From 3a261bf6ee4303ff75b7b56ecb1d483484e6c4e8 Mon Sep 17 00:00:00 2001
From: Wen Zhou <wenzhou@redhat.com>
Date: Fri, 6 Dec 2024 18:01:06 +0100
Subject: [PATCH] feat: use label selector to pick namespace

- for clean installation:
  - if user keep using default pre-defined namespace: same as before
  - if user want to use a different namespace: they will need to create project
    themselves, and add label "opendatahub.io/watched-namespace": "true"
    then install ODH operator and create DSCI by fill in these namespaces
    or install RHOAI and delete auto created DSCI and create DSCI by fill in these namespaces
- for upgrade: operator only use selector to get namespace
  this can bypass hardcoded namespace limitation
- add more resource kinds into cache due to change use component CR with owns and watches

Signed-off-by: Wen Zhou <wenzhou@redhat.com>
---
 main.go | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 103 insertions(+), 11 deletions(-)

diff --git a/main.go b/main.go
index c3ca2487d8f..5aeba5cd7f4 100644
--- a/main.go
+++ b/main.go
@@ -198,8 +198,12 @@ func main() { //nolint:funlen,maintidx
 		os.Exit(1)
 	}
 
-	secretCache := createSecretCacheConfig(platform)
-	deploymentCache := createDeploymentCacheConfig(platform)
+	// get old release version before we create default DSCI CR
+	oldReleaseVersion, _ := upgrade.GetDeployedRelease(ctx, setupClient)
+
+	secretCache := createSecretCacheConfig(ctx, setupClient, !(len(oldReleaseVersion.Name) == 0), platform)
+	oDHCache := createODHGeneralCacheConfig(ctx, setupClient, !(len(oldReleaseVersion.Name) == 0), platform)
+
 	cacheOptions := cache.Options{
 		Scheme: scheme,
 		ByObject: map[client.Object]cache.ByObject{
@@ -228,9 +232,33 @@ func main() { //nolint:funlen,maintidx
 				Field: fields.Set{"metadata.name": cluster.ClusterAuthenticationObj}.AsSelector(),
 			},
 			// for prometheus and black-box deployment and ones we owns
-			&appsv1.Deployment{}: {Namespaces: deploymentCache},
-			// kueue need prometheusrules
-			&promv1.PrometheusRule{}: {Namespaces: deploymentCache},
+			&appsv1.Deployment{}: {
+				Namespaces: oDHCache,
+			},
+			// kueue + monitoring need prometheusrules
+			&promv1.PrometheusRule{}: {
+				Namespaces: oDHCache,
+			},
+			&promv1.ServiceMonitor{}: {
+				Namespaces: oDHCache,
+			},
+			&routev1.Route{}: {
+				Namespaces: oDHCache,
+			},
+			&networkingv1.NetworkPolicy{}: {
+				Namespaces: oDHCache,
+			},
+			&rbacv1.Role{}: {
+				Namespaces: oDHCache,
+			},
+			&rbacv1.RoleBinding{}: {
+				Namespaces: oDHCache,
+			},
+			&rbacv1.ClusterRole{}:        {},
+			&rbacv1.ClusterRoleBinding{}: {},
+			&securityv1.SecurityContextConstraints{}: {
+				Namespaces: oDHCache,
+			},
 		},
 	}
 
@@ -344,9 +372,6 @@ func main() { //nolint:funlen,maintidx
 		os.Exit(1)
 	}
 
-	// get old release version before we create default DSCI CR
-	oldReleaseVersion, _ := upgrade.GetDeployedRelease(ctx, setupClient)
-
 	// Check if user opted for disabling DSC configuration
 	disableDSCConfig, existDSCConfig := os.LookupEnv("DISABLE_DSC_CONFIG")
 	if existDSCConfig && disableDSCConfig != "false" {
@@ -414,11 +439,37 @@ func main() { //nolint:funlen,maintidx
 	}
 }
 
