Skip to content

Commit d0eec5d

Browse files
KPostOfficeKPostOffice
committed
add watches for owned resources and CRBs
Signed-off-by: Kevin <[email protected]>
1 parent 4a7cb60 commit d0eec5d

File tree

2 files changed

+31
-7
lines changed

2 files changed

+31
-7
lines changed

config/rbac/role.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ rules:
2626
- delete
2727
- get
2828
- patch
29+
- watch
2930
- apiGroups:
3031
- ""
3132
resources:
@@ -36,6 +37,7 @@ rules:
3637
- get
3738
- patch
3839
- update
40+
- watch
3941
- apiGroups:
4042
- ""
4143
resources:
@@ -46,6 +48,7 @@ rules:
4648
- get
4749
- patch
4850
- update
51+
- watch
4952
- apiGroups:
5053
- networking.k8s.io
5154
resources:
@@ -56,6 +59,7 @@ rules:
5659
- get
5760
- patch
5861
- update
62+
- watch
5963
- apiGroups:
6064
- ray.io
6165
resources:
@@ -92,6 +96,7 @@ rules:
9296
- get
9397
- patch
9498
- update
99+
- watch
95100
- apiGroups:
96101
- route.openshift.io
97102
resources:
@@ -103,3 +108,4 @@ rules:
103108
- get
104109
- patch
105110
- update
111+
- watch

pkg/controllers/raycluster_controller.go

Lines changed: 25 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@ import (
2323
"encoding/base64"
2424
"fmt"
2525

26+
networkingv1 "k8s.io/api/networking/v1"
27+
2628
rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
2729

2830
corev1 "k8s.io/api/core/v1"
@@ -38,6 +40,8 @@ import (
3840
ctrl "sigs.k8s.io/controller-runtime"
3941
"sigs.k8s.io/controller-runtime/pkg/client"
4042
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
43+
"sigs.k8s.io/controller-runtime/pkg/handler"
44+
"sigs.k8s.io/controller-runtime/pkg/reconcile"
4145

4246
routev1 "github.com/openshift/api/route/v1"
4347
routeapply "github.com/openshift/client-go/route/applyconfigurations/route/v1"
@@ -75,12 +79,12 @@ var (
7579
// +kubebuilder:rbac:groups=ray.io,resources=rayclusters,verbs=get;list;watch;create;update;patch;delete
7680
// +kubebuilder:rbac:groups=ray.io,resources=rayclusters/status,verbs=get;update;patch
7781
// +kubebuilder:rbac:groups=ray.io,resources=rayclusters/finalizers,verbs=update
78-
// +kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=get;create;update;patch;delete
79-
// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;create;update;patch;delete
80-
// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get
81-
// +kubebuilder:rbac:groups=core,resources=services,verbs=get;create;update;patch;delete
82-
// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;create;update;patch;delete
83-
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;create;update;patch;delete
82+
// +kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=get;create;update;patch;delete;watch
83+
// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;create;update;patch;delete;watch
84+
// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get;watch
85+
// +kubebuilder:rbac:groups=core,resources=services,verbs=get;create;update;patch;delete;watch
86+
// +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;create;update;patch;delete;watch
87+
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;create;update;patch;delete;watch
8488
// +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create;
8589
// +kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create;
8690

@@ -233,7 +237,7 @@ func crbNameFromCluster(cluster *rayv1.RayCluster) string {
233237
func desiredOAuthClusterRoleBinding(cluster *rayv1.RayCluster) *rbacapply.ClusterRoleBindingApplyConfiguration {
234238
return rbacapply.ClusterRoleBinding(
235239
crbNameFromCluster(cluster)).
236-
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
240+
WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name, "ray.io/cluster-namespace": cluster.Namespace}).
237241
WithSubjects(
238242
rbacapply.Subject().
239243
WithKind("ServiceAccount").
@@ -350,5 +354,19 @@ func (r *RayClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
350354
return ctrl.NewControllerManagedBy(mgr).
351355
Named(controllerName).
352356
For(&rayv1.RayCluster{}).
357+
Owns(&corev1.ServiceAccount{}).
358+
Owns(&corev1.Service{}).
359+
Owns(&corev1.Secret{}).
360+
Owns(&routev1.Route{}).
361+
Owns(&networkingv1.Ingress{}).
362+
Watches(&rbacv1.ClusterRoleBinding{}, handler.EnqueueRequestsFromMapFunc(
363+
func(c context.Context, o client.Object) []reconcile.Request {
364+
return []reconcile.Request{{
365+
NamespacedName: client.ObjectKey{
366+
Name: o.GetLabels()["ray.io/cluster-name"],
367+
Namespace: o.GetLabels()["ray.io/cluster-namespace"],
368+
}}}
369+
}),
370+
).
353371
Complete(r)
354372
}

0 commit comments

Comments
 (0)