1.Kind); err != nil { return err } diff --git a/pkg/controller/kibana/controller.go b/pkg/controller/kibana/controller.go index e72b1def24..f7acf94efb 100644 --- a/pkg/controller/kibana/controller.go +++ b/pkg/controller/kibana/controller.go @@ -29,7 +29,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/finalizer" "github.com/elastic/cloud-on-k8s/pkg/controller/common/keystore" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" @@ -68,7 +67,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileKi func addWatches(c controller.Controller, r *ReconcileKibana) error { // Watch for changes to Kibana - if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { + if err := c.Watch(&source.Kind{Type: &kbv1.Kibana{}}, &handler.EnqueueRequestForObject{}); err != nil { return err } @@ -76,13 +75,13 @@ func addWatches(c controller.Controller, r *ReconcileKibana) error { if err := c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &kbv1.Kibana{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, KibanaNameLabelName, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchPods(c, KibanaNameLabelName); err != nil { return err } @@ -90,7 +89,7 @@ func addWatches(c controller.Controller, r *ReconcileKibana) error { if err := c.Watch(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &kbv1.Kibana{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } @@ -98,15 +97,15 @@ func addWatches(c controller.Controller, r *ReconcileKibana) error { if err := c.Watch(&source.Kind{Type: &corev1.Secret{}}, &handler.EnqueueRequestForOwner{ IsController: true, OwnerType: &kbv1.Kibana{}, - }, predicates.ManagedNamespacePredicate); err != nil { + }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, kbv1.Kind, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, kbv1.Kind); err != nil { return err } // dynamically watch referenced secrets to connect to Elasticsearch - return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets, predicates.ManagedNamespacePredicate) + return c.Watch(&source.Kind{Type: &corev1.Secret{}}, r.dynamicWatches.Secrets) } var _ reconcile.Reconciler = &ReconcileKibana{} diff --git a/pkg/controller/license/license_controller.go b/pkg/controller/license/license_controller.go index 5d6a580861..f1d6d07dae 100644 --- a/pkg/controller/license/license_controller.go +++ b/pkg/controller/license/license_controller.go @@ -25,7 +25,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" esclient "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/client" @@ -103,7 +102,7 @@ func nextReconcileRelativeTo(now, expiry time.Time, safety time.Duration) reconc func addWatches(c controller.Controller, k8sClient k8s.Client) error { // Watch for changes to Elasticsearch clusters. if err := c.Watch( - &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate, + &source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, ); err != nil { return err } @@ -129,7 +128,7 @@ func addWatches(c controller.Controller, k8sClient k8s.Client) error { return nil } return rs - }), predicates.ManagedNamespacePredicate, + }), ); err != nil { return err } diff --git a/pkg/controller/maps/controller.go b/pkg/controller/maps/controller.go index 14cba556b0..6cef7df16d 100644 --- a/pkg/controller/maps/controller.go +++ b/pkg/controller/maps/controller.go @@ -34,7 +34,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/events" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/version" @@ -75,7 +74,7 @@ func newReconciler(mgr manager.Manager, params operator.Parameters) *ReconcileMa func addWatches(c controller.Controller, r *ReconcileMapsServer) error { // Watch for changes to MapsServer - if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}, predicates.ManagedNamespacePredicate); err != nil { + if err := c.Watch(&source.Kind{Type: &emsv1alpha1.ElasticMapsServer{}}, &handler.EnqueueRequestForObject{}); err != nil { return err } @@ -89,7 +88,7 @@ func addWatches(c controller.Controller, r *ReconcileMapsServer) error { // Watch Pods, to ensure `status.version` and version upgrades are correctly reconciled on any change. // Watching Deployments only may lead to missing some events. - if err := watches.WatchPods(c, NameLabelName, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchPods(c, NameLabelName); err != nil { return err } @@ -108,7 +107,7 @@ func addWatches(c controller.Controller, r *ReconcileMapsServer) error { }); err != nil { return err } - if err := watches.WatchSoftOwnedSecrets(c, emsv1alpha1.Kind, predicates.ManagedNamespacePredicate); err != nil { + if err := watches.WatchSoftOwnedSecrets(c, emsv1alpha1.Kind); err != nil { return err } diff --git a/pkg/controller/webhook/webhook_certificates_controller.go b/pkg/controller/webhook/webhook_certificates_controller.go index 3deece5f4f..2dace3f029 100644 --- a/pkg/controller/webhook/webhook_certificates_controller.go +++ b/pkg/controller/webhook/webhook_certificates_controller.go @@ -13,14 +13,13 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes" - "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/certificates" + "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -93,10 +92,10 @@ func newReconciler(mgr manager.Manager, webhookParams Params, clientset kubernet } // Add adds a new Controller to mgr with r as the reconcile.Reconciler -func Add(mgr manager.Manager, webhookParams Params, clientset kubernetes.Interface, webhook AdmissionControllerInterface, predicates ...predicate.Predicate) error { +func Add(mgr manager.Manager, webhookParams Params, clientset kubernetes.Interface, webhook AdmissionControllerInterface, operatorParams operator.Parameters) error { r := newReconciler(mgr, webhookParams, clientset) // Create a new controller - c, err := controller.New(ControllerName, mgr, controller.Options{Reconciler: r}) + c, err := common.NewController(mgr, ControllerName, r, operatorParams) if err != nil { return err } @@ -110,7 +109,7 @@ func Add(mgr manager.Manager, webhookParams Params, clientset kubernetes.Interfa Name: "webhook-server-cert", Watched: []types.NamespacedName{secret}, Watcher: secret, - }, predicates...); err != nil { + }); err != nil { return err } From 1ab437f40e1b3f83952ce6a6dfbc6956e3fc0d2a Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Fri, 3 Dec 2021 14:49:31 -0600 Subject: [PATCH 24/29] remove the exported predicates.ManagedNamespacePredicate as it's unused atm. remove WithPredicates as it's not used anymore either. remove predicates in remoteca controller create as it's using common controller, so unneeded. --- cmd/manager/main.go | 3 --- pkg/controller/common/predicates/predicates.go | 10 ---------- .../license/license_controller_integration_test.go | 2 -- pkg/controller/remoteca/controller.go | 3 +-- pkg/controller/remoteca/watches.go | 9 ++++----- 5 files changed, 5 insertions(+), 22 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 53e329b340..a99ba2cc78 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -58,7 +58,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common/container" commonlicense "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" controllerscheme "github.com/elastic/cloud-on-k8s/pkg/controller/common/scheme" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" @@ -467,8 +466,6 @@ func startOperator(ctx context.Context) error { // configure the manager cache based on the number of managed namespaces managedNamespaces := viper.GetStringSlice(operator.NamespacesFlag) - // initialize the managed namespace predicate to ignore events outside of the namespaces the operator is concerned with - predicates.ManagedNamespacePredicate = predicates.NewManagedNamespacesPredicate(managedNamespaces) switch { case len(managedNamespaces) == 0: diff --git a/pkg/controller/common/predicates/predicates.go b/pkg/controller/common/predicates/predicates.go index c5f3fcded7..efd014b9e7 100644 --- a/pkg/controller/common/predicates/predicates.go +++ b/pkg/controller/common/predicates/predicates.go @@ -10,10 +10,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" ) -// ManagedNamespacePredicate is a predicate that will ignore events that exist -// outside of the namespaces that the operator manages. -var ManagedNamespacePredicate predicate.Predicate - // NewManagedNamespacesPredicate will return a predicate that will ignore events // that exist outside of the given managed namespaces, func NewManagedNamespacesPredicate(managedNamespaces []string) predicate.Predicate { @@ -37,9 +33,3 @@ func NewManagedNamespacesPredicate(managedNamespaces []string) predicate.Predica func IsNamespaceManaged(namespace string, managedNamespaces []string) bool { return len(managedNamespaces) == 0 || slices.Contains(managedNamespaces, namespace) } - -// WithPredicates is a helper function to convert one or more predicates -// into a slice of predicates. -func WithPredicates(predicates ...predicate.Predicate) []predicate.Predicate { - return predicates -} diff --git a/pkg/controller/license/license_controller_integration_test.go b/pkg/controller/license/license_controller_integration_test.go index e66f472612..8a101b3c59 100644 --- a/pkg/controller/license/license_controller_integration_test.go +++ b/pkg/controller/license/license_controller_integration_test.go @@ -29,7 +29,6 @@ import ( esv1 "github.com/elastic/cloud-on-k8s/pkg/apis/elasticsearch/v1" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" esclient "github.com/elastic/cloud-on-k8s/pkg/controller/elasticsearch/client" "github.com/elastic/cloud-on-k8s/pkg/utils/chrono" "github.com/elastic/cloud-on-k8s/pkg/utils/k8s" @@ -41,7 +40,6 @@ func TestMain(m *testing.M) { } func TestReconcile(t *testing.T) { - predicates.ManagedNamespacePredicate = predicates.NewManagedNamespacesPredicate([]string{"default"}) c, stop := test.StartManager(t, func(mgr manager.Manager, p operator.Parameters) error { r := &ReconcileLicenses{ Client: mgr.GetClient(), diff --git a/pkg/controller/remoteca/controller.go b/pkg/controller/remoteca/controller.go index 67dd627090..a07dbd8dc9 100644 --- a/pkg/controller/remoteca/controller.go +++ b/pkg/controller/remoteca/controller.go @@ -23,7 +23,6 @@ import ( "github.com/elastic/cloud-on-k8s/pkg/controller/common" "github.com/elastic/cloud-on-k8s/pkg/controller/common/license" "github.com/elastic/cloud-on-k8s/pkg/controller/common/operator" - "github.com/elastic/cloud-on-k8s/pkg/controller/common/predicates" "github.com/elastic/cloud-on-k8s/pkg/controller/common/reconciler" "github.com/elastic/cloud-on-k8s/pkg/controller/common/tracing" "github.com/elastic/cloud-on-k8s/pkg/controller/common/watches" @@ -50,7 +49,7 @@ func Add(mgr manager.Manager, accessReviewer rbac.AccessReviewer, params operato if err != nil { return err } - return AddWatches(c, r, predicates.ManagedNamespacePredicate) + return AddWatches(c, r) } // NewReconciler returns a new reconcile.Reconciler diff --git a/pkg/controller/remoteca/watches.go b/pkg/controller/remoteca/watches.go index 50c30e8101..0971caf9c3 100644 --- a/pkg/controller/remoteca/watches.go +++ b/pkg/controller/remoteca/watches.go @@ -12,7 +12,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -25,19 +24,19 @@ import ( ) // AddWatches set watches on objects needed to manage the association between a local and a remote cluster. -func AddWatches(c controller.Controller, r *ReconcileRemoteCa, predicates ...predicate.Predicate) error { +func AddWatches(c controller.Controller, r *ReconcileRemoteCa) error { // Watch for changes to RemoteCluster - if err := c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: &esv1.Elasticsearch{}}, &handler.EnqueueRequestForObject{}); err != nil { return err } // Watch Secrets that contain remote certificate authorities managed by this controller - if err := c.Watch(&source.Kind{Type: &v1.Secret{}}, handler.EnqueueRequestsFromMapFunc(newRequestsFromMatchedLabels()), predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: &v1.Secret{}}, handler.EnqueueRequestsFromMapFunc(newRequestsFromMatchedLabels())); err != nil { return err } // Dynamically watches the certificate authorities involved in a cluster relationship - if err := c.Watch(&source.Kind{Type: &v1.Secret{}}, r.watches.Secrets, predicates...); err != nil { + if err := c.Watch(&source.Kind{Type: &v1.Secret{}}, r.watches.Secrets); err != nil { return err } From a73a871bae7aaee71059529d33a8ea308749acb4 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Fri, 3 Dec 2021 14:53:58 -0600 Subject: [PATCH 25/29] Add some comments for newNamespaceAwareWatchersController --- pkg/controller/common/controller.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/controller/common/controller.go b/pkg/controller/common/controller.go index 099963283e..01a1d8fd5b 100644 --- a/pkg/controller/common/controller.go +++ b/pkg/controller/common/controller.go @@ -42,6 +42,8 @@ type namespaceAwareController struct { namespacePredicate predicate.Predicate } +// newNamespaceAwareWatchersController creates a new namespaceAwareController, ensuring that a predicate exists to ignore any +// namespaced events outside of managed namespaces, and the operator namespace. func newNamespaceAwareWatchersController(c controller.Controller, managedNamespaces []string, operatorNamespace string) controller.Controller { watchedNamespaces := managedNamespaces if !slices.Contains(managedNamespaces, operatorNamespace) { From 8fe547f8f67bc04c7e2beb99abecc98f325505f6 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Tue, 7 Dec 2021 11:44:43 -0600 Subject: [PATCH 26/29] Introduce a new function NewControllerWithOptions that allows setting of controller options on create. Use NewControllerWithOptions in webhook controller to avoid the default setting of MaxConcurrentReconciles. --- pkg/controller/common/controller.go | 9 +++++++++ .../webhook/webhook_certificates_controller.go | 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/pkg/controller/common/controller.go b/pkg/controller/common/controller.go index 01a1d8fd5b..895937f015 100644 --- a/pkg/controller/common/controller.go +++ b/pkg/controller/common/controller.go @@ -33,6 +33,15 @@ func NewController(mgr manager.Manager, name string, r reconcile.Reconciler, p o return newNamespaceAwareWatchersController(c, p.ManagedNamespaces, p.OperatorNamespace), nil } +// NewControllerWithOptions creates a new controller with the given name, reconciler, parameters, options and registers it with the manager. +func NewControllerWithOptions(mgr manager.Manager, name string, p operator.Parameters, options controller.Options) (controller.Controller, error) { + c, err := controller.New(name, mgr, options) + if err != nil { + return nil, err + } + return newNamespaceAwareWatchersController(c, p.ManagedNamespaces, p.OperatorNamespace), nil +} + var _ controller.Controller = &namespaceAwareController{} // namespaceAwareController implements the controller.Controller interface and automatically include a predicate to filter events diff --git a/pkg/controller/webhook/webhook_certificates_controller.go b/pkg/controller/webhook/webhook_certificates_controller.go index 2dace3f029..8500ad7dce 100644 --- a/pkg/controller/webhook/webhook_certificates_controller.go +++ b/pkg/controller/webhook/webhook_certificates_controller.go @@ -13,6 +13,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes" + "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/manager" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" @@ -95,7 +96,7 @@ func newReconciler(mgr manager.Manager, webhookParams Params, clientset kubernet func Add(mgr manager.Manager, webhookParams Params, clientset kubernetes.Interface, webhook AdmissionControllerInterface, operatorParams operator.Parameters) error { r := newReconciler(mgr, webhookParams, clientset) // Create a new controller - c, err := common.NewController(mgr, ControllerName, r, operatorParams) + c, err := common.NewControllerWithOptions(mgr, ControllerName, operatorParams, controller.Options{Reconciler: r}) if err != nil { return err } From 9ddb3cfd5a636dd4de424501ce11acac7114c521 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Thu, 9 Dec 2021 10:09:57 -0600 Subject: [PATCH 27/29] Actually use watchedNamespaces, not managedNamespaces --- pkg/controller/common/controller.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/controller/common/controller.go b/pkg/controller/common/controller.go index 895937f015..7d8caa0646 100644 --- a/pkg/controller/common/controller.go +++ b/pkg/controller/common/controller.go @@ -55,12 +55,12 @@ type namespaceAwareController struct { // namespaced events outside of managed namespaces, and the operator namespace. func newNamespaceAwareWatchersController(c controller.Controller, managedNamespaces []string, operatorNamespace string) controller.Controller { watchedNamespaces := managedNamespaces - if !slices.Contains(managedNamespaces, operatorNamespace) { + if !slices.Contains(watchedNamespaces, operatorNamespace) { watchedNamespaces = append(watchedNamespaces, operatorNamespace) } return &namespaceAwareController{ Controller: c, - namespacePredicate: predicates.NewManagedNamespacesPredicate(managedNamespaces), + namespacePredicate: predicates.NewManagedNamespacesPredicate(watchedNamespaces), } } From 62804ac05f64dd02fdee1779bdc1795dacf4bb78 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 13 Dec 2021 09:29:46 -0600 Subject: [PATCH 28/29] Do not append 'namespaceAll' to managed namespaces on initialization. --- cmd/manager/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index a99ba2cc78..8a1aa4d96e 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -479,12 +479,12 @@ func startOperator(ctx context.Context) error { // The managed cache should always include the operator namespace so that we can work with operator-internal resources. managedNamespaces = append(managedNamespaces, operatorNamespace) + opts.NewCache = cache.MultiNamespacedCacheBuilder(managedNamespaces) + // Add the empty namespace to allow watching cluster-scoped resources if storage class validation is enabled. if viper.GetBool(operator.ValidateStorageClassFlag) { - managedNamespaces = append(managedNamespaces, "") + opts.NewCache = cache.MultiNamespacedCacheBuilder(append(managedNamespaces, "")) } - - opts.NewCache = cache.MultiNamespacedCacheBuilder(managedNamespaces) } // only expose prometheus metrics if provided a non-zero port From 9f83fffdb511af3600d93861ada742abd2b999d3 Mon Sep 17 00:00:00 2001 From: Michael Montgomery Date: Mon, 13 Dec 2021 13:38:51 -0600 Subject: [PATCH 29/29] ensure we do not append anything to the managed namespaces when it's empty (managing all namespaces) --- pkg/controller/common/controller.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/controller/common/controller.go b/pkg/controller/common/controller.go index 7d8caa0646..5cfd50c81f 100644 --- a/pkg/controller/common/controller.go +++ b/pkg/controller/common/controller.go @@ -55,7 +55,9 @@ type namespaceAwareController struct { // namespaced events outside of managed namespaces, and the operator namespace. func newNamespaceAwareWatchersController(c controller.Controller, managedNamespaces []string, operatorNamespace string) controller.Controller { watchedNamespaces := managedNamespaces - if !slices.Contains(watchedNamespaces, operatorNamespace) { + // if the length of watchedNamespaces is 0, then we're watching all namespaces, and shouldn't append anything to the slice, as + // it will just cause issues wth the managed namespaces predicate. + if len(watchedNamespaces) > 0 && !slices.Contains(watchedNamespaces, operatorNamespace) { watchedNamespaces = append(watchedNamespaces, operatorNamespace) } return &namespaceAwareController{