Merge pull request #358 from java-operator-sdk/fix-354

feat: make it possible to deactivate CR validation

Author: metacosm

README.md

@@ -165,6 +165,18 @@ public class WebServerSpec {
 }
 ```
 
+#### Deactivating CustomResource implementations validation
+
+The operator will, by default, query the deployed CRDs to check that the `CustomResource`
+implementations match what is known to the cluster. This requires an additional query to the cluster
+and, sometimes, elevated privileges for the operator to be able to read the CRDs from the cluster.
+This validation is mostly meant to help users new to operator development get started and avoid
+common mistakes. Advanced users or production deployments might want to skip this step. This is done
+by setting 
+the `JAVA_OPERATOR_SDK_VALIDATE_CR` environment variable to `false`. Quarkus users can also add 
+`quarkus.operator-sdk.validate-custom-resources=false` to their `application.properties` for the 
+same purpose.
+
 #### Automatic generation of CRDs
 
 To automatically generate CRD manifests from your annotated Custom Resource classes, you only need

operator-framework-core/src/main/java/io/javaoperatorsdk/operator/Operator.java

@@ -1,5 +1,6 @@
 package io.javaoperatorsdk.operator;
 
+import io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinition;
 import io.fabric8.kubernetes.client.CustomResource;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import io.fabric8.kubernetes.client.Version;
@@ -96,23 +97,26 @@ public <R extends CustomResource> void register(
       Class<R> resClass = configuration.getCustomResourceClass();
       String finalizer = configuration.getFinalizer();
 
-      // check that the custom resource is known by the cluster
-      final var crdName = configuration.getCRDName();
-      final var crd =
-          k8sClient.apiextensions().v1().customResourceDefinitions().withName(crdName).get();
-      final var controllerName = configuration.getName();
-      if (crd == null) {
-        throw new OperatorException(
-            "'"
-                + crdName
-                + "' CRD was not found on the cluster, controller "
-                + controllerName
-                + " cannot be registered");
+      final String controllerName = configuration.getName();
+
+      // check that the custom resource is known by the cluster if configured that way
+      final CustomResourceDefinition crd;
+      if (configurationService.validateCustomResources()) {
+        final var crdName = configuration.getCRDName();
+        crd = k8sClient.apiextensions().v1().customResourceDefinitions().withName(crdName).get();
+        if (crd == null) {
+          throw new OperatorException(
+              "'"
+                  + crdName
+                  + "' CRD was not found on the cluster, controller "
+                  + controllerName
+                  + " cannot be registered");
+        }
+
+        // Apply validations that are not handled by fabric8
+        CustomResourceUtils.assertCustomResource(resClass, crd);
       }
 
-      // Apply validations that are not handled by fabric8
-      CustomResourceUtils.assertCustomResource(resClass, crd);
-
       final var client = k8sClient.customResources(resClass);
       EventDispatcher dispatcher =
           new EventDispatcher(

operator-framework-core/src/main/java/io/javaoperatorsdk/operator/api/config/ConfigurationService.java

@@ -42,4 +42,17 @@ default Config getClientConfiguration() {
    * @return the version information
    */
   Version getVersion();
+
+  /**
+   * Whether the operator should query the CRD to make sure it's deployed and validate {@link
+   * CustomResource} implementations before attempting to register the associated controllers.
+   *
+   * <p>Note that this might require elevating the privileges associated with the operator to gain
+   * read access on the CRD resources.
+   *
+   * @return {@code true} if CRDs should be checked (default), {@code false} otherwise
+   */
+  default boolean validateCustomResources() {
+    return true;
+  }
 }

operator-framework-core/src/main/java/io/javaoperatorsdk/operator/api/config/Utils.java

@@ -12,6 +12,7 @@
 public class Utils {
 
   private static final Logger log = LoggerFactory.getLogger(Utils.class);
+  public static final String VALIDATE_CR_ENV_KEY = "JAVA_OPERATOR_SDK_VALIDATE_CR";
 
   /**
    * Attempts to load version information from a properties file produced at build time, currently
@@ -48,4 +49,13 @@ public static Version loadFromProperties() {
         properties.getProperty("git.commit.id.abbrev", "unknown"),
         builtTime);
   }
+
+  public static boolean isValidateCustomResourcesEnvVarSet() {
+    return System.getProperty(VALIDATE_CR_ENV_KEY) != null;
+  }
+
+  public static boolean shouldValidateCustomResources() {
+    final var value = System.getProperty(VALIDATE_CR_ENV_KEY);
+    return value == null || Boolean.getBoolean(value);
+  }
 }

operator-framework-quarkus-extension/deployment/src/main/java/io/javaoperatorsdk/quarkus/extension/deployment/QuarkusExtensionProcessor.java

@@ -81,11 +81,16 @@ void createConfigurationServiceAndOperator(
             .collect(Collectors.toList());
 
     final var version = Utils.loadFromProperties();
+    final var validateCustomResources =
+        Utils.isValidateCustomResourcesEnvVarSet()
+            ? Utils.shouldValidateCustomResources()
+            : externalConfiguration.validateCustomResources.orElse(true);
 
     final var supplier =
         recorder.configurationServiceSupplier(
             new Version(version.getSdkVersion(), version.getCommit(), version.getBuiltTime()),
