From 733f22103699e07ccfb18b76b6982b61854dd553 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Ma=C5=82ek?= Date: Tue, 8 Oct 2024 11:01:44 +0200 Subject: [PATCH] feat(konnect): add indices for Konnect entities (#707) * feat(konnect): add indices for Konnect entitites --- controller/konnect/index_kongcacertificate.go | 32 +++++++++++ controller/konnect/index_kongcertificate.go | 32 +++++++++++ controller/konnect/index_kongconsumergroup.go | 16 ++++++ controller/konnect/index_kongkey.go | 2 +- controller/konnect/index_kongkeyset.go | 32 +++++++++++ controller/konnect/index_kongvault.go | 32 +++++++++++ .../index_konnectgatewaycontrolplane.go | 32 +++++++++++ controller/konnect/watch_credentialacl.go | 17 ++---- controller/konnect/watch_credentialapikey.go | 17 ++---- .../konnect/watch_credentialbasicauth.go | 17 ++---- controller/konnect/watch_credentialhmac.go | 17 ++---- controller/konnect/watch_credentialjwt.go | 17 ++---- controller/konnect/watch_kongcacertificate.go | 47 +++------------- controller/konnect/watch_kongcertificate.go | 47 +++------------- controller/konnect/watch_kongconsumergroup.go | 47 +++------------- controller/konnect/watch_kongkeyset.go | 47 +++------------- controller/konnect/watch_kongsni.go | 3 +- controller/konnect/watch_kongvault.go | 53 ++++--------------- .../konnect/watch_konnectcontrolplane.go | 27 +++------- modules/manager/controller_setup.go | 16 +++++- 20 files changed, 262 insertions(+), 288 deletions(-) create mode 100644 controller/konnect/index_kongcacertificate.go create mode 100644 controller/konnect/index_kongcertificate.go create mode 100644 controller/konnect/index_kongkeyset.go create mode 100644 controller/konnect/index_kongvault.go create mode 100644 controller/konnect/index_konnectgatewaycontrolplane.go diff --git a/controller/konnect/index_kongcacertificate.go b/controller/konnect/index_kongcacertificate.go new file mode 100644 index 000000000..de2a449e3 --- /dev/null +++ b/controller/konnect/index_kongcacertificate.go @@ -0,0 +1,32 @@ +package konnect + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +const ( + // IndexFieldKongCACertificateOnKonnectGatewayControlPlane is the index field for KongCACertificate -> KonnectGatewayControlPlane. + IndexFieldKongCACertificateOnKonnectGatewayControlPlane = "kongCACertificateKonnectGatewayControlPlaneRef" +) + +// IndexOptionsForKongCACertificate returns required Index options for KongCACertificate reconclier. +func IndexOptionsForKongCACertificate() []ReconciliationIndexOption { + return []ReconciliationIndexOption{ + { + IndexObject: &configurationv1alpha1.KongCACertificate{}, + IndexField: IndexFieldKongCACertificateOnKonnectGatewayControlPlane, + ExtractValue: konnectGatewayControlPlaneRefFromKongCACertificate, + }, + } +} + +// konnectGatewayControlPlaneRefFromKongCACertificate returns namespace/name of referenced KonnectGatewayControlPlane in KongCACertificate spec. +func konnectGatewayControlPlaneRefFromKongCACertificate(obj client.Object) []string { + cert, ok := obj.(*configurationv1alpha1.KongCACertificate) + if !ok { + return nil + } + return controlPlaneKonnectNamespacedRefAsSlice(cert) +} diff --git a/controller/konnect/index_kongcertificate.go b/controller/konnect/index_kongcertificate.go new file mode 100644 index 000000000..6fe3ff649 --- /dev/null +++ b/controller/konnect/index_kongcertificate.go @@ -0,0 +1,32 @@ +package konnect + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +const ( + // IndexFieldKongCertificateOnKonnectGatewayControlPlane is the index field for KongCertificate -> KonnectGatewayControlPlane. + IndexFieldKongCertificateOnKonnectGatewayControlPlane = "kongCertificateKonnectGatewayControlPlaneRef" +) + +// IndexOptionsForKongCertificate returns required Index options for KongCertificate reconclier. +func IndexOptionsForKongCertificate() []ReconciliationIndexOption { + return []ReconciliationIndexOption{ + { + IndexObject: &configurationv1alpha1.KongCertificate{}, + IndexField: IndexFieldKongCertificateOnKonnectGatewayControlPlane, + ExtractValue: konnectGatewayControlPlaneRefFromKongCertificate, + }, + } +} + +// konnectGatewayControlPlaneRefFromKongCertificate returns namespace/name of referenced KonnectGatewayControlPlane in KongCertificate spec. +func konnectGatewayControlPlaneRefFromKongCertificate(obj client.Object) []string { + cert, ok := obj.