Customizing secret event sources

[skeeey]

Signed-off-by: liuwei liuweixa@redhat.com

[skeeey]

refer to https://github.com/open-cluster-management/backlog/issues/16595

[skeeey]

/assign @qiujian16

[skeeey]

/assign @zhiweiyin318

[skeeey]

/assign @zhujian7

[skeeey]

refer to https://github.com/open-cluster-management/backlog/issues/16871

[qiujian16]

should we use lister here?

[skeeey]

yeah, we should consider it, I will add a TODO firstly

[qiujian16]

It seems duplicate with NewImportSecretSource

[skeeey]

Just use different name to distinguish different informer

[zhujian7]

Can we hold this PR temporarily?
I find it seems there is a simpler way to implement this. I will try it and discuss it with @skeeey later.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[zhiweiyin318]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: skeeey, zhiweiyin318

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [skeeey,zhiweiyin318]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[zhujian7]

Can we hold this PR temporarily? I find it seems there is a simpler way to implement this. I will try it and discuss it with @skeeey later.

Yesterday I found the SelectorsByObject option to cache feature of the controller-runtime, I think we can set the label/field selector for Secret by overriding the NewCache function while creating controller runtime manager.

...
	// Create controller-runtime manager
	mgr, err := ctrl.NewManager(cfg, manager.Options{
		Scheme:             scheme,
		MetricsBindAddress: fmt.Sprintf(":%d", metricsPort),
		LeaderElection:     true,
		LeaderElectionID:   "managedcluster-import-controller.open-cluster-management.io",
		NewCache:           newCache,
	})
...
// newCache initializes and returns a new Cache.
func newCache(config *rest.Config, opts cache.Options) (cache.Cache, error) {
	labelSelector := labels.NewSelector()
	requirement, err := labels.NewRequirement(constants.ClusterImportSecretLabel, selection.Exists, nil)
	if err != nil {
		return nil, err
	}
	labelSelector = labelSelector.Add(*requirement)

	fieldSelector := fields.OneTermEqualSelector("metadata.name", constants.AutoImportSecretName)

	opts.SelectorsByObject = cache.SelectorsByObject{
		&corev1.Secret{}: {
			// Label and Field selector should be OR relationship instead of AND.
			Label: labelSelector,
			Field: fieldSelector,
		},
	}
	return cache.New(config, opts)
}

But we need the auto import secret(field selector, result A) and the import secret(label selector, result B), union of A and B. But SelectorsByObject feature gets the intersection of A and B.

It is close to code freeze I think we can merge this PR now. And in the future, we can

• add a specific label to the auto import secret and make all secrets we are interested in could be selected by labels, then we can use SelectorsByObject to filter the Secret cache.

OR

• push the upstream controller-runtime to support union label selector and field selector of SelectorsByObject option to cache

/hold cancel