Merge pull request #1232 from Miciah/OCPBUGS-55317-status-check-capabilities-for-subscriptions-watch

OCPBUGS-55317: Check capabilities before watching OLM resource

Author: openshift-merge-bot[bot]

pkg/operator/controller/gatewayapi/controller.go

@@ -104,6 +104,12 @@ type Config struct {
 	GatewayAPIEnabled bool
 	// GatewayAPIControllerEnabled indicates that the "GatewayAPIController" featuregate is enabled.
 	GatewayAPIControllerEnabled bool
+	// MarketplaceEnabled indicates whether the "marketplace" capability is
+	// enabled.
+	MarketplaceEnabled bool
+	// OperatorLifecycleManagerEnabled indicates whether the
+	// "OperatorLifecycleManager" capability is enabled.
+	OperatorLifecycleManagerEnabled bool
 
 	// DependentControllers is a list of controllers that watch Gateway API
 	// resources.  The gatewayapi controller starts these controllers once
@@ -148,6 +154,16 @@ func (r *reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 		return reconcile.Result{}, nil
 	}
 
+	// The subscriptions resource only exists if the
+	// "OperatorLifecycleManager" capability is enabled, and the default
+	// catalog only exists if the "marketplace" capability is enabled.  We
+	// cannot install OSSM if the subscriptions resource or default catalog
+	// does not exist, and accordingly, we should not start these
+	// controllers if the capabilities are not enabled.
+	if !r.config.MarketplaceEnabled || !r.config.OperatorLifecycleManagerEnabled {
+		return reconcile.Result{}, nil
+	}
+
 	r.startControllers.Do(func() {
 		for i := range r.config.DependentControllers {
 			c := &r.config.DependentControllers[i]

pkg/operator/controller/gatewayapi/controller_test.go

@@ -57,6 +57,8 @@ func Test_Reconcile(t *testing.T) {
 		name                        string
 		gatewayAPIEnabled           bool
 		gatewayAPIControllerEnabled bool
+		marketplaceEnabled          bool
+		olmEnabled                  bool
 		existingObjects             []runtime.Object
 		// existingStatusSubresource contains the original version of objects
 		// whose status will updated by Reconcile function.
@@ -72,8 +74,10 @@ func Test_Reconcile(t *testing.T) {
 		expectStartCtrl    bool
 	}{
 		{
-			name:              "gateway API disabled",
-			gatewayAPIEnabled: false,
+			name:               "gateway API disabled",
+			gatewayAPIEnabled:  false,
+			marketplaceEnabled: true,
+			olmEnabled:         true,
 			existingObjects: []runtime.Object{
 				co("ingress"),
 			},
@@ -86,6 +90,8 @@ func Test_Reconcile(t *testing.T) {
 			name:                        "gateway API enabled",
 			gatewayAPIEnabled:           true,
 			gatewayAPIControllerEnabled: true,
+			marketplaceEnabled:          true,
+			olmEnabled:                  true,
 			existingObjects: []runtime.Object{
 				co("ingress"),
 			},
@@ -106,6 +112,30 @@ func Test_Reconcile(t *testing.T) {
 			name:                        "gateway API enabled, gateway API controller disabled",
 			gatewayAPIEnabled:           true,
 			gatewayAPIControllerEnabled: false,
+			marketplaceEnabled:          true,
+			olmEnabled:                  true,
+			existingObjects: []runtime.Object{
+				co("ingress"),
+			},
+			expectCreate: []client.Object{
+				crd("gatewayclasses.gateway.networking.k8s.io"),
+				crd("gateways.gateway.networking.k8s.io"),
+				crd("grpcroutes.gateway.networking.k8s.io"),
+				crd("httproutes.gateway.networking.k8s.io"),
+				crd("referencegrants.gateway.networking.k8s.io"),
+				clusterRole("system:openshift:gateway-api:aggregate-to-admin"),
+				clusterRole("system:openshift:gateway-api:aggregate-to-view"),
+			},
+			expectUpdate:    []client.Object{},
+			expectDelete:    []client.Object{},
+			expectStartCtrl: false,
+		},
+		{
+			name:                        "GatewayAPI enabled, GatewayAPIController enabled, marketplace and OLM capabilities disabled",
+			gatewayAPIEnabled:           true,
+			gatewayAPIControllerEnabled: true,
+			marketplaceEnabled:          false,
+			olmEnabled:                  false,
 			existingObjects: []runtime.Object{
 				co("ingress"),
 			},
@@ -126,6 +156,8 @@ func Test_Reconcile(t *testing.T) {
 			name:                        "unmanaged gateway API CRDs created",
 			gatewayAPIEnabled:           true,
 			gatewayAPIControllerEnabled: true,
+			marketplaceEnabled:          true,
+			olmEnabled:                  true,
 			existingObjects: []runtime.Object{
 				co("ingress"),
 				crd("listenersets.gateway.networking.x-k8s.io"),
@@ -154,6 +186,8 @@ func Test_Reconcile(t *testing.T) {
 			name:                        "unmanaged gateway API CRDs removed",
 			gatewayAPIEnabled:           true,
 			gatewayAPIControllerEnabled: true,
+			marketplaceEnabled:          true,
+			olmEnabled:                  true,
 			existingObjects: []runtime.Object{
 				coWithExtension("ingress", `{"unmanagedGatewayAPICRDNames":"listenersets.gateway.networking.x-k8s.io"}`),
 			},
@@ -180,6 +214,8 @@ func Test_Reconcile(t *testing.T) {
 			name:                        "third party CRDs",
 			gatewayAPIEnabled:           true,
 			gatewayAPIControllerEnabled: true,
+			marketplaceEnabled:          true,
+			olmEnabled:                  true,
 			existingObjects: []runtime.Object{
 				co("ingress"),
 				crd("thirdpartycrd1.openshift.io"),
@@ -241,9 +277,11 @@ func Test_Reconcile(t *testing.T) {
 				client: cl,
 				cache:  cache,
 				config: Config{
-					GatewayAPIEnabled:           tc.gatewayAPIEnabled,
-					GatewayAPIControllerEnabled: tc.gatewayAPIControllerEnabled,
-					DependentControllers:        []controller.Controller{ctrl},
+					GatewayAPIEnabled:               tc.gatewayAPIEnabled,
+					GatewayAPIControllerEnabled:     tc.gatewayAPIControllerEnabled,
+					MarketplaceEnabled:              tc.marketplaceEnabled,
+					OperatorLifecycleManagerEnabled: tc.olmEnabled,
+					DependentControllers:            []controller.Controller{ctrl},
 				},
 			}
 			req := reconcile.Request{
@@ -316,9 +354,11 @@ func TestReconcileOnlyStartsControllerOnce(t *testing.T) {
 		client: cl,
 		cache:  cache,
 		config: Config{
-			GatewayAPIEnabled:           true,
-			GatewayAPIControllerEnabled: true,
-			DependentControllers:        []controller.Controller{ctrl},
+			GatewayAPIEnabled:               true,
+			GatewayAPIControllerEnabled:     true,
+			MarketplaceEnabled:              true,
+			OperatorLifecycleManagerEnabled: true,
+			DependentControllers:            []controller.Controller{ctrl},
 		},
 	}
 	req := reconcile.Request{NamespacedName: types.NamespacedName{Name: "cluster"}}

