Merge pull request #3576 from hjiawei/remove-v3obj-cache

Remove custom cache option when creating controller manager
tigera · Oct 29, 2024 · 0e1c5a6 · 0e1c5a6
2 parents 60b5624 + 8fe7d71
commit 0e1c5a6
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 30 deletions.
diff --git a/Makefile b/Makefile
@@ -258,7 +258,7 @@ endif
 BINDIR?=build/init/bin
 $(BINDIR)/kubectl:
 	mkdir -p $(BINDIR)
-	curl -L https://storage.googleapis.com/kubernetes-release/release/v1.25.6/bin/linux/$(ARCH)/kubectl -o $@
+	curl -sSf -L --retry 5 https://dl.k8s.io/release/v1.30.5/bin/linux/$(ARCH)/kubectl -o $@
 	chmod +x $@
 
 kubectl: $(BINDIR)/kubectl
@@ -298,7 +298,7 @@ run-fvs:
 
 ## Create a local kind dual stack cluster.
 KIND_KUBECONFIG?=./kubeconfig.yaml
-K8S_VERSION?=v1.21.14
+KINDEST_NODE_VERSION?=v1.30.4
 cluster-create: $(BINDIR)/kubectl $(BINDIR)/kind
 	# First make sure any previous cluster is deleted
 	make cluster-destroy
@@ -307,7 +307,7 @@ cluster-create: $(BINDIR)/kubectl $(BINDIR)/kind
 	$(BINDIR)/kind create cluster \
 	        --config ./deploy/kind-config.yaml \
 	        --kubeconfig $(KIND_KUBECONFIG) \
-	        --image kindest/node:$(K8S_VERSION)
+	        --image kindest/node:$(KINDEST_NODE_VERSION)
 
 	./deploy/scripts/ipv6_kind_cluster_update.sh
 	# Deploy resources needed in test env.

diff --git a/main.go b/main.go
@@ -40,7 +40,6 @@ import (
 	"github.com/tigera/operator/pkg/crds"
 	"github.com/tigera/operator/pkg/dns"
 	"github.com/tigera/operator/pkg/render"
-	"github.com/tigera/operator/pkg/render/common/networkpolicy"
 	"github.com/tigera/operator/pkg/render/intrusiondetection/dpi"
 	"github.com/tigera/operator/pkg/render/logstorage"
 	"github.com/tigera/operator/pkg/render/logstorage/eck"
@@ -49,15 +48,13 @@ import (
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 	"k8s.io/client-go/tools/clientcmd"
 	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
@@ -205,12 +202,6 @@ func main() {
 		os.Exit(1)
 	}
 
-	policySelector, err := labels.Parse(fmt.Sprintf("projectcalico.org/tier == %s", networkpolicy.TigeraComponentTierName))
-	if err != nil {
-		log.Error(err, "")
-		os.Exit(1)
-	}
-
 	// Because we only run this as a job that is set up by the operator, it should not be
 	// launched except by an operator that is the active operator. So we do not need to
 	// check that we're the active operator before running the AWS SG setup.
@@ -271,20 +262,6 @@ func main() {
 		// not being this mapper (which has since been rectified). It was a tough issue to figure out when the default
 		// had changed out from under us, so better to continue to explicitly set it as we know this is the mapper we want.
 		MapperProvider: apiutil.NewDynamicRESTMapper,
-
-		// NetworkPolicy is served through the Tigera API Server, which currently restricts List and Watch
-		// operations on NetworkPolicy to a single tier only, specified via label or field selector. If no
-		// selector is specified, List and Watch return policies from the 'default' tier. The manager cache
-		// must therefore apply a selector to specify the tier that the operator currently reconciles policy
-		// within so that it can receive the expected resources for List and Watch. If the operator needs to
-		// reconcile policy within multiple tiers, the API Server should be updated to serve policy from all
-		// tiers that the user is authorized for.
-		Cache: cache.Options{
-			ByObject: map[client.Object]cache.ByObject{
-				&v3.NetworkPolicy{}:       {Label: policySelector},
-				&v3.GlobalNetworkPolicy{}: {Label: policySelector},
-			},
-		},
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")

diff --git a/pkg/crds/calico/crd.projectcalico.org_bgpconfigurations.yaml b/pkg/crds/calico/crd.projectcalico.org_bgpconfigurations.yaml
@@ -99,8 +99,14 @@ spec:
                           a valid secret key.
                         type: string
                       name:
-                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                          TODO: Add other useful fields. apiVersion, kind, uid?'
+                        default: ""
+                        description: 'Name of the referent. This field is effectively
+                          required, but due to backwards compatibility is allowed
+                          to be empty. Instances of this type with an empty value
+                          here are almost certainly wrong. TODO: Add other useful
+                          fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                          TODO: Drop `kubebuilder:default` when controller-gen doesn''t
+                          need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
                         type: string
                       optional:
                         description: Specify whether the Secret or its key must be

diff --git a/pkg/crds/calico/crd.projectcalico.org_bgppeers.yaml b/pkg/crds/calico/crd.projectcalico.org_bgppeers.yaml
@@ -78,8 +78,14 @@ spec:
                           a valid secret key.
                         type: string
                       name:
-                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                          TODO: Add other useful fields. apiVersion, kind, uid?'
+                        default: ""
+                        description: 'Name of the referent. This field is effectively
+                          required, but due to backwards compatibility is allowed
+                          to be empty. Instances of this type with an empty value
+                          here are almost certainly wrong. TODO: Add other useful
+                          fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                          TODO: Drop `kubebuilder:default` when controller-gen doesn''t
+                          need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
                         type: string
                       optional:
                         description: Specify whether the Secret or its key must be