381 Commits

Author	SHA1	Message	Date
Jian Zhu	80ac13ce32	fix: remove flaky time.Sleep from hub timeout controller test (#1388) ... The TestHubTimeoutController_Sync test was failing intermittently in CI due to timing issues with time.Sleep() and real-time execution overhead. Changes: - Removed time.Sleep() dependency that caused flakiness - Set lease renew time in the past using time.Now().Add(-duration) to deterministically simulate aged leases - Made timeout threshold configurable per test case - Increased safety margin from 2s to 3s in "not timeout" case (2s lease age vs 5s timeout, previously 1s wait vs 3s timeout) - Set startTime in the past to bypass the 10s grace period check that was added to handle stale lease scenarios This eliminates race conditions in CI environments where execution overhead could push the test beyond the timeout threshold. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: zhujian <jiazhu@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-13 02:18:37 +00:00
Qing Hao	7f4d432638	improve event recording logic and test maintainability (#1376) ... 🤖 Generated with [Claude Code](https://claude.ai/code) Signed-off-by: Qing Hao <qhao@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-13 02:15:46 +00:00
Jian Zhu	2128dfebcc	fix: handle ComponentNamespace in CI test environment (#1387) ... The TestNewAgentOptions test was failing in CI because it expected ComponentNamespace to always be "open-cluster-management-agent", but NewAgentOptions() reads from /var/run/secrets/kubernetes.io/serviceaccount/namespace when running in a Kubernetes pod (which exists in CI environment). Updated the test to accept either the default value (when running locally) or the actual pod namespace (when running in CI), while ensuring the namespace is never empty. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: zhujian <jiazhu@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-12 14:14:59 +00:00
Jian Zhu	7323d2047a	✨ Support token-based authentication for template addons (#1363) ... * ✨ Support token-based authentication for template addons This change enables template type addons to work with both CSR-based and token-based authentication through dynamic subject binding. Changes: - Modified createPermissionBinding() to extract dynamic subjects from addon.Status.Registrations instead of using hardcoded groups - Added buildSubjectsFromRegistration() helper to extract user/groups from registration status - Returns SubjectNotReadyError when subjects not ready (enables retry) - Removed clusterAddonGroup() function (no longer needed) - Updated addon-framework dependency to v1.2.0 for SubjectNotReadyError - Added comprehensive tests for buildSubjectsFromRegistration - Updated test helpers to include registration status with proper subjects The implementation now supports: - CSR-based authentication (existing) - Token-based authentication (new) - Any future authentication method that populates Status.Registrations Related: 14af2a2eeb/enhancements/sig-architecture/167-token-based-addon-registration/README.md 🤖 Generated with Claude Code https://claude.com/claude-code Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: zhujian <jiazhu@redhat.com> * test: add unit test for system:authenticated group filtering Add a test case to verify that buildSubjectsFromRegistration correctly filters out the system:authenticated group from the list of groups when building RBAC subjects. This covers the filtering logic in registration.go lines 560-562. Also update the expected groups in TestTemplateCSRConfigurationsFunc to match the implementation that includes both cluster-specific and addon-wide groups for token-based authentication. Signed-off-by: Claude <noreply@anthropic.com> Signed-off-by: zhujian <jiazhu@redhat.com> * feat: add addon-wide group and filter system:authenticated Add support for addon-wide group in defaultGroups() to support token-based authentication for template addons. This adds the system:open-cluster-management:addon:{addonName} group in addition to the cluster-specific group. Also add filtering logic in buildSubjectsFromRegistration() to exclude the system:authenticated group from RBAC subjects, as this is a special Kubernetes group automatically added to all authenticated users and should not be explicitly included in RoleBindings. Signed-off-by: Claude <noreply@anthropic.com> Signed-off-by: zhujian <jiazhu@redhat.com> * refactor: implement custom CSR approver with flexible org validation Replace addon-framework's DefaultCSRApprover with