Merge pull request #741 from jvanz/issue645-configmap-cache

fix: cache configMap resources.

controllers/policyserver_controller_test.go

@@ -18,6 +18,7 @@ package controllers
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 
 	. "github.com/onsi/ginkgo/v2"      //nolint:revive
@@ -559,6 +560,72 @@ var _ = Describe("PolicyServer controller", func() {
 			}).Should(Succeed())
 		})
 
+		It("should set the configMap version as a deployment annotation", func() {
+			policyServer := policyServerFactory(policyServerName)
+			createPolicyServerAndWaitForItsService(policyServer)
+			configmap, err := getTestPolicyServerConfigMap(policyServerName)
+			Expect(err).ToNot(HaveOccurred())
+			Eventually(func() error {
+				deployment, err := getTestPolicyServerDeployment(policyServerName)
+				if err != nil {
+					return err
+				}
+				if deployment.GetAnnotations()[constants.PolicyServerDeploymentConfigVersionAnnotation] != configmap.GetResourceVersion() {
+					return errors.New("deployment configmap version did not change")
+				}
+				if deployment.Spec.Template.GetLabels()[constants.PolicyServerDeploymentConfigVersionAnnotation] != configmap.GetResourceVersion() {
+					return errors.New("pod configmap version did not change")
+				}
+				return nil
+			}, timeout, pollInterval).Should(Succeed())
+		})
+
+		It("should update the configMap version after adding a policy", func() {
+			policyServer := policyServerFactory(policyServerName)
+			createPolicyServerAndWaitForItsService(policyServer)
+			initalConfigMap, err := getTestPolicyServerConfigMap(policyServerName)
+			Expect(err).ToNot(HaveOccurred())
+			Eventually(func() error {
+				deployment, err := getTestPolicyServerDeployment(policyServerName)
+				if err != nil {
+					return err
+				}
+				if deployment.GetAnnotations()[constants.PolicyServerDeploymentConfigVersionAnnotation] != initalConfigMap.GetResourceVersion() {
+					return errors.New("deployment configmap version did not change")
+				}
+				if deployment.Spec.Template.GetLabels()[constants.PolicyServerDeploymentConfigVersionAnnotation] != initalConfigMap.GetResourceVersion() {
+					return errors.New("pod configmap version did not change")
+				}
+				return nil
+			}, timeout, pollInterval).Should(Succeed())
+
+			policyName := newName("validating-policy")
+			policy := clusterAdmissionPolicyFactory(policyName, policyServerName, false)
+			Expect(k8sClient.Create(ctx, policy)).To(Succeed())
+
+			Eventually(func() error {
+				configmap, err := getTestPolicyServerConfigMap(policyServerName)
+				if err != nil {
+					return err
+				}
+				if configmap.GetResourceVersion() == initalConfigMap.GetResourceVersion() {
+					return errors.New("configmap version did not change")
+				}
+				deployment, err := getTestPolicyServerDeployment(policyServerName)
+				if err != nil {
+					return err
+				}
+				if deployment.GetAnnotations()[constants.PolicyServerDeploymentConfigVersionAnnotation] != configmap.GetResourceVersion() {
+					return errors.New("deployment configmap version did not change")
+				}
+				if deployment.Spec.Template.GetLabels()[constants.PolicyServerDeploymentConfigVersionAnnotation] != configmap.GetResourceVersion() {
+					return errors.New("pod configmap version did not change")
+				}
+				return nil
+			}, timeout, pollInterval).Should(Succeed())
+
+		})
+
 	})
 
 	When("updating the PolicyServer", func() {

main.go

@@ -165,16 +165,8 @@ func main() {
 				&corev1.Pod{}:                        namespaceSelector,
 				&corev1.Service{}:                    namespaceSelector,
 				&k8spoliciesv1.PodDisruptionBudget{}: namespaceSelector,
-			},
-		},
-		// These types of resources should never be cached because we need fresh
-		// data coming from the cliet. This is required to perform the rollout
-		// of the PolicyServer Deployment whenever a policy is added/changed/removed.
-		// Because of that, there's not need to scope these resources inside
-		// of the cache, like we did for Pods, Services,... right above.
-		Client: client.Options{
-			Cache: &client.CacheOptions{
-				DisableFor: []client.Object{&corev1.ConfigMap{}, &appsv1.Deployment{}},
+				&corev1.ConfigMap{}:                  namespaceSelector,
+				&appsv1.Deployment{}:                 namespaceSelector,
 			},
 		},
 	})