pkg/operator/controller/status/controller.go

@@ -99,7 +99,15 @@ func New(mgr manager.Manager, config Config) (controller.Controller, error) {
 		return nil, err
 	}
 
-	if config.GatewayAPIEnabled {
+	// If the "GatewayAPI" controller featuregate is enabled, watch
+	// subscriptions so that this controller can update status when the OSSM
+	// subscription is created or updated.  Note that the subscriptions
+	// resource only exists if the "OperatorLifecycleManager" capability is
+	// enabled, so we cannot watch it if the capability is not enabled.
+	// Additionally, the default catalog only exists if the "marketplace"
+	// capability is enabled, so we cannot install OSSM without that
+	// capability.
+	if config.GatewayAPIEnabled && config.MarketplaceEnabled && config.OperatorLifecycleManagerEnabled {
 		if err := c.Watch(source.Kind[client.Object](operatorCache, &operatorsv1alpha1.Subscription{}, handler.EnqueueRequestsFromMapFunc(toDefaultIngressController), predicate.Funcs{
 			CreateFunc: func(e event.CreateEvent) bool {
 				return e.Object.GetNamespace() == operatorcontroller.OpenshiftOperatorNamespace
@@ -124,11 +132,17 @@ func New(mgr manager.Manager, config Config) (controller.Controller, error) {
 // Config holds all the things necessary for the controller to run.
 type Config struct {
 	// GatewayAPIEnabled indicates that the "GatewayAPI" featuregate is enabled.
-	GatewayAPIEnabled      bool
-	IngressControllerImage string
-	CanaryImage            string
-	OperatorReleaseVersion string
-	Namespace              string
+	GatewayAPIEnabled bool
+	// MarketplaceEnabled indicates whether the "marketplace" capability is
+	// enabled.
+	MarketplaceEnabled bool
+	// OperatorLifecycleManagerEnabled indicates whether the
+	// "OperatorLifecycleManager" capability is enabled.
+	OperatorLifecycleManagerEnabled bool
+	IngressControllerImage          string
+	CanaryImage                     string
+	OperatorReleaseVersion          string
+	Namespace                       string
 }
 
