ensures support for cluster-wide monitoring (#22821)

Partially addresses #15888
2023-09-19 13:46:37 -04:00 · 2023-09-19 13:46:37 -04:00 · b343f87c60
commit b343f87c60
parent ed443a962e
16 changed files with 72 additions and 31 deletions
--- a/.github/workflows/operator-ci.yml
+++ b/.github/workflows/operator-ci.yml
@ -190,14 +190,41 @@ jobs:
      - name: Deploy an example Keycloak and wait for it to be ready
        working-directory: operator
        run: |
-          kubectl apply -f src/main/resources/example-postgres.yaml
+          kubectl apply -f src/test/resources/example-postgres.yaml
          ./scripts/check-crds-installed.sh
-          kubectl apply -f src/main/resources/example-db-secret.yaml
-          kubectl apply -f src/main/resources/example-tls-secret.yaml
-          kubectl apply -f src/main/resources/example-keycloak.yaml
-          kubectl apply -f src/main/resources/example-realm.yaml
+          kubectl apply -f src/test/resources/example-db-secret.yaml
+          kubectl apply -f src/test/resources/example-tls-secret.yaml
+          kubectl apply -f src/test/resources/example-keycloak.yaml
+          kubectl apply -f src/test/resources/example-realm.yaml
          # Wait for the CRs to be ready
          ./scripts/check-examples-installed.sh
+          
+      - name: Single namespace cleanup
+        working-directory: operator
+        run: |
+          kubectl delete -f src/test/resources/example-postgres.yaml
+          kubectl delete -f src/test/resources/example-db-secret.yaml
+          kubectl delete -f src/test/resources/example-tls-secret.yaml
+          kubectl delete -f src/test/resources/example-keycloak.yaml
+          kubectl delete -f src/test/resources/example-realm.yaml
+      
+      - name: Arrange OLM test installation for all namespaces
+        working-directory: operator
+        run: |
+          kubectl patch csv keycloak-operator.v86400000.0.0 --type merge --patch '{"spec": {"installModes": [{"type": "AllNamespaces","supported": true}]}}'
+          kubectl patch operatorgroup og --type json --patch '[{"op":"remove","path":"/spec/targetNamespaces"}]'
+       
+      - name: Deploy an example Keycloak in a different namespace and wait for it to be ready
+        working-directory: operator
+        run: |
+          kubectl create ns keycloak
+          kubectl apply -f src/test/resources/example-postgres.yaml -n keycloak
+          kubectl apply -f src/test/resources/example-db-secret.yaml -n keycloak
+          kubectl apply -f src/test/resources/example-tls-secret.yaml -n keycloak
+          kubectl apply -f src/test/resources/example-keycloak.yaml -n keycloak
+          kubectl apply -f src/test/resources/example-realm.yaml -n keycloak
+          # Wait for the CRs to be ready
+          ./scripts/check-examples-installed.sh keycloak

  check:
    name: Status Check - Keycloak Operator CI
--- a/operator/scripts/check-examples-installed.sh
+++ b/operator/scripts/check-examples-installed.sh
@ -1,9 +1,11 @@
 #! /bin/bash
 set -euxo pipefail

+NAMESPACE=${1:-default}
+
 max_retries=500
 c=0
-while [[ $(kubectl get keycloaks/example-kc -o jsonpath="{.status.conditions[?(@.type == 'Ready')].status}") != "True" ]]
+while [[ $(kubectl -n $NAMESPACE get keycloaks/example-kc -o jsonpath="{.status.conditions[?(@.type == 'Ready')].status}") != "True" ]]
 do
  echo "waiting for Keycloak example-kc status"
  ((c++)) && ((c==max_retries)) && exit -1
@ -11,7 +13,7 @@ do
 done

 c=0
-while [[ $(kubectl get keycloakrealmimports/example-count0-kc -o jsonpath="{.status.conditions[?(@.type == 'Done')].status}") != "True" ]]
+while [[ $(kubectl -n $NAMESPACE get keycloakrealmimports/example-count0-kc -o jsonpath="{.status.conditions[?(@.type == 'Done')].status}") != "True" ]]
 do
  echo "waiting for Keycloak Realm Import example-count0-kc status"
  ((c++)) && ((c==max_retries)) &&  exit -1
--- a/operator/scripts/create-olm-test-resources.sh
+++ b/operator/scripts/create-olm-test-resources.sh
@ -6,6 +6,8 @@ DOCKER_REGISTRY=$2

 UUID=${3:-""}

+TARGET_NAMESPACES=${4-default}
+
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )

 rm -rf $SCRIPT_DIR/../olm/testing-resources
@ -27,23 +29,28 @@ spec:
      interval: 10m
 EOF

