Skip to content

Commit f1b5e49

Browse files
stevekuznetsovstevekuznetsov
committed
*: label non-OLM resources
Today, our controllers use un-filtered LIST+WATCH calls to monitor the state of the cluster. For OLM-specific resource types, that's fine, since we need to know (for instance) about every CSV. For non-OLM resource groups, though, that is needlessly wasteful in memory consumption and makes our controller's footprint scale with the size of the cluster itself, irrespective of the usage of OLM. Adding a label to every resource we create is the first step in being able to filter down all of those requests to only those objects with our label. Signed-off-by: Steve Kuznetsov <[email protected]>
1 parent 61fee76 commit f1b5e49

17 files changed

+199
-29
lines changed

pkg/controller/bundle/bundle_unpacker.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,11 +86,19 @@ func newBundleUnpackResult(lookup *operatorsv1alpha1.BundleLookup) *BundleUnpack
8686

8787
func (c *ConfigMapUnpacker) job(cmRef *corev1.ObjectReference, bundlePath string, secrets []corev1.LocalObjectReference, annotationUnpackTimeout time.Duration) *batchv1.Job {
8888
job := &batchv1.Job{
89+
ObjectMeta: metav1.ObjectMeta{
90+
Labels: map[string]string{
91+
install.OLMManagedLabelKey: install.OLMManagedLabelValue,
92+
},
93+
},
8994
Spec: batchv1.JobSpec{
9095
//ttlSecondsAfterFinished: 0 // can use in the future to not have to clean up job
9196
Template: corev1.PodTemplateSpec{
9297
ObjectMeta: metav1.ObjectMeta{
9398
Name: cmRef.Name,
99+
Labels: map[string]string{
100+
install.OLMManagedLabelKey: install.OLMManagedLabelValue,
101+
},
94102
},
95103
Spec: corev1.PodSpec{
96104
// With restartPolicy = "OnFailure" when the spec.backoffLimit is reached, the job controller will delete all
@@ -687,6 +695,7 @@ func (c *ConfigMapUnpacker) ensureRole(cmRef *corev1.ObjectReference) (role *rba
687695
fresh.SetNamespace(cmRef.Namespace)
688696
fresh.SetName(cmRef.Name)
689697
fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)})
698+
fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue})
690699

691700
role, err = c.roleLister.Roles(fresh.GetNamespace()).Get(fresh.GetName())
692701
if err != nil {
@@ -730,6 +739,7 @@ func (c *ConfigMapUnpacker) ensureRoleBinding(cmRef *corev1.ObjectReference) (ro
730739
fresh.SetNamespace(cmRef.Namespace)
731740
fresh.SetName(cmRef.Name)
732741
fresh.SetOwnerReferences([]metav1.OwnerReference{ownerRef(cmRef)})
742+
fresh.SetLabels(map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue})
733743

734744
roleBinding, err = c.rbLister.RoleBindings(fresh.GetNamespace()).Get(fresh.GetName())
735745
if err != nil {

