Automator: merge upstream changes to openshift-service-mesh/sail-oper…

…ator@main * upstream/main: Automator: Update dependencies in istio-ecosystem/sail-operator@main (openshift-service-mesh#66) Ensure control plane is deployed immediately when the target namespace is created (openshift-service-mesh#65) Use INFO level to log missing namespace in IstioRevision/IstioCNI (openshift-service-mesh#64)
openshift-service-mesh-bot · Apr 22, 2024 · b38b3e5 · b38b3e5
2 parents e6a63c6 + 823ef1f
commit b38b3e5
Show file tree

Hide file tree

Showing 20 changed files with 198 additions and 72 deletions.
diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml
@@ -34,7 +34,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: OpenShift Optional, Integration & Delivery, Networking, Security
     containerImage: quay.io/maistra-dev/sail-operator:3.0-latest
-    createdAt: "2024-04-18T23:02:03Z"
+    createdAt: "2024-04-19T23:01:33Z"
     description: Experimental operator for installing Istio service mesh
     features.operators.openshift.io/cnf: "false"
     features.operators.openshift.io/cni: "true"
@@ -288,7 +288,7 @@ spec:
     This version of the operator supports the following Istio versions:
 
     - v1.21.0
-    - latest (bf9fd612)
+    - latest (3112392b)
 
     [See this page](https://github.com/istio-ecosystem/sail-operator/blob/pre-main/bundle/README.md) for instructions on how to use it.
   displayName: Sail Operator

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -17,7 +17,7 @@ csv:
     This version of the operator supports the following Istio versions:
 
     - v1.21.0
-    - latest (bf9fd612)
+    - latest (3112392b)
 
     [See this page](https://github.com/istio-ecosystem/sail-operator/blob/pre-main/bundle/README.md) for instructions on how to use it.
   support: Community based

diff --git a/controllers/istiocni/istiocni_controller.go b/controllers/istiocni/istiocni_controller.go
@@ -36,6 +36,7 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
@@ -92,12 +93,7 @@ func NewReconciler(
 func (r *Reconciler) Reconcile(ctx context.Context, cni *v1alpha1.IstioCNI) (ctrl.Result, error) {
 	log := logf.FromContext(ctx)
 
-	if err := validateIstioCNI(cni); err != nil {
-		return ctrl.Result{}, err
-	}
-
-	log.Info("Installing components")
-	reconcileErr := r.installHelmChart(ctx, cni)
+	reconcileErr := r.doReconcile(ctx, cni)
 
 	log.Info("Reconciliation done. Updating status.")
 	statusErr := r.updateStatus(ctx, cni, reconcileErr)
@@ -109,13 +105,30 @@ func (r *Reconciler) Finalize(ctx context.Context, cni *v1alpha1.IstioCNI) error
 	return r.uninstallHelmChart(ctx, cni)
 }
 
-func validateIstioCNI(cni *v1alpha1.IstioCNI) error {
+func (r *Reconciler) doReconcile(ctx context.Context, cni *v1alpha1.IstioCNI) error {
+	log := logf.FromContext(ctx)
+	if err := r.validateIstioCNI(ctx, cni); err != nil {
+		return err
+	}
+
+	log.Info("Installing Helm chart")
+	return r.installHelmChart(ctx, cni)
+}
+
+func (r *Reconciler) validateIstioCNI(ctx context.Context, cni *v1alpha1.IstioCNI) error {
 	if cni.Spec.Version == "" {
 		return reconciler.NewValidationError("spec.version not set")
 	}
 	if cni.Spec.Namespace == "" {
 		return reconciler.NewValidationError("spec.namespace not set")
 	}
+
+	if err := r.Client.Get(ctx, types.NamespacedName{Name: cni.Spec.Namespace}, &corev1.Namespace{}); err != nil {
+		if apierrors.IsNotFound(err) {
+			return reconciler.NewValidationError(fmt.Sprintf("namespace %q doesn't exist", cni.Spec.Namespace))
+		}
+		return err
+	}
 	return nil
 }
 

diff --git a/controllers/istiorevision/istiorevision_controller.go b/controllers/istiorevision/istiorevision_controller.go
@@ -100,30 +100,42 @@ func NewReconciler(client client.Client, scheme *runtime.Scheme, resourceDir str
 func (r *Reconciler) Reconcile(ctx context.Context, rev *v1alpha1.IstioRevision) (ctrl.Result, error) {
 	log := logf.FromContext(ctx)
 