(*configurationv1alpha1.KongCertificate) + if !ok { + return nil + } + return controlPlaneKonnectNamespacedRefAsSlice(cert) +} diff --git a/controller/konnect/index_kongconsumergroup.go b/controller/konnect/index_kongconsumergroup.go index 717482ae6..4d11b9b12 100644 --- a/controller/konnect/index_kongconsumergroup.go +++ b/controller/konnect/index_kongconsumergroup.go @@ -11,6 +11,8 @@ import ( const ( // IndexFieldKongConsumerGroupOnPlugin is the index field for KongConsumerGroup -> KongPlugin. IndexFieldKongConsumerGroupOnPlugin = "consumerGroupPluginRef" + // IndexFieldKongConsumerGroupOnKonnectGatewayControlPlane is the index field for KongConsumerGroup -> KonnectGatewayControlPlane. + IndexFieldKongConsumerGroupOnKonnectGatewayControlPlane = "consumerGroupKonnectGatewayControlPlaneRef" ) // IndexOptionsForKongConsumerGroup returns required Index options for KongConsumerGroup reconciler. @@ -21,6 +23,11 @@ func IndexOptionsForKongConsumerGroup() []ReconciliationIndexOption { IndexField: IndexFieldKongConsumerGroupOnPlugin, ExtractValue: kongConsumerGroupReferencesKongPluginsViaAnnotation, }, + { + IndexObject: &configurationv1beta1.KongConsumerGroup{}, + IndexField: IndexFieldKongConsumerGroupOnKonnectGatewayControlPlane, + ExtractValue: kongConsumerGroupReferencesKonnectGatewayControlPlane, + }, } } @@ -31,3 +38,12 @@ func kongConsumerGroupReferencesKongPluginsViaAnnotation(object client.Object) [ } return annotations.ExtractPluginsWithNamespaces(consumerGroup) } + +func kongConsumerGroupReferencesKonnectGatewayControlPlane(object client.Object) []string { + group, ok := object.(*configurationv1beta1.KongConsumerGroup) + if !ok { + return nil + } + + return controlPlaneKonnectNamespacedRefAsSlice(group) +} diff --git a/controller/konnect/index_kongkey.go b/controller/konnect/index_kongkey.go index 3e0e81fbb..ef1f0e92d 100644 --- a/controller/konnect/index_kongkey.go +++ b/controller/konnect/index_kongkey.go @@ -46,7 +46,7 @@ func kongKeySetRefFromKongKey(obj client.Object) []string { return []string{key.GetNamespace() + "/" + key.Spec.KeySetRef.NamespacedRef.Name} } -// kongPluginReferencesFromKongKey returns namespace/name of referenced KonnectGatewayControlPlane in KongKey spec. +// konnectGatewayControlPlaneRefFromKongKey returns namespace/name of referenced KonnectGatewayControlPlane in KongKey spec. func konnectGatewayControlPlaneRefFromKongKey(obj client.Object) []string { key, ok := obj.(*configurationv1alpha1.KongKey) if !ok { diff --git a/controller/konnect/index_kongkeyset.go b/controller/konnect/index_kongkeyset.go new file mode 100644 index 000000000..a59b0c784 --- /dev/null +++ b/controller/konnect/index_kongkeyset.go @@ -0,0 +1,32 @@ +package konnect + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +const ( + // IndexFieldKongKeySetOnKonnectGatewayControlPlane is the index field for KongKeySet -> KonnectGatewayControlPlane. + IndexFieldKongKeySetOnKonnectGatewayControlPlane = "kongKeySetKonnectGatewayControlPlaneRef" +) + +// IndexOptionsForKongKeySet returns required Index options for KongKeySet reconclier. +func IndexOptionsForKongKeySet() []ReconciliationIndexOption { + return []ReconciliationIndexOption{ + { + IndexObject: &configurationv1alpha1.KongKeySet{}, + IndexField: IndexFieldKongKeySetOnKonnectGatewayControlPlane, + ExtractValue: konnectGatewayControlPlaneRefFromKongKeySet, + }, + } +} + +// konnectGatewayControlPlaneRefFromKongKeySet returns namespace/name of referenced KonnectGatewayControlPlane in KongKeySet spec. +func konnectGatewayControlPlaneRefFromKongKeySet(obj client.Object) []string { + keySet, ok := obj.