COO-526: disable events from the serving certificate controller (#625)

* Revert "fix: allow operator SA to create/update events (#623)" This reverts commit 6cae01e. * fix: avoid 'Server rejected event' logs This change removes the generation of events by the serving certificate controller because it doesn't work well with the cert/key file provider. Signed-off-by: Simon Pasquier <[email protected]> --------- Signed-off-by: Simon Pasquier <[email protected]>
rhobs · Nov 14, 2024 · 4732d43 · 4732d43
1 parent c8e15d7
commit 4732d43
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 38 deletions.
diff --git a/bundle/manifests/observability-operator.clusterserviceversion.yaml b/bundle/manifests/observability-operator.clusterserviceversion.yaml
@@ -42,7 +42,7 @@ metadata:
     categories: Monitoring
     certified: "false"
     containerImage: observability-operator:0.4.2
-    createdAt: "2024-11-08T16:10:36Z"
+    createdAt: "2024-11-05T06:54:25Z"
     description: A Go based Kubernetes operator to setup and manage highly available
       Monitoring Stack using Prometheus, Alertmanager and Thanos Querier.
     operators.operatorframework.io/builder: operator-sdk-v1.37.0
@@ -296,6 +296,7 @@ spec:
           - ""
           resources:
           - endpoints
+          - events
           - namespaces
           - nodes
           - persistentvolumeclaims
@@ -306,17 +307,6 @@ spec:
           - get
           - list
           - watch
-        - apiGroups:
-          - ""
-          resources:
-          - events
-          verbs:
-          - create
-          - get
-          - list
-          - patch
-          - update
-          - watch
         - apiGroups:
           - apps
           resources:

diff --git a/deploy/operator/observability-operator-cluster-role.yaml b/deploy/operator/observability-operator-cluster-role.yaml
@@ -23,6 +23,7 @@ rules:
   - ""
   resources:
   - endpoints
+  - events
   - namespaces
   - nodes
   - persistentvolumeclaims
@@ -33,17 +34,6 @@ rules:
   - get
   - list
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - apps
   resources:

diff --git a/pkg/controllers/doc.go b/pkg/controllers/doc.go
diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go
@@ -8,13 +8,10 @@ import (
 	"path/filepath"
 	"time"
 
-	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/apiserver/pkg/server/dynamiccertificates"
 	"k8s.io/client-go/kubernetes"
-	typedv1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
@@ -189,21 +186,16 @@ func New(ctx context.Context, cfg *OperatorConfiguration) (*Operator, error) {
 			return nil, fmt.Errorf("failed to initialize client CA controller: %w", err)
 		}
 
-		eventBroadcaster := record.NewBroadcaster()
-		eventBroadcaster.StartStructuredLogging(0)
-		eventBroadcaster.StartRecordingToSink(&typedv1.EventSinkImpl{Interface: kubeClient.CoreV1().Events("")})
-		eventRecorder := record.NewEventRecorderAdapter(
-			eventBroadcaster.NewRecorder(scheme, v1.EventSource{Component: "cluster-observability-operator"}),
-		)
-
 		servingCertController = dynamiccertificates.NewDynamicServingCertificateController(
 			&tls.Config{
 				ClientAuth: tls.RequireAndVerifyClientCert,
 			},
 			clientCAController,
 			certKeyProvider,
 			nil,
-			eventRecorder,
+			// Disabling events for now because the controller generates
+			// invalid events when used with DynamicServingContentFromFiles.
+			nil,
 		)
 		if err := servingCertController.RunOnce(); err != nil {
 			return nil, fmt.Errorf("failed to initialize serving certificate controller: %w", err)