Merge pull request #5562 from andfasano/iri-followup-changes

AGENT-1395: IRI followup changes

Author: openshift-merge-bot[bot]

cmd/machine-config-controller/start.go

@@ -144,13 +144,15 @@ func runStartCmd(_ *cobra.Command, _ []string) {
 				ctrlctx.InformerFactory.Machineconfiguration().V1().ControllerConfigs(),
 				ctrlctx.InformerFactory.Machineconfiguration().V1().MachineConfigs(),
 				ctrlctx.ConfigInformerFactory.Config().V1().ClusterVersions(),
+				ctrlctx.KubeInformerFactory.Core().V1().Secrets(),
 				ctrlctx.ClientBuilder.KubeClientOrDie("internalreleaseimage-controller"),
 				ctrlctx.ClientBuilder.MachineConfigClientOrDie("internalreleaseimage-controller"))
 
 			go iriController.Run(2, ctrlctx.Stop)
 			// start the informers again to enable feature gated types.
 			// see comments in SharedInformerFactory interface.
 			ctrlctx.InformerFactory.Start(ctrlctx.Stop)
+			ctrlctx.KubeInformerFactory.Start(ctrlctx.Stop)
 		}
 
 		if ctrlcommon.IsBootImageControllerRequired(ctrlctx) {

pkg/controller/internalreleaseimage/internalreleaseimage_controller.go

@@ -32,6 +32,8 @@ import (
 	templatectrl "github.com/openshift/machine-config-operator/pkg/controller/template"
 	"github.com/openshift/machine-config-operator/pkg/osimagestream"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	coreinformersv1 "k8s.io/client-go/informers/core/v1"
+	corelistersv1 "k8s.io/client-go/listers/core/v1"
 )
 
 const (
@@ -52,7 +54,6 @@ var (
 // Controller defines the InternalReleaseImage controller.
 type Controller struct {
 	client        mcfgclientset.Interface
-	kubeClient    clientset.Interface
 	eventRecorder record.EventRecorder
 
 	syncHandler                 func(mcp string) error
@@ -70,6 +71,9 @@ type Controller struct {
 	clusterVersionLister       configlistersv1.ClusterVersionLister
 	clusterVersionListerSynced cache.InformerSynced
 
+	secretLister       corelistersv1.SecretLister
+	secretListerSynced cache.InformerSynced
+
 	queue workqueue.TypedRateLimitingInterface[string]
 }
 
@@ -79,6 +83,7 @@ func New(
 	ccInformer mcfginformersv1.ControllerConfigInformer,
 	mcInformer mcfginformersv1.MachineConfigInformer,
 	clusterVersionInformer configinformersv1.ClusterVersionInformer,
+	secretInformer coreinformersv1.SecretInformer,
 	kubeClient clientset.Interface,
 	mcfgClient mcfgclientset.Interface,
 ) *Controller {
@@ -88,7 +93,6 @@ func New(
 
 	ctrl := &Controller{
 		client:        mcfgClient,
-		kubeClient:    kubeClient,
 		eventRecorder: ctrlcommon.NamespacedEventRecorder(eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: "machineconfigcontroller-internalreleaseimagecontroller"})),
 		queue: workqueue.NewTypedRateLimitingQueueWithConfig(
 			workqueue.DefaultTypedControllerRateLimiter[string](),
@@ -113,6 +117,10 @@ func New(
 		DeleteFunc: ctrl.deleteMachineConfig,
 	})
 
+	secretInformer.Informer().AddEventHandler(cache.ResourceEventHandlerDetailedFuncs{
+		UpdateFunc: ctrl.updateSecret,
+	})
+
 	ctrl.iriLister = iriInformer.Lister()
 	ctrl.iriListerSynced = iriInformer.Informer().HasSynced
 
@@ -125,6 +133,9 @@ func New(
 	ctrl.clusterVersionLister = clusterVersionInformer.Lister()
 	ctrl.clusterVersionListerSynced = clusterVersionInformer.Informer().HasSynced
 