(*configurationv1alpha1.KongKeySet) + if !ok { + return nil + } + return controlPlaneKonnectNamespacedRefAsSlice(keySet) +} diff --git a/controller/konnect/index_kongvault.go b/controller/konnect/index_kongvault.go new file mode 100644 index 000000000..9a3832bbb --- /dev/null +++ b/controller/konnect/index_kongvault.go @@ -0,0 +1,32 @@ +package konnect + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1" +) + +const ( + // IndexFieldKongVaultOnKonnectGatewayControlPlane is the index field for KongVault -> KonnectGatewayControlPlane. + IndexFieldKongVaultOnKonnectGatewayControlPlane = "vaultKonnectGatewayControlPlaneRef" +) + +// IndexOptionsForKongVault returns required Index options for KongVault reconciler. +func IndexOptionsForKongVault() []ReconciliationIndexOption { + return []ReconciliationIndexOption{ + { + IndexObject: &configurationv1alpha1.KongVault{}, + IndexField: IndexFieldKongVaultOnKonnectGatewayControlPlane, + ExtractValue: kongVaultReferencesKonnectGatewayControlPlane, + }, + } +} + +func kongVaultReferencesKonnectGatewayControlPlane(object client.Object) []string { + vault, ok := object.(*configurationv1alpha1.KongVault) + if !ok { + return nil + } + + return controlPlaneKonnectNamespacedRefAsSlice(vault) +} diff --git a/controller/konnect/index_konnectgatewaycontrolplane.go b/controller/konnect/index_konnectgatewaycontrolplane.go new file mode 100644 index 000000000..89b4fcd18 --- /dev/null +++ b/controller/konnect/index_konnectgatewaycontrolplane.go @@ -0,0 +1,32 @@ +package konnect + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + konnectv1alpha1 "github.com/kong/kubernetes-configuration/api/konnect/v1alpha1" +) + +const ( + // IndexFieldKonnectGatewayControlPlaneOnAPIAuthConfiguration is the index field for KonnectGatewayControlPlane -> APIAuthConfiguration. + IndexFieldKonnectGatewayControlPlaneOnAPIAuthConfiguration = "konnectGatewayControlPlaneAPIAuthConfigurationRef" +) + +// IndexOptionsForKonnectGatewayControlPlane returns required Index options for KonnectGatewayControlPlane reconciler. +func IndexOptionsForKonnectGatewayControlPlane() []ReconciliationIndexOption { + return []ReconciliationIndexOption{ + { + IndexObject: &konnectv1alpha1.KonnectGatewayControlPlane{}, + IndexField: IndexFieldKonnectGatewayControlPlaneOnAPIAuthConfiguration, + ExtractValue: konnectGatewayControlPlaneAPIAuthConfigurationRef, + }, + } +} + +func konnectGatewayControlPlaneAPIAuthConfigurationRef(object client.Object) []string { + cp, ok := object.(*konnectv1alpha1.KonnectGatewayControlPlane) + if !ok { + return nil + } + + return []string{cp.Spec.KonnectConfiguration.APIAuthConfigurationRef.Name} +} diff --git a/controller/konnect/watch_credentialacl.go b/controller/konnect/watch_credentialacl.go index cddbc7913..a2f975378 100644 --- a/controller/konnect/watch_credentialacl.go +++ b/controller/konnect/watch_credentialacl.go @@ -86,11 +86,8 @@ func kongCredentialACLForKonnectAPIAuthConfiguration( var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef == nil || - cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != auth.GetName() { + cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer) + if !ok { continue } @@ -149,19 +146,15 @@ func kongCredentialACLForKonnectGatewayControlPlane( if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, ); err != nil { return nil } var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != cp.GetName() { - continue - } - var credList configurationv1alpha1.KongCredentialACLList if err := cl.List(ctx, &credList, client.MatchingFields{ diff --git a/controller/konnect/watch_credentialapikey.go b/controller/konnect/watch_credentialapikey.go index 976d56398..0764568dd 100644 --- a/controller/konnect/watch_credentialapikey.go +++ b/controller/konnect/watch_credentialapikey.go @@ -86,11 +86,8 @@ func kongCredentialAPIKeyForKonnectAPIAuthConfiguration( var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef == nil || - cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != auth.GetName() { + cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer) + if !ok { continue } @@ -149,19 +146,15 @@ func kongCredentialAPIKeyForKonnectGatewayControlPlane( if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, ); err != nil { return nil } var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != cp.GetName() { - continue - } - var credList configurationv1alpha1.KongCredentialAPIKeyList if err := cl.List(ctx, &credList, client.MatchingFields{ diff --git a/controller/konnect/watch_credentialbasicauth.go b/controller/konnect/watch_credentialbasicauth.go index d889feba5..cabd7a401 100644 --- a/controller/konnect/watch_credentialbasicauth.go +++ b/controller/konnect/watch_credentialbasicauth.go @@ -86,11 +86,8 @@ func kongCredentialBasicAuthForKonnectAPIAuthConfiguration( var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef == nil || - cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != auth.GetName() { + cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer) + if !ok { continue } @@ -149,19 +146,15 @@ func kongCredentialBasicAuthForKonnectGatewayControlPlane( if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, ); err != nil { return nil } var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != cp.GetName() { - continue - } - var credList configurationv1alpha1.KongCredentialBasicAuthList if err := cl.List(ctx, &credList, client.MatchingFields{ diff --git a/controller/konnect/watch_credentialhmac.go b/controller/konnect/watch_credentialhmac.go index 3fa5aacc7..ed00f41fe 100644 --- a/controller/konnect/watch_credentialhmac.go +++ b/controller/konnect/watch_credentialhmac.go @@ -86,11 +86,8 @@ func kongCredentialHMACForKonnectAPIAuthConfiguration( var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef == nil || - cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != auth.GetName() { + cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer) + if !ok { continue } @@ -149,19 +146,15 @@ func kongCredentialHMACForKonnectGatewayControlPlane( if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, ); err != nil { return nil } var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != cp.GetName() { - continue - } - var credList configurationv1alpha1.KongCredentialHMACList if err := cl.List(ctx, &credList, client.MatchingFields{ diff --git a/controller/konnect/watch_credentialjwt.go b/controller/konnect/watch_credentialjwt.go index 0f812a95a..d4fe698fe 100644 --- a/controller/konnect/watch_credentialjwt.go +++ b/controller/konnect/watch_credentialjwt.go @@ -86,11 +86,8 @@ func kongCredentialJWTForKonnectAPIAuthConfiguration( var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef == nil || - cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != auth.GetName() { + cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer) + if !ok { continue } @@ -149,19 +146,15 @@ func kongCredentialJWTForKonnectGatewayControlPlane( if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, ); err != nil { return nil } var ret []reconcile.Request for _, consumer := range l.Items { - cpRef := consumer.Spec.ControlPlaneRef - if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef || - cpRef.KonnectNamespacedRef == nil || - cpRef.KonnectNamespacedRef.Name != cp.GetName() { - continue - } - var credList configurationv1alpha1.KongCredentialJWTList if err := cl.List(ctx, &credList, client.MatchingFields{ diff --git a/controller/konnect/watch_kongcacertificate.go b/controller/konnect/watch_kongcacertificate.go index 8f8e4f425..bfd835afd 100644 --- a/controller/konnect/watch_kongcacertificate.go +++ b/controller/konnect/watch_kongcacertificate.go @@ -130,49 +130,16 @@ func enqueueKongCACertificateForKonnectControlPlane( return nil } var l configurationv1alpha1.KongCACertificateList - if err := cl.List(ctx, &l, &client.ListOptions{ + if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. - Namespace: cp.GetNamespace(), - }); err != nil { + client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongCACertificateOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, + ); err != nil { return nil } - var ret []reconcile.Request - for _, cert := range l.Items { - cpRef, ok := getControlPlaneRef(&cert).Get() - if !ok { - continue - } - switch cpRef.Type { - case configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef: - // TODO: change this when cross namespace refs are allowed. - if cpRef.KonnectNamespacedRef.Name != cp.Name { - continue - } - - ret = append(ret, reconcile.Request{ - NamespacedName: types.NamespacedName{ - Namespace: cert.Namespace, - Name: cert.Name, - }, - }) - - case configurationv1alpha1.ControlPlaneRefKonnectID: - ctrllog.FromContext(ctx).Error( - fmt.Errorf("unimplemented ControlPlaneRef type %q", cpRef.Type), - "unimplemented ControlPlaneRef for KongCACertificate", - "KongCACertificate", cert, "refType", cpRef.Type, - ) - continue - - default: - ctrllog.FromContext(ctx).V(logging.DebugLevel.Value()).Info( - "unsupported ControlPlaneRef for KongCACertificate", - "KongCACertificate", cert, "refType", cpRef.Type, - ) - continue - } - } - return ret + return objectListToReconcileRequests(l.Items) } } diff --git a/controller/konnect/watch_kongcertificate.go b/controller/konnect/watch_kongcertificate.go index 2a4e6a4d0..b71115e6f 100644 --- a/controller/konnect/watch_kongcertificate.go +++ b/controller/konnect/watch_kongcertificate.go @@ -130,49 +130,16 @@ func enqueueKongCertificateForKonnectControlPlane( return nil } var l configurationv1alpha1.KongCertificateList - if err := cl.List(ctx, &l, &client.ListOptions{ + if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. - Namespace: cp.GetNamespace(), - }); err != nil { + client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongCertificateOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, + ); err != nil { return nil } - var ret []reconcile.Request - for _, cert := range l.Items { - cpRef, ok := getControlPlaneRef(&cert).Get() - if !ok { - continue - } - switch cpRef.Type { - case configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef: - // TODO: change this when cross namespace refs are allowed. - if cpRef.KonnectNamespacedRef.Name != cp.Name { - continue - } - - ret = append(ret, reconcile.Request{ - NamespacedName: types.NamespacedName{ - Namespace: cert.Namespace, - Name: cert.Name, - }, - }) - - case configurationv1alpha1.ControlPlaneRefKonnectID: - ctrllog.FromContext(ctx).Error( - fmt.Errorf("unimplemented ControlPlaneRef type %q", cpRef.Type), - "unimplemented ControlPlaneRef for KongCertificate", - "KongCertificate", cert, "refType", cpRef.Type, - ) - continue - - default: - ctrllog.FromContext(ctx).V(logging.DebugLevel.Value()).Info( - "unsupported ControlPlaneRef for KongCertificate", - "KongCertificate", cert, "refType", cpRef.Type, - ) - continue - } - } - return ret + return objectListToReconcileRequests(l.Items) } } diff --git a/controller/konnect/watch_kongconsumergroup.go b/controller/konnect/watch_kongconsumergroup.go index a8a8031d4..eba3e2d22 100644 --- a/controller/konnect/watch_kongconsumergroup.go +++ b/controller/konnect/watch_kongconsumergroup.go @@ -144,49 +144,16 @@ func enqueueKongConsumerGroupForKonnectGatewayControlPlane( return nil } var l configurationv1beta1.KongConsumerGroupList - if err := cl.List(ctx, &l, &client.ListOptions{ + if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. - Namespace: cp.GetNamespace(), - }); err != nil { + client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongConsumerGroupOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, + ); err != nil { return nil } - var ret []reconcile.Request - for _, group := range l.Items { - cpRef, ok := getControlPlaneRef(&group).Get() - if !ok { - continue - } - switch cpRef.Type { - case configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef: - // TODO: change this when cross namespace refs are allowed. - if cpRef.KonnectNamespacedRef.Name != cp.Name { - continue - } - - ret = append(ret, reconcile.Request{ - NamespacedName: types.NamespacedName{ - Namespace: group.Namespace, - Name: group.Name, - }, - }) - - case configurationv1alpha1.ControlPlaneRefKonnectID: - ctrllog.FromContext(ctx).Error( - fmt.Errorf("unimplemented ControlPlaneRef type %q", cpRef.Type), - "unimplemented ControlPlaneRef for KongConsumerGroup", - "KongConsumerGroup", group, "refType", cpRef.Type, - ) - continue - - default: - ctrllog.FromContext(ctx).V(logging.DebugLevel.Value()).Info( - "unsupported ControlPlaneRef for KongConsumerGroup", - "KongConsumerGroup", group, "refType", cpRef.Type, - ) - continue - } - } - return ret + return objectListToReconcileRequests(l.Items) } } diff --git a/controller/konnect/watch_kongkeyset.go b/controller/konnect/watch_kongkeyset.go index 231bb6063..27216f7a0 100644 --- a/controller/konnect/watch_kongkeyset.go +++ b/controller/konnect/watch_kongkeyset.go @@ -130,49 +130,16 @@ func enqueueKongKeySetForKonnectControlPlane( return nil } var l configurationv1alpha1.KongKeySetList - if err := cl.List(ctx, &l, &client.ListOptions{ + if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. - Namespace: cp.GetNamespace(), - }); err != nil { + client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongKeySetOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, + ); err != nil { return nil } - var ret []reconcile.Request - for _, keySet := range l.Items { - cpRef, ok := getControlPlaneRef(&keySet).Get() - if !ok { - continue - } - switch cpRef.Type { - case configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef: - // TODO: change this when cross namespace refs are allowed. - if cpRef.KonnectNamespacedRef.Name != cp.Name { - continue - } - - ret = append(ret, reconcile.Request{ - NamespacedName: types.NamespacedName{ - Namespace: keySet.Namespace, - Name: keySet.Name, - }, - }) - - case configurationv1alpha1.ControlPlaneRefKonnectID: - ctrllog.FromContext(ctx).Error( - fmt.Errorf("unimplemented ControlPlaneRef type %q", cpRef.Type), - "unimplemented ControlPlaneRef for KongKeySet", - "KongKeySet", keySet, "refType", cpRef.Type, - ) - continue - - default: - ctrllog.FromContext(ctx).V(logging.DebugLevel.Value()).Info( - "unsupported ControlPlaneRef for KongKeySet", - "KongKeySet", keySet, "refType", cpRef.Type, - ) - continue - } - } - return ret + return objectListToReconcileRequests(l.Items) } } diff --git a/controller/konnect/watch_kongsni.go b/controller/konnect/watch_kongsni.go index 9e8218e6c..f97d6ab9b 100644 --- a/controller/konnect/watch_kongsni.go +++ b/controller/konnect/watch_kongsni.go @@ -68,8 +68,7 @@ func enqueueKongSNIForKongCertificate( return nil } - cpRef := cert.Spec.ControlPlaneRef - if cpRef == nil || cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef { + if !objHasControlPlaneRefKonnectNamespacedRef(cert) { return nil } diff --git a/controller/konnect/watch_kongvault.go b/controller/konnect/watch_kongvault.go index 9a11dc875..aa196b8d6 100644 --- a/controller/konnect/watch_kongvault.go +++ b/controller/konnect/watch_kongvault.go @@ -59,8 +59,7 @@ func enqueueKongVaultForKonnectAPIAuthConfiguration( return nil } - l := configurationv1alpha1.KongVaultList{} - + var l configurationv1alpha1.KongVaultList if err := cl.List(ctx, &l); err != nil { return nil } @@ -134,49 +133,17 @@ func enqueueKongVaultForKonnectGatewayControlPlane( return nil } - l := configurationv1alpha1.KongVaultList{} - - if err := cl.List(ctx, &l); err != nil { + var l configurationv1alpha1.KongVaultList + if err := cl.List(ctx, &l, + // TODO: change this when cross namespace refs are allowed. + client.InNamespace(cp.GetNamespace()), + client.MatchingFields{ + IndexFieldKongVaultOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name, + }, + ); err != nil { return nil } - var ret []reconcile.Request - for _, vault := range l.Items { - cpRef, ok := getControlPlaneRef(&vault).Get() - if !ok { - continue - } - switch cpRef.Type { - case configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef: - // Need to check namespace in