a custom implementation that supports both legacy and new CSR organization structures. Key changes: - Implement defaultCSRApprover function that accepts 2 or 3 organization units - 3 orgs: legacy behavior including system:authenticated group in CSRs - 2 orgs: new behavior where system:authenticated is filtered out - Add support for gRPC-based CSR requests by checking CSRUsernameAnnotation - Validate all required default addon groups are present in CSR - Add necessary imports: k8s.io/apimachinery/pkg/util/sets and operatorapiv1 This enables backward compatibility while supporting the new token-based authentication flow where system:authenticated is excluded from CSR orgs but included in registration configs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: zhujian <jiazhu@redhat.com> * refactor: use addon-framework's updated KubeClientSignerConfigurations Remove custom implementations and use addon-framework's native functions which now include system:authenticated group by default. Changes: - Remove custom kubeClientSignerConfigurations function - Remove custom defaultGroups function - Remove custom defaultCSRApprover function - Use agent.KubeClientSignerConfigurations from addon-framework - Use utils.DefaultCSRApprover from addon-framework - Remove unused imports: k8s.io/apimachinery/pkg/util/sets and operatorapiv1 The addon-framework has been updated to include system:authenticated in DefaultGroups(), eliminating the need for custom implementations. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: zhujian <jiazhu@redhat.com> --------- Signed-off-by: zhujian <jiazhu@redhat.com> Signed-off-by: Claude <noreply@anthropic.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-30 11:44:53 +00:00
Morven Cao	062ae225bb	🐛 enhance clusterprofile lifecycle controller (#1359) ... * check namespace existence and state in clusterprofile lifecycle controller. Signed-off-by: Morven Cao <lcao@redhat.com> * optimize the queue key and log for clusterprofile controller. Signed-off-by: Morven Cao <lcao@redhat.com> --------- Signed-off-by: Morven Cao <lcao@redhat.com>	2026-01-29 07:28:29 +00:00
Jian Qiu	63d9574ca2	✨ Add watch-based feedback with dynamic informer lifecycle management (#1350) ... * Add watch-based feedback with dynamic informer lifecycle management Implements dynamic informer registration and cleanup for resources configured with watch-based status feedback (FeedbackScrapeType=Watch). This enables real-time status updates for watched resources while efficiently managing resource lifecycle. Features: - Automatically register informers for resources with FeedbackWatchType - Skip informer registration for FeedbackPollType or when not configured - Clean up informers when resources are removed from manifestwork - Clean up informers during applied manifestwork finalization - Clean up informers when feedback type changes from watch to poll Implementation: - Refactored ObjectReader to interface for better modularity - Added UnRegisterInformerFromAppliedManifestWork helper for bulk cleanup - Enhanced AvailableStatusController to conditionally register informers - Updated finalization controllers to unregister informers on cleanup - Added nil safety checks to prevent panics during cleanup Testing: - Unit tests for informer registration based on feedback type - Unit tests for bulk unregistration and nil safety - Integration test for end-to-end watch-based feedback workflow - Integration test for informer cleanup on manifestwork deletion - All existing tests updated and passing This feature improves performance by using watch-based updates for real-time status feedback while maintaining efficient resource cleanup. Signed-off-by: Jian Qiu <jqiu@redhat.com> * Fallback to get from client when informer is not synced Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2026-01-29 06:46:21 +00:00
Yang Le	f2aa5d4d6a	skip importing terminating clusters (#1358) ... Signed-off-by: Yang Le <yangle@redhat.com>	2026-01-29 05:13:32 +00:00
Jian Qiu	2743547b40	Reduce logging level of DumpSecret to v(4) (#1357) ... It generates a lot of noises otherwise Signed-off-by: Jian Qiu <jqiu@redhat.com>	2026-01-29 04:28:42 +00:00
