Add EnqueueRequestForAnnotation enqueues Requests based on the presence of an annotation to watch resources

camilamacedo86 · camilamacedo86 · commit 2cc696d47bb7 · 2020-04-14T20:32:34.000+01:00
diff --git a/examples/annotationbasedwatch/controller.go b/examples/annotationbasedwatch/controller.go
@@ -0,0 +1,77 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+
+	"github.com/go-logr/logr"
+
+	appsv1 "k8s.io/api/apps/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+// reconcileReplicaSet reconciles ReplicaSets
+type reconcileReplicaSet struct {
+	// client can be used to retrieve objects from the APIServer.
+	client client.Client
+	log    logr.Logger
+}
+
+// Implement reconcile.Reconciler so the controller can reconcile objects
+var _ reconcile.Reconciler = &reconcileReplicaSet{}
+
+func (r *reconcileReplicaSet) Reconcile(request reconcile.Request) (reconcile.Result, error) {
+	// set up a convenient log object so we don't have to type request over and over again
+	log := r.log.WithValues("request", request)
+
+	// Fetch the ReplicaSet from the cache
+	rs := &appsv1.ReplicaSet{}
+	err := r.client.Get(context.TODO(), request.NamespacedName, rs)
+	if errors.IsNotFound(err) {
+		log.Error(nil, "Could not find ReplicaSet")
+		return reconcile.Result{}, nil
+	}
+
+	if err != nil {
+		log.Error(err, "Could not fetch ReplicaSet")
+		return reconcile.Result{}, err
+	}
+
+	// Print the ReplicaSet
+	log.Info("Reconciling ReplicaSet", "container name", rs.Spec.Template.Spec.Containers[0].Name)
+
+	// Set the label if it is missing
+	if rs.Labels == nil {
+		rs.Labels = map[string]string{}
+	}
+	if rs.Labels["hello"] == "world" {
+		return reconcile.Result{}, nil
+	}
+
+	// Update the ReplicaSet
+	rs.Labels["hello"] = "world"
+	err = r.client.Update(context.TODO(), rs)
+	if err != nil {
+		log.Error(err, "Could not write ReplicaSet")
+		return reconcile.Result{}, err
+	}
+
+	return reconcile.Result{}, nil
+}
diff --git a/examples/annotationbasedwatch/main.go b/examples/annotationbasedwatch/main.go
@@ -0,0 +1,98 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"os"
+
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
+	"sigs.k8s.io/controller-runtime/pkg/client/config"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/manager/signals"
+	"sigs.k8s.io/controller-runtime/pkg/source"
+)
+
+var log = logf.Log.WithName("example-annotationbasedwatch")
+
+func main() {
+	logf.SetLogger(zap.Logger(false))
+	entryLog := log.WithName("entrypoint")
+
+	// Setup a Manager
+	entryLog.Info("setting up manager")
+	mgr, err := manager.New(config.GetConfigOrDie(), manager.Options{})
+	if err != nil {
+		entryLog.Error(err, "unable to set up overall controller manager")
+		os.Exit(1)
+	}
+
+	// Setup a new controller to reconcile ReplicaSets
+	entryLog.Info("Setting up controller")
+	c, err := controller.New("foo-controller", mgr, controller.Options{
+		Reconciler: &reconcileReplicaSet{client: mgr.GetClient(), log: log.WithName("reconciler")},
+	})
+	if err != nil {
+		entryLog.Error(err, "unable to set up individual controller")
+		os.Exit(1)
+	}
+
+	// Watch Pods that has the following annotations:
+	// ...
+	// annotations:
+	//    watch.kubebuilder.io/owner-namespaced-name:my-namespace/my-pod
+	//    watch.kubebuilder.io/owner-type:core.Pods
+	// ...
+	// It will enqueue a Request to the primary-resource-namespace when some change occurs in a Pod resource with these
+	// annotations
+	podTypeAnnotations := schema.GroupKind{Group: "Pods", Kind: "core"}
+	if err := c.Watch(&source.Kind{Type: &corev1.Pod{}}, &handler.EnqueueRequestForAnnotation{podTypeAnnotations}); err != nil {
+		entryLog.Error(err, "unable to watch Pods")
+		os.Exit(1)
+	}
+
+	// Watch ClusterRoles that has the following annotations:
+	// ...