-cat << EOF >> $SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml
+
+OPERATOR_GROUP_FILE=$SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml
+
+cat << EOF >> $OPERATOR_GROUP_FILE
 kind: OperatorGroup
 apiVersion: operators.coreos.com/v1
 metadata:
-  name: og-single
-  namespace: default
+  name: og
 spec:
-  targetNamespaces:
-  - default
 EOF

+IFS=', ' read -r -a array <<< "$TARGET_NAMESPACES"
+for element in "${array[@]}"
+do
+    yq ea -i ".spec.targetNamespaces += [\"$element\"]" $OPERATOR_GROUP_FILE
+done
+
 cat << EOF >> $SCRIPT_DIR/../olm/testing-resources/subscription.yaml
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
  name: keycloak-operator
-  namespace: default
 spec:
  installPlanApproval: Automatic
  name: keycloak-operator
--- a/operator/scripts/install-keycloak-operator.sh
+++ b/operator/scripts/install-keycloak-operator.sh
@ -3,6 +3,8 @@ set -euxo pipefail

 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )

+INSTALL_NAMESPACE=${1:-default}
+
 # Delete the default catalog if it exists
 sh -c "kubectl delete catalogsources operatorhubio-catalog -n olm | true"

@ -18,5 +20,5 @@ do
  sleep 1
 done

-kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml
-kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/subscription.yaml
+kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/operatorgroup.yaml -n $INSTALL_NAMESPACE
+kubectl apply -f $SCRIPT_DIR/../olm/testing-resources/subscription.yaml -n $INSTALL_NAMESPACE
--- a/operator/scripts/olm-testing.sh
+++ b/operator/scripts/olm-testing.sh
@ -3,6 +3,10 @@ set -euxo pipefail

 UUID=${1:-$(git rev-parse --short HEAD)}

+INSTALL_NAMESPACE=${2:-default}
+
+TARGET_NAMESPACES=${3-$INSTALL_NAMESPACE}
+
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )

 # This version translates to one day for ttl.sh
@ -28,6 +32,6 @@ VERSION="86400000.0.0"
  docker push "ttl.sh/${UUID}keycloak-operator:${VERSION}"
 )

-$SCRIPT_DIR/prepare-olm-test.sh ttl.sh ${VERSION} NONE ${UUID}
+$SCRIPT_DIR/prepare-olm-test.sh ttl.sh ${VERSION} NONE ${UUID} $TARGET_NAMESPACES

-$SCRIPT_DIR/install-keycloak-operator.sh
+$SCRIPT_DIR/install-keycloak-operator.sh $INSTALL_NAMESPACE
--- a/operator/scripts/prepare-olm-test.sh
+++ b/operator/scripts/prepare-olm-test.sh
@ -10,6 +10,8 @@ PREV_VERSION="$3"

 UUID=${4:-""}

+TARGET_NAMESPACES=${5-default}
+
 OPERATOR_IMAGE_NAME="keycloak-operator"
 OPERATOR_DOCKER_IMAGE="$DOCKER_REGISTRY/${UUID}$OPERATOR_IMAGE_NAME"

@ -31,4 +33,4 @@ $SCRIPT_DIR/create-olm-test-catalog.sh $VERSION $DOCKER_REGISTRY/${UUID}keycloak
  docker push $DOCKER_REGISTRY/${UUID}keycloak-test-catalog:$VERSION)

 # Create testing resources
-$SCRIPT_DIR/create-olm-test-resources.sh $VERSION $DOCKER_REGISTRY ${UUID}
+$SCRIPT_DIR/create-olm-test-resources.sh $VERSION $DOCKER_REGISTRY ${UUID} $TARGET_NAMESPACES
--- a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakController.java
+++ b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakController.java
@ -46,9 +46,7 @@ import java.util.concurrent.TimeUnit;

 import jakarta.inject.Inject;

-import static io.javaoperatorsdk.operator.api.reconciler.Constants.WATCH_CURRENT_NAMESPACE;
-
-@ControllerConfiguration(namespaces = WATCH_CURRENT_NAMESPACE,
+@ControllerConfiguration(
    dependents = {
        @Dependent(type = KeycloakAdminSecretDependentResource.class),
        @Dependent(type = KeycloakIngressDependentResource.class, reconcilePrecondition = KeycloakIngressDependentResource.EnabledCondition.class),
@ -68,12 +66,12 @@ public class KeycloakController implements Reconciler<Keycloak>, EventSourceInit

