Skip to content

Commit b3f46e5

Browse files
njhalenjhale
committed
fix(rbac): use separate queues for each rbac resource
1 parent 7b1c6b5 commit b3f46e5

File tree

1 file changed

+48
-34
lines changed

1 file changed

+48
-34
lines changed

pkg/controller/operators/olm/operator.go

Lines changed: 48 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -84,52 +84,66 @@ func NewOperator(crClient versioned.Interface, opClient operatorclient.ClientInt
8484
}
8585

8686
// Set up RBAC informers
87-
informerFactory := informers.NewSharedInformerFactory(opClient.KubernetesInterface(), wakeupInterval)
88-
roleInformer := informerFactory.Rbac().V1().Roles()
89-
roleBindingInformer := informerFactory.Rbac().V1().RoleBindings()
90-
clusterRoleInformer := informerFactory.Rbac().V1().ClusterRoles()
91-
clusterRoleBindingInformer := informerFactory.Rbac().V1().ClusterRoleBindings()
92-
namespaceInformer := informerFactory.Core().V1().Namespaces()
93-
94-
// register namespace queueinformer
95-
queueInformer := queueinformer.NewInformer(
96-
workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "namespaces"),
97-
namespaceInformer.Informer(),
87+
roleInformer := informers.NewSharedInformerFactory(opClient.KubernetesInterface(), wakeupInterval).Rbac().V1().Roles()
88+
roleQueueInformer := queueinformer.NewInformer(
89+
workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "roles"),
90+
roleInformer.Informer(),
9891
op.syncObject,
9992
nil,
100-
"namespaces",
93+
"roles",
10194
metrics.NewMetricsNil(),
10295
)
103-
op.RegisterQueueInformer(queueInformer)
104-
op.lister.CoreV1().RegisterNamespaceLister(namespaceInformer.Lister())
96+
op.RegisterQueueInformer(roleQueueInformer)
97+
op.lister.RbacV1().RegisterRoleLister(metav1.NamespaceAll, roleInformer.Lister())
10598

106-
// Register RBAC QueueInformers
107-
rbacInformers := []cache.SharedIndexInformer{
108-
roleInformer.Informer(),
99+
roleBindingInformer := informers.NewSharedInformerFactory(opClient.KubernetesInterface(), wakeupInterval).Rbac().V1().RoleBindings()
100+
roleBindingQueueInformer := queueinformer.NewInformer(
101+
workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "rolebindings"),
109102
roleBindingInformer.Informer(),
110-
clusterRoleInformer.Informer(),
111-
clusterRoleBindingInformer.Informer(),
112-
}
113-
114-
rbacQueueInformers := queueinformer.New(
115-
workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "rbac"),
116-
rbacInformers,
117103
op.syncObject,
118-
&cache.ResourceEventHandlerFuncs{
119-
DeleteFunc: op.handleDeletion,
120-
},
121-
"rbac",
104+
nil,
105+
"rolebindings",
122106
metrics.NewMetricsNil(),
123107
)
124-
for _, informer := range rbacQueueInformers {
125-
op.RegisterQueueInformer(informer)
126-
}
127-
128-
// Set listers (for RBAC CSV requirement checking)
129-
op.lister.RbacV1().RegisterRoleLister(metav1.NamespaceAll, roleInformer.Lister())
108+
op.RegisterQueueInformer(roleBindingQueueInformer)
130109
op.lister.RbacV1().RegisterRoleBindingLister(metav1.NamespaceAll, roleBindingInformer.Lister())
110+
111+
clusterRoleInformer := informers.NewSharedInformerFactory(opClient.KubernetesInterface(), wakeupInterval).Rbac().V1().ClusterRoles()
112+
clusterRoleQueueInformer := queueinformer.NewInformer(
113+
workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "clusterroles"),
114+
clusterRoleInformer.Informer(),
115+
op.syncObject,
116+
nil,
117+
"clusterroles",
118+
metrics.NewMetricsNil(),
119+
)
120+
op.RegisterQueueInformer(clusterRoleQueueInformer)
131121
op.lister.RbacV1().RegisterClusterRoleLister(clusterRoleInformer.Lister())
122+
123+
clusterRoleBindingInformer := informers.NewSharedInformerFactory(opClient.KubernetesInterface(), wakeupInterval).Rbac().V1().ClusterRoleBindings()
124+
clusterRoleBindingQueueInformer := queueinformer.NewInformer(
125+
workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "clusterrolebindings"),
126+
clusterRoleBindingInformer.Informer(),
127+
op.syncObject,
128+
nil,
129+
"clusterrolebindings",
130+
metrics.NewMetricsNil(),
131+
)
132132
op.lister.RbacV1().RegisterClusterRoleBindingLister(clusterRoleBindingInformer.Lister())
133+
op.RegisterQueueInformer(clusterRoleBindingQueueInformer)
134+
135+
// register namespace queueinformer
136+
namespaceInformer := informers.NewSharedInformerFactory(opClient.KubernetesInterface(), wakeupInterval).Core().V1().Namespaces()
137+
namespaceQueueInformer := queueinformer.NewInformer(
138+
workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "namespaces"),
139+
namespaceInformer.Informer(),
140+
op.syncObject,
141+
nil,
142+
"namespaces",
143+
metrics.NewMetricsNil(),
144+
)
145+
op.RegisterQueueInformer(namespaceQueueInformer)
146+
op.lister.CoreV1().RegisterNamespaceLister(namespaceInformer.Lister())
133147

134148
// Register APIService QueueInformers
135149
apiServiceInformer := kagg.NewSharedInformerFactory(opClient.ApiregistrationV1Interface(), wakeupInterval).Apiregistration().V1().APIServices()

0 commit comments

Comments
 (0)