Skip to content

Commit e1ff44c

Browse files
KPostOfficeKPostOffice
committed
add watches for owned resources and CRBs
Signed-off-by: Kevin <[email protected]>
1 parent 92e6eb5 commit e1ff44c

File tree

3 files changed

+49
-17
lines changed

3 files changed

+49
-17
lines changed

config/rbac/role.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,7 @@ rules:
126126
- delete
127127
- get
128128
- patch
129+
- watch
129130
- apiGroups:
130131
- ""
131132
resources:
@@ -136,6 +137,7 @@ rules:
136137
- get
137138
- patch
138139
- update
140+
- watch
139141
- apiGroups:
140142
- ""
141143
resources:
@@ -146,6 +148,7 @@ rules:
146148
- get
147149
- patch
148150
- update
151+
- watch
149152
- apiGroups:
150153
- dscinitialization.opendatahub.io
151154
resources:
@@ -218,6 +221,7 @@ rules:
218221
- get
219222
- patch
220223
- update
224+
- watch
221225
- apiGroups:
222226
- networking.k8s.io
223227
resources:
@@ -264,6 +268,7 @@ rules:
264268
- get
265269
- patch
266270
- update
271+
- watch
267272
- apiGroups:
268273
- route.openshift.io
269274
resources:
@@ -275,6 +280,7 @@ rules:
275280
- get
276281
- patch
277282
- update
283+
- watch
278284
- apiGroups:
279285
- scheduling.k8s.io
280286
resources:

pkg/controllers/raycluster_controller.go

Lines changed: 40 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@ import (
3131
"time"
3232

3333
dsciv1 "github.com/opendatahub-io/opendatahub-operator/v2/apis/dscinitialization/v1"
34+
networkingv1 "k8s.io/api/networking/v1"
35+
3436
rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
3537

3638
corev1 "k8s.io/api/core/v1"
@@ -48,6 +50,8 @@ import (
4850
ctrl "sigs.k8s.io/controller-runtime"
4951
"sigs.k8s.io/controller-runtime/pkg/client"
5052
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
53+
"sigs.k8s.io/controller-runtime/pkg/handler"
54+
"sigs.k8s.io/controller-runtime/pkg/reconcile"
5155

5256
routev1 "github.com/openshift/api/route/v1"
5357
routev1ac "github.com/openshift/client-go/route/applyconfigurations/route/v1"
@@ -88,12 +92,12 @@ var (
8892
// +kubebuilder:rbac:groups=ray.io,resources=rayclusters,verbs=get;list;watch;create;update;patch;delete
8993
// +kubebuilder:rbac:groups=ray.io,resources=rayclusters/status,verbs=get;update;patch
9094
// +kubebuilder:rbac:groups=ray.io,resources=rayclusters/finalizers,verbs=update
91-
// +kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=get;create;update;patch;delete
92-
// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;create;update;patch;delete
93-
// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get
94-
// +kubebuilder:rbac:groups=core,resources=services,verbs=get;create;update;patch;delete
95-
// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;create;update;patch;delete
96-
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;create;update;patch;delete
95+
// +kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=get;create;update;patch;delete;watch
96+
// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;create;update;patch;delete;watch
97+
// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get;watch
98+
// +kubebuilder:rbac:groups=core,resources=services,verbs=get;create;update;patch;delete;watch
99+
// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;create;update;patch;delete;watch
100+
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;create;update;patch;delete;watch
97101
// +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create;
98102
// +kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create;
99103
// +kubebuilder:rbac:groups=dscinitialization.opendatahub.io,resources=dscinitializations,verbs=get;list;watch
@@ -301,7 +305,7 @@ func crbNameFromCluster(cluster *rayv1.RayCluster) string {
301305
func desiredOAuthClusterRoleBinding(cluster *rayv1.RayCluster) *rbacv1ac.ClusterRoleBindingApplyConfiguration {
302306
return rbacv1ac.ClusterRoleBinding(
303307
crbNameFromCluster(cluster)).
304-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
308+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name, "ray.openshift.ai/cluster-namespace": cluster.Namespace}).
305309
WithSubjects(
306310
rbacv1ac.Subject().
307311
WithKind("ServiceAccount").
@@ -322,7 +326,7 @@ func oauthServiceAccountNameFromCluster(cluster *rayv1.RayCluster) string {
322326

