multiple CRs managing the same configmap (#31)

horis233 · web-flow · commit 4c87ff7e33c6 · 2020-11-07T07:58:40.000+08:00
diff --git a/controllers/common/util.go b/controllers/common/util.go
@@ -17,6 +17,8 @@
 package common
 
 import (
+	"sort"
+
 	gset "github.com/deckarep/golang-set"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -48,6 +50,20 @@ func GetListDifference(slice1 []string, slice2 []string) []string {
 	return diff
 }
 
+func CheckListDifference(slice1 []string, slice2 []string) bool {
+	if len(slice1) != len(slice2) {
+		return true
+	}
+	sort.Strings(slice1)
+	sort.Strings(slice2)
+	for i, v := range slice1 {
+		if v != slice2[i] {
+			return true
+		}
+	}
+	return false
+}
+
 func GetOwnerReferenceUIDs(ownerRefs []metav1.OwnerReference) []types.UID {
 	var ownerRefUIDs []types.UID
 	for _, ref := range ownerRefs {
diff --git a/controllers/constant/constants.go b/controllers/constant/constants.go
@@ -22,4 +22,6 @@ const (
 	NamespaceScopeConfigmapName          = "namespace-scope"
 	NamespaceScopeFinalizer              = "finalizer.nss.operator.ibm.com"
 	NamespaceScopeLabel                  = "managedby-namespace-scope"
+	DefaultRestartLabelsKey              = "intent"
+	DefaultRestartLabelsValue            = "projected"
 )
diff --git a/controllers/namespacescope_controller.go b/controllers/namespacescope_controller.go
@@ -18,7 +18,6 @@ package controllers
 
 import (
 	"context"
-	"fmt"
 	"strings"
 	"time"
 
@@ -66,6 +65,10 @@ func (r *NamespaceScopeReconciler) Reconcile(req ctrl.Request) (ctrl.Result, err
 				return ctrl.Result{}, err
 			}
 
+			if err := r.UpdateConfigMap(instance); err != nil {
+				return ctrl.Result{}, err
+			}
+
 			// Remove NamespaceScopeFinalizer. Once all finalizers have been
 			// removed, the object will be deleted.
 			controllerutil.RemoveFinalizer(instance, constant.NamespaceScopeFinalizer)
@@ -129,9 +132,13 @@ func (r *NamespaceScopeReconciler) InitConfigMap(instance *operatorv1.NamespaceS
 			cm.Namespace = cmNamespace
 			cm.Labels = map[string]string{constant.NamespaceScopeLabel: "true"}
 			cm.Data = make(map[string]string)
-			cm.Data["namespaces"] = strings.Join(instance.Spec.NamespaceMembers, ",")
+			nsMembers, err := r.getNamespaceList(instance)
+			if err != nil {
+				return err
+			}
+			cm.Data["namespaces"] = strings.Join(nsMembers, ",")
 			// Set NamespaceScope instance as the owner of the ConfigMap.
-			if err := controllerutil.SetControllerReference(instance, cm, r.Scheme); err != nil {
+			if err := controllerutil.SetOwnerReference(instance, cm, r.Scheme); err != nil {
 				klog.Errorf("Failed to set owner reference for ConfigMap %s/%s: %v", cmNamespace, cmName, err)
 				return err
 			}
@@ -145,21 +152,6 @@ func (r *NamespaceScopeReconciler) InitConfigMap(instance *operatorv1.NamespaceS
 		return err
 	}
 
-	ownerRefUIDs := util.GetOwnerReferenceUIDs(cm.GetOwnerReferences())
-	if len(ownerRefUIDs) != 0 {
-		// ConfigMap OwnerReference UIDs don't contain current NamespaceScope instance UID, means this
-		// ConfigMap belong to another NamespaceScope instance, stop reconcile.
-		if !util.UIDContains(ownerRefUIDs, instance.UID) {
-			r.Recorder.Eventf(instance, corev1.EventTypeWarning, "ConfigMap Name Conflict", "ConfigMap %s/%s has belong to another NamesapceScope instance, you need to change to a new configmapName", cmNamespace, cmName)
-			klog.Errorf("configMap %s/%s has belong to another NamesapceScope instance, you need to change to a new configmapName", cmNamespace, cmName)
-			return fmt.Errorf("configMap %s/%s has belong to another NamesapceScope instance, you need to change to a new configmapName", cmNamespace, cmName)
-		}
-	} else {
-		r.Recorder.Eventf(instance, corev1.EventTypeWarning, "No OwnerReference", "ConfigMap %s/%s has no owner reference, you need to change to a new configmapName", cmNamespace, cmName)
-		klog.Errorf("configMap %s/%s has no owner reference, you need to change to a new configmapName", cmNamespace, cmName)
-		return fmt.Errorf("configMap %s/%s has no owner reference, you need to change to a new configmapName", cmNamespace, cmName)
-	}
-
 	return nil
 }
 