-	if err := validateIstioRevision(rev); err != nil {
-		return ctrl.Result{}, err
-	}
-
-	log.Info("Installing components")
-	reconcileErr := r.installHelmCharts(ctx, rev)
+	reconcileErr := r.doReconcile(ctx, rev)
 
 	log.Info("Reconciliation done. Updating status.")
 	statusErr := r.updateStatus(ctx, rev, reconcileErr)
 
 	return ctrl.Result{}, errors.Join(reconcileErr, statusErr)
 }
 
+func (r *Reconciler) doReconcile(ctx context.Context, rev *v1alpha1.IstioRevision) error {
+	log := logf.FromContext(ctx)
+	if err := r.validateIstioRevision(ctx, rev); err != nil {
+		return err
+	}
+
+	log.Info("Installing Helm chart")
+	return r.installHelmCharts(ctx, rev)
+}
+
 func (r *Reconciler) Finalize(ctx context.Context, rev *v1alpha1.IstioRevision) error {
 	return r.uninstallHelmCharts(ctx, rev)
 }
 
-func validateIstioRevision(rev *v1alpha1.IstioRevision) error {
+func (r *Reconciler) validateIstioRevision(ctx context.Context, rev *v1alpha1.IstioRevision) error {
 	if rev.Spec.Version == "" {
 		return reconciler.NewValidationError("spec.version not set")
 	}
 	if rev.Spec.Namespace == "" {
 		return reconciler.NewValidationError("spec.namespace not set")
 	}
+	if err := r.Client.Get(ctx, types.NamespacedName{Name: rev.Spec.Namespace}, &corev1.Namespace{}); err != nil {
+		if apierrors.IsNotFound(err) {
+			return reconciler.NewValidationError(fmt.Sprintf("namespace %q doesn't exist", rev.Spec.Namespace))
+		}
+		return err
+	}
+
 	if rev.Spec.Values == nil {
 		return reconciler.NewValidationError("spec.values not set")
 	}
@@ -175,8 +187,12 @@ func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error {
 	// ownedResourceHandler handles resources that are owned by the IstioRevision CR
 	ownedResourceHandler := handler.EnqueueRequestForOwner(r.Scheme, r.RESTMapper(), &v1alpha1.IstioRevision{}, handler.OnlyControllerOwner())
 
-	// nsHandler handles namespaces that reference the IstioRevision CR via the istio.io/rev or istio-injection labels.
-	// The handler triggers the reconciliation of the referenced IstioRevision CR so that its InUse condition is updated.
+	// nsHandler triggers reconciliation in two cases:
+	// - when a namespace that is referenced in IstioRevision.spec.namespace is
+	//   created, so that the control plane is installed immediately.
+	// - when a namespace that references the IstioRevision CR via the istio.io/rev
+	//   or istio-injection labels is updated, so that the InUse condition of
+	//   the IstioRevision CR is updated.
 	nsHandler := handler.EnqueueRequestsFromMapFunc(r.mapNamespaceToReconcileRequest)
 
 	// podHandler handles pods that reference the IstioRevision CR via the istio.io/rev or sidecar.istio.io/inject labels.
@@ -421,11 +437,27 @@ func istiodDeploymentKey(rev *v1alpha1.IstioRevision) client.ObjectKey {
 }
 
 func (r *Reconciler) mapNamespaceToReconcileRequest(ctx context.Context, ns client.Object) []reconcile.Request {
+	log := logf.FromContext(ctx)
+	var requests []reconcile.Request
+
+	// Check if any IstioRevision references this namespace in .spec.namespace
+	revList := v1alpha1.IstioRevisionList{}
+	if err := r.Client.List(ctx, &revList); err != nil {
+		log.Error(err, "failed to list IstioRevisions")
+		return nil
+	}
+	for _, rev := range revList.Items {
+		if rev.Spec.Namespace == ns.GetName() {
+			requests = append(requests, reconcile.Request{NamespacedName: types.NamespacedName{Name: rev.Name}})
+		}
+	}
+
+	// Check if the namespace references an IstioRevision in its labels
 	revision := getReferencedRevisionFromNamespace(ns.GetLabels())
 	if revision != "" {
-		return []reconcile.Request{{NamespacedName: types.NamespacedName{Name: revision}}}
+		requests = append(requests, reconcile.Request{NamespacedName: types.NamespacedName{Name: revision}})
 	}
-	return nil
+	return requests
 }
 