323327
func desiredServiceAccount(cluster *rayv1.RayCluster) *corev1ac.ServiceAccountApplyConfiguration {
324328
return corev1ac.ServiceAccount(oauthServiceAccountNameFromCluster(cluster), cluster.Namespace).
325-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
329+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
326330
WithAnnotations(map[string]string{
327331
"serviceaccounts.openshift.io/oauth-redirectreference.first": "" +
328332
`{"kind":"OAuthRedirectReference","apiVersion":"v1",` +
@@ -343,7 +347,7 @@ func rayClientNameFromCluster(cluster *rayv1.RayCluster) string {
343347

344348
func desiredClusterRoute(cluster *rayv1.RayCluster) *routev1ac.RouteApplyConfiguration {
345349
return routev1ac.Route(dashboardNameFromCluster(cluster), cluster.Namespace).
346-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
350+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
347351
WithSpec(routev1ac.RouteSpec().
348352
WithTo(routev1ac.RouteTargetReference().WithKind("Service").WithName(oauthServiceNameFromCluster(cluster))).
349353
WithPort(routev1ac.RoutePort().WithTargetPort(intstr.FromString((oAuthServicePortName)))).
@@ -367,7 +371,7 @@ func oauthServiceTLSSecretName(cluster *rayv1.RayCluster) string {
367371

368372
func desiredOAuthService(cluster *rayv1.RayCluster) *corev1ac.ServiceApplyConfiguration {
369373
return corev1ac.Service(oauthServiceNameFromCluster(cluster), cluster.Namespace).
370-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
374+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
371375
WithAnnotations(map[string]string{"service.beta.openshift.io/serving-cert-secret-name": oauthServiceTLSSecretName(cluster)}).
372376
WithSpec(
373377
corev1ac.ServiceSpec().
@@ -397,7 +401,7 @@ func desiredOAuthSecret(cluster *rayv1.RayCluster, cookieSalt string) *corev1ac.
397401
cookieSecret := base64.StdEncoding.EncodeToString(hasher.Sum(nil))
398402

399403
return corev1ac.Secret(oauthSecretNameFromCluster(cluster), cluster.Namespace).
400-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
404+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
401405
WithStringData(map[string]string{"cookie_secret": cookieSecret}).
402406
WithOwnerReferences(
403407
metav1ac.OwnerReference().WithUID(cluster.UID).WithName(cluster.Name).WithKind(cluster.Kind).WithAPIVersion(cluster.APIVersion),
@@ -410,7 +414,7 @@ func caSecretNameFromCluster(cluster *rayv1.RayCluster) string {
410414

