Restart the ARO operator upon az aro update

This ensures that the ARO operator will be working with the latest azure-cloud-credentials Secret content.
Azure · Nov 8, 2023 · cf12e47 · cf12e47
1 parent d82c212
commit cf12e47
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 0 deletions.
diff --git a/pkg/cluster/arooperator.go b/pkg/cluster/arooperator.go
@@ -53,3 +53,7 @@ func (m *manager) ensureAROOperatorRunningDesiredVersion(ctx context.Context) (b
 func (m *manager) renewMDSDCertificate(ctx context.Context) error {
 	return m.aroOperatorDeployer.RenewMDSDCertificate(ctx)
 }
+
+func (m *manager) restartAROOperatorMaster(ctx context.Context) error {
+	return m.aroOperatorDeployer.Restart(ctx, []string{"aro-operator-master"})
+}
diff --git a/pkg/cluster/install.go b/pkg/cluster/install.go
@@ -201,6 +201,8 @@ func (m *manager) Update(ctx context.Context) error {
 		steps.Action(m.renewMDSDCertificate),
 		steps.Action(m.updateOpenShiftSecret),
 		steps.Action(m.updateAROSecret),
+		steps.Action(m.restartAROOperatorMaster), // depends on m.updateOpenShiftSecret; the point of restarting is to pick up any changes made to the secret
+		steps.Condition(m.aroDeploymentReady, 20*time.Minute, true),
 		steps.Action(m.reconcileLoadBalancerProfile),
 	}
 

diff --git a/pkg/operator/deploy/deploy.go b/pkg/operator/deploy/deploy.go
@@ -37,6 +37,7 @@ import (
 	aroclient "github.com/Azure/ARO-RP/pkg/operator/clientset/versioned"
 	"github.com/Azure/ARO-RP/pkg/operator/controllers/genevalogging"
 	"github.com/Azure/ARO-RP/pkg/util/dynamichelper"
+	kubeutil "github.com/Azure/ARO-RP/pkg/util/kubernetes"
 	utilpem "github.com/Azure/ARO-RP/pkg/util/pem"
 	"github.com/Azure/ARO-RP/pkg/util/pullsecret"
 	"github.com/Azure/ARO-RP/pkg/util/ready"
@@ -49,6 +50,7 @@ var embeddedFiles embed.FS
 type Operator interface {
 	CreateOrUpdate(context.Context) error
 	IsReady(context.Context) (bool, error)
+	Restart(context.Context, []string) error
 	IsRunningDesiredVersion(context.Context) (bool, error)
 	RenewMDSDCertificate(context.Context) error
 }
@@ -405,6 +407,18 @@ func (o *operator) IsReady(ctx context.Context) (bool, error) {
 	return true, nil
 }
 
+func (o *operator) Restart(ctx context.Context, deploymentNames []string) error {
+	for _, dn := range deploymentNames {
+		err := kubeutil.Restart(ctx, o.kubernetescli.AppsV1().Deployments(pkgoperator.Namespace), dn)
+
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func checkOperatorDeploymentVersion(ctx context.Context, cli appsv1client.DeploymentInterface, name string, desiredVersion string) (bool, error) {
 	d, err := cli.Get(ctx, name, metav1.GetOptions{})
 	switch {

diff --git a/pkg/util/kubernetes/deployments.go b/pkg/util/kubernetes/deployments.go
@@ -0,0 +1,35 @@
+package kubernetes
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache License 2.0.
+
+import (
+	"context"
+	"time"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	appsv1client "k8s.io/client-go/kubernetes/typed/apps/v1"
+)
+
+// Restart restarts the given Deployment by performing the equivalent of a `kubectl rollout restart deployment <deployment-name>` against it.
+func Restart(ctx context.Context, cli appsv1client.DeploymentInterface, deploymentName string) error {
+	d, err := cli.Get(ctx, deploymentName, metav1.GetOptions{})
+
+	if err != nil {
+		return err
+	}
+
+	if d.Spec.Template.ObjectMeta.Annotations == nil {
+		d.Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
+
+	d.Spec.Template.ObjectMeta.Annotations["kubectl.kubernetes.io/restartedAt"] = time.Now().Format(time.RFC3339)
+
+	_, err = cli.Update(ctx, d, metav1.UpdateOptions{})
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/util/mocks/operator/deploy/deploy.go b/pkg/util/mocks/operator/deploy/deploy.go