Skip to content

Commit

Permalink
customroute: remove operands and clear custom route ingress status if…
Browse files Browse the repository at this point in the history
… external OIDC config is available
  • Loading branch information
liouk committed Nov 20, 2024
1 parent 905cfda commit af0a023
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 2 deletions.
70 changes: 68 additions & 2 deletions pkg/controllers/customroute/custom_route_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,19 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/informers"
corev1listers "k8s.io/client-go/listers/core/v1"
"k8s.io/klog/v2"

configv1 "github.com/openshift/api/config/v1"
routev1 "github.com/openshift/api/route/v1"
applyconfigv1 "github.com/openshift/client-go/config/applyconfigurations/config/v1"
configsetterv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
configinformers "github.com/openshift/client-go/config/informers/externalversions/config/v1"
configinformers "github.com/openshift/client-go/config/informers/externalversions"
configinformersv1 "github.com/openshift/client-go/config/informers/externalversions/config/v1"
configlistersv1 "github.com/openshift/client-go/config/listers/config/v1"
operatorv1informers "github.com/openshift/client-go/operator/informers/externalversions/operator/v1"
operatorv1listers "github.com/openshift/client-go/operator/listers/operator/v1"
routeclient "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1"
routeinformer "github.com/openshift/client-go/route/informers/externalversions/route/v1"
routev1lister "github.com/openshift/client-go/route/listers/route/v1"
Expand Down Expand Up @@ -51,18 +55,25 @@ type customRouteController struct {
secretLister corev1listers.SecretLister
resourceSyncer resourcesynccontroller.ResourceSyncer
operatorClient v1helpers.OperatorClient

authLister configlistersv1.AuthenticationLister
kasLister operatorv1listers.KubeAPIServerLister
kasConfigMapLister corev1listers.ConfigMapLister
}

func NewCustomRouteController(
componentRouteNamespace string,
componentRouteName string,
destSecretNamespace string,
destSecretName string,
ingressInformer configinformers.IngressInformer,
ingressInformer configinformersv1.IngressInformer,
ingressClient configsetterv1.IngressInterface,
routeInformer routeinformer.RouteInformer,
routeClient routeclient.RouteInterface,
kubeInformersForNamespaces v1helpers.KubeInformersForNamespaces,
operatorConfigInformers configinformers.SharedInformerFactory,
kasInformer operatorv1informers.KubeAPIServerInformer,
kasConfigMapInformer informers.SharedInformerFactory,
operatorClient v1helpers.OperatorClient,
eventRecorder events.Recorder,
resourceSyncer resourcesynccontroller.ResourceSyncer,
Expand All @@ -83,6 +94,10 @@ func NewCustomRouteController(
secretLister: kubeInformersForNamespaces.SecretLister(),
operatorClient: operatorClient,
resourceSyncer: resourceSyncer,

authLister: operatorConfigInformers.Config().V1().Authentications().Lister(),
kasLister: kasInformer.Lister(),
kasConfigMapLister: kasConfigMapInformer.Core().V1().ConfigMaps().Lister(),
}

return factory.New().
Expand All @@ -91,6 +106,8 @@ func NewCustomRouteController(
routeInformer.Informer(),
kubeInformersForNamespaces.InformersFor("openshift-config").Core().V1().Secrets().Informer(),
kubeInformersForNamespaces.InformersFor("openshift-authentication").Core().V1().Secrets().Informer(),
operatorConfigInformers.Config().V1().Authentications().Informer(),
kasInformer.Informer(),
).
WithSyncDegradedOnError(operatorClient).
WithSync(controller.sync).
Expand All @@ -116,6 +133,12 @@ func (c *customRouteController) sync(ctx context.Context, syncCtx factory.SyncCo
return fmt.Errorf("custom route configuration failed verification: %v", errors)
}

if oidcAvailable, err := common.ExternalOIDCConfigAvailable(c.authLister, c.kasLister, c.kasConfigMapLister); err != nil {
return err
} else if oidcAvailable {
return c.removeOperands(ctx, ingressConfigCopy, secretName)
}

// create or modify the existing route
if err = c.applyRoute(ctx, expectedRoute); err != nil {
return err
Expand Down Expand Up @@ -289,3 +312,46 @@ func (c *customRouteController) getFieldManager() string {
// TODO find a way to get the client name and combine it with the controller name automatically
return "AuthenticationCustomRouteController"
}

func (c *customRouteController) removeOperands(ctx context.Context, ingressConfig *configv1.Ingress, secretName string) error {
if _, err := c.routeLister.Routes(c.componentRoute.Namespace).Get(c.componentRoute.Name); err != nil && !errors.IsNotFound(err) {
return err
} else if !errors.IsNotFound(err) {
if err := c.routeClient.Delete(ctx, c.componentRoute.Name, metav1.DeleteOptions{}); err != nil && !errors.IsNotFound(err) {
return err
}
}

ingressStatus, err := applyconfigv1.ExtractIngressStatus(ingressConfig, c.getFieldManager())
if err != nil {
return err
}

if ingressStatus != nil && ingressStatus.Status != nil {
componentRoutes := make([]applyconfigv1.ComponentRouteStatusApplyConfiguration, 0)
routeFound := false
for _, cr := range ingressStatus.Status.ComponentRoutes {
if *cr.Name == c.componentRoute.Name && *cr.Namespace == c.componentRoute.Namespace {
routeFound = true
continue
}

componentRoutes = append(componentRoutes, cr)
}

if routeFound {
ingressStatus.Status.ComponentRoutes = componentRoutes
ingress := applyconfigv1.Ingress(ingressConfig.Name).WithStatus(ingressStatus.Status)
if _, err := c.ingressClient.ApplyStatus(ctx, ingress, c.forceApply()); err != nil {
return err
}
}
}

// delete secret by syncing an empty source
if err := c.syncSecret(""); err != nil {
return err
}

return nil
}
3 changes: 3 additions & 0 deletions pkg/operator/starter.go
Original file line number Diff line number Diff line change
Expand Up @@ -362,6 +362,9 @@ func prepareOauthOperator(
informerFactories.namespacedOpenshiftAuthenticationRoutes.Route().V1().Routes(),
authOperatorInput.routeClient.RouteV1().Routes("openshift-authentication"),
informerFactories.kubeInformersForNamespaces,
informerFactories.operatorConfigInformer,
informerFactories.operatorInformer.Operator().V1().KubeAPIServers(),
informerFactories.kubeInformersForNamespaces.InformersFor("openshift-kube-apiserver"),
authOperatorInput.authenticationOperatorClient,
authOperatorInput.eventRecorder,
resourceSyncController,
Expand Down

0 comments on commit af0a023

Please sign in to comment.