introduce --label-selector option to limit reconcilled objects

notandy · notandy · commit 7627d2abfb26 · 2025-10-21T15:23:22.000-04:00
diff --git a/cmd/main.go b/cmd/main.go
@@ -22,14 +22,17 @@ import (
 	"flag"
 	"os"
 
-	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
-	// to ensure that exec-entrypoint and run can make use of them.
-	_ "k8s.io/client-go/plugin/pkg/client/auth"
-
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/selection"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+
+	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
+	// to ensure that exec-entrypoint and run can make use of them.
+	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/filters"
@@ -38,6 +41,7 @@ import (
 
 	kvmv1 "github.com/cobaltcore-dev/openstack-hypervisor-operator/api/v1"
 	"github.com/cobaltcore-dev/openstack-hypervisor-operator/internal/controller"
+	"github.com/cobaltcore-dev/openstack-hypervisor-operator/internal/global"
 
 	// +kubebuilder:scaffold:imports
 
@@ -78,6 +82,7 @@ func main() {
 		"If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.")
 	flag.BoolVar(&enableHTTP2, "enable-http2", false,
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
+	flag.StringVar(&global.LabelSelector, "label-selector", "", "Label selector to filter watched resources (namely nodes).")
 
 	flag.StringVar(&certificateNamespace, "certificate-namespace", "monsoon3", "The namespace for the certificates. ")
 	flag.StringVar(&certificateIssuerName, "certificate-issuer-name", "nova-hypervisor-agents-ca-issuer",
@@ -135,6 +140,21 @@ func main() {
 	}
 	restConfig := ctrl.GetConfigOrDie()
 
+	var cacheOptions cache.Options
+	if global.LabelSelector != "" {
+		setupLog.Info("setting up cache with label selector", "selector", global.LabelSelector)
+		selector := labels.NewSelector()
+		req, err := labels.NewRequirement(global.LabelSelector, selection.Exists, nil)
+		if err != nil {
+			setupLog.Error(err, "unable to parse label selector")
+			os.Exit(1)
+		}
+
+		cacheOptions = cache.Options{
+			DefaultLabelSelector: selector.Add(*req),
+		}
+	}
+
 	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
 		Scheme:                 scheme,
 		Metrics:                metricsServerOptions,
@@ -153,6 +173,9 @@ func main() {
 		// if you are doing or is intended to do any operation such as perform cleanups
 		// after the manager stops then its usage might be unsafe.
 		// LeaderElectionReleaseOnCancel: true,
+
+		// Optionally configure the cache to listen/watch for specific labeled resources only
+		Cache: cacheOptions,
 	})
 
 	if err != nil {
diff --git a/internal/controller/hypervisor_controller.go b/internal/controller/hypervisor_controller.go
@@ -37,6 +37,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 
 	kvmv1 "github.com/cobaltcore-dev/openstack-hypervisor-operator/api/v1"
+	"github.com/cobaltcore-dev/openstack-hypervisor-operator/internal/global"
 )
 
 const (
@@ -174,6 +175,11 @@ func (hv *HypervisorController) SetupWithManager(mgr ctrl.Manager) error {
 		return fmt.Errorf("failed to create label selector predicate: %w", err)
 	}
 
+	// append the custom label selector from global config
+	if global.LabelSelector != "" {
+		transferLabels = append(transferLabels, global.LabelSelector)
+	}
+
 	return ctrl.NewControllerManagedBy(mgr).
 		Named(HypervisorControllerName).
 		For(&corev1.Node{}).
diff --git a/internal/controller/node_eviction_label_controller.go b/internal/controller/node_eviction_label_controller.go
@@ -34,6 +34,7 @@ import (
 	logger "sigs.k8s.io/controller-runtime/pkg/log"
 
 	kvmv1 "github.com/cobaltcore-dev/openstack-hypervisor-operator/api/v1"
+	"github.com/cobaltcore-dev/openstack-hypervisor-operator/internal/global"
 )
 
 const (
@@ -74,6 +75,13 @@ func (r *NodeEvictionLabelReconciler) Reconcile(ctx context.Context, req ctrl.Re
 		},
 	}
 
+	// Add global label selector if configured to ensure we reconcile them
+	if global.LabelSelector != "" {
+		eviction.Labels = map[string]string{
+			global.LabelSelector: "true",
+		}
+	}
+
 	var err error
 	if !found {
 		newNode := node.DeepCopy()
diff --git a/internal/global/global.go b/internal/global/global.go
@@ -0,0 +1,23 @@
+/*
+SPDX-FileCopyrightText: Copyright 2025 SAP SE or an SAP affiliate company and cobaltcore-dev contributors
+SPDX-License-Identifier: Apache-2.0
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package global
+
+var (
+	// LabelSelector is a custom label that is used to select resources managed by the operator.
+	LabelSelector = ""
+)
