diff --git a/pkg/controller/mcmhub/gitrepo_sync_test.go b/pkg/controller/mcmhub/gitrepo_sync_test.go index dd6171b5..64bf4126 100644 --- a/pkg/controller/mcmhub/gitrepo_sync_test.go +++ b/pkg/controller/mcmhub/gitrepo_sync_test.go @@ -105,7 +105,7 @@ func TestGetGitResources(t *testing.T) { err = c.Create(context.TODO(), githubchn) g.Expect(err).NotTo(gomega.HaveOccurred()) - time.Sleep(2 * time.Second) + time.Sleep(5 * time.Second) resources, err := rec.GetGitResources(githubsub, false) g.Expect(err).NotTo(gomega.HaveOccurred()) diff --git a/pkg/controller/spoketoken/spoke_toke_controller_test.go b/pkg/controller/spoketoken/spoke_toke_controller_test.go index 0716fc50..e5b6d769 100644 --- a/pkg/controller/spoketoken/spoke_toke_controller_test.go +++ b/pkg/controller/spoketoken/spoke_toke_controller_test.go @@ -163,7 +163,7 @@ func TestReconcile(t *testing.T) { g.Expect(c.Create(context.TODO(), secret1)).NotTo(gomega.HaveOccurred()) defer c.Delete(context.TODO(), secret1) - time.Sleep(time.Second * 2) + time.Sleep(time.Second * 5) g.Eventually(requests, timeout).Should(gomega.Receive(gomega.Equal(expectedRequest))) diff --git a/pkg/controller/spoketoken/spoke_token_controller.go b/pkg/controller/spoketoken/spoke_token_controller.go index 4c71748b..bc87a0c2 100644 --- a/pkg/controller/spoketoken/spoke_token_controller.go +++ b/pkg/controller/spoketoken/spoke_token_controller.go @@ -32,6 +32,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/rest" "k8s.io/klog/v2" + "open-cluster-management.io/multicloud-operators-subscription/pkg/utils" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/event" @@ -40,18 +41,19 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" - - "open-cluster-management.io/multicloud-operators-subscription/pkg/utils" ) const ( secretSuffix = "-cluster-secret" requeuAfter = 5 infrastructureConfigName = "cluster" - appAddonNS = "open-cluster-management-agent-addon" appAddonName = "application-manager" ) +var ( + appAddonNS = utils.GetComponentNamespace() +) + // Add creates a new agent token controller and adds it to the Manager if standalone is false. func Add(mgr manager.Manager, hubconfig *rest.Config, syncid *types.NamespacedName, standalone bool) error { if !standalone { @@ -88,7 +90,7 @@ type applicationManagerSecretMapper struct { func (mapper *applicationManagerSecretMapper) Map(ctx context.Context, obj client.Object) []reconcile.Request { var requests []reconcile.Request - // reconcile open-cluster-management-agent-addon/application-manager SA if its associated secret changes + // reconcile App addon application-manager SA if its associated secret changes requests = append(requests, reconcile.Request{ NamespacedName: types.NamespacedName{ Namespace: appAddonNS, @@ -96,7 +98,7 @@ func (mapper *applicationManagerSecretMapper) Map(ctx context.Context, obj clien }, }) - klog.Infof("app addon SA secret changed") + klog.Infof("app addon SA secret changed: %v/%v", appAddonNS, appAddonName) return requests } @@ -110,13 +112,13 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error { return err } - // Watch for changes to open-cluster-management-agent-addon/application-manager service account. + // Watch for changes to App Addon application-manager service account. err = c.Watch(source.Kind(mgr.GetCache(), &corev1.ServiceAccount{}), &handler.EnqueueRequestForObject{}, utils.ServiceAccountPredicateFunctions) if err != nil { return err } - // watch for changes to the secrets associated to the open-cluster-management-agent-addon/application-manager SA + // watch for changes to the secrets associated to the App Addon application-manager SA saSecretMapper := &applicationManagerSecretMapper{mgr.GetClient()} err = c.Watch( source.Kind(mgr.GetCache(), &corev1.Secret{}), @@ -416,7 +418,7 @@ func (r *ReconcileAgentToken) getKubeAPIServerAddress() (string, error) { return infraConfig.Status.APIServerURL, nil } -// detect if there is any change to the secret associated to the open-cluster-management-agent-addon/application-manager SA. +// detect if there is any change to the secret associated to the App Addon application-manager SA. var applicationManagerSecretPredicateFunctions = predicate.Funcs{ UpdateFunc: func(e event.UpdateEvent) bool { newSecret, ok := e.ObjectNew.