Allows for override replicas quantity to deploy a HA cert manager

Signed-off-by: appiepollo14 <[email protected]>

Author: appiepollo14

api/operator/v1alpha1/certmanager_types.go

@@ -82,6 +82,11 @@ type DeploymentConfig struct {
 	// +optional
 	OverrideResources CertManagerResourceRequirements `json:"overrideResources,omitempty"`
 
+	// Replicas defines the number of replicas to run for an operand
+	// +kubebuilder:validation:Optional
+	// +optional
+	OverrideReplicas int32 `json:"overrideReplicas,omitempty"`
+
 	// +kubebuilder:validation:Optional
 	// +optional
 	OverrideScheduling CertManagerScheduling `json:"overrideScheduling,omitempty"`

bundle/manifests/operator.openshift.io_certmanagers.yaml

@@ -177,6 +177,11 @@ spec:
                     additionalProperties:
                       type: string
                     type: object
+                  overrideReplicas:
+                    description: Replicas defines the number of replicas to run for
+                      an operand
+                    format: int32
+                    type: integer
                   overrideResources:
                     description: |-
                       CertManagerResourceRequirements describes the compute resource requirements for the cert-manager operands,
@@ -413,6 +418,11 @@ spec:
                     additionalProperties:
                       type: string
                     type: object
+                  overrideReplicas:
+                    description: Replicas defines the number of replicas to run for
+                      an operand
+                    format: int32
+                    type: integer
                   overrideResources:
                     description: |-
                       CertManagerResourceRequirements describes the compute resource requirements for the cert-manager operands,
@@ -694,6 +704,11 @@ spec:
                     additionalProperties:
                       type: string
                     type: object
+                  overrideReplicas:
+                    description: Replicas defines the number of replicas to run for
+                      an operand
+                    format: int32
+                    type: integer
                   overrideResources:
                     description: |-
                       CertManagerResourceRequirements describes the compute resource requirements for the cert-manager operands,

config/crd/bases/operator.openshift.io_certmanagers.yaml

@@ -177,6 +177,11 @@ spec:
                     additionalProperties:
                       type: string
                     type: object
+                  overrideReplicas:
+                    description: Replicas defines the number of replicas to run for
+                      an operand
+                    format: int32
+                    type: integer
                   overrideResources:
                     description: |-
                       CertManagerResourceRequirements describes the compute resource requirements for the cert-manager operands,
@@ -413,6 +418,11 @@ spec:
                     additionalProperties:
                       type: string
                     type: object
+                  overrideReplicas:
+                    description: Replicas defines the number of replicas to run for
+                      an operand
+                    format: int32
+                    type: integer
                   overrideResources:
                     description: |-
                       CertManagerResourceRequirements describes the compute resource requirements for the cert-manager operands,
@@ -694,6 +704,11 @@ spec:
                     additionalProperties:
                       type: string
                     type: object
+                  overrideReplicas:
+                    description: Replicas defines the number of replicas to run for
+                      an operand
+                    format: int32
+                    type: integer
                   overrideResources:
                     description: |-
                       CertManagerResourceRequirements describes the compute resource requirements for the cert-manager operands,

pkg/controller/deployment/deployment_helper.go

@@ -214,6 +214,33 @@ func getOverridePodLabelsFor(certmanagerinformer certmanagerinformer.CertManager
 
 }
 
+// getOverrideReplicasFor is a helper function that returns the OverrideReplicas provided
+// in the operator spec based on the deployment name.
+func getOverrideReplicasFor(certmanagerinformer certmanagerinformer.CertManagerInformer, deploymentName string) (int32, error) {
+	certmanager, err := certmanagerinformer.Lister().Get("cluster")
+	if err != nil {
+		return 0, fmt.Errorf("failed to get certmanager %q due to %v", "cluster", err)
+	}
+
+	switch deploymentName {
+	case certmanagerControllerDeployment:
+		if certmanager.Spec.ControllerConfig != nil {
+			return certmanager.Spec.ControllerConfig.OverrideReplicas, nil
+		}
+	case certmanagerWebhookDeployment:
+		if certmanager.Spec.WebhookConfig != nil {
+			return certmanager.Spec.WebhookConfig.OverrideReplicas, nil
+		}
+	case certmanagerCAinjectorDeployment:
+		if certmanager.Spec.CAInjectorConfig != nil {
+			return certmanager.Spec.CAInjectorConfig.OverrideReplicas, nil
+		}
+	default:
+		return 0, fmt.Errorf("unsupported deployment name %q provided", deploymentName)
+	}
+	return 0, nil
+}
+
 // getOverrideResourcesFor is a helper function that returns the OverrideResources provided
 // in the operator spec based on the deployment name.
 func getOverrideResourcesFor(certmanagerinformer certmanagerinformer.CertManagerInformer, deploymentName string) (v1alpha1.CertManagerResourceRequirements, error) {