+	ctrl.secretLister = secretInformer.Lister()
+	ctrl.secretListerSynced = secretInformer.Informer().HasSynced
+
 	return ctrl
 }
 
@@ -133,7 +144,7 @@ func (ctrl *Controller) Run(workers int, stopCh <-chan struct{}) {
 	defer utilruntime.HandleCrash()
 	defer ctrl.queue.ShutDown()
 
-	if !cache.WaitForCacheSync(stopCh, ctrl.iriListerSynced, ctrl.ccListerSynced, ctrl.mcListerSynced, ctrl.clusterVersionListerSynced) {
+	if !cache.WaitForCacheSync(stopCh, ctrl.iriListerSynced, ctrl.ccListerSynced, ctrl.mcListerSynced, ctrl.clusterVersionListerSynced, ctrl.secretListerSynced) {
 		return
 	}
 
@@ -263,6 +274,18 @@ func (ctrl *Controller) processMachineConfigEvent(obj interface{}, logMsg string
 	ctrl.queue.Add(ctrlcommon.InternalReleaseImageInstanceName)
 }
 
+func (ctrl *Controller) updateSecret(obj, _ interface{}) {
+	secret := obj.(*corev1.Secret)
+
+	// Skip any event not related to the InternalReleaseImage secrets
+	if secret.Name != ctrlcommon.InternalReleaseImageTLSSecretName {
+		return
+	}
+
+	klog.V(4).Infof("Secret %s update", secret.Name)
+	ctrl.queue.Add(ctrlcommon.InternalReleaseImageInstanceName)
+}
+
 func (ctrl *Controller) enqueue(iri *mcfgv1alpha1.InternalReleaseImage) {
 	key, err := cache.DeletionHandlingMetaNamespaceKeyFunc(iri)
 	if err != nil {
@@ -288,7 +311,7 @@ func (ctrl *Controller) syncInternalReleaseImage(key string) error {
 	}
 
 	// Fetch the InternalReleaseImage
-	iri, err := ctrl.client.MachineconfigurationV1alpha1().InternalReleaseImages().Get(context.TODO(), name, metav1.GetOptions{})
+	iri, err := ctrl.iriLister.Get(name)
 	if errors.IsNotFound(err) {
 		klog.V(2).Infof("InternalReleaseImage %v has been deleted", key)
 		return nil
@@ -308,20 +331,20 @@ func (ctrl *Controller) syncInternalReleaseImage(key string) error {
 		return nil
 	}
 
-	cconfig, err := ctrl.client.MachineconfigurationV1().ControllerConfigs().Get(context.TODO(), ctrlcommon.ControllerConfigName, metav1.GetOptions{})
+	cconfig, err := ctrl.ccLister.Get(ctrlcommon.ControllerConfigName)
 	if err != nil {
 		return fmt.Errorf("could not get ControllerConfig %w", err)
 	}
 
-	iriSecret, err := ctrl.kubeClient.CoreV1().Secrets(ctrlcommon.MCONamespace).Get(context.TODO(), ctrlcommon.InternalReleaseImageTLSSecretName, metav1.GetOptions{})
+	iriSecret, err := ctrl.secretLister.Secrets(ctrlcommon.MCONamespace).Get(ctrlcommon.InternalReleaseImageTLSSecretName)
 	if err != nil {
 		return fmt.Errorf("could not get Secret %s: %w", ctrlcommon.InternalReleaseImageTLSSecretName, err)
 	}
 
 	for _, role := range SupportedRoles {
 		r := NewRendererByRole(role, iri, iriSecret, cconfig)
 
-		mc, err := ctrl.client.MachineconfigurationV1().MachineConfigs().Get(context.TODO(), r.GetMachineConfigName(), metav1.GetOptions{})
+		mc, err := ctrl.mcLister.Get(r.GetMachineConfigName())
 		isNotFound := errors.IsNotFound(err)
 		if err != nil && !isNotFound {
 			return err // syncStatus, could not find MachineConfig

pkg/controller/internalreleaseimage/internalreleaseimage_controller_test.go

@@ -5,18 +5,21 @@ import (
 	"testing"
 	"time"
 