-func createSecretCacheConfig(platform cluster.Platform) map[string]cache.Config {
+func createSecretCacheConfig(ctx context.Context, cli client.Client, upgrade bool, platform cluster.Platform) map[string]cache.Config {
 	namespaceConfigs := map[string]cache.Config{
-		"istio-system":      {}, // for both knative-serving-cert and default-modelregistry-cert,as an easy workarond, to watch all in this namespace for now
+		"istio-system":      {}, // for both knative-serving-cert and default-modelregistry-cert, as an easy workarond, to watch both in this namespace
 		"openshift-ingress": {},
 	}
+	// upgrade cache
+	if upgrade {
+		// TODO: if we dont want harcoded above two namespace we can add them with label selector
+		// maistra.io/member-of=istio-system
+		// network.openshift.io/policy-group=ingress
+
+		labelSelector := client.MatchingLabels{
+			"opendatahub.io/generated-namespace": "true",
+		}
+		namespaceList := &corev1.NamespaceList{}
+		if err := cli.List(ctx, namespaceList, labelSelector); err != nil {
+			// return application (+ monitoring + default wb ) namespace
+			return namespaceConfigs
+		}
+
+		for _, ns := range namespaceList.Items {
+			namespaceConfigs[ns.Name] = cache.Config{}
+		}
+		// on managed, we keep operator namespace fixed
+		if platform == cluster.ManagedRhoai {
+			namespaceConfigs["redhat-ods-operator"] = cache.Config{}
+		}
+		return namespaceConfigs
+	}
+
+	// clean install cache
 	switch platform {
 	case cluster.ManagedRhoai:
 		namespaceConfigs["redhat-ods-monitoring"] = cache.Config{}
@@ -433,11 +484,40 @@ func createSecretCacheConfig(platform cluster.Platform) map[string]cache.Config
 	default:
 		namespaceConfigs["opendatahub"] = cache.Config{}
 	}
+	// if user create namespace and want it to be used as application namespace
+	// they need to create label "opendatahub.io/watched-namespace": "true" then set DSCI to use it
+	labelSelector := client.MatchingLabels{
+		"opendatahub.io/watched-namespace": "true",
+	}
+	namespaceList := &corev1.NamespaceList{}
+	if err := cli.List(ctx, namespaceList, labelSelector); err != nil {
+		return namespaceConfigs
+	}
+	for _, ns := range namespaceList.Items {
+		namespaceConfigs[ns.Name] = cache.Config{}
+	}
 	return namespaceConfigs
 }
 
-func createDeploymentCacheConfig(platform cluster.Platform) map[string]cache.Config {
+func createODHGeneralCacheConfig(ctx context.Context, cli client.Client, upgrade bool, platform cluster.Platform) map[string]cache.Config {
 	namespaceConfigs := map[string]cache.Config{}
+	// upgrade cache
+	if upgrade {
+		labelSelector := client.MatchingLabels{
+			"opendatahub.io/generated-namespace": "true",
+		}
+		namespaceList := &corev1.NamespaceList{}
+		if err := cli.List(ctx, namespaceList, labelSelector); err != nil {
+			return namespaceConfigs
+		}
+		for _, ns := range namespaceList.Items {
+			namespaceConfigs[ns.Name] = cache.Config{}
+		}
+		// remove rhods-notebooks if it exists since we do not have deployment in this namespace, only SFS
+		delete(namespaceConfigs, cluster.DefaultNotebooksNamespace)
+		return namespaceConfigs
+	}
+	// clean install cache
 	switch platform {
 	case cluster.ManagedRhoai: // no need workbench NS, only SFS no Deployment
 		namespaceConfigs["redhat-ods-monitoring"] = cache.Config{}
@@ -447,6 +527,18 @@ func createDeploymentCacheConfig(platform cluster.Platform) map[string]cache.Con
 	default:
 		namespaceConfigs["opendatahub"] = cache.Config{}
 	}
+	// if user create namespace and want it to be used as application namespace
+	// they need to create label "opendatahub.io/watched-namespace": "true" then set DSCI to use it
+	labelSelector := client.MatchingLabels{
+		"opendatahub.io/watched-namespace": "true",
+	}
+	namespaceList := &corev1.NamespaceList{}
+	if err := cli.List(ctx, namespaceList, labelSelector); err != nil {
+		return namespaceConfigs
+	}
+	for _, ns := range namespaceList.Items {
+		namespaceConfigs[ns.Name] = cache.Config{}
+	}
 	return namespaceConfigs
 }