test criocp controller

Author: QiWang19

manifests/machineconfigcontroller/clusterrole.yaml

@@ -13,10 +13,10 @@ rules:
   resources: ["configmaps", "secrets"]
   verbs: ["*"]
 - apiGroups: ["config.openshift.io"]
-  resources: ["images", "clusterversions", "featuregates", "nodes", "nodes/status", "imagepolicies/status"]
+  resources: ["images", "clusterversions", "featuregates", "nodes", "nodes/status", "imagepolicies/status", "criocredentialproviderconfigs/status"]
   verbs: ["*"]
 - apiGroups: ["config.openshift.io"]
-  resources: ["schedulers", "apiservers", "infrastructures", "imagedigestmirrorsets", "imagetagmirrorsets", "clusterimagepolicies", "imagepolicies"]
+  resources: ["schedulers", "apiservers", "infrastructures", "imagedigestmirrorsets", "imagetagmirrorsets", "clusterimagepolicies", "imagepolicies", "criocredentialproviderconfigs"]
   verbs: ["get", "list", "watch"]
 - apiGroups: ["operator.openshift.io"]
   resources: ["imagecontentsourcepolicies"]

pkg/controller/container-runtime-config/container_runtime_config_controller.go

@@ -133,9 +133,9 @@ type Controller struct {
 
 	fgHandler ctrlcommon.FeatureGatesHandler
 
-	queue    workqueue.TypedRateLimitingInterface[string]
-	imgQueue workqueue.TypedRateLimitingInterface[string]
-	// criocpQueue workqueue.TypedRateLimitingInterface[string]
+	queue       workqueue.TypedRateLimitingInterface[string]
+	imgQueue    workqueue.TypedRateLimitingInterface[string]
+	criocpQueue workqueue.TypedRateLimitingInterface[string]
 }
 
 // New returns a new container runtime config controller
@@ -168,7 +168,8 @@ func New(
 		queue: workqueue.NewTypedRateLimitingQueueWithConfig(
 			workqueue.DefaultTypedControllerRateLimiter[string](),
 			workqueue.TypedRateLimitingQueueConfig[string]{Name: "machineconfigcontroller-containerruntimeconfigcontroller"}),
-		imgQueue: workqueue.NewTypedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[string]()),
+		imgQueue:    workqueue.NewTypedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[string]()),
+		criocpQueue: workqueue.NewTypedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[string]()),
 	}
 
 	mcrInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
@@ -203,7 +204,7 @@ func New(
 
 	ctrl.syncHandler = ctrl.syncContainerRuntimeConfig
 	ctrl.syncImgHandler = ctrl.syncImageConfig
-	// ctrl.syncCRIOCPHandler = ctrl.syncCRIOCredentialProviderConfig
+	ctrl.syncCRIOCPHandler = ctrl.syncCRIOCredentialProviderConfig
 	ctrl.enqueueContainerRuntimeConfig = ctrl.enqueue
 
 	ctrl.mcpLister = mcpInformer.Lister()
@@ -243,7 +244,7 @@ func (ctrl *Controller) Run(workers int, stopCh <-chan struct{}) {
 	defer utilruntime.HandleCrash()
 	defer ctrl.queue.ShutDown()
 	defer ctrl.imgQueue.ShutDown()
-	// defer ctrl.criocpQueue.ShutDown()
+	defer ctrl.criocpQueue.ShutDown()
 	listerCaches := []cache.InformerSynced{ctrl.mcpListerSynced, ctrl.mccrListerSynced, ctrl.ccListerSynced,
 		ctrl.imgListerSynced, ctrl.icspListerSynced, ctrl.idmsListerSynced, ctrl.itmsListerSynced, ctrl.clusterVersionListerSynced}
 
@@ -259,7 +260,9 @@ func (ctrl *Controller) Run(workers int, stopCh <-chan struct{}) {
 		klog.Info("added CRIOCredentialProviderConfig observers with CRIOCredentialProviderConfig featuregate enabled")
 	}
 
-	ctrl.configInformerFactory.Start(stopCh)
+	if ctrl.policyInformerFactoryAdded || ctrl.criocpInformerFactoryAdded {
+		ctrl.configInformerFactory.Start(stopCh)
+	}
 
 	if ctrl.policyInformerFactoryAdded {
 		listerCaches = append(listerCaches, ctrl.clusterImagePolicyListerSynced, ctrl.imagePolicyListerSynced)
@@ -286,7 +289,7 @@ func (ctrl *Controller) Run(workers int, stopCh <-chan struct{}) {
 	go wait.Until(ctrl.imgWorker, time.Second, stopCh)
 
 	// Just need one worker for the CRIOCredentialProviderConfig
-	// go wait.Until(ctrl.criocpWorker, time.Second, stopCh)
+	go wait.Until(ctrl.criocpWorker, time.Second, stopCh)
 
