status: Conditionally add CRDs to relatedObjects

Miciah · Miciah · commit 0fa1281ffd86 · 2025-04-08T20:23:37.000-04:00
Check whether the gatewayclasses, gateways, and istios CRDs actually exist before adding them to relatedObjects. Also, use the "GatewayAPIController" featuregate for the gateways and istios resources, rather than the "GatewayAPI" featuregate. Before this change, the operator could add istios to relatedObjects even if the OSSM subscription failed to install. By convention, an operator should only add resources to relatedObjects if those resources exist. This commit fixes OCPBUGS-54745. https://issues.redhat.com/browse/OCPBUGS-54745 * pkg/operator/controller/status/controller.go (gatewaysResourceName, gatewayclassesResourceName, istiosResourceName): New consts for the CRD names. (relatedObjectsCRDs): New var for a string set that contains gatewaysResourceName, gatewayclassesResourceName, and istiosResourceName. (New): Add a watch on CRDs, with a predicate for CRDs with names that are in relatedObjectsCRDs. (Config): Add GatewayAPIControllerEnabled. (Reconcile): Check haveGatewayclassesResource, haveGatewaysResource, and haveIstiosResource in the operatorState object and conditionally add the corresponding resources to relatedObjectsCRDs. (operatorState): Add haveGatewaysResource, haveGatewayclassesResource, and haveIstiosResource fields. (getOperatorState): Set haveGatewaysResource, haveGatewayclassesResource, and haveIstiosResource. * pkg/operator/operator.go (New): Specify GatewayAPIControllerEnabled in the status controller config.
diff --git a/pkg/operator/controller/status/controller.go b/pkg/operator/controller/status/controller.go
@@ -23,9 +23,11 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/sets"
 	utilclock "k8s.io/utils/clock"
 
 	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
@@ -49,13 +51,27 @@ const (
 
 	ingressesEqualConditionMessage = "desired and current number of IngressControllers are equal"
 
+	// gatewaysResourceName is the name of the Gateway API gateways CRD.
+	gatewaysResourceName = "gateways.gateway.networking.k8s.io"
+	// gatewayclassesResourceName is the name of the Gateway API
+	// gatewayclasses CRD.
+	gatewayclassesResourceName = "gatewayclasses.gateway.networking.k8s.io"
+	// istiosResourceName is the name of the Sail Operator istios CRD.
+	istiosResourceName = "istios.sailoperator.io"
+
 	controllerName = "status_controller"
 )
 
-var log = logf.Logger.WithName(controllerName)
+var (
+	log = logf.Logger.WithName(controllerName)
+
+	// clock is to enable unit testing
+	clock utilclock.Clock = utilclock.RealClock{}
 
-// clock is to enable unit testing
-var clock utilclock.Clock = utilclock.RealClock{}
+	// relatedObjectsCRDs is a set of names of CRDs that we add to
+	// relatedObjects if they exist.
+	relatedObjectsCRDs = sets.New[string](gatewaysResourceName, gatewayclassesResourceName, istiosResourceName)
+)
 
 // New creates the status controller. This is the controller that handles all
 // the logic for creating the ClusterOperator operator and updating its status.
@@ -115,6 +131,24 @@ func New(mgr manager.Manager, config Config) (controller.Controller, error) {
 		})); err != nil {
 			return nil, err
 		}
+		if config.GatewayAPIControllerEnabled {
+			if err := c.Watch(source.Kind[client.Object](operatorCache, &apiextensionsv1.CustomResourceDefinition{}, handler.EnqueueRequestsFromMapFunc(toDefaultIngressController), predicate.Funcs{
+				CreateFunc: func(e event.CreateEvent) bool {
+					return relatedObjectsCRDs.Has(e.Object.GetName())
+				},
+				UpdateFunc: func(e event.UpdateEvent) bool {
+					return false
+				},
+				DeleteFunc: func(e event.DeleteEvent) bool {
+					return relatedObjectsCRDs.Has(e.Object.GetName())
+				},
+				GenericFunc: func(e event.GenericEvent) bool {
+					return false
+				},
+			})); err != nil {
+				return nil, err
+			}
+		}
 	}
 