 func (r *Reconciler) mapPodToReconcileRequest(ctx context.Context, pod client.Object) []reconcile.Request {

diff --git a/pkg/kube/key.go b/pkg/kube/key.go
@@ -0,0 +1,27 @@
+// Copyright Istio Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package kube
+
+import "sigs.k8s.io/controller-runtime/pkg/client"
+
+// key returns the client.ObjectKey for the given name and namespace. If no namespace is provided, it returns a key cluster scoped
+func Key(name string, namespace ...string) client.ObjectKey {
+	if len(namespace) > 1 {
+		panic("you can only provide one namespace")
+	} else if len(namespace) == 1 {
+		return client.ObjectKey{Name: name, Namespace: namespace[0]}
+	}
+	return client.ObjectKey{Name: name}
+}
diff --git a/resources/latest/charts/base/Chart.yaml b/resources/latest/charts/base/Chart.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
-appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
 description: Helm chart for deploying Istio cluster resources and CRDs
 icon: https://istio.io/latest/favicons/android-192x192.png
 keywords:
 - istio
 name: base
 sources:
 - https://github.com/istio/istio
-version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
diff --git a/resources/latest/charts/cni/Chart.yaml b/resources/latest/charts/cni/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
 description: Helm chart for istio-cni components
 icon: https://istio.io/latest/favicons/android-192x192.png
 keywords:
@@ -8,4 +8,4 @@ keywords:
 name: cni
 sources:
 - https://github.com/istio/istio/tree/master/cni
-version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
diff --git a/resources/latest/charts/cni/values.yaml b/resources/latest/charts/cni/values.yaml
@@ -110,7 +110,7 @@ defaults:
     hub: gcr.io/istio-testing
 
     # Default tag for Istio images.
-    tag: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+    tag: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
 
     # Variant of the image to use.
     # Currently supported are: [debug, distroless]

diff --git a/resources/latest/charts/gateway/Chart.yaml b/resources/latest/charts/gateway/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
 description: Helm chart for deploying Istio gateways
 icon: https://istio.io/latest/favicons/android-192x192.png
 keywords:
@@ -9,4 +9,4 @@ name: gateway
 sources:
 - https://github.com/istio/istio
 type: application
-version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
diff --git a/resources/latest/charts/istiod/Chart.yaml b/resources/latest/charts/istiod/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
 description: Helm chart for istio control plane
 icon: https://istio.io/latest/favicons/android-192x192.png
 keywords:
@@ -9,4 +9,4 @@ keywords:
 name: istiod
 sources:
 - https://github.com/istio/istio
-version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
diff --git a/resources/latest/charts/istiod/files/kube-gateway.yaml b/resources/latest/charts/istiod/files/kube-gateway.yaml
@@ -138,7 +138,7 @@ spec:
       {{- end }}
       {{- if .Values.global.proxy.lifecycle }}
         lifecycle:
-          {{ toYaml .Values.global.proxy.lifecycle | indent 6 }}
+          {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }}
       {{- end }}
         env:
         - name: PILOT_CERT_PROVIDER

diff --git a/resources/latest/charts/istiod/values.yaml b/resources/latest/charts/istiod/values.yaml
@@ -231,7 +231,7 @@ defaults:
     # Dev builds from prow are on gcr.io
     hub: gcr.io/istio-testing
     # Default tag for Istio images.
-    tag: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+    tag: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
     # Variant of the image to use.
     # Currently supported are: [debug, distroless]
     variant: ""

diff --git a/resources/latest/charts/ztunnel/Chart.yaml b/resources/latest/charts/ztunnel/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
 description: Helm chart for istio ztunnel components
 icon: https://istio.io/latest/favicons/android-192x192.png
 keywords:
@@ -8,4 +8,4 @@ keywords:
 name: ztunnel
 sources:
 - https://github.com/istio/istio
-version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
diff --git a/resources/latest/charts/ztunnel/values.yaml b/resources/latest/charts/ztunnel/values.yaml
@@ -2,7 +2,7 @@ defaults:
   # Hub to pull from. Image will be `Hub/Image:Tag-Variant`
   hub: gcr.io/istio-testing
   # Tag to pull from. Image will be `Hub/Image:Tag-Variant`
-  tag: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749
+  tag: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d
   # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version.
   variant: ""