Organize openshift-specific annotations for namespace (#1409)

Signed-off-by: Mat Kowalski <mko@redhat.com>

Author: mkowalski

cmd/operator/main.go

@@ -47,6 +47,7 @@ import (
 	nmstatev1 "github.com/nmstate/kubernetes-nmstate/api/v1"
 	nmstatev1beta1 "github.com/nmstate/kubernetes-nmstate/api/v1beta1"
 	controllers "github.com/nmstate/kubernetes-nmstate/controllers/operator"
+	"github.com/nmstate/kubernetes-nmstate/pkg/cluster"
 )
 
 type ProfilerConfig struct {
@@ -125,11 +126,17 @@ func setupOperatorController(mgr manager.Manager) error {
 		return fmt.Errorf("failed creating non cached client: %w", err)
 	}
 
+	isOpenShift, err := cluster.IsOpenShift(apiClient)
+	if err != nil {
+		setupLog.Info("Warning: could not determine if running on OpenShift, assuming not")
+	}
+
 	if err = (&controllers.NMStateReconciler{
-		Client:    mgr.GetClient(),
-		APIClient: apiClient,
-		Log:       ctrl.Log.WithName("controllers").WithName("NMState"),
-		Scheme:    mgr.GetScheme(),
+		Client:      mgr.GetClient(),
+		APIClient:   apiClient,
+		Log:         ctrl.Log.WithName("controllers").WithName("NMState"),
+		Scheme:      mgr.GetScheme(),
+		IsOpenShift: isOpenShift,
 	}).SetupWithManager(mgr); err != nil {
 		return fmt.Errorf("failed creating NMState CR controller: %w", err)
 	}

controllers/operator/nmstate_controller.go

@@ -48,7 +48,6 @@ import (
 	"github.com/nmstate/kubernetes-nmstate/api/names"
 	"github.com/nmstate/kubernetes-nmstate/api/shared"
 	nmstatev1 "github.com/nmstate/kubernetes-nmstate/api/v1"
-	"github.com/nmstate/kubernetes-nmstate/pkg/cluster"
 	"github.com/nmstate/kubernetes-nmstate/pkg/environment"
 	nmstaterenderer "github.com/nmstate/kubernetes-nmstate/pkg/render"
 )
@@ -63,6 +62,7 @@ type NMStateReconciler struct {
 	APIClient   client.Client
 	Log         logr.Logger
 	Scheme      *runtime.Scheme
+	IsOpenShift bool
 	deployments []client.ObjectKey
 	daemonSets  []client.ObjectKey
 }
@@ -173,18 +173,14 @@ func (r *NMStateReconciler) applyManifests(instance *nmstatev1.NMState, ctx cont
 		return errors.Wrap(err, "failed applying Handler")
 	}
 
-	isOpenShift, err := cluster.IsOpenShift(r.APIClient)
-
 	_, errUIPluginPathExists := os.Stat(filepath.Join(names.ManifestDir, "kubernetes-nmstate", "openshift", "ui-plugin"))
-	if err == nil && isOpenShift && errUIPluginPathExists == nil {
-		if err = r.applyOpenshiftUIPlugin(ctx, instance); err != nil {
+	if r.IsOpenShift && errUIPluginPathExists == nil {
+		if err := r.applyOpenshiftUIPlugin(ctx, instance); err != nil {
 			return errors.Wrap(err, "failed applying UI Plugin")
 		}
-		if err = r.patchOpenshiftConsolePlugin(ctx); err != nil {
+		if err := r.patchOpenshiftConsolePlugin(ctx); err != nil {
 			return errors.Wrap(err, "failed enabling the plugin in cluster's console")
 		}
-	} else if err != nil {
-		r.Log.Info("Warning: could not determine if running on OpenShift")
 	}
 	return nil
 }
@@ -198,6 +194,8 @@ func (r *NMStateReconciler) applyNamespace(ctx context.Context, instance *nmstat
 	data := render.MakeRenderData()
 	data.Data["HandlerNamespace"] = os.Getenv("HANDLER_NAMESPACE")
 	data.Data["HandlerPrefix"] = os.Getenv("HANDLER_PREFIX")
+	data.Data["IsOpenShift"] = r.IsOpenShift
+
 	return r.renderAndApply(ctx, instance, data, "namespace", false)
 }
 
@@ -206,12 +204,7 @@ func (r *NMStateReconciler) applyNetworkPolicies(ctx context.Context, instance *
 	data.Data["HandlerNamespace"] = os.Getenv("HANDLER_NAMESPACE")
 	data.Data["OperatorNamespace"] = os.Getenv("OPERATOR_NAMESPACE")
 	data.Data["PluginNamespace"] = os.Getenv("HANDLER_NAMESPACE")
-
-	isOpenShift, err := cluster.IsOpenShift(r.APIClient)
-	if err != nil {
-		return err
-	}
-	data.Data["IsOpenShift"] = isOpenShift
+	data.Data["IsOpenShift"] = r.IsOpenShift
 
 	return r.renderAndApply(ctx, instance, data, "netpol", true)
 }
@@ -227,11 +220,7 @@ func (r *NMStateReconciler) applyRBAC(ctx context.Context, instance *nmstatev1.N
 		return errors.Wrap(err, "failed checking if cluster-reader ClusterRole exists")
 	}
 
-	isOpenShift, err := cluster.IsOpenShift(r.APIClient)
-	if err != nil {
-		return err
-	}
-	data.Data["IsOpenShift"] = isOpenShift
+	data.Data["IsOpenShift"] = r.IsOpenShift
 
 	return r.renderAndApply(ctx, instance, data, "rbac", true)
 }
@@ -367,12 +356,7 @@ func (r *NMStateReconciler) applyHandler(ctx context.Context, instance *nmstatev
 	data.Data["MetricsConfiguration"] = metricsConfig
 	data.Data["LogLevelHandlerCommandArg"] = logLevelHandlerCommandArg
 	data.Data["HandlerReadinessProbeExtraArg"] = handlerReadinessProbeExtraArg
-
-	isOpenShift, err := cluster.IsOpenShift(r.APIClient)
-	if err != nil {
-		return err
-	}
-	data.Data["IsOpenShift"] = isOpenShift
+	data.Data["IsOpenShift"] = r.IsOpenShift
 
 	return r.renderAndApply(ctx, instance, data, "handler", true)
 }
@@ -417,13 +401,9 @@ func (r *NMStateReconciler) patchOpenshiftConsolePlugin(ctx context.Context) err
 }
 
 func (r *NMStateReconciler) cleanupObsoleteResources(ctx context.Context) error {
-	isOpenShift, err := cluster.IsOpenShift(r.APIClient)
-	if err != nil {
-		return err
-	}
 	// We are no longer using cert-manager at openshift, let's remove it
-	if isOpenShift {
-		err = r.Client.Delete(ctx, &appsv1.Deployment{
+	if r.IsOpenShift {
+		err := r.Client.Delete(ctx, &appsv1.Deployment{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: os.Getenv("HANDLER_NAMESPACE"),
 				Name:      os.Getenv("HANDLER_PREFIX") + "nmstate-cert-manager",

deploy/handler/namespace.yaml

@@ -7,4 +7,7 @@ metadata:
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/warn: privileged
+{{- if .IsOpenShift }}
     openshift.io/cluster-monitoring: "true"
+    openshift.io/node-selector: ""
+{{- end }}