 	return c, nil
@@ -123,7 +157,10 @@ func New(mgr manager.Manager, config Config) (controller.Controller, error) {
 // Config holds all the things necessary for the controller to run.
 type Config struct {
 	// GatewayAPIEnabled indicates that the "GatewayAPI" featuregate is enabled.
-	GatewayAPIEnabled      bool
+	GatewayAPIEnabled bool
+	// GatewayAPIControllerEnabled indicates that the "GatewayAPIControllerEnabled" featuregate is enabled.
+	GatewayAPIControllerEnabled bool
+
 	IngressControllerImage string
 	CanaryImage            string
 	OperatorReleaseVersion string
@@ -199,10 +236,12 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 		})
 	}
 	if r.config.GatewayAPIEnabled {
-		related = append(related, configv1.ObjectReference{
-			Group:    gatewayapiv1.GroupName,
-			Resource: "gatewayclasses",
-		})
+		if state.haveGatewayclassesResource {
+			related = append(related, configv1.ObjectReference{
+				Group:    gatewayapiv1.GroupName,
+				Resource: "gatewayclasses",
+			})
+		}
 		if state.haveOSSMSubscription {
 			subscriptionName := operatorcontroller.ServiceMeshOperatorSubscriptionName()
 			related = append(related, configv1.ObjectReference{
@@ -211,12 +250,15 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 				Namespace: subscriptionName.Namespace,
 				Name:      subscriptionName.Name,
 			})
-			if state.IngressNamespace != nil {
+		}
+		if r.config.GatewayAPIControllerEnabled {
+			if state.haveIstiosResource {
 				related = append(related, configv1.ObjectReference{
-					Group:     sailv1.GroupVersion.Group,
-					Resource:  "istios",
-					Namespace: state.IngressNamespace.Name,
+					Group:    sailv1.GroupVersion.Group,
+					Resource: "istios",
 				})
+			}
+			if state.haveGatewaysResource && state.IngressNamespace != nil {
 				related = append(related, configv1.ObjectReference{
 					Group:     gatewayapiv1.GroupName,
 					Resource:  "gateways",
@@ -295,7 +337,16 @@ type operatorState struct {
 	IngressControllers []operatorv1.IngressController
 	DNSRecords         []iov1.DNSRecord
 
+	// haveOSSMSubscription means that the subscription for OSSM 3 exists.
 	haveOSSMSubscription bool
+	// haveIstiosResource means that the "istios.sailproject.io" CRD exists.
+	haveIstiosResource bool
+	// haveGatewaysResource means that the
+	// "gateways.gateway.networking.k8s.io" CRD exists.
+	haveGatewaysResource bool
+	// haveGatewayclassesResource means that the
+	// "gatewayclasses.gateway.networking.k8s.io" CRD exists.
+	haveGatewayclassesResource bool
 }
 
 // getOperatorState gets and returns the resources necessary to compute the
@@ -338,6 +389,37 @@ func (r *reconciler) getOperatorState(ctx context.Context, ingressNamespace, can
 		} else {
 			state.haveOSSMSubscription = true
 		}
+
+		if r.config.GatewayAPIControllerEnabled {
+			var (
+				crd                                  apiextensionsv1.CustomResourceDefinition
+				gatewaysResourceNamespacedName       = types.NamespacedName{Name: gatewaysResourceName}
+				gatewayclassesResourceNamespacedName = types.NamespacedName{Name: gatewayclassesResourceName}
+				istiosResourceNamespacedName         = types.NamespacedName{Name: istiosResourceName}
+			)
+
+			if err := r.cache.Get(ctx, gatewaysResourceNamespacedName, &crd); err != nil {
+				if !errors.IsNotFound(err) {
+					return state, fmt.Errorf("failed to get CRD %q: %v", gatewaysResourceName, err)
+				}
+			} else {
+				state.haveGatewaysResource = true
+			}
+			if err := r.cache.Get(ctx, gatewayclassesResourceNamespacedName, &crd); err != nil {
+				if !errors.IsNotFound(err) {
+					return state, fmt.Errorf("failed to get CRD %q: %v", gatewayclassesResourceName, err)
+				}
+			} else {
+				state.haveGatewayclassesResource = true
+			}
+			if err := r.cache.Get(ctx, istiosResourceNamespacedName, &crd); err != nil {
+				if !errors.IsNotFound(err) {
+					return state, fmt.Errorf("failed to get CRD %q: %v", istiosResourceName, err)
+				}
+			} else {
+				state.haveIstiosResource = true
+			}
+		}
 	}
 
 	return state, nil
diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go
@@ -208,11 +208,12 @@ func New(config operatorconfig.Config, kubeConfig *rest.Config) (*Operator, erro
 
 	// Set up the status controller.
 	if _, err := statuscontroller.New(mgr, statuscontroller.Config{
-		Namespace:              config.Namespace,
-		IngressControllerImage: config.IngressControllerImage,
-		CanaryImage:            config.CanaryImage,
-		OperatorReleaseVersion: config.OperatorReleaseVersion,
-		GatewayAPIEnabled:      gatewayAPIEnabled,
+		Namespace:                   config.Namespace,
+		IngressControllerImage:      config.IngressControllerImage,
+		CanaryImage:                 config.CanaryImage,
+		OperatorReleaseVersion:      config.OperatorReleaseVersion,
+		GatewayAPIEnabled:           gatewayAPIEnabled,
+		GatewayAPIControllerEnabled: gatewayAPIControllerEnabled,
 	}); err != nil {
 		return nil, fmt.Errorf("failed to create status controller: %v", err)
 	}