 // IngressOperatorStatusExtension holds status extensions of the ingress cluster operator.
@@ -338,14 +352,17 @@ func (r *reconciler) getOperatorState(ingressNamespace, canaryNamespace string,
 	}
 
 	if r.config.GatewayAPIEnabled {
-		var subscription operatorsv1alpha1.Subscription
-		subscriptionName := operatorcontroller.ServiceMeshOperatorSubscriptionName()
-		if err := r.cache.Get(context.TODO(), subscriptionName, &subscription); err != nil {
-			if !errors.IsNotFound(err) {
-				return state, fmt.Errorf("failed to get subscription %q: %v", subscriptionName, err)
+		if r.config.MarketplaceEnabled && r.config.OperatorLifecycleManagerEnabled {
+			var subscription operatorsv1alpha1.Subscription
+			subscriptionName := operatorcontroller.ServiceMeshOperatorSubscriptionName()
+			if err := r.cache.Get(context.TODO(), subscriptionName, &subscription); err != nil {
+				if !errors.IsNotFound(err) {
+					return state, fmt.Errorf("failed to get subscription %q: %v", subscriptionName, err)
+				}
+			} else {
+				state.haveOSSMSubscription = true
+
 			}
-		} else {
-			state.haveOSSMSubscription = true
 		}
 
 		if len(co.Status.Extension.Raw) > 0 {

pkg/operator/operator.go

@@ -46,6 +46,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/util/retry"
@@ -140,6 +141,17 @@ func New(config operatorconfig.Config, kubeConfig *rest.Config) (*Operator, erro
 	ingressControllerDCMEnabled := featureGates.Enabled(features.FeatureGateIngressControllerDynamicConfigurationManager)
 	gcpCustomEndpointsEnabled := featureGates.Enabled(features.FeatureGateGCPCustomAPIEndpoints)
 
+	cv, err := configClient.ConfigV1().ClusterVersions().Get(ctx, "version", metav1.GetOptions{})
+	if err != nil {
+		return nil, fmt.Errorf("failed fetching clusterversion: %w", err)
+	}
+	enabledCapabilities := sets.New[configv1.ClusterVersionCapability]()
+	for _, cap := range cv.Status.Capabilities.EnabledCapabilities {
+		enabledCapabilities.Insert(cap)
+	}
+	marketplaceEnabled := enabledCapabilities.Has(configv1.ClusterVersionCapabilityMarketplace)
+	olmEnabled := enabledCapabilities.Has(configv1.ClusterVersionCapabilityOperatorLifecycleManager)
+
 	// Set up an operator manager for the operator namespace.
 	mgr, err := manager.New(kubeConfig, manager.Options{
 		Scheme: scheme,
@@ -208,11 +220,13 @@ func New(config operatorconfig.Config, kubeConfig *rest.Config) (*Operator, erro
 
 	// Set up the status controller.
 	if _, err := statuscontroller.New(mgr, statuscontroller.Config{
-		Namespace:              config.Namespace,
-		IngressControllerImage: config.IngressControllerImage,
-		CanaryImage:            config.CanaryImage,
-		OperatorReleaseVersion: config.OperatorReleaseVersion,
-		GatewayAPIEnabled:      gatewayAPIEnabled,
+		Namespace:                       config.Namespace,
+		IngressControllerImage:          config.IngressControllerImage,
+		CanaryImage:                     config.CanaryImage,
+		OperatorReleaseVersion:          config.OperatorReleaseVersion,
+		GatewayAPIEnabled:               gatewayAPIEnabled,
+		MarketplaceEnabled:              marketplaceEnabled,
+		OperatorLifecycleManagerEnabled: olmEnabled,
 	}); err != nil {
 		return nil, fmt.Errorf("failed to create status controller: %v", err)
 	}
@@ -324,8 +338,10 @@ func New(config operatorconfig.Config, kubeConfig *rest.Config) (*Operator, erro
 
 	// Set up the gatewayapi controller.
 	if _, err := gatewayapicontroller.New(mgr, gatewayapicontroller.Config{
-		GatewayAPIEnabled:           gatewayAPIEnabled,
-		GatewayAPIControllerEnabled: gatewayAPIControllerEnabled,
+		GatewayAPIEnabled:               gatewayAPIEnabled,
+		GatewayAPIControllerEnabled:     gatewayAPIControllerEnabled,
+		MarketplaceEnabled:              marketplaceEnabled,
+		OperatorLifecycleManagerEnabled: olmEnabled,
 		DependentControllers: []controller.Controller{
 			gatewayClassController,
 			gatewayServiceDNSController,