 	<-stopCh
 }
@@ -361,18 +364,18 @@ func (ctrl *Controller) addCRIOCPObservers() {
 }
 
 func (ctrl *Controller) criocpConfAdded(_ interface{}) {
-	ctrl.imgQueue.Add("openshift-config")
-	// ctrl.criocpQueue.Add("openshift-config")
+	// ctrl.imgQueue.Add("openshift-config")
+	ctrl.criocpQueue.Add("openshift-config")
 }
 
 func (ctrl *Controller) criocpConfUpdated(_, _ interface{}) {
-	ctrl.imgQueue.Add("openshift-config")
-	// ctrl.criocpQueue.Add("openshift-config")
+	// ctrl.imgQueue.Add("openshift-config")
+	ctrl.criocpQueue.Add("openshift-config")
 }
 
 func (ctrl *Controller) criocpConfDeleted(_ interface{}) {
-	ctrl.imgQueue.Add("openshift-config")
-	// ctrl.criocpQueue.Add("openshift-config")
+	// ctrl.imgQueue.Add("openshift-config")
+	ctrl.criocpQueue.Add("openshift-config")
 }
 
 func (ctrl *Controller) addImagePolicyObservers() {
@@ -506,10 +509,10 @@ func (ctrl *Controller) imgWorker() {
 	}
 }
 
-// func (ctrl *Controller) criocpWorker() {
-// 	for ctrl.processNextCRIOCPWorkItem() {
-// 	}
-// }
+func (ctrl *Controller) criocpWorker() {
+	for ctrl.processNextCRIOCPWorkItem() {
+	}
+}
 
 func (ctrl *Controller) processNextWorkItem() bool {
 	key, quit := ctrl.queue.Get()
@@ -537,18 +540,18 @@ func (ctrl *Controller) processNextImgWorkItem() bool {
 	return true
 }
 
-// func (ctrl *Controller) processNextCRIOCPWorkItem() bool {
-// 	key, quit := ctrl.criocpQueue.Get()
-// 	if quit {
-// 		return false
-// 	}
-// 	defer ctrl.criocpQueue.Done(key)
+func (ctrl *Controller) processNextCRIOCPWorkItem() bool {
+	key, quit := ctrl.criocpQueue.Get()
+	if quit {
+		return false
+	}
+	defer ctrl.criocpQueue.Done(key)
 
-// 	err := ctrl.syncCRIOCPHandler(key)
-// 	ctrl.handleCRIOCPErr(err, key)
+	err := ctrl.syncCRIOCPHandler(key)
+	ctrl.handleCRIOCPErr(err, key)
 
-// 	return true
-// }
+	return true
+}
 
 func (ctrl *Controller) handleErr(err error, key string) {
 	if err == nil {
@@ -586,23 +589,23 @@ func (ctrl *Controller) handleImgErr(err error, key string) {
 	ctrl.imgQueue.AddAfter(key, 1*time.Minute)
 }
 
-// func (ctrl *Controller) handleCRIOCPErr(err error, key string) {
-// 	if err == nil {
-// 		ctrl.criocpQueue.Forget(key)
-// 		return
-// 	}
+func (ctrl *Controller) handleCRIOCPErr(err error, key string) {
+	if err == nil {
+		ctrl.criocpQueue.Forget(key)
+		return
+	}
 
-// 	if ctrl.criocpQueue.NumRequeues(key) < maxRetries {
-// 		klog.V(2).Infof("Error syncing CRIOCredentialProviderConfig %v: %v", key, err)
-// 		ctrl.criocpQueue.AddRateLimited(key)
-// 		return
-// 	}
+	if ctrl.criocpQueue.NumRequeues(key) < maxRetries {
+		klog.V(2).Infof("Error syncing CRIOCredentialProviderConfig %v: %v", key, err)
+		ctrl.criocpQueue.AddRateLimited(key)
+		return
+	}
 
-// 	utilruntime.HandleError(err)
-// 	klog.V(2).Infof("Dropping CRIOCredentialProviderConfig %q out of the queue: %v", key, err)
-// 	ctrl.criocpQueue.Forget(key)
-// 	ctrl.criocpQueue.AddAfter(key, 1*time.Minute)
-// }
+	utilruntime.HandleError(err)
+	klog.V(2).Infof("Dropping CRIOCredentialProviderConfig %q out of the queue: %v", key, err)
+	ctrl.criocpQueue.Forget(key)
+	ctrl.criocpQueue.AddAfter(key, 1*time.Minute)
+}
 
 // generateOriginalContainerRuntimeConfigs returns rendered default storage, registries and policy config files
 func generateOriginalContainerRuntimeConfigs(templateDir string, cc *mcfgv1.ControllerConfig, role string) (*ign3types.File, *ign3types.File, *ign3types.File, error) {
@@ -1110,14 +1113,14 @@ func (ctrl *Controller) syncImageConfig(key string) error {
 		}
 	}
 
