diff options
| author | chaosinthecrd <tom@tmlabs.co.uk> | 2025-06-24 19:28:27 +0100 |
|---|---|---|
| committer | chaosinthecrd <tom@tmlabs.co.uk> | 2025-06-24 19:29:29 +0100 |
| commit | 3390013b09fa3fa64310a4e351ef855cde3e7d7b (patch) | |
| tree | 66cb13427ce9d1bbcb7401e8d44e23578e9d7235 | |
| parent | 4a1fc378d1a8fa4d7f5beef318830d8354f76d1c (diff) | |
| download | tailscale-chaosinthecrd/k8s-operator-proxygroup-event-filter.tar.xz tailscale-chaosinthecrd/k8s-operator-proxygroup-event-filter.zip | |
cmd/k8s-operator: add event filter that checks for a ProxyGroup annotation on Ingresses and Serviceschaosinthecrd/k8s-operator-proxygroup-event-filter
Adds an event filter on the service-pg-reconciler and ingress-pg-reconciler to only reconcile when the resource
in question has a ProxyGroup annotation. This was added after errors were being thrown on the ingress-pg-reconciler
while testing an Ingress without a ProxyGroup annotation.
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
| -rw-r--r-- | cmd/k8s-operator/operator.go | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/cmd/k8s-operator/operator.go b/cmd/k8s-operator/operator.go index a08dd4da8..efe6b6d68 100644 --- a/cmd/k8s-operator/operator.go +++ b/cmd/k8s-operator/operator.go @@ -39,6 +39,7 @@ import ( kzap "sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/controller-runtime/pkg/manager" "sigs.k8s.io/controller-runtime/pkg/manager/signals" + "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "tailscale.com/client/local" "tailscale.com/client/tailscale" @@ -349,6 +350,7 @@ func runReconcilers(opts reconcilerOpts) { err = builder. ControllerManagedBy(mgr). For(&networkingv1.Ingress{}). + WithEventFilter(ingressProxyGroupResourceFilterPredicate()). Named("ingress-pg-reconciler"). Watches(&corev1.Service{}, handler.EnqueueRequestsFromMapFunc(serviceHandlerForIngressPG(mgr.GetClient(), startlog))). Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(HAIngressesFromSecret(mgr.GetClient(), startlog))). @@ -375,6 +377,7 @@ func runReconcilers(opts reconcilerOpts) { err = builder. ControllerManagedBy(mgr). For(&corev1.Service{}). + WithEventFilter(serviceProxyGroupResourceFilterPredicate()). Named("service-pg-reconciler"). Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(HAServicesFromSecret(mgr.GetClient(), startlog))). Watches(&tsapi.ProxyGroup{}, ingressProxyGroupFilter). @@ -1382,6 +1385,30 @@ func indexPGIngresses(o client.Object) []string { return []string{o.GetAnnotations()[AnnotationProxyGroup]} } +// predicate function for filtering to ensure we *don't* reconcile on tailscale managed Kubernetes Ingresses that don't have a ProxyGroup annotation +func ingressProxyGroupResourceFilterPredicate() predicate.Predicate { + return predicate.NewPredicateFuncs(func(object client.Object) bool { + if ing, ok := object.(*networkingv1.Ingress); !ok { + return false + } else { + _, ok := ing.Annotations[AnnotationProxyGroup] + return ok + } + }) +} + +// predicate function for filtering to ensure we *don't* reconcile on tailscale managed Kubernetes Services that don't have a ProxyGroup annotation +func serviceProxyGroupResourceFilterPredicate() predicate.Predicate { + return predicate.NewPredicateFuncs(func(object client.Object) bool { + if svc, ok := object.(*corev1.Service); !ok { + return false + } else { + _, ok := svc.Annotations[AnnotationProxyGroup] + return ok + } + }) +} + // serviceHandlerForIngressPG returns a handler for Service events that ensures that if the Service // associated with an event is a backend Service for a tailscale Ingress with ProxyGroup annotation, // the associated Ingress gets reconciled. |