@@ -175,16 +167,35 @@ func (r *NamespaceScopeReconciler) UpdateConfigMap(instance *operatorv1.Namespac
 	}
 
 	// If NamespaceMembers changed, update ConfigMap
-	if strings.Join(instance.Spec.NamespaceMembers, ",") != cm.Data["namespaces"] {
-		cm.Data["namespaces"] = strings.Join(instance.Spec.NamespaceMembers, ",")
+	nsMembers, err := r.getNamespaceList(instance)
+	if err != nil {
+		return err
+	}
+
+	// Get owner uids
+	ownerRefUIDs := util.GetOwnerReferenceUIDs(cm.GetOwnerReferences())
+
+	if util.CheckListDifference(nsMembers, strings.Split(cm.Data["namespaces"], ",")) || !util.UIDContains(ownerRefUIDs, instance.UID) {
+		restartpod := util.CheckListDifference(nsMembers, strings.Split(cm.Data["namespaces"], ","))
+		if restartpod {
+			cm.Data["namespaces"] = strings.Join(nsMembers, ",")
+		}
+
+		if err := controllerutil.SetOwnerReference(instance, cm, r.Scheme); err != nil {
+			klog.Errorf("Failed to set owner reference for ConfigMap %s/%s: %v", cm.Namespace, cm.Name, err)
+			return err
+		}
+
 		if err := r.Update(ctx, cm); err != nil {
 			klog.Errorf("Failed to update ConfigMap %s : %v", cmKey.String(), err)
 			return err
 		}
 
 		// When the configmap updated, restart all the pods with the RestartLabels
-		if err := r.RestartPods(instance.Spec.RestartLabels, instance.Namespace); err != nil {
-			return err
+		if restartpod {
+			if err := r.RestartPods(instance.Spec.RestartLabels, instance.Namespace); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
@@ -197,7 +208,7 @@ func (r *NamespaceScopeReconciler) PushRbacToNamespace(instance *operatorv1.Name
 		return err
 	}
 	labels := map[string]string{
-		"projectedfrom": instance.Namespace + "-" + instance.Name,
+		"namespace-scope-configmap": instance.Namespace + "-" + instance.Spec.ConfigmapName,
 	}
 
 	for _, toNs := range instance.Spec.NamespaceMembers {
@@ -229,10 +240,13 @@ func (r *NamespaceScopeReconciler) DeleteRbacFromUnmanagedNamespace(instance *op
 	if cm.Data["namespaces"] != "" {
 		nsInCm = strings.Split(cm.Data["namespaces"], ",")
 	}
-	nsInCr := instance.Spec.NamespaceMembers
+	nsInCr, err := r.getNamespaceList(instance)
+	if err != nil {
+		return err
+	}
 	unmanagedNss := util.GetListDifference(nsInCm, nsInCr)
 	labels := map[string]string{
-		"projectedfrom": instance.Namespace + "-" + instance.Name,
+		"namespace-scope-configmap": instance.Namespace + "-" + instance.Spec.ConfigmapName,
 	}
 	for _, toNs := range unmanagedNss {
 		if err := r.DeleteRoleBinding(labels, toNs); err != nil {
@@ -255,8 +269,9 @@ func (r *NamespaceScopeReconciler) DeleteRbacFromUnmanagedNamespace(instance *op
 
 // When delete NamespaceScope instance, cleanup all RBAC resources
 func (r *NamespaceScopeReconciler) DeleteAllRbac(instance *operatorv1.NamespaceScope) error {
+	instance = setDefaults(instance)
 	labels := map[string]string{
-		"projectedfrom": instance.Namespace + "-" + instance.Name,
+		"namespace-scope-configmap": instance.Namespace + "-" + instance.Spec.ConfigmapName,
 	}
 	for _, toNs := range instance.Spec.NamespaceMembers {
 		if err := r.DeleteRoleBinding(labels, toNs); err != nil {
@@ -303,7 +318,7 @@ func (r *NamespaceScopeReconciler) GetServiceAccountFromNamespace(labels map[str
 }
 
 func (r *NamespaceScopeReconciler) CreateRole(labels map[string]string, toNs string) error {
-	name := constant.NamespaceScopeManagedRoleName + labels["projectedfrom"]
+	name := constant.NamespaceScopeManagedRoleName + labels["namespace-scope-configmap"]
 	namespace := toNs
 	role := &rbacv1.Role{
 		ObjectMeta: metav1.ObjectMeta{
@@ -344,7 +359,7 @@ func (r *NamespaceScopeReconciler) DeleteRole(labels map[string]string, toNs str
 }
 