Morven Cao	d1221c4a79	🌱 sync clusterprofile based on managedclusterset and managedclustersetbinding (#1351) ... * sync clusterprofile based on managedclusterset and managedclustersetbinding Co-authored-by: Claude <claude@anthropic.com> Signed-off-by: Morven Cao <lcao@redhat.com> * Refactor ClusterProfile controller into two separate controllers. Signed-off-by: Morven Cao <lcao@redhat.com> * address comments. Signed-off-by: Morven Cao <lcao@redhat.com> * fix lint issues. Signed-off-by: Morven Cao <lcao@redhat.com> * address comments. Signed-off-by: Morven Cao <lcao@redhat.com> * address comments. Signed-off-by: Morven Cao <lcao@redhat.com> --------- Signed-off-by: Morven Cao <lcao@redhat.com>	2026-01-28 15:37:46 +00:00
Yang Le	9d1a993e2c	✨ add token driver for addon registration (#1343) ... Signed-off-by: Yang Le <yangle@redhat.com>	2026-01-28 05:41:52 +00:00
Yang Le	f6dec25bdf	✨ add contoller to support token infrastructure (#1340) ... Signed-off-by: Yang Le <yangle@redhat.com>	2026-01-27 13:06:21 +00:00
Wei Liu	8fd640694e	enable grpc e2e (#1354) ... Signed-off-by: Wei Liu <liuweixa@redhat.com>	2026-01-27 10:26:32 +00:00
Jian Qiu	9b010ef622	🌱 build object reader to get resource object from spoke (#1324) ... * A resource informer code to watch resources Signed-off-by: Jian Qiu <jqiu@redhat.com> * Use object reader in controller Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2026-01-23 07:32:13 +00:00
Wei Liu	5740147dba	add token request service (#1339) ... Signed-off-by: Wei Liu <liuweixa@redhat.com>	2026-01-20 03:19:41 +00:00
Zhiwei Yin	9a1e925112	ensure immediate requeue for transient errors when work spec is changed (#1335) ... Signed-off-by: Zhiwei Yin <zyin@redhat.com>	2026-01-19 07:57:39 +00:00
xuezhao	d83c822129	Add duplicate manifest detection in ManifestWork webhook validation (#1310) ... This commit adds validation to detect and reject duplicate manifests in ManifestWork resources. A manifest is considered duplicate when it has the same apiVersion, kind, namespace, and name as another manifest in the same ManifestWork. This prevents issues where duplicate manifests with different specs can cause state inconsistency, as the Work Agent applies manifests sequentially and later entries would overwrite earlier ones. The validation returns a clear error message indicating the duplicate manifest's index and the index of its first occurrence. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: xuezhaojun <zxue@redhat.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-19 06:09:25 +00:00
Jian Zhu	c69a2586e5	fix: ensure immediate eviction after grace period expires (#1330) ... Fixed a bug where AppliedManifestWorks were not evicted immediately after the appliedmanifestwork-eviction-grace-period expired. Root cause: The controller used an exponential backoff rate limiter to schedule requeue delays, which caused: 1. Exponentially increasing delays during grace period (1min -> 2min -> 4min...) 2. Unpredictable delays after grace period expired Solution: Replace rate limiter with direct time calculation. Now the controller calculates the exact remaining time until eviction and schedules the next sync for that precise moment: remainingTime := evictionTime.Sub(now) Changes: - Removed rateLimiter field and workqueue import - Calculate exact remaining time instead of using exponential backoff - Added V(4) logging to show scheduled eviction time and remaining time - Updated unit test expectations (queue length 0 for delayed items) Impact: AppliedManifestWorks are now evicted immediately when the grace period expires, instead of being delayed by minutes due to exponential backoff. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: zhujian <jiazhu@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-16 09:48:50 +00:00
Anne Lau	4dc99cd621	Progressing status conditions, true wins (#1332) ... Signed-off-by: annelau <annelau@salesforce.com> Co-authored-by: annelau <annelau@salesforce.com>	2026-01-16 06:53:14 +00:00
Zhiwei Yin	40de7f2ed1	refactor(registration): preserve ClusterRole/ClusterRoleBinding when managed cluster is denied (#1328) ... Refactored the removeClusterRbac function into separate functions to handle different RBAC resource cleanup scenarios: - removeClusterRBACResources: orchestrates full RBAC cleanup when cluster is deleted - removeClusterSpecificRBAC: removes ClusterRole and ClusterRoleBinding - removeClusterSpecificRoleBindings: removes registration and work RoleBindings When hubAcceptsClient is false (cluster denied), only RoleBindings are removed while ClusterRole and ClusterRoleBinding are preserved and updated. This ensures proper RBAC state for denied clusters without deleting cluster-scoped resources. Added unit test to verify that when a cluster is denied, only RoleBindings are deleted while ClusterRole and ClusterRoleBinding remain intact. Signed-off-by: Zhiwei Yin <zyin@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-13 10:16:00 +00:00
Wei Liu	d5e677414c	add options to grpc broker (#1326) ... Signed-off-by: Wei Liu <liuweixa@redhat.com>	2026-01-12 12:50:14 +00:00
Guilhem Lettron	ac5f34839d	feat(manager): implement import-renderers (#1317) ... Signed-off-by: Guilhem Lettron <glettron@akamai.com>	2026-01-09 07:38:35 +00:00
Qing Hao	c6aa931619	fix(addon): remove internal annotation from v1alpha1 after conversion (#1321) ... When converting ManagedClusterAddOn from v1beta1 to v1alpha1, the internal annotation 'addon.open-cluster-management.io/v1alpha1-install-namespace' should be removed after being converted to Spec.InstallNamespace field. This annotation is only used internally for v1beta1 storage to preserve the InstallNamespace field which was removed in v1beta1. It should not appear in v1alpha1 API responses. Fixes: ACM-28133 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Qing Hao <qhao@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-09 01:34:23 +00:00
Érico GR	ad89f05351	🐛 Fix work rolebinding cleanup when hubAcceptsClient is set to false (#1318) ... * Fix work rolebinding cleanup when hubAcceptsClient is set to false Signed-off-by: Erico G. Rimoli <erico.rimoli@totvs.com.br> * Adds error handling to the removeClusterRbac call within the controller synchronization function Signed-off-by: Erico G. Rimoli <erico.rimoli@totvs.com.br>	2026-01-08 13:46:13 +00:00
Anne Lau	635b0ff7e9	PlacementRollout to reflect Ready status (#1281) ... Update with success count Remove status references Add unit tests Fix unit tests Update unit tests Test fix Fix tests for lastTransitionTime Fix integration tests Signed-off-by: annelau <annelau@salesforce.com> Co-authored-by: annelau <annelau@salesforce.com>	2026-01-08 01:53:14 +00:00
Carlos Cardeñosa	1b40e72e0b	Fix race condition: wait for CA bundle ConfigMap before applying CRDs (#1309) ... The cluster manager controller was silently using a literal "placeholder" string as the CA bundle when the ca-bundle-configmap ConfigMap didn't exist yet. This caused CRDs to be created with an invalid caBundle field (cGxhY2Vob2xkZXI= which is base64 of "placeholder"), resulting in: 1. CRD conversion webhooks failing with "InvalidCABundle" error 2. CRDs not becoming Established 3. API endpoints not being registered 4. Dependent components (like MultiClusterHub) failing with: "no matches for kind ClusterManagementAddOn" The bug was a race condition between the cert rotation controller (which creates the ca-bundle-configmap) and the cluster manager controller (which reads it). When the ConfigMap was not found, the code did "// do nothing" and silently continued with the placeholder value. This fix: 1. Creates the hub namespace FIRST (before waiting for the CA bundle) to allow the cert rotation controller to create the ca-bundle-configmap 2. Then waits for the CA bundle ConfigMap to exist before proceeding 3. Requeues via AddAfter if the ConfigMap is not found, allowing the controller to gracefully retry until the cert rotation controller has created it This ensures CRDs are always created with valid CA bundles while avoiding the deadlock where clusterManagerController waited for CA bundle but certRotationController needed the namespace first. Changes based on review feedback: - Use requeue (AddAfter) instead of returning error (@elgnay) - Use contextual logging instead of klog.V(4).Infof (@qiujian16) The issue was discovered in OpenShift CI Prow jobs for ZTP hub deployment: - https://prow.ci.openshift.org/view/gs/test-platform-results/logs/periodic-ci-openshift-kni-eco-ci-cd-ztp-left-shifting-kpi-ci-4.21-telcov10n-virtualised-single-node-hub-ztp/2005051399989104640 - https://prow.ci.openshift.org/view/gs/test-platform-results/logs/periodic-ci-openshift-kni-eco-ci-cd-ztp-left-shifting-kpi-ci-4.21-telcov10n-virtualised-single-node-hub-ztp/2005219283428184064 Affected versions: ACM 2.16.0-113/114, MCE 2.11.0-142/143 on OCP 4.21.0-rc.0 Signed-off-by: Carlos Cardenosa <ccardeno@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>	2026-01-07 14:35:55 +00:00
Anne Lau	ff9f801aa0	Fix transition time for Applied + StatusFeedbackSynced (#1282) ... Update code changes to only update observed generation without lastTransitionTime Update with simple tests Update with the latest PR changes Add unit test changes Add integration test generated by cursor Fix unit tests Signed-off-by: annelau <annelau@salesforce.com> Co-authored-by: annelau <annelau@salesforce.com>	2025-12-31 02:27:59 +00:00