+	configv1 "github.com/openshift/api/config/v1"
 	mcfgv1 "github.com/openshift/api/machineconfiguration/v1"
 	mcfgv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1"
 	configinformers "github.com/openshift/client-go/config/informers/externalversions"
 	"github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake"
-	informers "github.com/openshift/client-go/machineconfiguration/informers/externalversions"
+	mcfginformers "github.com/openshift/client-go/machineconfiguration/informers/externalversions"
 	ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common"
 	"github.com/stretchr/testify/assert"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/informers"
 	k8sfake "k8s.io/client-go/kubernetes/fake"
 	"k8s.io/client-go/tools/record"
 
@@ -40,14 +43,30 @@ func TestInternalReleaseImageCreate(t *testing.T) {
 		},
 		{
 			name:           "add finalizer if not present",
-			initialObjects: objs(iri(), cconfig(), iriCertSecret()),
+			initialObjects: objs(iri(), clusterVersion(), cconfig(), iriCertSecret()),
 			verify: func(t *testing.T, actualIRI *mcfgv1alpha1.InternalReleaseImage, actualMasterMC *mcfgv1.MachineConfig, actualWorkerMC *mcfgv1.MachineConfig) {
-				assert.Equal(t, iri().finalizer(masterName(), workerName()).build(), actualIRI)
+				assert.Len(t, actualIRI.Finalizers, 2)
+				assert.Contains(t, actualIRI.Finalizers, masterName())
+				assert.Contains(t, actualIRI.Finalizers, workerName())
+			},
+		},
+		{
+			name: "update status if not set",
+			initialObjects: objs(
+				iri().finalizer(masterName(), workerName()),
+				clusterVersion(), cconfig(), iriCertSecret()),
+			verify: func(t *testing.T, actualIRI *mcfgv1alpha1.InternalReleaseImage, actualMasterMC *mcfgv1.MachineConfig, actualWorkerMC *mcfgv1.MachineConfig) {
+				assert.Len(t, actualIRI.Status.Releases, 1)
+				assert.Equal(t, actualIRI.Status.Releases[0].Name, "ocp-release-bundle-4.21.5-x86_64")
+				assert.Equal(t, actualIRI.Status.Releases[0].Image, "ocp-4.21-release-pullspec")
+				assert.Equal(t, actualIRI.Status.Releases[0].Conditions[0].Type, string(mcfgv1alpha1.InternalReleaseImageConditionTypeAvailable))
+				assert.Equal(t, actualIRI.Status.Releases[0].Conditions[0].Status, metav1.ConditionTrue)
+				assert.Equal(t, actualIRI.Status.Releases[0].Conditions[0].Message, "Release bundle is available")
 			},
 		},
 		{
 			name:           "generate iri machine-config if not present",
-			initialObjects: objs(iri(), cconfig(), iriCertSecret()),
+			initialObjects: objs(iri(), clusterVersion(), cconfig(), iriCertSecret()),
 			verify: func(t *testing.T, actualIRI *mcfgv1alpha1.InternalReleaseImage, actualMasterMC *mcfgv1.MachineConfig, actualWorkerMC *mcfgv1.MachineConfig) {
 				verifyInternalReleaseMasterMachineConfig(t, actualMasterMC)
 				verifyInternalReleaseWorkerMachineConfig(t, actualWorkerMC)
