From 63b607ab5e89079ccffd818d522f7c7b8abab696 Mon Sep 17 00:00:00 2001 From: Guilherme Cassolato Date: Mon, 7 Oct 2024 22:34:33 +0200 Subject: [PATCH 1/3] bump policy-machinery to v0.5.0 Signed-off-by: Guilherme Cassolato --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6609380b1..7da084a4e 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/kuadrant/authorino-operator v0.11.1 github.com/kuadrant/dns-operator v0.0.0-20241002074817-d0cab9eecbdb github.com/kuadrant/limitador-operator v0.9.0 - github.com/kuadrant/policy-machinery v0.2.0 + github.com/kuadrant/policy-machinery v0.5.0 github.com/martinlindhe/base36 v1.1.1 github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.1 diff --git a/go.sum b/go.sum index 75bc3ff74..c399b5b50 100644 --- a/go.sum +++ b/go.sum @@ -268,6 +268,8 @@ github.com/kuadrant/limitador-operator v0.9.0 h1:hTQ6CFPayf/sL7cIzwWjCoU8uTn6fzW github.com/kuadrant/limitador-operator v0.9.0/go.mod h1:DQOlg9qFOcnWPrwO529JRCMLLOEXJQxkmOes952S/Hw= github.com/kuadrant/policy-machinery v0.2.0 h1:6kACb+bdEwHXz2tvTs6dlLgvxFgFrowvGTZKMI9p0Qo= github.com/kuadrant/policy-machinery v0.2.0/go.mod h1:ZV4xS0CCxPgu/Xg6gz+YUaS9zqEXKOiAj33bZ67B6Lo= +github.com/kuadrant/policy-machinery v0.5.0 h1:hTllNYswhEOFrS/uj8kY4a4wq2W1xL2hagHeftn9TTY= +github.com/kuadrant/policy-machinery v0.5.0/go.mod h1:ZV4xS0CCxPgu/Xg6gz+YUaS9zqEXKOiAj33bZ67B6Lo= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= From c3a3f6608286320c45e03ae4f36a59a9d9d632e6 Mon Sep 17 00:00:00 2001 From: Guilherme Cassolato Date: Mon, 7 Oct 2024 22:35:56 +0200 Subject: [PATCH 2/3] filter topology configmap events with generation-changed predicate type Signed-off-by: Guilherme Cassolato --- controllers/state_of_the_world.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/controllers/state_of_the_world.go b/controllers/state_of_the_world.go index ad38d7d98..bceb08ba0 100644 --- a/controllers/state_of_the_world.go +++ b/controllers/state_of_the_world.go @@ -18,6 +18,7 @@ import ( "k8s.io/client-go/dynamic" "k8s.io/utils/env" ctrlruntime "sigs.k8s.io/controller-runtime" + ctrlruntimepredicate "sigs.k8s.io/controller-runtime/pkg/predicate" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1" @@ -47,7 +48,13 @@ func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.D controller.WithRunnable("tlspolicy watcher", controller.Watch(&kuadrantv1alpha1.TLSPolicy{}, kuadrantv1alpha1.TLSPoliciesResource, metav1.NamespaceAll)), controller.WithRunnable("authpolicy watcher", controller.Watch(&kuadrantv1beta2.AuthPolicy{}, kuadrantv1beta2.AuthPoliciesResource, metav1.NamespaceAll)), controller.WithRunnable("ratelimitpolicy watcher", controller.Watch(&kuadrantv1beta3.RateLimitPolicy{}, kuadrantv1beta3.RateLimitPoliciesResource, metav1.NamespaceAll)), - controller.WithRunnable("topology configmap watcher", controller.Watch(&corev1.ConfigMap{}, controller.ConfigMapsResource, operatorNamespace, controller.FilterResourcesByLabel[*corev1.ConfigMap](fmt.Sprintf("%s=true", kuadrant.TopologyLabel)))), + controller.WithRunnable("topology configmap