Watch Infrastructure object and update AWS user tags

- Ingress controller now monitors changes to the Infrastructure object,
ensuring that modifications to user-defined AWS ResourceTags (platform.AWS.ResourceTags) trigger updates to the load balancer service.
- Consider awsLBAdditionalResourceTags annotation as a managed annotation.
- Updating awsLBAdditionalResourceTags annotation will no longer mark the IngressController and operator as Upgradable=False.

Signed-off-by: chiragkyal <[email protected]>

pkg/operator/controller/ingress/controller.go

@@ -49,6 +49,8 @@ import (
 
 const (
 	controllerName = "ingress_controller"
+	// clusterInfrastructureName is the name of the 'cluster' infrastructure object.
+	clusterInfrastructureName = "cluster"
 )
 
 // TODO: consider moving these to openshift/api
@@ -134,6 +136,12 @@ func New(mgr manager.Manager, config Config) (controller.Controller, error) {
 	if err := c.Watch(source.Kind[client.Object](operatorCache, &configv1.Proxy{}, handler.EnqueueRequestsFromMapFunc(reconciler.ingressConfigToIngressController))); err != nil {
 		return nil, err
 	}
+	// Watch for changes to infrastructure config to update user defined tags
+	if err := c.Watch(source.Kind[client.Object](operatorCache, &configv1.Infrastructure{}, handler.EnqueueRequestsFromMapFunc(reconciler.ingressConfigToIngressController),
+		predicate.NewPredicateFuncs(hasName(clusterInfrastructureName)),
+	)); err != nil {
+		return nil, err
+	}
 	return c, nil
 }
 
@@ -187,6 +195,13 @@ func enqueueRequestForOwningIngressController(namespace string) handler.EventHan
 		})
 }
 
+// hasName returns a predicate which checks whether an object has the given name.
+func hasName(name string) func(o client.Object) bool {
+	return func(o client.Object) bool {
+		return o.GetName() == name
+	}
+}
+
 // Config holds all the things necessary for the controller to run.
 type Config struct {
 	Namespace                                 string

pkg/operator/controller/ingress/load_balancer_service.go

@@ -254,6 +254,8 @@ var (
 			//
 			// https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas
 			iksLBEnableFeaturesAnnotation,
+			// awsLBAdditionalResourceTags annotation is populated by user tags present in `platform.AWS.ResourceTags`
+			awsLBAdditionalResourceTags,
 		)
 
 		// Azure and GCP support switching between internal and external
@@ -751,9 +753,10 @@ func IsServiceInternal(service *corev1.Service) bool {
 	return false
 }
 
-// loadBalancerServiceTagsModified verifies that none of the managedAnnotations have been changed and also the AWS tags annotation
+// loadBalancerServiceTagsModified verifies that none of the managedAnnotations except awsLBAdditionalResourceTags have been changed
 func loadBalancerServiceTagsModified(current, expected *corev1.Service) (bool, *corev1.Service) {
-	ignoredAnnotations := managedLoadBalancerServiceAnnotations.Union(sets.NewString(awsLBAdditionalResourceTags))
+	ignoredAnnotations := managedLoadBalancerServiceAnnotations.Clone()
+	ignoredAnnotations.Delete(awsLBAdditionalResourceTags)
 	return loadBalancerServiceAnnotationsChanged(current, expected, ignoredAnnotations)
 }
 

pkg/operator/controller/ingress/load_balancer_service_test.go

@@ -1141,7 +1141,7 @@ func Test_loadBalancerServiceChanged(t *testing.T) {
 			mutate: func(svc *corev1.Service) {
 				svc.Annotations["service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags"] = "Key3=Value3,Key4=Value4"
 			},
-			expect: false,
+			expect: true,
 		},
 		{
 			description: "if the service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout annotation changes",

pkg/operator/controller/ingress/status_test.go

@@ -3026,7 +3026,7 @@ func Test_computeIngressUpgradeableCondition(t *testing.T) {
 			mutate: func(svc *corev1.Service) {
 				svc.Annotations[awsLBAdditionalResourceTags] = "Key2=Value2"
 			},
-			expect: false,
+			expect: true,
 		},
 		{
 			description: "if the service.beta.kubernetes.io/load-balancer-source-ranges is set",