@@ -57,7 +76,7 @@ func TestInternalReleaseImageCreate(t *testing.T) {
 			name: "avoid machine-config drifting",
 			initialObjects: objs(
 				iri().finalizer(masterName(), workerName()),
-				cconfig(), iriCertSecret(),
+				clusterVersion(), cconfig(), iriCertSecret(),
 				machineconfigmaster().ignition("some garbage"),
 				machineconfigworker().ignition("other garbage")),
 			verify: func(t *testing.T, actualIRI *mcfgv1alpha1.InternalReleaseImage, actualMasterMC *mcfgv1.MachineConfig, actualWorkerMC *mcfgv1.MachineConfig) {
@@ -69,7 +88,7 @@ func TestInternalReleaseImageCreate(t *testing.T) {
 			name: "refresh machine-config on controllerConfig update",
 			initialObjects: objs(
 				iri().finalizer(masterName(), workerName()),
-				cconfig().dockerRegistryImage("a-new-docker-registry-image-pullspec"), iriCertSecret(),
+				clusterVersion(), cconfig().dockerRegistryImage("a-new-docker-registry-image-pullspec"), iriCertSecret(),
 				machineconfigmaster(), machineconfigworker()),
 			verify: func(t *testing.T, actualIRI *mcfgv1alpha1.InternalReleaseImage, actualMasterMC *mcfgv1.MachineConfig, actualWorkerMC *mcfgv1.MachineConfig) {
 				verifyInternalReleaseMasterMachineConfig(t, actualMasterMC)
@@ -80,7 +99,7 @@ func TestInternalReleaseImageCreate(t *testing.T) {
 			name: "machine-config cascade delete on iri removal - removes the first machineconfig",
 			initialObjects: objs(
 				iri().finalizer(masterName(), workerName()).setDeletionTimestamp(),
-				cconfig(), iriCertSecret(),
+				clusterVersion(), cconfig(), iriCertSecret(),
 				machineconfigmaster(), machineconfigworker()),
 			verify: func(t *testing.T, actualIRI *mcfgv1alpha1.InternalReleaseImage, actualMasterMC *mcfgv1.MachineConfig, actualWorkerMC *mcfgv1.MachineConfig) {
 				assert.NotNil(t, iri)
@@ -93,7 +112,7 @@ func TestInternalReleaseImageCreate(t *testing.T) {
 			name: "machine-config cascade delete on iri removal - then removes the remaining machineconfig",
 			initialObjects: objs(
 				iri().finalizer(workerName()).setDeletionTimestamp(),
-				cconfig(), iriCertSecret(),
+				clusterVersion(), cconfig(), iriCertSecret(),
 				machineconfigworker()),
 			verify: func(t *testing.T, actualIRI *mcfgv1alpha1.InternalReleaseImage, actualMasterMC *mcfgv1.MachineConfig, actualWorkerMC *mcfgv1.MachineConfig) {
 				assert.NotNil(t, iri)
@@ -107,17 +126,6 @@ func TestInternalReleaseImageCreate(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			objs := tc.initialObjects()
 			f := newFixture(t, objs)
-			for _, obj := range objs {
-				switch o := obj.(type) {
-				case *mcfgv1alpha1.InternalReleaseImage:
-					f.iriLister = append(f.iriLister, o)
-				case *mcfgv1.ControllerConfig:
-					f.ccLister = append(f.ccLister, o)
-				case *mcfgv1.MachineConfig:
-					f.mcLister = append(f.mcLister, o)
-				}
-			}
-
 			f.run(ctrlcommon.InternalReleaseImageInstanceName)
 