    @Override
    public Map<String, EventSource> prepareEventSources(EventSourceContext<Keycloak> context) {
-        String namespace = context.getControllerConfiguration().getConfigurationService().getKubernetesClient().getNamespace();
+        var namespaces = context.getControllerConfiguration().getNamespaces();

        InformerConfiguration<StatefulSet> statefulSetIC = InformerConfiguration
                .from(StatefulSet.class)
                .withLabelSelector(Constants.DEFAULT_LABELS_AS_STRING)
-                .withNamespaces(namespace)
+                .withNamespaces(namespaces)
                .withSecondaryToPrimaryMapper(Mappers.fromOwnerReference())
                .withOnUpdateFilter(new MetadataAwareOnUpdateFilter<>())
                .build();
@ -81,7 +79,7 @@ public class KeycloakController implements Reconciler<Keycloak>, EventSourceInit
        InformerConfiguration<Service> servicesIC = InformerConfiguration
                .from(Service.class)
                .withLabelSelector(Constants.DEFAULT_LABELS_AS_STRING)
-                .withNamespaces(namespace)
+                .withNamespaces(namespaces)
                .withSecondaryToPrimaryMapper(Mappers.fromOwnerReference())
                .withOnUpdateFilter(new MetadataAwareOnUpdateFilter<>())
                .build();
--- a/operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportController.java
+++ b/operator/src/main/java/org/keycloak/operator/controllers/KeycloakRealmImportController.java
@ -41,9 +41,7 @@ import java.util.concurrent.TimeUnit;

 import jakarta.inject.Inject;

-import static io.javaoperatorsdk.operator.api.reconciler.Constants.WATCH_CURRENT_NAMESPACE;
-
-@ControllerConfiguration(namespaces = WATCH_CURRENT_NAMESPACE,
+@ControllerConfiguration(
 dependents = {
    @Dependent(type = KeycloakRealmImportSecretDependentResource.class)
 })
--- a/operator/src/main/java/org/keycloak/operator/controllers/WatchedSecretsController.java
+++ b/operator/src/main/java/org/keycloak/operator/controllers/WatchedSecretsController.java
@ -51,10 +51,8 @@ import java.util.stream.Collectors;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;

-import static io.javaoperatorsdk.operator.api.reconciler.Constants.WATCH_CURRENT_NAMESPACE;
-
@ApplicationScoped
-@ControllerConfiguration(namespaces = WATCH_CURRENT_NAMESPACE, labelSelector = Constants.KEYCLOAK_COMPONENT_LABEL + "=" + WatchedSecrets.WATCHED_SECRETS_LABEL_VALUE)
+@ControllerConfiguration(labelSelector = Constants.KEYCLOAK_COMPONENT_LABEL + "=" + WatchedSecrets.WATCHED_SECRETS_LABEL_VALUE)
 public class WatchedSecretsController implements Reconciler<Secret>, EventSourceInitializer<Secret>, WatchedSecrets {

    @Inject
--- a/operator/src/main/resources/application.properties
+++ b/operator/src/main/resources/application.properties
@ -13,3 +13,6 @@ quarkus.kubernetes.env.vars.operator-keycloak-image=${operator.keycloak.image}
 # Bundle config
 quarkus.operator-sdk.bundle.package-name=keycloak-operator
 quarkus.operator-sdk.bundle.channels=fast
+
+quarkus.operator-sdk.namespaces=JOSDK_WATCH_CURRENT
+quarkus.operator-sdk.generate-with-watched-namespaces=JOSDK_WATCH_CURRENT
--- a/operator/src/test/java/org/keycloak/operator/testsuite/integration/BaseOperatorTest.java
+++ b/operator/src/test/java/org/keycloak/operator/testsuite/integration/BaseOperatorTest.java
@ -172,7 +172,7 @@ public class BaseOperatorTest implements QuarkusTestAfterEachCallback {

    for (Reconciler<?> reconciler : reconcilers) {
      Log.info("Register and apply : " + reconciler.getClass().getName());
-      operator.register(reconciler);
+      operator.register(reconciler, overrider -> overrider.settingNamespace(namespace));
    }
  }

--- a/operator/src/test/resources/example-db-secret.yaml
+++ b/operator/src/test/resources/example-db-secret.yaml
--- a/operator/src/test/resources/example-keycloak.yaml
+++ b/operator/src/test/resources/example-keycloak.yaml
--- a/operator/src/test/resources/example-postgres.yaml
+++ b/operator/src/test/resources/example-postgres.yaml
--- a/operator/src/test/resources/example-realm.yaml
+++ b/operator/src/test/resources/example-realm.yaml
--- a/operator/src/test/resources/example-tls-secret.yaml
+++ b/operator/src/test/resources/example-tls-secret.yaml