pkg/controller/bundle/bundle_unpacker_test.go

Lines changed: 25 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,7 @@ func TestConfigMapUnpacker(t *testing.T) {
208208
ObjectMeta: metav1.ObjectMeta{
209209
Name: pathHash,
210210
Namespace: "ns-a",
211+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
211212
OwnerReferences: []metav1.OwnerReference{
212213
{
213214
APIVersion: "v1",
@@ -224,7 +225,8 @@ func TestConfigMapUnpacker(t *testing.T) {
224225
BackoffLimit: &backoffLimit,
225226
Template: corev1.PodTemplateSpec{
226227
ObjectMeta: metav1.ObjectMeta{
227-
Name: pathHash,
228+
Name: pathHash,
229+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
228230
},
229231
Spec: corev1.PodSpec{
230232
RestartPolicy: corev1.RestartPolicyNever,
@@ -369,6 +371,7 @@ func TestConfigMapUnpacker(t *testing.T) {
369371
ObjectMeta: metav1.ObjectMeta{
370372
Name: pathHash,
371373
Namespace: "ns-a",
374+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
372375
OwnerReferences: []metav1.OwnerReference{
373376
{
374377
APIVersion: "v1",
@@ -402,6 +405,7 @@ func TestConfigMapUnpacker(t *testing.T) {
402405
ObjectMeta: metav1.ObjectMeta{
403406
Name: pathHash,
404407
Namespace: "ns-a",
408+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
405409
OwnerReferences: []metav1.OwnerReference{
406410
{
407411
APIVersion: "v1",
@@ -437,6 +441,7 @@ func TestConfigMapUnpacker(t *testing.T) {
437441
ObjectMeta: metav1.ObjectMeta{
438442
Name: digestHash,
439443
Namespace: "ns-a",
444+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
440445
OwnerReferences: []metav1.OwnerReference{
441446
{
442447
APIVersion: "v1",
@@ -452,7 +457,8 @@ func TestConfigMapUnpacker(t *testing.T) {
452457
BackoffLimit: &backoffLimit,
453458
Template: corev1.PodTemplateSpec{
454459
ObjectMeta: metav1.ObjectMeta{
455-
Name: digestHash,
460+
Name: digestHash,
461+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
456462
},
457463
Spec: corev1.PodSpec{
458464
RestartPolicy: corev1.RestartPolicyNever,
@@ -607,6 +613,7 @@ func TestConfigMapUnpacker(t *testing.T) {
607613
ObjectMeta: metav1.ObjectMeta{
608614
Name: digestHash,
609615
Namespace: "ns-a",
616+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
610617
OwnerReferences: []metav1.OwnerReference{
611618
{
612619
APIVersion: "operators.coreos.com/v1alpha1",
@@ -705,6 +712,7 @@ func TestConfigMapUnpacker(t *testing.T) {
705712
ObjectMeta: metav1.ObjectMeta{
706713
Name: digestHash,
707714
Namespace: "ns-a",
715+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
708716
OwnerReferences: []metav1.OwnerReference{
709717
{
710718
APIVersion: "v1",
@@ -720,7 +728,8 @@ func TestConfigMapUnpacker(t *testing.T) {
720728
BackoffLimit: &backoffLimit,
721729
Template: corev1.PodTemplateSpec{
722730
ObjectMeta: metav1.ObjectMeta{
723-
Name: digestHash,
731+
Name: digestHash,
732+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
724733
},
725734
Spec: corev1.PodSpec{
726735
RestartPolicy: corev1.RestartPolicyNever,
@@ -877,6 +886,7 @@ func TestConfigMapUnpacker(t *testing.T) {
877886
ObjectMeta: metav1.ObjectMeta{
878887
Name: digestHash,
879888
Namespace: "ns-a",
889+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
880890
OwnerReferences: []metav1.OwnerReference{
881891
{
882892
APIVersion: "v1",
@@ -910,6 +920,7 @@ func TestConfigMapUnpacker(t *testing.T) {
910920
ObjectMeta: metav1.ObjectMeta{
911921
Name: digestHash,
912922
Namespace: "ns-a",
923+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
913924
OwnerReferences: []metav1.OwnerReference{
914925
{
915926
APIVersion: "v1",
@@ -967,6 +978,7 @@ func TestConfigMapUnpacker(t *testing.T) {
967978
ObjectMeta: metav1.ObjectMeta{
968979
Name: pathHash,
969980
Namespace: "ns-a",
981+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
970982
OwnerReferences: []metav1.OwnerReference{
971983
{
972984
APIVersion: "v1",
@@ -982,7 +994,8 @@ func TestConfigMapUnpacker(t *testing.T) {
982994
BackoffLimit: &backoffLimit,
983995
Template: corev1.PodTemplateSpec{
984996
ObjectMeta: metav1.ObjectMeta{
985-
Name: pathHash,
997+
Name: pathHash,
998+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
986999
},
9871000
Spec: corev1.PodSpec{
9881001
RestartPolicy: corev1.RestartPolicyNever,
@@ -1124,6 +1137,7 @@ func TestConfigMapUnpacker(t *testing.T) {
11241137
ObjectMeta: metav1.ObjectMeta{
11251138
Name: pathHash,
11261139
Namespace: "ns-a",
1140+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
11271141
OwnerReferences: []metav1.OwnerReference{
11281142
{
11291143
APIVersion: "operators.coreos.com/v1alpha1",
@@ -1199,6 +1213,7 @@ func TestConfigMapUnpacker(t *testing.T) {
11991213
ObjectMeta: metav1.ObjectMeta{
12001214
Name: pathHash,
12011215
Namespace: "ns-a",
1216+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
12021217
OwnerReferences: []metav1.OwnerReference{
12031218
{
12041219
APIVersion: "v1",
@@ -1214,7 +1229,8 @@ func TestConfigMapUnpacker(t *testing.T) {
12141229
BackoffLimit: &backoffLimit,
12151230
Template: corev1.PodTemplateSpec{
12161231
ObjectMeta: metav1.ObjectMeta{
1217-
Name: pathHash,
1232+
Name: pathHash,
1233+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
12181234
},
12191235
Spec: corev1.PodSpec{
12201236
RestartPolicy: corev1.RestartPolicyNever,
@@ -1368,6 +1384,7 @@ func TestConfigMapUnpacker(t *testing.T) {
13681384
ObjectMeta: metav1.ObjectMeta{
13691385
Name: pathHash,
13701386
Namespace: "ns-a",
1387+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
13711388
OwnerReferences: []metav1.OwnerReference{
13721389
{
13731390
APIVersion: "operators.coreos.com/v1alpha1",
@@ -1442,6 +1459,7 @@ func TestConfigMapUnpacker(t *testing.T) {
14421459
ObjectMeta: metav1.ObjectMeta{
14431460
Name: pathHash,
14441461
Namespace: "ns-a",
1462+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
14451463
OwnerReferences: []metav1.OwnerReference{
14461464
{
14471465
APIVersion: "v1",
@@ -1457,7 +1475,8 @@ func TestConfigMapUnpacker(t *testing.T) {
14571475
BackoffLimit: &backoffLimit,
14581476
Template: corev1.PodTemplateSpec{
14591477
ObjectMeta: metav1.ObjectMeta{
1460-
Name: pathHash,
1478+
Name: pathHash,
1479+
Labels: map[string]string{install.OLMManagedLabelKey: install.OLMManagedLabelValue},
14611480
},
14621481
Spec: corev1.PodSpec{
14631482
RestartPolicy: corev1.RestartPolicyNever,