watcher", controller.Watch( + &corev1.ConfigMap{}, + controller.ConfigMapsResource, + operatorNamespace, + controller.FilterResourcesByLabel[*corev1.ConfigMap](fmt.Sprintf("%s=true", kuadrant.TopologyLabel)), + controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*corev1.ConfigMap]{}), + )), controller.WithRunnable("limitador watcher", controller.Watch(&limitadorv1alpha1.Limitador{}, kuadrantv1beta1.LimitadorsResource, metav1.NamespaceAll)), controller.WithRunnable("authorino watcher", controller.Watch(&authorinov1beta1.Authorino{}, kuadrantv1beta1.AuthorinosResource, metav1.NamespaceAll)), controller.WithPolicyKinds( From 63f1d28a9ee06bbc3d001c81bf19b0b2cd35f897 Mon Sep 17 00:00:00 2001 From: Guilherme Cassolato Date: Mon, 7 Oct 2024 23:04:23 +0200 Subject: [PATCH 3/3] fix predicates for all sotw watchers Signed-off-by: Guilherme Cassolato --- controllers/state_of_the_world.go | 121 +++++++++++++++++++++++++----- 1 file changed, 101 insertions(+), 20 deletions(-) diff --git a/controllers/state_of_the_world.go b/controllers/state_of_the_world.go index bceb08ba0..f1da08665 100644 --- a/controllers/state_of_the_world.go +++ b/controllers/state_of_the_world.go @@ -43,20 +43,53 @@ func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.D controller.ManagedBy(manager), controller.WithLogger(logger), controller.WithClient(client), - controller.WithRunnable("kuadrant watcher", controller.Watch(&kuadrantv1beta1.Kuadrant{}, kuadrantv1beta1.KuadrantsResource, metav1.NamespaceAll)), - controller.WithRunnable("dnspolicy watcher", controller.Watch(&kuadrantv1alpha1.DNSPolicy{}, kuadrantv1alpha1.DNSPoliciesResource, metav1.NamespaceAll)), - controller.WithRunnable("tlspolicy watcher", controller.Watch(&kuadrantv1alpha1.TLSPolicy{}, kuadrantv1alpha1.TLSPoliciesResource, metav1.NamespaceAll)), - controller.WithRunnable("authpolicy watcher", controller.Watch(&kuadrantv1beta2.AuthPolicy{}, kuadrantv1beta2.AuthPoliciesResource, metav1.NamespaceAll)), - controller.WithRunnable("ratelimitpolicy watcher", controller.Watch(&kuadrantv1beta3.RateLimitPolicy{}, kuadrantv1beta3.RateLimitPoliciesResource, metav1.NamespaceAll)), + controller.WithRunnable("kuadrant watcher", controller.Watch( + &kuadrantv1beta1.Kuadrant{}, + kuadrantv1beta1.KuadrantsResource, + metav1.NamespaceAll, + controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*kuadrantv1beta1.Kuadrant]{}), + )), + controller.WithRunnable("dnspolicy watcher", controller.Watch( + &kuadrantv1alpha1.DNSPolicy{}, + kuadrantv1alpha1.DNSPoliciesResource, + metav1.NamespaceAll, + controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*kuadrantv1alpha1.DNSPolicy]{}), + )), + controller.WithRunnable("tlspolicy watcher", controller.Watch( + &kuadrantv1alpha1.TLSPolicy{}, + kuadrantv1alpha1.TLSPoliciesResource, + metav1.NamespaceAll, + controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*kuadrantv1alpha1.TLSPolicy]{}), + )), + controller.WithRunnable("authpolicy watcher", controller.Watch( + &kuadrantv1beta2.AuthPolicy{}, + kuadrantv1beta2.AuthPoliciesResource, + metav1.NamespaceAll, + controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*kuadrantv1beta2.AuthPolicy]{}), + )), + controller.WithRunnable("ratelimitpolicy watcher", controller.Watch( + &kuadrantv1beta3.RateLimitPolicy{}, + kuadrantv1beta3.RateLimitPoliciesResource, + metav1.NamespaceAll, + controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*kuadrantv1beta3.RateLimitPolicy]{}), + )), controller.WithRunnable("topology