From 4732d43760869225d797d5fdfe5d302a421ebfd7 Mon Sep 17 00:00:00 2001
From: Simon Pasquier <spasquie@redhat.com>
Date: Thu, 14 Nov 2024 11:19:15 +0100
Subject: [PATCH] COO-526: disable events from the serving certificate
 controller (#625)

* Revert "fix: allow operator SA to create/update events (#623)"

This reverts commit 6cae01e11decc5e1df12948af2099ff2e9aa534b.

* fix: avoid 'Server rejected event' logs

This change removes the generation of events by the serving certificate
controller because it doesn't work well with the cert/key file provider.

Signed-off-by: Simon Pasquier <spasquie@redhat.com>

---------

Signed-off-by: Simon Pasquier <spasquie@redhat.com>
---
 ...servability-operator.clusterserviceversion.yaml | 14 ++------------
 .../observability-operator-cluster-role.yaml       | 12 +-----------
 pkg/controllers/doc.go                             |  4 ----
 pkg/operator/operator.go                           | 14 +++-----------
 4 files changed, 6 insertions(+), 38 deletions(-)
 delete mode 100644 pkg/controllers/doc.go

diff --git a/bundle/manifests/observability-operator.clusterserviceversion.yaml b/bundle/manifests/observability-operator.clusterserviceversion.yaml
index da427017..b275ffaa 100644
--- a/bundle/manifests/observability-operator.clusterserviceversion.yaml
+++ b/bundle/manifests/observability-operator.clusterserviceversion.yaml
@@ -42,7 +42,7 @@ metadata:
     categories: Monitoring
     certified: "false"
     containerImage: observability-operator:0.4.2
-    createdAt: "2024-11-08T16:10:36Z"
+    createdAt: "2024-11-05T06:54:25Z"
     description: A Go based Kubernetes operator to setup and manage highly available
       Monitoring Stack using Prometheus, Alertmanager and Thanos Querier.
     operators.operatorframework.io/builder: operator-sdk-v1.37.0
@@ -296,6 +296,7 @@ spec:
           - ""
           resources:
           - endpoints
+          - events
           - namespaces
           - nodes
           - persistentvolumeclaims
@@ -306,17 +307,6 @@ spec:
           - get
           - list
           - watch
-        - apiGroups:
-          - ""
-          resources:
-          - events
-          verbs:
-          - create
-          - get
-          - list
-          - patch
-          - update
-          - watch
         - apiGroups:
           - apps
           resources:
diff --git a/deploy/operator/observability-operator-cluster-role.yaml b/deploy/operator/observability-operator-cluster-role.yaml
index 6aefc0c4..2cf69f90 100644
--- a/deploy/operator/observability-operator-cluster-role.yaml
+++ b/deploy/operator/observability-operator-cluster-role.yaml
@@ -23,6 +23,7 @@ rules:
   - ""
   resources:
   - endpoints
+  - events
   - namespaces
   - nodes
   - persistentvolumeclaims
@@ -33,17 +34,6 @@ rules:
   - get
   - list
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - apps
   resources:
diff --git a/pkg/controllers/doc.go b/pkg/controllers/doc.go
deleted file mode 100644
index 943c160b..00000000
--- a/pkg/controllers/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-package controllers
-
-// RBAC for sending Kubernetes events
-//+kubebuilder:rbac:groups="",resources=events,verbs=create;update;patch
diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go
index 9f1af085..2bf18fe2 100644
--- a/pkg/operator/operator.go
+++ b/pkg/operator/operator.go
@@ -8,13 +8,10 @@ import (
 	"path/filepath"
 	"time"
 
-	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/apiserver/pkg/server/dynamiccertificates"
 	"k8s.io/client-go/kubernetes"
-	typedv1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
@@ -189,13 +186,6 @@ func New(ctx context.Context, cfg *OperatorConfiguration) (*Operator, error) {
 			return nil, fmt.Errorf("failed to initialize client CA controller: %w", err)
 		}
 
-		eventBroadcaster := record.NewBroadcaster()
-		eventBroadcaster.StartStructuredLogging(0)
-		eventBroadcaster.StartRecordingToSink(&typedv1.EventSinkImpl{Interface: kubeClient.CoreV1().Events("")})
-		eventRecorder := record.NewEventRecorderAdapter(
-			eventBroadcaster.NewRecorder(scheme, v1.EventSource{Component: "cluster-observability-operator"}),
-		)
-
 		servingCertController = dynamiccertificates.NewDynamicServingCertificateController(
 			&tls.Config{
 				ClientAuth: tls.RequireAndVerifyClientCert,
@@ -203,7 +193,9 @@ func New(ctx context.Context, cfg *OperatorConfiguration) (*Operator, error) {
 			clientCAController,
 			certKeyProvider,
 			nil,
-			eventRecorder,
+			// Disabling events for now because the controller generates
+			// invalid events when used with DynamicServingContentFromFiles.
+			nil,
 		)
 		if err := servingCertController.RunOnce(); err != nil {
 			return nil, fmt.Errorf("failed to initialize serving certificate controller: %w", err)