pkg/controller/install/certresources.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -241,6 +241,11 @@ func CalculateCertRotatesAt(certExpirationTime time.Time) time.Time {
241241
func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deploymentName string, ca *certs.KeyPair, expiration time.Time, depSpec appsv1.DeploymentSpec, ports []corev1.ServicePort) (*appsv1.DeploymentSpec, []byte, error) {
242242
logger := log.WithFields(log.Fields{})
243243

244+
if depSpec.Template.Labels == nil {
245+
depSpec.Template.Labels = map[string]string{}
246+
}
247+
depSpec.Template.Labels[OLMManagedLabelKey] = OLMManagedLabelValue
248+
244249
// Create a service for the deployment
245250
service := &corev1.Service{
246251
Spec: corev1.ServiceSpec{
@@ -251,6 +256,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
251256
service.SetName(ServiceName(deploymentName))
252257
service.SetNamespace(i.owner.GetNamespace())
253258
ownerutil.AddNonBlockingOwner(service, i.owner)
259+
service.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
254260

255261
existingService, err := i.strategyClient.GetOpLister().CoreV1().ServiceLister().Services(i.owner.GetNamespace()).Get(service.GetName())
256262
if err == nil {
@@ -366,6 +372,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
366372
}
367373
secretRole.SetName(secret.GetName())
368374
secretRole.SetNamespace(i.owner.GetNamespace())
375+
secretRole.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
369376

370377
existingSecretRole, err := i.strategyClient.GetOpLister().RbacV1().RoleLister().Roles(i.owner.GetNamespace()).Get(secretRole.GetName())
371378
if err == nil {
@@ -412,6 +419,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
412419
}
413420
secretRoleBinding.SetName(secret.GetName())
414421
secretRoleBinding.SetNamespace(i.owner.GetNamespace())
422+
secretRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
415423

416424
existingSecretRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(i.owner.GetNamespace()).Get(secretRoleBinding.GetName())
417425
if err == nil {
@@ -454,6 +462,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
454462
},
455463
}
456464
authDelegatorClusterRoleBinding.SetName(service.GetName() + "-system:auth-delegator")
465+
authDelegatorClusterRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
457466

458467
existingAuthDelegatorClusterRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().ClusterRoleBindingLister().Get(authDelegatorClusterRoleBinding.GetName())
459468
if err == nil {
@@ -502,6 +511,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
502511
}
503512
authReaderRoleBinding.SetName(service.GetName() + "-auth-reader")
504513
authReaderRoleBinding.SetNamespace(KubeSystem)
514+
authReaderRoleBinding.SetLabels(map[string]string{OLMManagedLabelKey: OLMManagedLabelValue})
505515

506516
existingAuthReaderRoleBinding, err := i.strategyClient.GetOpLister().RbacV1().RoleBindingLister().RoleBindings(KubeSystem).Get(authReaderRoleBinding.GetName())
507517
if err == nil {

0 commit comments

Comments
 (0)