Check API registration if API is not available (#1482)

* Fix for checking route api availability for getting the server URL Signed-off-by: Anand Francis Joseph <[email protected]> * Added check for api registration, if its not available Signed-off-by: Anand Francis Joseph <[email protected]> * Added another option to check API registration directly Signed-off-by: Anand Francis Joseph <[email protected]> * Added more logs and removed commented code Signed-off-by: Anand Francis Joseph <[email protected]> * Updated the condition to check only route enabled Signed-off-by: Anand Francis Joseph <[email protected]> * Added permission to get and list apiservices for argocd controller Signed-off-by: Anand Francis Joseph <[email protected]> * Added rbac role to manifests Signed-off-by: Anand Francis Joseph <[email protected]> * Fix for adding rbac policies for api registration service Signed-off-by: Anand Francis Joseph <[email protected]> --------- Signed-off-by: Anand Francis Joseph <[email protected]>
argoproj-labs · Aug 8, 2024 · bff6377 · bff6377
1 parent 593e511
commit bff6377
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 6 deletions.
diff --git a/bundle/manifests/argocd-operator.clusterserviceversion.yaml b/bundle/manifests/argocd-operator.clusterserviceversion.yaml
@@ -247,7 +247,7 @@ metadata:
     capabilities: Deep Insights
     categories: Integration & Delivery
     certified: "false"
-    createdAt: "2024-08-07T10:35:41Z"
+    createdAt: "2024-08-07T11:45:32Z"
     description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
     operators.operatorframework.io/builder: operator-sdk-v1.35.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v4
@@ -1712,6 +1712,13 @@ spec:
           - pods/log
           verbs:
           - get
+        - apiGroups:
+          - apiregistration.k8s.io
+          resources:
+          - apiservices
+          verbs:
+          - get
+          - list
         - apiGroups:
           - apps
           resources:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -38,6 +38,13 @@ rules:
   - pods/log
   verbs:
   - get
+- apiGroups:
+  - apiregistration.k8s.io
+  resources:
+  - apiservices
+  verbs:
+  - get
+  - list
 - apiGroups:
   - apps
   resources:

diff --git a/controllers/argocd/argocd_controller.go b/controllers/argocd/argocd_controller.go
@@ -79,7 +79,8 @@ var ActiveInstanceMap = make(map[string]string)
 //+kubebuilder:rbac:groups="",resources=pods;pods/log,verbs=get
 //+kubebuilder:rbac:groups=template.openshift.io,resources=templates;templateinstances;templateconfigs,verbs=*
 //+kubebuilder:rbac:groups="oauth.openshift.io",resources=oauthclients,verbs=get;list;watch;create;delete;patch;update
-// +kubebuilder:rbac:groups=argoproj.io,resources=notificationsconfigurations;notificationsconfigurations/finalizers,verbs=*
+//+kubebuilder:rbac:groups=argoproj.io,resources=notificationsconfigurations;notificationsconfigurations/finalizers,verbs=*
+//+kubebuilder:rbac:groups="apiregistration.k8s.io",resources="apiservices",verbs=get;list
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.

diff --git a/controllers/argocd/util.go b/controllers/argocd/util.go
@@ -348,7 +348,7 @@ func (r *ReconcileArgoCD) getArgoServerURI(cr *argoproj.ArgoCD) string {
 	}
 
 	// Use Route host if available, override Ingress if both exist
-	if IsRouteAPIAvailable() {
+	if cr.Spec.Server.Route.Enabled {
 		route := newRouteWithSuffix("server", cr)
 		if argoutil.IsObjectFound(r.Client, cr.Namespace, route.Name, route) {
 			host = route.Spec.Host

diff --git a/controllers/argoutil/api.go b/controllers/argoutil/api.go
@@ -15,11 +15,15 @@
 package argoutil
 
 import (
+	"context"
 	"fmt"
 
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/kubernetes"
+	aggregator "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 )
 
@@ -43,10 +47,41 @@ func VerifyAPI(group string, version string) (bool, error) {
 	}
 
 	if err = discovery.ServerSupportsVersion(k8s, gv); err != nil {
-		// error, API not available
-		return false, nil
+		// error, API not available, check if it is registered.
+		log.Info(fmt.Sprintf("%s/%s API not available, checking if its registered", group, version))
+		return IsAPIRegistered(group, version)
 	}
 
 	log.Info(fmt.Sprintf("%s/%s API verified", group, version))
 	return true, nil
 }
+
+// IsAPIRegistered returns true if the API is registered irrespective of
+// whether the API status is available or not.
+func IsAPIRegistered(group string, version string) (bool, error) {
+	cfg, err := config.GetConfig()
+	if err != nil {
+		log.Error(err, "unable to get k8s config")
+		return false, err
+	}
+
+	client, err := aggregator.NewForConfig(cfg)
+	if err != nil {
+		log.Error(err, "unable to create a kube-aggregator client")
+		return false, err
+	}
+
+	_, err = client.ApiregistrationV1().APIServices().
+		Get(context.TODO(), fmt.Sprintf("%s.%s", version, group), metav1.GetOptions{})
+	if err != nil {
+		if errors.IsNotFound(err) {
+			log.Info(fmt.Sprintf("%s/%s API is not registered", group, version))
+			return false, nil
+		} else {
+			log.Error(err, fmt.Sprintf("%s/%s API registration check failed.", group, version))
+			return false, err
+		}
+	}
+	log.Info(fmt.Sprintf("%s/%s API is registered", group, version))
+	return true, nil
+}
diff --git a/deploy/olm-catalog/argocd-operator/0.12.0/argocd-operator.v0.12.0.clusterserviceversion.yaml b/deploy/olm-catalog/argocd-operator/0.12.0/argocd-operator.v0.12.0.clusterserviceversion.yaml
@@ -247,7 +247,7 @@ metadata:
     capabilities: Deep Insights
     categories: Integration & Delivery
     certified: "false"
-    createdAt: "2024-08-07T10:35:41Z"
+    createdAt: "2024-08-07T11:45:32Z"
     description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
     operators.operatorframework.io/builder: operator-sdk-v1.35.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v4
@@ -1712,6 +1712,13 @@ spec:
           - pods/log
           verbs:
           - get
+        - apiGroups:
+          - apiregistration.k8s.io
+          resources:
+          - apiservices
+          verbs:
+          - get
+          - list
         - apiGroups:
           - apps
           resources:

diff --git a/go.mod b/go.mod
@@ -23,6 +23,7 @@ require (
 	k8s.io/api v0.29.0
 	k8s.io/apimachinery v0.29.0
 	k8s.io/client-go v12.0.0+incompatible
+	k8s.io/kube-aggregator v0.29.0
 	sigs.k8s.io/controller-runtime v0.16.3
 )
 

diff --git a/go.sum b/go.sum
@@ -2490,6 +2490,8 @@ k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
 k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
 k8s.io/kms v0.28.3/go.mod h1:kSMjU2tg7vjqqoWVVCcmPmNZ/CofPsoTbSxAipCvZuE=
+k8s.io/kube-aggregator v0.28.3 h1:CVbj3+cpshSHR5dWPzLYx3sVpIDEPLlzMSxY/lAc9cM=
+k8s.io/kube-aggregator v0.28.3/go.mod h1:5DyLevbRTcWnT1f9b+lB3BfbXC1w7gDa/OtB6kKInCw=
 k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
 k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
 k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko=