mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-02-14 10:00:11 +00:00
353a850f8d
* sync labels from klusterlet to all agent resources (#475) Signed-off-by: Zhiwei Yin <zyin@redhat.com> * add enable-sync-labels flag to klusterlet operator (#505) Signed-off-by: Zhiwei Yin <zyin@redhat.com> * fix issue that pull secret and ns are synced labels when enable-sync-labels is disabled (#511) Signed-off-by: Zhiwei Yin <zyin@redhat.com> --------- Signed-off-by: Zhiwei Yin <zyin@redhat.com>
90 lines
2.7 KiB
Go
90 lines
2.7 KiB
Go
package addonsecretcontroller
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/openshift/library-go/pkg/controller/factory"
|
|
"github.com/openshift/library-go/pkg/operator/events"
|
|
"k8s.io/apimachinery/pkg/api/errors"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
coreinformer "k8s.io/client-go/informers/core/v1"
|
|
"k8s.io/client-go/kubernetes"
|
|
|
|
"open-cluster-management.io/ocm/pkg/common/queue"
|
|
"open-cluster-management.io/ocm/pkg/operator/helpers"
|
|
)
|
|
|
|
const (
|
|
imagePullSecret = "open-cluster-management-image-pull-credentials"
|
|
addonInstallNamespaceLabelKey = "addon.open-cluster-management.io/namespace"
|
|
)
|
|
|
|
// AddonPullImageSecretController is used to sync pull image secret from operator namespace
|
|
// to addon namespaces(with label "addon.open-cluster-management.io/namespace":"true")
|
|
// Note:
|
|
// 1. AddonPullImageSecretController only handles namespace events within the same cluster.
|
|
// 2. If the lable is remove from namespace, controller now would not remove the secret.
|
|
type addonPullImageSecretController struct {
|
|
operatorNamespace string
|
|
namespaceInformer coreinformer.NamespaceInformer
|
|
kubeClient kubernetes.Interface
|
|
recorder events.Recorder
|
|
}
|
|
|
|
func NewAddonPullImageSecretController(kubeClient kubernetes.Interface, operatorNamespace string,
|
|
namespaceInformer coreinformer.NamespaceInformer, recorder events.Recorder) factory.Controller {
|
|
ac := &addonPullImageSecretController{
|
|
operatorNamespace: operatorNamespace,
|
|
namespaceInformer: namespaceInformer,
|
|
kubeClient: kubeClient,
|
|
recorder: recorder,
|
|
}
|
|
return factory.New().WithFilteredEventsInformersQueueKeysFunc(
|
|
queue.QueueKeyByMetaName,
|
|
queue.FileterByLabelKeyValue(addonInstallNamespaceLabelKey, "true"),
|
|
namespaceInformer.Informer()).WithSync(ac.sync).ToController("AddonPullImageSecretController", recorder)
|
|
}
|
|
|
|
func (c *addonPullImageSecretController) sync(ctx context.Context, controllerContext factory.SyncContext) error {
|
|
var err error
|
|
|
|
// Sync secret if namespace is created
|
|
namespace := controllerContext.QueueKey()
|
|
if namespace == "" {
|
|
return nil
|
|
}
|
|
|
|
// If namespace is not found or deleting or does't have addon label, do nothing
|
|
ns, err := c.kubeClient.CoreV1().Namespaces().Get(ctx, namespace, metav1.GetOptions{})
|
|
if errors.IsNotFound(err) {
|
|
return nil
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if !ns.DeletionTimestamp.IsZero() {
|
|
return nil
|
|
}
|
|
|
|
if ns.Labels[addonInstallNamespaceLabelKey] != "true" {
|
|
return nil
|
|
}
|
|
|
|
_, _, err = helpers.SyncSecret(
|
|
ctx,
|
|
c.kubeClient.CoreV1(),
|
|
c.kubeClient.CoreV1(),
|
|
c.recorder,
|
|
c.operatorNamespace,
|
|
imagePullSecret,
|
|
namespace,
|
|
imagePullSecret,
|
|
[]metav1.OwnerReference{},
|
|
nil,
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|