Qing Hao	c516beffa6	✨ Add addon conversion webhook for v1alpha1/v1beta1 API migration (#1289) ... * Add addon conversion webhook for v1alpha1/v1beta1 API migration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Qing Hao <qhao@redhat.com> * Fix GroupVersion compatibility issues after API dependency update This commit fixes compilation and test errors introduced by updating the API dependency to use native conversion functions from PR #411. Changes include: 1. Fix GroupVersion type mismatches across the codebase: - Updated OwnerReference creation to use schema.GroupVersion - Fixed webhook scheme registration to use proper GroupVersion type - Applied fixes to addon, placement, migration, work, and registration controllers 2. Enhance addon conversion webhook: - Use native API conversion functions from addon/v1beta1/conversion.go - Fix InstallNamespace annotation key to match expected format - Add custom logic to populate deprecated ConfigReferent field in ConfigReferences - Properly preserve annotations during v1alpha1 <-> v1beta1 conversion 3. Remove duplicate conversion code: - Deleted pkg/addon/webhook/conversion/ directory (~500 lines) - Now using native conversion functions from the API repository 4. Patch vendored addon-framework: - Fixed GroupVersion errors in agentdeploy utils All unit tests pass successfully (97 packages, 0 failures). Signed-off-by: Qing Hao <qhao@redhat.com> --------- Signed-off-by: Qing Hao <qhao@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>	2025-12-24 08:26:35 +00:00
Jian Qiu	78daf0d2ae	fix: skip GC for ManifestWorks managed by ManifestWorkReplicaSet (#1299) ... Skip garbage collection for ManifestWorks that have the ManifestWorkReplicaSet controller label, as these should be managed exclusively by the ManifestWorkReplicaSet controller. Changes: - Fix logic bug in controller to properly check for ReplicaSet label - Add unit tests for label-based GC skip behavior - Add integration test to verify GC skip for ReplicaSet-managed works 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Jian Qiu <jqiu@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2025-12-16 08:56:07 +00:00
Jian Qiu	99265f6113	Refactor to contextual logging (#1283) ... Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-12-08 08:14:30 +00:00
Jian Qiu	a06e37e65c	🌱 Integrate SDK logging tracing into work agent controllers (#1277) ... This change adds log tracing support to the work agent controllers by: - Upgrading SDK to version with logging.SetLogTracingByObject helper - Setting tracing keys from ManifestWork objects in all work controllers - Adding clusterName to the base logger for better log context - Propagating tracing context through cloud events The tracing keys enable better correlation of logs across the work lifecycle from source to agent. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Jian Qiu <jqiu@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>	2025-12-04 13:12:38 +00:00
Jian Qiu	33310619d9	🌱 use SDK basecontroller for better logging. (#1269) ... * Use basecontroller in sdk-go instead for better logging Signed-off-by: Jian Qiu <jqiu@redhat.com> * Rename to fakeSyncContext Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-12-01 03:07:02 +00:00
Qing Hao	26edb9423a	fix: Check Applied condition before evaluating rollout status (#1243) ... 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Qing Hao <qhao@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>	2025-12-01 02:14:46 +00:00
Jian Qiu	8f8cd01b52	Update dependencies: k8s 0.34.1, controller-runtime 0.22.3, and OCM libs (#1267) ... - Update k8s.io/* libraries to v0.34.1 - Update sigs.k8s.io/controller-runtime to v0.22.3 - Update open-cluster-management.io/api to 2337d27c3b7f - Update open-cluster-management.io/sdk-go to a185f88d7b1b - Update open-cluster-management.io/addon-framework to 1a0a9be61322 - Update openshift libraries (api, client-go, library-go) to latest commits for structured-merge-diff v6 compatibility - Add Recorder() method to FakeSDKSyncContext with adapter pattern to bridge openshift/library-go and SDK event recorder interfaces - Update vendor directory and regenerate CRDs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Jian Qiu <jqiu@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>	2025-11-26 05:56:58 +00:00
Jian Qiu	eb033993c2	🌱 Use base controller in sdk-go (#1251) ... * Use base controller in sdk-go We can leverage contextual logger in base controller. Signed-off-by: Jian Qiu <jqiu@redhat.com> * Fix integration test error Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-11-20 07:53:42 +00:00