pkg/controller/deployment/deployment_helper_test.go

@@ -944,3 +944,146 @@ func TestGetOverrideSchedulingFor(t *testing.T) {
 		})
 	}
 }
+
+func TestGetOverrideReplicasFor(t *testing.T) {
+	tests := []struct {
+		name                     string
+		certManagerObj           v1alpha1.CertManager
+		deploymentName           string
+		expectedOverrideReplicas int32
+	}{
+		{
+			name: "get override replicas of cert manager controller config",
+			certManagerObj: v1alpha1.CertManager{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster",
+				},
+				Spec: v1alpha1.CertManagerSpec{
+					ControllerConfig: &v1alpha1.DeploymentConfig{
+						OverrideReplicas: 2,
+					},
+				},
+			},
+			deploymentName:           certmanagerControllerDeployment,
+			expectedOverrideReplicas: 2,
+		},
+		{
+			name: "get override scheduling of cert manager webhook config",
+			certManagerObj: v1alpha1.CertManager{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster",
+				},
+				Spec: v1alpha1.CertManagerSpec{
+					WebhookConfig: &v1alpha1.DeploymentConfig{
+						OverrideReplicas: 0,
+					},
+				},
+			},
+			deploymentName:           certmanagerWebhookDeployment,
+			expectedOverrideReplicas: 0,
+		},
+		{
+			name: "get override scheduling of cert manager cainjector config",
+			certManagerObj: v1alpha1.CertManager{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster",
+				},
+				Spec: v1alpha1.CertManagerSpec{
+					CAInjectorConfig: &v1alpha1.DeploymentConfig{
+						OverrideReplicas: 2,
+					},
+				},
+			},
+			deploymentName:           certmanagerCAinjectorDeployment,
+			expectedOverrideReplicas: 2,
+		},
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// Create channel to know when the watch has started.
+	watcherStarted := make(chan struct{})
+	// Create the fake client.
+	fakeClient := fake.NewSimpleClientset()
+	// A watch reactor for cert manager objects that allows the injection of the watcherStarted channel.
+	fakeClient.PrependWatchReactor("certmanagers", func(action clienttesting.Action) (handled bool, ret watch.Interface, err error) {
+		gvr := action.GetResource()
+		ns := action.GetNamespace()
+		watch, err := fakeClient.Tracker().Watch(gvr, ns)
+		if err != nil {
+			return false, nil, err
+		}
+		close(watcherStarted)
+		return true, watch, nil
+	})
+
+	// Create cert manager informers using the fake client.
+	certManagerInformers := certmanoperatorinformer.NewSharedInformerFactory(fakeClient, 0).Operator().V1alpha1().CertManagers()
+
+	// Create a channel to receive the cert manager objects from the informer.
+	certManagerChan := make(chan *v1alpha1.CertManager, 1)
+
+	// Add event handlers to the informer to write the cert manager objects to
+	// the channel received during the add and the delete events.
+	certManagerInformers.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			certManagerObj := obj.(*v1alpha1.CertManager)
+			t.Logf("cert manager obj added: %s", certManagerObj.Name)
+			certManagerChan <- certManagerObj
+		},
+		DeleteFunc: func(obj interface{}) {
+			certManagerObj := obj.(*v1alpha1.CertManager)
+			t.Logf("cert manager obj deleted: %s", certManagerObj.Name)
+			certManagerChan <- certManagerObj
+		},
+	})
+
+	// Make sure informer is running.
+	go certManagerInformers.Informer().Run(ctx.Done())
+
+	// This is not required in tests, but it serves as a proof-of-concept by
+	// ensuring that the informer goroutine have warmed up and called List before
+	// we send any events to it.
+	cache.WaitForCacheSync(ctx.Done(), certManagerInformers.Informer().HasSynced)
+
+	// The fake client doesn't support resource version. Any writes to the client
+	// after the informer's initial LIST and before the informer establishing the
+	// watcher will be missed by the informer. Therefore we wait until the watcher
+	// starts.
+	<-watcherStarted
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			// Create the cert manager object using the fake client.
+			_, err := fakeClient.OperatorV1alpha1().CertManagers().Create(ctx, &tc.certManagerObj, metav1.CreateOptions{})
+			if err != nil {
+				t.Fatalf("error injecting cert manager add: %v", err)
+			}
+
+			// Wait for the informer to get the event.
+			select {
+			case <-certManagerChan:
+			case <-time.After(wait.ForeverTestTimeout):
+				t.Fatal("Informer did not get the added cert manager object")
+			}
+
+			actualOverrideReplicas, err := getOverrideReplicasFor(certManagerInformers, tc.deploymentName)
+			assert.NoError(t, err)
+			require.Equal(t, tc.expectedOverrideReplicas, actualOverrideReplicas)
+
+			// Delete the cert manager object using the fake client.
+			err = fakeClient.OperatorV1alpha1().CertManagers().Delete(ctx, tc.certManagerObj.Name, metav1.DeleteOptions{})
+			if err != nil {
+				t.Fatalf("error deleting cert manager add: %v", err)
+			}
+
+			// Wait for the informer to get the event.
+			select {
+			case <-certManagerChan:
+			case <-time.After(wait.ForeverTestTimeout):
+				t.Fatal("Informer did not get the deleted cert manager")
+			}
+		})
+	}
+}