configmap watcher", controller.Watch( &corev1.ConfigMap{}, controller.ConfigMapsResource, operatorNamespace, - controller.FilterResourcesByLabel[*corev1.ConfigMap](fmt.Sprintf("%s=true", kuadrant.TopologyLabel)), controller.WithPredicates(&ctrlruntimepredicate.TypedGenerationChangedPredicate[*corev1.ConfigMap]{}), + controller.FilterResourcesByLabel[*corev1.ConfigMap](fmt.Sprintf("%s=true", kuadrant.TopologyLabel)), + )), + controller.WithRunnable("limitador watcher", controller.Watch( + &limitadorv1alpha1.Limitador{}, + kuadrantv1beta1.LimitadorsResource, + metav1.NamespaceAll, + )), + controller.WithRunnable("authorino watcher", controller.Watch( + &authorinov1beta1.Authorino{}, + kuadrantv1beta1.AuthorinosResource, + metav1.NamespaceAll, )), - controller.WithRunnable("limitador watcher", controller.Watch(&limitadorv1alpha1.Limitador{}, kuadrantv1beta1.LimitadorsResource, metav1.NamespaceAll)), - controller.WithRunnable("authorino watcher", controller.Watch(&authorinov1beta1.Authorino{}, kuadrantv1beta1.AuthorinosResource, metav1.NamespaceAll)), controller.WithPolicyKinds( kuadrantv1alpha1.DNSPolicyGroupKind, kuadrantv1alpha1.TLSPolicyGroupKind, @@ -81,9 +114,21 @@ func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.D logger.Info("gateway api is not installed, skipping watches and reconcilers", "err", err) } else { controllerOpts = append(controllerOpts, - controller.WithRunnable("gatewayclass watcher", controller.Watch(&gwapiv1.GatewayClass{}, controller.GatewayClassesResource, metav1.NamespaceAll)), - controller.WithRunnable("gateway watcher", controller.Watch(&gwapiv1.Gateway{}, controller.GatewaysResource, metav1.NamespaceAll)), - controller.WithRunnable("httproute watcher", controller.Watch(&gwapiv1.HTTPRoute{}, controller.HTTPRoutesResource, metav1.NamespaceAll)), + controller.WithRunnable("gatewayclass watcher", controller.Watch( + &gwapiv1.GatewayClass{}, + controller.GatewayClassesResource, + metav1.NamespaceAll, + )), + controller.WithRunnable("gateway watcher", controller.Watch( + &gwapiv1.Gateway{}, + controller.GatewaysResource, + metav1.NamespaceAll, + )), + controller.WithRunnable("httproute watcher", controller.Watch( + &gwapiv1.HTTPRoute{}, + controller.HTTPRoutesResource, + metav1.NamespaceAll, + )), ) } @@ -92,9 +137,21 @@ func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.D logger.Info("envoygateway is not installed, skipping related watches and reconcilers", "err", err) } else { controllerOpts = append(controllerOpts, - controller.WithRunnable("envoypatchpolicy watcher", controller.Watch(&egv1alpha1.EnvoyPatchPolicy{}, envoygateway.EnvoyPatchPoliciesResource, metav1.NamespaceAll)), - controller.WithRunnable("envoyextensionpolicy watcher", controller.Watch(&egv1alpha1.EnvoyExtensionPolicy{}, envoygateway.EnvoyExtensionPoliciesResource, metav1.NamespaceAll)), - controller.WithRunnable("envoysecuritypolicy watcher", controller.Watch(&egv1alpha1.SecurityPolicy{}, envoygateway.SecurityPoliciesResource, metav1.NamespaceAll)), + controller.WithRunnable("envoypatchpolicy