-	if ctrl.addedCRIOCPObservers {
-		crioCredentialProviderConfig, err = ctrl.criocpLister.Get("cluster")
-		if err != nil && errors.IsNotFound(err) {
-			crioCredentialProviderConfig = &apicfgv1alpha1.CRIOCredentialProviderConfig{}
-		} else if err != nil {
-			return nil
-		}
-	}
+	// if ctrl.addedCRIOCPObservers {
+	// 	crioCredentialProviderConfig, err = ctrl.criocpLister.Get("cluster")
+	// 	if err != nil && errors.IsNotFound(err) {
+	// 		crioCredentialProviderConfig = &apicfgv1alpha1.CRIOCredentialProviderConfig{}
+	// 	} else if err != nil {
+	// 		return nil
+	// 	}
+	// }
 
 	if clusterVersionCfg != nil {
 		// The possibility of releaseImage being "" is very unlikely, will only happen if clusterVersionCfg is nil. If this happens
@@ -1206,44 +1209,44 @@ func (ctrl *Controller) syncImageConfig(key string) error {
 	return nil
 }
 
-// func (ctrl *Controller) syncCRIOCredentialProviderConfig(key string) error {
-// 	startTime := time.Now()
-// 	klog.V(4).Infof("Started syncing CRIOCredentialProvider config %q (%v)", key, startTime)
-// 	defer func() {
-// 		klog.V(4).Infof("Finished syncing CRIOCredentialProvider config %q (%v)", key, time.Since(startTime))
-// 	}()
-
-// 	// Get ControllerConfig
-// 	controllerConfig, err := ctrl.ccLister.Get(ctrlcommon.ControllerConfigName)
-// 	if err != nil {
-// 		return fmt.Errorf("could not get ControllerConfig %w", err)
-// 	}
-
-// 	sel, err := metav1.LabelSelectorAsSelector(metav1.AddLabelToSelector(&metav1.LabelSelector{}, builtInLabelKey, ""))
-// 	if err != nil {
-// 		return err
-// 	}
-// 	// Find all the MCO built in MachineConfigPools
-// 	mcpPools, err := ctrl.mcpLister.List(sel)
-// 	if err != nil {
-// 		return err
-// 	}
-
-// 	for _, pool := range mcpPools {
-// 		role := pool.Name
-// 		credProviderConfigIgn, err := generateOriginalCredentialProviderConfig(ctrl.templatesDir, controllerConfig, role)
-// 		if err != nil {
-// 			return fmt.Errorf("could not generate original CRIO credential provider config for role %s: %w", role, err)
-// 		}
-// 		contents, err := ctrlcommon.DecodeIgnitionFileContents(credProviderConfigIgn.Contents.Source, credProviderConfigIgn.Contents.Compression)
-// 		if err != nil {
-// 			return fmt.Errorf("could not decode CRIO credential provider config for role %s: %w", role, err)
-// 		}
-// 		klog.Infof("Decoded CRIO credential provider config contents successfully for role %s: %s", role, string(contents))
-// 	}
-
-// 	return nil
-// }
+func (ctrl *Controller) syncCRIOCredentialProviderConfig(key string) error {
+	startTime := time.Now()
+	klog.Infof("Started syncing CRIOCredentialProvider config %q (%v)", key, startTime)
+	defer func() {
+		klog.V(4).Infof("Finished syncing CRIOCredentialProvider config %q (%v)", key, time.Since(startTime))
+	}()
+
+	// // Get ControllerConfig
+	// controllerConfig, err := ctrl.ccLister.Get(ctrlcommon.ControllerConfigName)
+	// if err != nil {
+	// 	return fmt.Errorf("could not get ControllerConfig %w", err)
+	// }
+
+	// sel, err := metav1.LabelSelectorAsSelector(metav1.AddLabelToSelector(&metav1.LabelSelector{}, builtInLabelKey, ""))
+	// if err != nil {
+	// 	return err
+	// }
+	// // Find all the MCO built in MachineConfigPools
+	// mcpPools, err := ctrl.mcpLister.List(sel)
+	// if err != nil {
+	// 	return err
+	// }
+
+	// for _, pool := range mcpPools {
+	// 	role := pool.Name
+	// 	credProviderConfigIgn, err := generateOriginalCredentialProviderConfig(ctrl.templatesDir, controllerConfig, role)
+	// 	if err != nil {
+	// 		return fmt.Errorf("could not generate original CRIO credential provider config for role %s: %w", role, err)
+	// 	}
+	// 	contents, err := ctrlcommon.DecodeIgnitionFileContents(credProviderConfigIgn.Contents.Source, credProviderConfigIgn.Contents.Compression)
+	// 	if err != nil {
+	// 		return fmt.Errorf("could not decode CRIO credential provider config for role %s: %w", role, err)
+	// 	}
+	// 	klog.Infof("Decoded CRIO credential provider config contents successfully for role %s: %s", role, string(contents))
+	// }
+
+	return nil
+}
 
 func (ctrl *Controller) syncIgnitionConfig(managedKey string, ignFile *ign3types.Config, pool *mcfgv1.MachineConfigPool, ownerRef metav1.OwnerReference) (bool, error) {
 	rawIgn, err := json.Marshal(ignFile)