pkg/controller/deployment/deployment_overrides.go

@@ -12,6 +12,7 @@ import (
 	"k8s.io/utils/ptr"
 
 	operatorv1 "github.com/openshift/api/operator/v1"
+	v1 "github.com/openshift/api/operator/v1"
 	"github.com/operator-framework/operator-lib/proxy"
 
 	"github.com/openshift/cert-manager-operator/api/operator/v1alpha1"
@@ -57,6 +58,11 @@ type overrideEnvFunc func(certmanagerinformer.CertManagerInformer, string) ([]co
 // to cert-manager-operator spec.
 type overrideLabelsFunc func(certmanagerinformer.CertManagerInformer, string) (map[string]string, error)
 
+// overrideReplicasFunc defines a function signature that is accepted by
+// withContainerReplicasOverrideHook(). This function returns the override
+// replicas provided to cert-manager-operator spec.
+type overrideReplicasFunc func(certmanagerinformer.CertManagerInformer, string) (int32, error)
+
 // overrideResourcesFunc defines a function signature that is accepted by
 // withContainerResourcesOverrideHook(). This function returns the override
 // resources provided to cert-manager-operator spec.
@@ -137,6 +143,24 @@ func withContainerResourcesOverrideHook(certmanagerinformer certmanagerinformer.
 	}
 }
 
+// withContainerReplicasOverrideHook overrides the deployment replicas with those provided by
+// the overrideReplicasFunc function.
+func withContainerReplicasOverrideHook(certmanagerinformer certmanagerinformer.CertManagerInformer, deploymentName string, fn overrideReplicasFunc) func(operatorSpec *v1.OperatorSpec, deployment *appsv1.Deployment) error {
+	return func(operatorSpec *v1.OperatorSpec, deployment *appsv1.Deployment) error {
+		overrideReplicas, err := fn(certmanagerinformer, deploymentName)
+		if err != nil {
+			return err
+		}
+
+		if overrideReplicas != 0 {
+			if deployment.Name == deploymentName {
+				deployment.Spec.Replicas = &overrideReplicas
+			}
+		}
+		return nil
+	}
+}
+
 // withPodSchedulingOverrideHook overrides the pod scheduling with those provided by
 // the overrideSchedulingFunc function.
 func withPodSchedulingOverrideHook(certmanagerinformer certmanagerinformer.CertManagerInformer, deploymentName string, fn overrideSchedulingFunc) func(operatorSpec *operatorv1.OperatorSpec, deployment *appsv1.Deployment) error {

pkg/controller/deployment/generic_deployment_controller.go

@@ -50,6 +50,7 @@ func newGenericDeploymentController(
 		withContainerArgsValidateHook(certManagerOperatorInformers.Operator().V1alpha1().CertManagers(), deployment.Name),
 		withContainerEnvOverrideHook(certManagerOperatorInformers.Operator().V1alpha1().CertManagers(), deployment.Name, getOverrideEnvFor),
 		withContainerEnvValidateHook(certManagerOperatorInformers.Operator().V1alpha1().CertManagers(), deployment.Name),
+		withContainerReplicasOverrideHook(certManagerOperatorInformers.Operator().V1alpha1().CertManagers(), deployment.Name, getOverrideReplicasFor),
 		withContainerResourcesOverrideHook(certManagerOperatorInformers.Operator().V1alpha1().CertManagers(), deployment.Name, getOverrideResourcesFor),
 		withContainerResourcesValidateHook(certManagerOperatorInformers.Operator().V1alpha1().CertManagers(), deployment.Name),
 		withPodSchedulingOverrideHook(certManagerOperatorInformers.Operator().V1alpha1().CertManagers(), deployment.Name, getOverrideSchedulingFor),