 func (r *NamespaceScopeReconciler) CreateUpdateRoleBinding(labels map[string]string, saNames []string, fromNs, toNs string) error {
-	name := constant.NamespaceScopeManagedRoleBindingName + labels["projectedfrom"]
+	name := constant.NamespaceScopeManagedRoleBindingName + labels["namespace-scope-configmap"]
 	namespace := toNs
 	subjects := []rbacv1.Subject{}
 	for _, saName := range saNames {
@@ -364,7 +379,7 @@ func (r *NamespaceScopeReconciler) CreateUpdateRoleBinding(labels map[string]str
 		Subjects: subjects,
 		RoleRef: rbacv1.RoleRef{
 			Kind:     "Role",
-			Name:     constant.NamespaceScopeManagedRoleName + labels["projectedfrom"],
+			Name:     constant.NamespaceScopeManagedRoleName + labels["namespace-scope-configmap"],
 			APIGroup: "rbac.authorization.k8s.io",
 		},
 	}
@@ -431,10 +446,37 @@ func setDefaults(instance *operatorv1.NamespaceScope) *operatorv1.NamespaceScope
 	if instance.Spec.ConfigmapName == "" {
 		instance.Spec.ConfigmapName = constant.NamespaceScopeConfigmapName
 	}
+	if len(instance.Spec.RestartLabels) == 0 {
+		instance.Spec.RestartLabels = map[string]string{
+			constant.DefaultRestartLabelsKey: constant.DefaultRestartLabelsValue,
+		}
+	}
 
 	return instance
 }
 
+func (r *NamespaceScopeReconciler) getNamespaceList(instance *operatorv1.NamespaceScope) ([]string, error) {
+	// List the instance using the same configmap
+	crList := &operatorv1.NamespaceScopeList{}
+	namespaceMembersList := util.MakeSet([]string{})
+	if err := r.List(ctx, crList, &client.ListOptions{Namespace: instance.Namespace}); err != nil {
+		klog.Errorf("Cannot list namespacescope with in namespace %s: %v", instance.Namespace, err)
+		return nil, err
+	}
+	for _, cr := range crList.Items {
+		cr := setDefaults(&cr)
+		if !cr.GetDeletionTimestamp().IsZero() {
+			continue
+		}
+		if instance.Spec.ConfigmapName == cr.Spec.ConfigmapName {
+			for _, ns := range cr.Spec.NamespaceMembers {
+				namespaceMembersList.Add(ns)
+			}
+		}
+	}
+	return util.ToStringSlice(namespaceMembersList), nil
+}
+
 func (r *NamespaceScopeReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		Owns(&corev1.ConfigMap{}).
diff --git a/main.go b/main.go
@@ -61,8 +61,8 @@ func main() {
 
 	gvkLabelMap := map[schema.GroupVersionKind]cache.Selector{
 		corev1.SchemeGroupVersion.WithKind("ConfigMap"):   {LabelSelector: "managedby-namespace-scope"},
-		rbacv1.SchemeGroupVersion.WithKind("Role"):        {LabelSelector: "projectedfrom"},
-		rbacv1.SchemeGroupVersion.WithKind("RoleBinding"): {LabelSelector: "projectedfrom"},
+		rbacv1.SchemeGroupVersion.WithKind("Role"):        {LabelSelector: "namespace-scope-configmap"},
+		rbacv1.SchemeGroupVersion.WithKind("RoleBinding"): {LabelSelector: "namespace-scope-configmap"},
 	}
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{

Original file line number	Diff line number	Diff line change
`@@ -22,4 +22,6 @@ const (`
`22`	`22`	`NamespaceScopeConfigmapName = "namespace-scope"`
`23`	`23`	`NamespaceScopeFinalizer = "finalizer.nss.operator.ibm.com"`
`24`	`24`	`NamespaceScopeLabel = "managedby-namespace-scope"`
	`25`	`+ DefaultRestartLabelsKey = "intent"`
	`26`	`+ DefaultRestartLabelsValue = "projected"`
`25`	`27`	`)`
Original file line number	Diff line number	Diff line change
`@@ -61,8 +61,8 @@ func main() {`
`61`	`61`
`62`	`62`	`gvkLabelMap := map[schema.GroupVersionKind]cache.Selector{`
`63`	`63`	`corev1.SchemeGroupVersion.WithKind("ConfigMap"): {LabelSelector: "managedby-namespace-scope"},`
`64`		`- rbacv1.SchemeGroupVersion.WithKind("Role"): {LabelSelector: "projectedfrom"},`
`65`		`- rbacv1.SchemeGroupVersion.WithKind("RoleBinding"): {LabelSelector: "projectedfrom"},`
	`64`	`+ rbacv1.SchemeGroupVersion.WithKind("Role"): {LabelSelector: "namespace-scope-configmap"},`
	`65`	`+ rbacv1.SchemeGroupVersion.WithKind("RoleBinding"): {LabelSelector: "namespace-scope-configmap"},`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{`