Wei Liu	b928d9f2a9	update sdk-go (#1257) ... Signed-off-by: Wei Liu <liuweixa@redhat.com>	2025-11-19 04:08:16 +00:00
Zhiwei Yin	76449f862c	support loadBalancer for grpc endpoint type (#1255) ... Signed-off-by: Zhiwei Yin <zyin@redhat.com>	2025-11-19 02:39:54 +00:00
Jian Qiu	5528aff6d3	🌱 Add contextual logging for work agent (#1242) ... * Add contextual logging for work agent Signed-off-by: Jian Qiu <jqiu@redhat.com> * Resolve comments Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-11-07 05:28:13 +00:00
Zhiwei Yin	d80ec55608	add server configuration for clusterManager helm chart (#1239) ... Signed-off-by: Zhiwei Yin <zyin@redhat.com>	2025-11-05 06:44:23 +00:00
Yang Le	1384645b10	🌱 optimize the requeue timing for lease controller (#1236) ... Signed-off-by: Yang Le <yangle@redhat.com>	2025-10-31 04:21:55 +00:00
Wei Liu	8d46ca188a	only init cluster and csr client in bootstrap phase (#1224) ... Signed-off-by: Wei Liu <liuweixa@redhat.com>	2025-10-28 14:17:36 +00:00
Qing Hao	34cd9a2549	Update rollout logic to use Progressing condition instead of WorkApplied (#1207) ... 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Qing Hao <qhao@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>	2025-10-22 02:31:40 +00:00
Jian Zhu	8a2a4a5e6b	Add test for empty agentInstallNamespace using template namespace (#1213) ... Add a test case to verify that when agentInstallNamespace is explicitly set to an empty string in AddOnDeploymentConfig, the namespace defined in the addonTemplate is used instead of being overridden. This test validates the fix for issue #1209 where AddOnDeploymentConfig was silently overriding the addonTemplate namespace even when agentInstallNamespace was not intended to be set. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: zhujian <jiazhu@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>	2025-10-20 01:58:57 +00:00
Jian Qiu	daa9b2fa54	🐛 Avoid redundant apply and get operation in work controller (#1196) ... * Remove event after apply and add jitter when requeue Signed-off-by: Jian Qiu <jqiu@redhat.com> * Change event handler to avoid redundant reconciles Signed-off-by: Jian Qiu <jqiu@redhat.com> * Add unit tests for onAdd and onUpdate function Signed-off-by: Jian Qiu <jqiu@redhat.com> * Fix interegation test fail Signed-off-by: Jian Qiu <jqiu@redhat.com> * Set resync interval to 4-6 mins Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-10-17 02:04:40 +00:00
Wei Liu	f1e7905b16	using mw finalizer instead of resource finalizer (#1211) ... Signed-off-by: Wei Liu <liuweixa@redhat.com>	2025-10-16 09:30:26 +00:00
Zhiwei Yin	4a8b2ddb5e	check registration webhook deployment for HubRegistrationDegraded condidtion (#1043) ... Signed-off-by: Zhiwei Yin <zyin@redhat.com>	2025-10-16 08:19:09 +00:00
Jian Qiu	eed705a038	Fix ManifestWorkReplicaSet not deleting ManifestWorks from old placement (#1206) ... When a ManifestWorkReplicaSet's placementRef was changed, the ManifestWorks created for the old placement were not deleted, causing orphaned resources. The deployReconciler only processed placements currently in the spec and never cleaned up ManifestWorks from removed placements. This commit adds cleanup logic that: - Builds a set of current placement names from the spec - Lists all ManifestWorks belonging to the ManifestWorkReplicaSet - Deletes any ManifestWorks with placement labels not in current spec Also adds comprehensive tests: - Integration test verifying placement change cleanup - Unit tests for single and multiple placement change scenarios Fixes #1203 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Jian Qiu <jqiu@redhat.com> Co-authored-by: Claude <noreply@anthropic.com>	2025-10-13 06:31:38 +00:00
Yang Le	db92ed79d4	✨ support managed namespaces (#1193) ... Signed-off-by: Yang Le <yangle@redhat.com>	2025-09-25 08:19:30 +00:00
Zhiwei Yin	35bab4476a	add grpc config into the bootstrap secret (#1194) ... Signed-off-by: Zhiwei Yin <zyin@redhat.com>	2025-09-24 03:35:31 +00:00
xuezhao	010f5efe6d	Add startTime initialization and wait 10s in hubTimeoutController (#1191) ... Signed-off-by: xuezhaojun <zxue@redhat.com>	2025-09-23 07:26:48 +00:00
Jian Qiu	2f04992d6c	✨ Deleted manifestwork when it is completed for ttl seconds. (#1158) ... * Delete manifestwork when it is completed after ttl Signed-off-by: Jian Qiu <jqiu@redhat.com> * Fix integration test Signed-off-by: Jian Qiu <jqiu@redhat.com> * Update operator and e2e tests Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-09-23 02:23:47 +00:00