(*corev1.Secret) @@ -425,11 +427,14 @@ var applicationManagerSecretPredicateFunctions = predicate.Funcs{ } if newSecret.Namespace != appAddonNS { + klog.Infof("secret namespace not matched, appAddonNS= %v", appAddonNS) return false } if newSecret.Type == "kubernetes.io/service-account-token" && newSecret.GetAnnotations()["kubernetes.io/service-account.name"] == appAddonName { + klog.Infof("secret updated: %v/%v", appAddonNS, appAddonName) + return true } @@ -442,11 +447,14 @@ var applicationManagerSecretPredicateFunctions = predicate.Funcs{ } if newSecret.Namespace != appAddonNS { + klog.Infof("secret namespace not matched, appAddonNS= %v", appAddonNS) return false } if newSecret.Type == "kubernetes.io/service-account-token" && newSecret.GetAnnotations()["kubernetes.io/service-account.name"] == appAddonName { + klog.Infof("secret created: %v/%v", appAddonNS, appAddonName) + return true } @@ -459,11 +467,14 @@ var applicationManagerSecretPredicateFunctions = predicate.Funcs{ } if newSecret.Namespace != appAddonNS { + klog.Infof("secret namespace not matched, appAddonNS= %v", appAddonNS) return false } if newSecret.Type == "kubernetes.io/service-account-token" && newSecret.GetAnnotations()["kubernetes.io/service-account.name"] == appAddonName { + klog.Infof("secret deleted: %v/%v", appAddonNS, appAddonName) + return true } diff --git a/pkg/controller/subscription/lease_controller.go b/pkg/controller/subscription/lease_controller.go index 234fd2fd..9ca8bd4f 100644 --- a/pkg/controller/subscription/lease_controller.go +++ b/pkg/controller/subscription/lease_controller.go @@ -62,12 +62,7 @@ func (r *LeaseReconciler) CheckHubKubeConfig(ctx context.Context) error { func (r *LeaseReconciler) Reconcile(ctx context.Context) { if len(r.componentNamespace) == 0 { - componentNamespace, err := utils.GetComponentNamespace() - if err != nil { - klog.Errorf("failed to get pod namespace use. error:%v", err) - } - - r.componentNamespace = componentNamespace + r.componentNamespace = utils.GetComponentNamespace() } // Create/update lease on managed cluster first. If it fails, it could mean lease resource kind diff --git a/pkg/controller/subscription/lease_controller_test.go b/pkg/controller/subscription/lease_controller_test.go index 161b25b0..34e4ae86 100644 --- a/pkg/controller/subscription/lease_controller_test.go +++ b/pkg/controller/subscription/lease_controller_test.go @@ -69,7 +69,7 @@ func TestLeaseReconcile(t *testing.T) { s := scheme.Scheme s.AddKnownTypes(corev1.SchemeGroupVersion, &corev1.Namespace{}) - addontNs, _ := utils.GetComponentNamespace() + addontNs := utils.GetComponentNamespace() pod.SetNamespace(addontNs) tmpFile, err := os.CreateTemp("", "temptest") diff --git a/pkg/utils/kubernetes.go b/pkg/utils/kubernetes.go index cbfcd179..f37da687 100644 --- a/pkg/utils/kubernetes.go +++ b/pkg/utils/kubernetes.go @@ -61,13 +61,21 @@ func ConvertLabels(labelSelector *metav1.LabelSelector) (labels.Selector, error) return labels.Everything(), nil } -func GetComponentNamespace() (string, error) { +func GetComponentNamespace() string { + addonNameSpace := "" nsBytes, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace") - if err != nil { - return "open-cluster-management-agent-addon", err + + if err != nil || len(nsBytes) == 0 { + klog.Errorf("failed to get app addon pod namespace use. error: %v", err) + + addonNameSpace = "open-cluster-management-agent-addon" + } else { + addonNameSpace = string(nsBytes) } - return string(nsBytes), nil + klog.Infof("App Addon Pod NS = %v", addonNameSpace) + + return addonNameSpace } // GetCheckSum generates a checksum of a kube config file diff --git a/pkg/utils/subscription.go b/pkg/utils/subscription.go index e625b755..c99a2a79 100644 --- a/pkg/utils/subscription.go +++ b/pkg/utils/subscription.go @@ -65,8 +65,11 @@ const ( annotationsSep = "," maxGeneratedNameLength = maxNameLength - randomLength - 1 // klusterletagentaddon secret token reconcile - addonServiceAccountName = "application-manager" - addonServiceAccountNamespace = "open-cluster-management-agent-addon" + addonServiceAccountName = "application-manager" +) + +var ( + addonServiceAccountNamespace = GetComponentNamespace() ) // PlacementDecisionPredicateFunctions filters PlacementDecision status decisions update @@ -378,12 +381,13 @@ var ChannelPredicateFunctions = predicate.Funcs{ }, } -// ServiceAccountPredicateFunctions watches for changes in klusterlet-addon-appmgr service account in open-cluster-management-agent-addon namespace +// ServiceAccountPredicateFunctions watches for App Addon SA changes var ServiceAccountPredicateFunctions = predicate.Funcs{ UpdateFunc: func(e event.UpdateEvent) bool { newSA := e.ObjectNew.(*corev1.ServiceAccount) if strings.EqualFold(newSA.Namespace, addonServiceAccountNamespace) && strings.EqualFold(newSA.Name, addonServiceAccountName) { + klog.Infof("App Addon SA updated: %v/%v", addonServiceAccountNamespace, addonServiceAccountName) return true } @@ -393,6 +397,7 @@ var ServiceAccountPredicateFunctions = predicate.Funcs{ sa := e.Object.(*corev1.ServiceAccount) if strings.EqualFold(sa.Namespace, addonServiceAccountNamespace) && strings.EqualFold(sa.Name, addonServiceAccountName) { + klog.Infof("App Addon SA created: %v/%v", addonServiceAccountNamespace, addonServiceAccountName) return true } @@ -402,6 +407,7 @@ var ServiceAccountPredicateFunctions = predicate.Funcs{ sa := e.Object.(*corev1.ServiceAccount) if strings.EqualFold(sa.Namespace, addonServiceAccountNamespace) && strings.EqualFold(sa.Name, addonServiceAccountName) { + klog.Infof("App Addon SA deleted: %v/%v", addonServiceAccountNamespace, addonServiceAccountName) return true }