From 2d40b8ddca515219f1f24f1d06e9dc878df6dc9c Mon Sep 17 00:00:00 2001 From: benrub Date: Sun, 10 Sep 2023 19:06:47 +0300 Subject: [PATCH] Make sure we reconcile for any update & delete event of the hardening-enforcer in order to ensure we manage the validating & mutating webhooks --- cbcontainers/state/state_applier.go | 6 ++++ ...containers_generation_changed_predicate.go | 34 +++++++++++++++++++ controllers/cbcontainersagent_controller.go | 4 +-- 3 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 controllers/cbcontainers_generation_changed_predicate.go diff --git a/cbcontainers/state/state_applier.go b/cbcontainers/state/state_applier.go index 3d4cb581..f2d5ce56 100644 --- a/cbcontainers/state/state_applier.go +++ b/cbcontainers/state/state_applier.go @@ -3,6 +3,7 @@ package state import ( "context" "fmt" + "k8s.io/apimachinery/pkg/types" "github.com/go-logr/logr" cbcontainersv1 "github.com/vmware/cbcontainers-operator/api/v1" @@ -67,6 +68,11 @@ func (c *StateApplier) GetPriorityClassEmptyK8sObject() client.Object { return c.desiredPriorityClass.EmptyK8sObject() } +func (c *StateApplier) ShouldProcessEvent(obj client.Object) bool { + objNamespacedName := types.NamespacedName{Name: obj.GetName(), Namespace: obj.GetNamespace()} + return c.enforcerDeployment.NamespacedName() == objNamespacedName +} + func (c *StateApplier) ApplyDesiredState(ctx context.Context, agentSpec *cbcontainersv1.CBContainersAgentSpec, registrySecret *models.RegistrySecretValues, setOwner applymentOptions.OwnerSetter) (bool, error) { applyOptions := applymentOptions.NewApplyOptions().SetOwnerSetter(setOwner) diff --git a/controllers/cbcontainers_generation_changed_predicate.go b/controllers/cbcontainers_generation_changed_predicate.go new file mode 100644 index 00000000..1815935b --- /dev/null +++ b/controllers/cbcontainers_generation_changed_predicate.go @@ -0,0 +1,34 @@ +package controllers + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/event" + "sigs.k8s.io/controller-runtime/pkg/predicate" +) + +type StateGenerationChangedPredicate interface { + ShouldProcessEvent(client.Object) bool +} + +type CBContainersGenerationChangedPredicate struct { + predicate.GenerationChangedPredicate + statePredicate StateGenerationChangedPredicate +} + +func NewCBContainersGenerationChangedPredicate(statePredicate StateGenerationChangedPredicate) CBContainersGenerationChangedPredicate { + return CBContainersGenerationChangedPredicate{ + statePredicate: statePredicate, + } +} + +func (p CBContainersGenerationChangedPredicate) Create(e event.CreateEvent) bool { + return p.statePredicate.ShouldProcessEvent(e.Object) || p.GenerationChangedPredicate.Create(e) +} + +func (p CBContainersGenerationChangedPredicate) Update(e event.UpdateEvent) bool { + return p.statePredicate.ShouldProcessEvent(e.ObjectNew) || p.GenerationChangedPredicate.Update(e) +} + +func (p CBContainersGenerationChangedPredicate) Delete(e event.DeleteEvent) bool { + return p.statePredicate.ShouldProcessEvent(e.Object) || p.GenerationChangedPredicate.Delete(e) +} diff --git a/controllers/cbcontainersagent_controller.go b/controllers/cbcontainersagent_controller.go index 54058136..682ac582 100644 --- a/controllers/cbcontainersagent_controller.go +++ b/controllers/cbcontainersagent_controller.go @@ -20,7 +20,6 @@ import ( "context" "fmt" k8sErrors "k8s.io/apimachinery/pkg/api/errors" - "sigs.k8s.io/controller-runtime/pkg/predicate" "time" "github.com/vmware/cbcontainers-operator/cbcontainers/state/adapters" @@ -48,6 +47,7 @@ const ( type StateApplier interface { ApplyDesiredState(ctx context.Context, agentSpec *cbcontainersv1.CBContainersAgentSpec, secret *models.RegistrySecretValues, setOwner applymentOptions.OwnerSetter) (bool, error) + ShouldProcessEvent(client.Object) bool } type AgentProcessor interface { @@ -194,7 +194,7 @@ func (r *CBContainersAgentController) updateCRStatus(ctx context.Context, cbCont func (r *CBContainersAgentController) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&cbcontainersv1.CBContainersAgent{}). - WithEventFilter(predicate.GenerationChangedPredicate{}). + WithEventFilter(NewCBContainersGenerationChangedPredicate(r.StateApplier)). Owns(&corev1.ConfigMap{}). Owns(&corev1.Secret{}). Owns(adapters.EmptyPriorityClassForVersion(r.K8sVersion)).