controlPlaneRef because KongVault is cluster scoped. - if cp.Namespace != vault.Spec.ControlPlaneRef.KonnectNamespacedRef.Namespace || - cp.Name != vault.Spec.ControlPlaneRef.KonnectNamespacedRef.Name { - continue - } - - // Append the KongVault to reconcile request list when the controlPlaneRef of the KongVault is pointing to the control plane. - ret = append(ret, reconcile.Request{ - NamespacedName: types.NamespacedName{ - Name: vault.Name, - }, - }) - case configurationv1alpha1.ControlPlaneRefKonnectID: - ctrllog.FromContext(ctx).Error( - fmt.Errorf("unimplemented ControlPlaneRef type %q", cpRef.Type), - "unimplemented ControlPlaneRef for KongVault", - "KongVault", vault, "refType", cpRef.Type, - ) - continue - - default: - ctrllog.FromContext(ctx).V(logging.DebugLevel.Value()).Info( - "unsupported ControlPlaneRef for KongVault", - "KongVault", vault, "refType", cpRef.Type, - ) - continue - } - - } - return ret + return objectListToReconcileRequests(l.Items) } } diff --git a/controller/konnect/watch_konnectcontrolplane.go b/controller/konnect/watch_konnectcontrolplane.go index 63d5e299c..99f328d0c 100644 --- a/controller/konnect/watch_konnectcontrolplane.go +++ b/controller/konnect/watch_konnectcontrolplane.go @@ -3,7 +3,6 @@ package konnect import ( "context" - "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/handler" @@ -49,27 +48,15 @@ func enqueueKonnectGatewayControlPlaneForKonnectAPIAuthConfiguration( return nil } var l konnectv1alpha1.KonnectGatewayControlPlaneList - if err := cl.List(ctx, &l, &client.ListOptions{ + if err := cl.List(ctx, &l, // TODO: change this when cross namespace refs are allowed. - Namespace: auth.GetNamespace(), - }); err != nil { + client.InNamespace(auth.GetNamespace()), + client.MatchingFields{ + IndexFieldKonnectGatewayControlPlaneOnAPIAuthConfiguration: auth.Name, + }, + ); err != nil { return nil } - var ret []reconcile.Request - for _, cp := range l.Items { - authRef := cp.GetKonnectAPIAuthConfigurationRef() - if authRef.Name != auth.Name { - // TODO: change this when cross namespace refs are allowed. - // authRef.Namespace != auth.Namespace { - continue - } - ret = append(ret, reconcile.Request{ - NamespacedName: types.NamespacedName{ - Namespace: cp.Namespace, - Name: cp.Name, - }, - }) - } - return ret + return objectListToReconcileRequests(l.Items) } } diff --git a/modules/manager/controller_setup.go b/modules/manager/controller_setup.go index 863ad009e..b96660a38 100644 --- a/modules/manager/controller_setup.go +++ b/modules/manager/controller_setup.go @@ -534,7 +534,7 @@ func SetupControllers(mgr manager.Manager, c *Config) (map[string]ControllerDef, }, KongDataPlaneClientCertificateControllerName: { Enabled: c.KonnectControllersEnabled, - Controller: konnect.NewKonnectEntityReconciler[configurationv1alpha1.KongDataPlaneClientCertificate]( + Controller: konnect.NewKonnectEntityReconciler( sdkFactory, c.DevelopmentMode, mgr.GetClient(), @@ -550,7 +550,7 @@ func SetupControllers(mgr manager.Manager, c *Config) (map[string]ControllerDef, }, KongVaultControllerName: { Enabled: c.KonnectControllersEnabled, - Controller: konnect.NewKonnectEntityReconciler[configurationv1alpha1.KongVault]( + Controller: konnect.NewKonnectEntityReconciler( sdkFactory, c.DevelopmentMode, mgr.GetClient(), @@ -678,10 +678,22 @@ func SetupCacheIndicesForKonnectTypes(ctx context.Context, mgr manager.Manager, Object: &configurationv1alpha1.KongKey{}, IndexOptions: konnect.IndexOptionsForKongKey(), }, + { + Object: &configurationv1alpha1.KongKeySet{}, + IndexOptions: konnect.IndexOptionsForKongKeySet(), + }, { Object: &configurationv1alpha1.KongDataPlaneClientCertificate{}, IndexOptions: konnect.IndexOptionsForKongDataPlaneCertificate(), }, + { + Object: &configurationv1alpha1.KongVault{}, + IndexOptions: konnect.IndexOptionsForKongVault(), + }, + { + Object: &konnectv1alpha1.KonnectGatewayControlPlane{}, + IndexOptions: konnect.IndexOptionsForKonnectGatewayControlPlane(), + }, } for _, t := range types {