Each type of Custom Resource (CR) that the OpenShift Application Services (RHOAS) Operator manages has an associated controller. The Operator also uses an AbstractCloudServicesController controller that abstracts common controller logic.

You can find the controllers in the com.openshift.cloud.controllers package in our GitHub repository.

Controller Diagram

Each of the controllers is described below.

AbstractCloudServicesController

This controller abstracts common controller logic. The abstract controller is responsible for:

  • Verifying whether resources should be processed by the Operator

  • Initializing status subresources

  • Dispatching events to specific controllers

  • Catching and reporting errors

  • Aggregating updates to write to the status subresource

If you are a developer that intends to add more controllers for use with the Operator, you should extend this class and override the doCreateOrUpdateResource property.

This controller also provides a default deleteResource method that deletes a given CR. If you need custom delete logic, then you should override this method in the controller for your CR.

Process checks

The controller performs several checks on a CR before the Operator processes the CR. The Operator processes a CR if one of the following conditions is true:

  • The CR has no status

  • The CR has no conditions

  • The CR has conditions, and the status of the Finished condition is False

  • The CR has conditions, the status of the Finished condition status is True, and the value of the LastTransitionGeneration property of the Finished condition is less than the current value of the metadata.generation property

CloudServicesRequestController

This controller consumes a CloudServicesRequest CR. When the controller processes the CR, the following events occur:

  • CloudServicesRequestController loads the value of the accessTokenSecretName field of the CR. The controller exchanges the value with the SSO service, to get a live access token.

  • The live access token authenticates with the Cloud Services API.

  • CloudServicesRequestController fetches the list of available Kafka instances from the Cloud Services API.

  • AbstractCloudServicesController writes the list of Kafka instances to the status subresource.

This controller uses the default delete operation and deletes the CloudServicesRequest CR.

CloudServiceAccountRequestController

This controller consumes a CloudServiceAccountRequest CR to create a service account to access the Kafka instance. Currently, there is a limit of two service accounts per user. When the controller processes the CR, the following events occur:

  • CloudServiceAccountRequestController loads the value of the accessTokenSecretName field of the CR. The controller exchanges the value with the SSO service, to get a live access token.

  • The live access token authenticates with the Cloud Services API.

  • CloudServiceAccountRequestController creates the service account in the SSO system.

  • CloudServiceAccountRequestController writes the service account information to a secret. The secret is consumed by the Service Binding Operator (SBO).

  • AbstractCloudServicesController updates the status subresource with the bootstrapServerHost value of the Kafka instance and the secret for the service account.

This controller uses the default delete operation and deletes the CloudServiceAccountRequest CR. Users are responsible for cleaning up service accounts and service account secrets in the SSO system.

KafkaConnectionController

This controller consumes a KafkaConnection CR. When the controller processes the CR, the following events occur:

  • KafkaConnectionController loads the value of the accessTokenSecretName field of the CR. The controller exchanges the value with the SSO service, to get a live access token.

  • The live access token authenticates with the Cloud Services API.

  • KafkaConnectionController loads connection information for the Kafka instance from the Cloud Services API, using the spec.kafkaId field.

  • AbstractCloudServicesController updates the status subresource with the bootstrapServerHost value of the Kafka instance and the secret for the service account.

This controller uses the default delete operation and deletes the KafkaConnection CR.

ServiceRegistryConnectionController

This controller consumes a ServiceRegistryConnection CR. When the controller processes the CR, the following events occur:

  • ServiceRegistryConnection loads the value of the accessTokenSecretName field of the CR. The controller exchanges the value with the SSO service, to get a live access token.

  • The live access token authenticates with the Cloud Services API.

  • ServiceRegistryConnectionController loads connection information for the Service Registry instance from the Cloud Services API, using the value of the spec.serviceRegistryId field.

  • AbstractCloudServicesController updates the status subresource with the registryUrl value of the Service Registry instance, serviceAccountSecretName (the secret for the service account), and metadata.oauthTokenUrl (the authentication URL of the Service Registry instance).

This controller uses the default delete operation and deletes the ServiceRegistryConnection CR.