411415
func desiredCASecret(cluster *rayv1.RayCluster, key, cert []byte) *corev1ac.SecretApplyConfiguration {
412416
return corev1ac.Secret(caSecretNameFromCluster(cluster), cluster.Namespace).
413-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
417+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
414418
WithData(map[string][]byte{
415419
CAPrivateKeyKey: key,
416420
CACertKey: cert,
@@ -466,7 +470,7 @@ func generateCACertificate() ([]byte, []byte, error) {
466470
}
467471
func desiredWorkersNetworkPolicy(cluster *rayv1.RayCluster) *networkingv1ac.NetworkPolicyApplyConfiguration {
468472
return networkingv1ac.NetworkPolicy(cluster.Name+"-workers", cluster.Namespace).
469-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
473+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
470474
WithSpec(networkingv1ac.NetworkPolicySpec().
471475
WithPodSelector(metav1ac.LabelSelector().WithMatchLabels(map[string]string{"ray.io/cluster": cluster.Name, "ray.io/node-type": "worker"})).
472476
WithIngress(
@@ -488,7 +492,7 @@ func desiredHeadNetworkPolicy(cluster *rayv1.RayCluster, cfg *config.KubeRayConf
488492
allSecuredPorts = append(allSecuredPorts, networkingv1ac.NetworkPolicyPort().WithProtocol(corev1.ProtocolTCP).WithPort(intstr.FromInt(10001)))
489493
}
490494
return networkingv1ac.NetworkPolicy(cluster.Name+"-head", cluster.Namespace).
491-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
495+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
492496
WithSpec(networkingv1ac.NetworkPolicySpec().
493497
WithPodSelector(metav1ac.LabelSelector().WithMatchLabels(map[string]string{"ray.io/cluster": cluster.Name, "ray.io/node-type": "head"})).
494498
WithIngress(
@@ -551,5 +555,27 @@ func (r *RayClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
551555
return ctrl.NewControllerManagedBy(mgr).
552556
Named(controllerName).
553557
For(&rayv1.RayCluster{}).
558+
Owns(&corev1.ServiceAccount{}).
559+
Owns(&corev1.Service{}).
560+
Owns(&corev1.Secret{}).
561+
Owns(&routev1.Route{}).
562+
Owns(&networkingv1.Ingress{}).
563+
Watches(&rbacv1.ClusterRoleBinding{}, handler.EnqueueRequestsFromMapFunc(
564+
func(c context.Context, o client.Object) []reconcile.Request {
565+
name, ok := o.GetLabels()["ray.openshift.ai/cluster-name"]
566+
if !ok {
567+
return []reconcile.Request{}
568+
}
569+
namespace, ok := o.GetLabels()["ray.openshift.ai/cluster-namespace"]
570+
if !ok {
571+
return []reconcile.Request{}
572+
}
573+
return []reconcile.Request{{
574+
NamespacedName: client.ObjectKey{
575+
Name: name,
576+
Namespace: namespace,
577+
}}}
578+
}),
579+
).
554580
Complete(r)
555581
}

pkg/controllers/support.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ func serviceNameFromCluster(cluster *rayv1.RayCluster) string {
2020

2121
func desiredRayClientRoute(cluster *rayv1.RayCluster) *routeapply.RouteApplyConfiguration {
2222
return routeapply.Route(rayClientNameFromCluster(cluster), cluster.Namespace).
23-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
23+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
2424
WithSpec(routeapply.RouteSpec().
2525
WithTo(routeapply.RouteTargetReference().WithKind("Service").WithName(serviceNameFromCluster(cluster)).WithWeight(100)).
2626
WithPort(routeapply.RoutePort().WithTargetPort(intstr.FromString("client"))).
@@ -33,7 +33,7 @@ func desiredRayClientRoute(cluster *rayv1.RayCluster) *routeapply.RouteApplyConf
3333

3434
func desiredRayClientIngress(cluster *rayv1.RayCluster, ingressHost string) *networkingv1ac.IngressApplyConfiguration {
3535
return networkingv1ac.Ingress(rayClientNameFromCluster(cluster), cluster.Namespace).
36-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
36+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
3737
WithAnnotations(map[string]string{
3838
"nginx.ingress.kubernetes.io/rewrite-target": "/",
3939
"nginx.ingress.kubernetes.io/ssl-redirect": "true",
@@ -68,7 +68,7 @@ func desiredRayClientIngress(cluster *rayv1.RayCluster, ingressHost string) *net
6868

6969
func desiredClusterIngress(cluster *rayv1.RayCluster, ingressHost string) *networkingv1ac.IngressApplyConfiguration {
7070
return networkingv1ac.Ingress(dashboardNameFromCluster(cluster), cluster.Namespace).
71-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
71+
WithLabels(map[string]string{"ray.openshift.ai/cluster-name": cluster.Name}).
7272
WithOwnerReferences(v1.OwnerReference().
7373
WithAPIVersion(cluster.APIVersion).
7474
WithKind(cluster.Kind).

0 commit comments

Comments
 (0)