 			if tc.verify != nil {
@@ -159,15 +167,17 @@ type fixture struct {
 	client       *fake.Clientset
 	k8sClient    *k8sfake.Clientset
 	configClient *fakeconfigv1client.Clientset
-	iriLister    []*mcfgv1alpha1.InternalReleaseImage
-	ccLister     []*mcfgv1.ControllerConfig
-	mcLister     []*mcfgv1.MachineConfig
-
-	controller      *Controller
-	objects         []runtime.Object
-	k8sObjects      []runtime.Object
-	configObjects   []runtime.Object
-	configInformer  configinformers.SharedInformerFactory
+
+	iriLister            []*mcfgv1alpha1.InternalReleaseImage
+	ccLister             []*mcfgv1.ControllerConfig
+	mcLister             []*mcfgv1.MachineConfig
+	secretLister         []*corev1.Secret
+	clusterVersionLister []*configv1.ClusterVersion
+
+	controller    *Controller
+	objects       []runtime.Object
+	k8sObjects    []runtime.Object
+	configObjects []runtime.Object
 }
 
 func newFixture(t *testing.T, objects []runtime.Object) *fixture {
@@ -178,12 +188,26 @@ func newFixture(t *testing.T, objects []runtime.Object) *fixture {
 }
 
 func (f *fixture) setupObjects(objs []runtime.Object) {
-	for _, o := range objs {
-		switch o.(type) {
+	for _, obj := range objs {
+		switch obj.(type) {
 		case *corev1.Secret, *corev1.ConfigMap, *corev1.Pod:
-			f.k8sObjects = append(f.k8sObjects, o)
+			f.k8sObjects = append(f.k8sObjects, obj)
+			switch o := obj.(type) {
+			case *corev1.Secret:
+				f.secretLister = append(f.secretLister, o)
+			}
+		case *configv1.ClusterVersion:
+			f.configObjects = append(f.configObjects, obj)
 		default:
-			f.objects = append(f.objects, o)
+			f.objects = append(f.objects, obj)
+			switch o := obj.(type) {
+			case *mcfgv1alpha1.InternalReleaseImage:
+				f.iriLister = append(f.iriLister, o)
+			case *mcfgv1.ControllerConfig:
+				f.ccLister = append(f.ccLister, o)
+			case *mcfgv1.MachineConfig:
+				f.mcLister = append(f.mcLister, o)
+			}
 		}
 	}
 }
@@ -192,14 +216,17 @@ func (f *fixture) newController() *Controller {
 	f.client = fake.NewSimpleClientset(f.objects...)
 	f.k8sClient = k8sfake.NewSimpleClientset(f.k8sObjects...)
 	f.configClient = fakeconfigv1client.NewSimpleClientset(f.configObjects...)
-	i := informers.NewSharedInformerFactory(f.client, func() time.Duration { return 0 }())
-	f.configInformer = configinformers.NewSharedInformerFactory(f.configClient, func() time.Duration { return 0 }())
+
+	i := mcfginformers.NewSharedInformerFactory(f.client, func() time.Duration { return 0 }())
+	k := informers.NewSharedInformerFactory(f.k8sClient, func() time.Duration { return 0 }())
+	ci := configinformers.NewSharedInformerFactory(f.configClient, func() time.Duration { return 0 }())
 
 	c := New(
 		i.Machineconfiguration().V1alpha1().InternalReleaseImages(),
 		i.Machineconfiguration().V1().ControllerConfigs(),
 		i.Machineconfiguration().V1().MachineConfigs(),
-		f.configInformer.Config().V1().ClusterVersions(),
+		ci.Config().V1().ClusterVersions(),
+		k.Core().V1().Secrets(),
 		f.k8sClient,
 		f.client,
 	)
@@ -209,14 +236,18 @@ func (f *fixture) newController() *Controller {
 	c.ccListerSynced = alwaysReady
 	c.mcListerSynced = alwaysReady
 	c.clusterVersionListerSynced = alwaysReady
+	c.secretListerSynced = alwaysReady
 	c.eventRecorder = &record.FakeRecorder{}
 
 	stopCh := make(chan struct{})
 	defer close(stopCh)
+
 	i.Start(stopCh)
 	i.WaitForCacheSync(stopCh)
-	f.configInformer.Start(stopCh)
-	f.configInformer.WaitForCacheSync(stopCh)
+	k.Start(stopCh)
+	k.WaitForCacheSync(stopCh)
+	ci.Start(stopCh)
+	ci.WaitForCacheSync(stopCh)
 
 	for _, c := range f.iriLister {
 		i.Machineconfiguration().V1alpha1().InternalReleaseImages().Informer().GetIndexer().Add(c)
@@ -227,6 +258,12 @@ func (f *fixture) newController() *Controller {
 	for _, c := range f.mcLister {
 		i.Machineconfiguration().V1().MachineConfigs().Informer().GetIndexer().Add(c)
 	}
+	for _, c := range f.secretLister {
+		k.Core().V1().Secrets().Informer().GetIndexer().Add(c)
+	}
+	for _, c := range f.clusterVersionLister {
+		ci.Config().V1().ClusterVersions().Informer().GetIndexer().Add(c)
+	}
 
 	return c
 }