-            controllerConfigs);
+            controllerConfigs,
+            validateCustomResources);
     syntheticBeanBuildItemBuildProducer.produce(
         SyntheticBeanBuildItem.configure(QuarkusConfigurationService.class)
             .scope(Singleton.class)

operator-framework-quarkus-extension/runtime/src/main/java/io/javaoperatorsdk/quarkus/extension/ConfigurationServiceRecorder.java

@@ -13,9 +13,14 @@
 public class ConfigurationServiceRecorder {
 
   public Supplier<ConfigurationService> configurationServiceSupplier(
-      Version version, List<ControllerConfiguration> controllerConfigs) {
+      Version version,
+      List<ControllerConfiguration> controllerConfigs,
+      boolean validateCustomResources) {
     return () ->
         new QuarkusConfigurationService(
-            version, controllerConfigs, Arc.container().instance(KubernetesClient.class).get());
+            version,
+            controllerConfigs,
+            Arc.container().instance(KubernetesClient.class).get(),
+            validateCustomResources);
   }
 }

operator-framework-quarkus-extension/runtime/src/main/java/io/javaoperatorsdk/quarkus/extension/ExternalConfiguration.java

@@ -1,13 +1,22 @@
 package io.javaoperatorsdk.quarkus.extension;
 
+import io.fabric8.kubernetes.client.CustomResource;
 import io.quarkus.runtime.annotations.ConfigItem;
 import io.quarkus.runtime.annotations.ConfigPhase;
 import io.quarkus.runtime.annotations.ConfigRoot;
 import java.util.Map;
+import java.util.Optional;
 
 @ConfigRoot(name = "operator-sdk", phase = ConfigPhase.BUILD_AND_RUN_TIME_FIXED)
 public class ExternalConfiguration {
 
   /** Maps a controller name to its configuration. */
   @ConfigItem public Map<String, ExternalControllerConfiguration> controllers;
+
+  /**
+   * Whether the operator should validate the {@link CustomResource} implementation before
+   * registering the associated controller.
+   */
+  @ConfigItem(defaultValue = "true")
+  public Optional<Boolean> validateCustomResources;
 }

operator-framework-quarkus-extension/runtime/src/main/java/io/javaoperatorsdk/quarkus/extension/ExternalControllerConfiguration.java

@@ -28,5 +28,5 @@ public class ExternalControllerConfiguration {
   public Optional<Boolean> generationAware;
 
   /** The optional controller retry configuration */
-  public Optional<ExternalRetryConfiguration> retry;
+  @ConfigItem public Optional<ExternalRetryConfiguration> retry;
 }

operator-framework-quarkus-extension/runtime/src/main/java/io/javaoperatorsdk/quarkus/extension/QuarkusConfigurationService.java

@@ -13,14 +13,19 @@
 public class QuarkusConfigurationService extends AbstractConfigurationService {
   private static final ClientProxyUnwrapper unwrapper = new ClientProxyUnwrapper();
   private final KubernetesClient client;
+  private final boolean validateCustomResources;
 
   public QuarkusConfigurationService(
-      Version version, List<ControllerConfiguration> configurations, KubernetesClient client) {
+      Version version,
+      List<ControllerConfiguration> configurations,
+      KubernetesClient client,
+      boolean validateCustomResources) {
     super(version);
     this.client = client;
     if (configurations != null && !configurations.isEmpty()) {
       configurations.forEach(this::register);
     }
+    this.validateCustomResources = validateCustomResources;
   }
 
   @Override
@@ -35,6 +40,11 @@ public <R extends CustomResource> ControllerConfiguration<R> getConfigurationFor
     return super.getConfigurationFor(unwrapped);
   }
 
+  @Override
+  public boolean validateCustomResources() {
+    return validateCustomResources;
+  }
+
   private static <R extends CustomResource> ResourceController<R> unwrap(
       ResourceController<R> controller) {
     return (ResourceController<R>) unwrapper.apply(controller);

operator-framework-quarkus-extension/tests/src/main/java/io/javaoperatorsdk/quarkus/it/TestOperatorApp.java

@@ -18,6 +18,12 @@ public class TestOperatorApp {
   @Inject Instance<ResourceController<? extends CustomResource>> controllers;
   @Inject ConfigurationService configurationService;
 
+  @GET
+  @Path("validateCR")
+  public boolean validateCR() {
+    return configurationService.validateCustomResources();
+  }
+
   @GET
   @Path("{name}")
   public boolean getController(@PathParam("name") String name) {

operator-framework-quarkus-extension/tests/src/main/resources/application.properties

@@ -1,2 +1,3 @@
 quarkus.operator-sdk.controllers.annotation.finalizer=from-property/finalizer
-quarkus.operator-sdk.controllers.annotation.namespaces=bar
+quarkus.operator-sdk.controllers.annotation.namespaces=bar
+quarkus.operator-sdk.validate-custom-resources=false

operator-framework-quarkus-extension/tests/src/test/java/io/javaoperatorsdk/quarkus/it/QuarkusExtensionProcessorTest.java

@@ -18,6 +18,11 @@
 @QuarkusTestResource(KubernetesMockServerTestResource.class)
 public class QuarkusExtensionProcessorTest {
 
+  @Test
+  void shouldNotValidateCRs() {
+    given().when().get("/operator/validateCR").then().statusCode(200).body(is("false"));
+  }
+
   @Test
   void controllerShouldExist() {
     // first check that we're not always returning true for any controller name :)

operator-framework/src/main/java/io/javaoperatorsdk/operator/config/runtime/DefaultConfigurationService.java

@@ -36,4 +36,9 @@ public <R extends CustomResource> ControllerConfiguration<R> getConfigurationFor
     }
     return config;
   }
+
+  @Override
+  public boolean validateCustomResources() {
+    return Utils.shouldValidateCustomResources();
+  }
 }