watcher", controller.Watch( + &egv1alpha1.EnvoyPatchPolicy{}, + envoygateway.EnvoyPatchPoliciesResource, + metav1.NamespaceAll, + )), + controller.WithRunnable("envoyextensionpolicy watcher", controller.Watch( + &egv1alpha1.EnvoyExtensionPolicy{}, + envoygateway.EnvoyExtensionPoliciesResource, + metav1.NamespaceAll, + )), + controller.WithRunnable("envoysecuritypolicy watcher", controller.Watch( + &egv1alpha1.SecurityPolicy{}, + envoygateway.SecurityPoliciesResource, + metav1.NamespaceAll, + )), controller.WithObjectKinds( envoygateway.EnvoyPatchPolicyGroupKind, envoygateway.EnvoyExtensionPolicyGroupKind, @@ -110,9 +167,21 @@ func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.D logger.Info("istio is not installed, skipping related watches and reconcilers", "err", err) } else { controllerOpts = append(controllerOpts, - controller.WithRunnable("envoyfilter watcher", controller.Watch(&istioclientnetworkingv1alpha3.EnvoyFilter{}, istio.EnvoyFiltersResource, metav1.NamespaceAll)), - controller.WithRunnable("wasmplugin watcher", controller.Watch(&istioclientgoextensionv1alpha1.WasmPlugin{}, istio.WasmPluginsResource, metav1.NamespaceAll)), - controller.WithRunnable("authorizationpolicy watcher", controller.Watch(&istioclientgosecurityv1beta1.AuthorizationPolicy{}, istio.AuthorizationPoliciesResource, metav1.NamespaceAll)), + controller.WithRunnable("envoyfilter watcher", controller.Watch( + &istioclientnetworkingv1alpha3.EnvoyFilter{}, + istio.EnvoyFiltersResource, + metav1.NamespaceAll, + )), + controller.WithRunnable("wasmplugin watcher", controller.Watch( + &istioclientgoextensionv1alpha1.WasmPlugin{}, + istio.WasmPluginsResource, + metav1.NamespaceAll, + )), + controller.WithRunnable("authorizationpolicy watcher", controller.Watch( + &istioclientgosecurityv1beta1.AuthorizationPolicy{}, + istio.AuthorizationPoliciesResource, + metav1.NamespaceAll, + )), controller.WithObjectKinds( istio.EnvoyFilterGroupKind, istio.WasmPluginGroupKind, @@ -128,9 +197,21 @@ func NewPolicyMachineryController(manager ctrlruntime.Manager, client *dynamic.D logger.Info("cert manager is not installed, skipping related watches and reconcilers", "err", err) } else { controllerOpts = append(controllerOpts, - controller.WithRunnable("certificate watcher", controller.Watch(&certmanagerv1.Certificate{}, CertManagerCertificatesResource, metav1.NamespaceAll)), - controller.WithRunnable("issuers watcher", controller.Watch(&certmanagerv1.Issuer{}, CertManagerIssuersResource, metav1.NamespaceAll)), - controller.WithRunnable("clusterissuers watcher", controller.Watch(&certmanagerv1.Certificate{}, CertMangerClusterIssuersResource, metav1.NamespaceAll)), + controller.WithRunnable("certificate watcher", controller.Watch( + &certmanagerv1.Certificate{}, + CertManagerCertificatesResource, + metav1.NamespaceAll, + )), + controller.WithRunnable("issuers watcher", controller.Watch( + &certmanagerv1.Issuer{}, + CertManagerIssuersResource, + metav1.NamespaceAll, + )), + controller.WithRunnable("clusterissuers watcher", controller.Watch( + &certmanagerv1.Certificate{}, + CertMangerClusterIssuersResource, + metav1.NamespaceAll, + )), controller.WithObjectKinds( CertManagerCertificateKind, CertManagerIssuerKind,