Each type of Custom Resource (CR) that the OpenShift Application Services (RHOAS) Operator manages has an associated controller. The Operator also uses an AbstractCloudServicesController
controller that abstracts common controller logic.
You can find the controllers in the com.openshift.cloud.controllers package in our GitHub repository.
Each of the controllers is described below.
This controller abstracts common controller logic. The abstract controller is responsible for:
-
Verifying whether resources should be processed by the Operator
-
Initializing status subresources
-
Dispatching events to specific controllers
-
Catching and reporting errors
-
Aggregating updates to write to the status subresource
If you are a developer that intends to add more controllers for use with the Operator, you should extend this class and override the doCreateOrUpdateResource
property.
This controller also provides a default deleteResource
method that deletes a given CR. If you need custom delete logic, then you should override this method in the controller for your CR.
The controller performs several checks on a CR before the Operator processes the CR. The Operator processes a CR if one of the following conditions is true:
-
The CR has no status
-
The CR has no conditions
-
The CR has conditions, and the status of the
Finished
condition isFalse
-
The CR has conditions, the status of the
Finished
condition status isTrue
, and the value of theLastTransitionGeneration
property of theFinished
condition is less than the current value of themetadata.generation
property
This controller consumes a CloudServicesRequest
CR. When the controller processes the CR, the following events occur:
-
CloudServicesRequestController
loads the value of theaccessTokenSecretName
field of the CR. The controller exchanges the value with the SSO service, to get a live access token. -
The live access token authenticates with the Cloud Services API.
-
CloudServicesRequestController
fetches the list of available Kafka instances from the Cloud Services API. -
AbstractCloudServicesController
writes the list of Kafka instances to the status subresource.
This controller uses the default delete operation and deletes the CloudServicesRequest
CR.
This controller consumes a CloudServiceAccountRequest
CR to create a service account to access the Kafka instance. Currently, there is a limit of two service accounts per user. When the controller processes the CR, the following events occur:
-
CloudServiceAccountRequestController
loads the value of theaccessTokenSecretName
field of the CR. The controller exchanges the value with the SSO service, to get a live access token. -
The live access token authenticates with the Cloud Services API.
-
CloudServiceAccountRequestController
creates the service account in the SSO system. -
CloudServiceAccountRequestController
writes the service account information to a secret. The secret is consumed by the Service Binding Operator (SBO). -
AbstractCloudServicesController
updates the status subresource with thebootstrapServerHost
value of the Kafka instance and the secret for the service account.
This controller uses the default delete operation and deletes the CloudServiceAccountRequest
CR. Users are responsible for cleaning up service accounts and service account secrets in the SSO system.
This controller consumes a KafkaConnection
CR. When the controller processes the CR, the following events occur:
-
KafkaConnectionController
loads the value of theaccessTokenSecretName
field of the CR. The controller exchanges the value with the SSO service, to get a live access token. -
The live access token authenticates with the Cloud Services API.
-
KafkaConnectionController
loads connection information for the Kafka instance from the Cloud Services API, using thespec.kafkaId
field. -
AbstractCloudServicesController
updates the status subresource with thebootstrapServerHost
value of the Kafka instance and the secret for the service account.
This controller uses the default delete operation and deletes the KafkaConnection
CR.
This controller consumes a ServiceRegistryConnection
CR. When the controller processes the CR, the following events occur:
-
ServiceRegistryConnection
loads the value of theaccessTokenSecretName
field of the CR. The controller exchanges the value with the SSO service, to get a live access token. -
The live access token authenticates with the Cloud Services API.
-
ServiceRegistryConnectionController
loads connection information for the Service Registry instance from the Cloud Services API, using the value of thespec.serviceRegistryId
field. -
AbstractCloudServicesController
updates the status subresource with theregistryUrl
value of the Service Registry instance,serviceAccountSecretName
(the secret for the service account), andmetadata.oauthTokenUrl
(the authentication URL of the Service Registry instance).
This controller uses the default delete operation and deletes the ServiceRegistryConnection
CR.