+	// annotations:
+	//    watch.kubebuilder.io/owner-namespaced-name:my-namespace/my-replicaset
+	//    watch.kubebuilder.io/owner-type:apps.ReplicaSet
+	// ...
+	// It will enqueue a Request to the primary-resource-namespace when some change occurs in a ClusterRole resource with these
+	// annotations
+	if err := c.Watch(&source.Kind{
+		// Watch cluster roles
+		Type: &rbacv1.ClusterRole{}},
+
+		// Enqueue ReplicaSet reconcile requests using the
+		// namespacedName annotation value in the request.
+		&handler.EnqueueRequestForAnnotation{schema.GroupKind{Group:"ReplicaSet", Kind:"apps"}}); err != nil {
+		entryLog.Error(err, "unable to watch Cluster Role")
+		os.Exit(1)
+	}
+
+	entryLog.Info("starting manager")
+	if err := mgr.Start(signals.SetupSignalHandler()); err != nil {
+		entryLog.Error(err, "unable to run manager")
+		os.Exit(1)
+	}
+}
diff --git a/pkg/handler/enqueue_annotation.go b/pkg/handler/enqueue_annotation.go
@@ -0,0 +1,173 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package handler
+
+import (
+	"strings"
+
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/util/workqueue"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+var _ EventHandler = &EnqueueRequestForAnnotation{}
+
+const (
+	// NamespacedNameAnnotation defines the annotation that will be used to get the primary resource namespaced name.
+	// The handler will use this value to build the types.NamespacedName object used to enqueue a Request when an event
+	// to update, to create or to delete the observed object is raised. Note that if only one value be informed without
+	// the "/"  then it will be set as the name of the primary resource.
+	NamespacedNameAnnotation = "watch.kubebuilder.io/owner-namespaced-name"
+
+	// TypeAnnotation define the annotation that will be used to verify that the primary resource is the primary resource
+	// to use. It should be the type schema.GroupKind. E.g watch.kubebuilder.io/owner-type:core.Pods
+	TypeAnnotation = "watch.kubebuilder.io/owner-type"
+)
+
+// EnqueueRequestForAnnotation enqueues Requests based on the presence of annotations that contain the type and
+// namespaced name of the primary resource. The purpose of this handler is to support cross-scope ownership
+// relationships that are not supported by native owner references.
+//
+// This handler should ALWAYS be paired with a finalizer on the primary resource. While the
+// annotation-based watch handler does not have the same scope restrictions that owner references
+// do, they also do not have the garbage collection guarantees that owner references do. Therefore,
+// if the reconciler of a primary resource creates a child resource across scopes not supported by
+// owner references, it is up to the reconciler to clean up that child resource.
+//
+// **NOTE** You might prefer to use the EnqueueRequestsFromMapFunc with predicates instead of it.
+//
+// **Examples:**
+//
+// The following code will enqueue a Request to the `primary-resource-namespace` when some change occurs in a Pod
+// resource:
+//
+// ...
+// podTypeAnnotations := schema.GroupKind{Group: "Pods", Kind: "core"}
+// if err := c.Watch(&source.Kind{Type: &corev1.Pod{}}, &handler.EnqueueRequestForAnnotation{podTypeAnnotations}); err != nil {
+//    entryLog.Error(err, "unable to watch Pods")
+//    os.Exit(1)
+// }
+// ...
+//
+// With the annotations:
+//
+// ...
+// annotations:
+//    watch.kubebuilder.io/owner-namespaced-name:my-namespace/my-pod
+//    watch.kubebuilder.io/owner-type:core.Pods
+// ...
+//
+// The following code will enqueue a Request to the `primary-resource-namespace`, ReplicaSet reconcile,
+// when some change occurs in a ClusterRole resource
+//
+// ...
+// if err := c.Watch(&source.Kind{
+//	  // Watch cluster roles
+//	  Type: &rbacv1.ClusterRole{}},
+//
+//	  // Enqueue ReplicaSet reconcile requests using the
+//	  // namespacedName annotation value in the request.
+//	  &handler.EnqueueRequestForAnnotation{schema.GroupKind{Group:"ReplicaSet", Kind:"apps"}}); err != nil {
+//	      entryLog.Error(err, "unable to watch ClusterRole")
+//	      os.Exit(1)
+//    }
+// }
+// ...
+// With the annotations:
+//
+// ...
+// annotations:
+//    watch.kubebuilder.io/owner-namespaced-name:my-namespace/my-replicaset
+//    watch.kubebuilder.io/owner-type:apps.ReplicaSet
+// ...
+//
+// **NOTE** Cluster-scoped resources will have the NamespacedNameAnnotation such as:
+// `watch.kubebuilder.io/owner-namespaced-name:my-replicaset
+type EnqueueRequestForAnnotation struct {
+	// It is used to verify that the primary resource is the primary resource to use.
+	// E.g watch.kubebuilder.io/owner-type:core.Pods
+	Type schema.GroupKind
+}
+
+// Create implements EventHandler
+func (e *EnqueueRequestForAnnotation) Create(evt event.CreateEvent, q workqueue.RateLimitingInterface) {
+	if ok, req := e.getAnnotationRequests(evt.Meta); ok {
+		q.Add(req)
+	}
+}
+
+// Update implements EventHandler
+func (e *EnqueueRequestForAnnotation) Update(evt event.UpdateEvent, q workqueue.RateLimitingInterface) {
+	if ok, req := e.getAnnotationRequests(evt.MetaOld); ok {
+		q.Add(req)
+	} else if ok, req := e.getAnnotationRequests(evt.MetaNew); ok {
+		q.Add(req)
+	}
+}
+
+// Delete implements EventHandler
+func (e *EnqueueRequestForAnnotation) Delete(evt event.DeleteEvent, q workqueue.RateLimitingInterface) {
+	if ok, req := e.getAnnotationRequests(evt.Meta); ok {
+		q.Add(req)
+	}
+}
+
+// Generic implements EventHandler
+func (e *EnqueueRequestForAnnotation) Generic(evt event.GenericEvent, q workqueue.RateLimitingInterface) {
+	if ok, req := e.getAnnotationRequests(evt.Meta); ok {
+		q.Add(req)
+	}
+}
+
+// getAnnotationRequests will check if the object has the annotations for the watch handler and requeue
+func (e *EnqueueRequestForAnnotation) getAnnotationRequests(object metav1.Object) (bool, reconcile.Request) {
+	if typeString, ok := object.GetAnnotations()[TypeAnnotation]; ok && typeString == e.Type.String() {
+		namespacedNameString, ok := object.GetAnnotations()[NamespacedNameAnnotation]
+		if !ok {
+			log.Info("Unable to find the annotation for handle watch annotation",
+				"resource", object, "annotation", NamespacedNameAnnotation)
+		}
+		if len(namespacedNameString) < 1 {
+			return false, reconcile.Request{}
+		}
+		return true, reconcile.Request{NamespacedName: parseNamespacedName(namespacedNameString)}
+	}
+	return false, reconcile.Request{}
+}
+
+// parseNamespacedName will parse the value informed in the NamespacedNameAnnotation and return types.NamespacedName
+// with. Note that if just one value is informed, then it will be set as the name.
+func parseNamespacedName(namespacedNameString string) types.NamespacedName {
+	values := strings.SplitN(namespacedNameString, "/", 2)
+	if len(values) == 1 {
+		return types.NamespacedName{
+			Name:      values[0],
+			Namespace: "",
+		}
+	}
+	if len(values) >= 2 {
+		return types.NamespacedName{
+			Name:      values[1],
+			Namespace: values[0],
+		}
+	}
+	return types.NamespacedName{}
+}
diff --git a/pkg/handler/eventhandler_test.go b/pkg/handler/eventhandler_test.go
