CNTRLPLANE-3431: restart operator upon config change

[ricardomaraschini]

if the operator config changes we need to restart the operator. e.g. if the tls config has been updated we need to make sure the servers we keep online are respecting the new config.

this commit makes the operator config part of the --terminate-on-files flag.

Summary by CodeRabbit

• Improvements
  • The authentication operator now detects and responds to operator configuration file changes, enabling automatic updates without manual intervention.

[openshift-ci-robot]

@ricardomaraschini: This pull request references CNTRLPLANE-3431 which is a valid jira issue.

Details

In response to this:

if the operator config changes we need to restart the operator. e.g. if the tls config has been updated we need to make sure the servers we keep online are respecting the new config.

this commit makes the operator config part of the --terminate-on-files flag.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4046311c-e49f-45a8-95e5-357c49b904ce

📥 Commits

Reviewing files that changed from the base of the PR and between 35eb6f5 and cb1d73d.

📒 Files selected for processing (1)

• manifests/07_deployment.yaml

---

Walkthrough

The authentication-operator deployment manifest was updated to add the operator config file as a watched termination trigger. The operator process now terminates when /var/run/configmaps/config/operator-config.yaml changes, complementing existing file watches on the trusted CA bundle and termination signal file.

Changes

Operator Termination Configuration

Layer / File(s)	Summary
Operator config file termination trigger manifests/07_deployment.yaml	The operator container startup command now includes --terminate-on-files=/var/run/configmaps/config/operator-config.yaml, extending the set of watched files that trigger operator restart when changed.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding operator restart functionality when configuration changes, matching the core modification to the deployment args.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR modifies only manifests/07_deployment.yaml and does not add or modify any test files. All existing Ginkgo test names in the repository are stable and deterministic with no dynamic information.
Test Structure And Quality	✅ Passed	This PR contains only changes to a Kubernetes manifest file (manifests/07_deployment.yaml), not Ginkgo test code. The check requests review of test code quality, which is not applicable here.
Microshift Test Compatibility	✅ Passed	This PR modifies only manifests/07_deployment.yaml and does not add any Ginkgo e2e tests. The custom check applies only to new Ginkgo tests, making it not applicable to this PR.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests added. PR modifies only manifests/07_deployment.yaml. Check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	Change only modifies startup args. No new scheduling constraints. Pre-existing control-plane targeting is appropriate; manifest declares SNO support.
Ote Binary Stdout Contract	✅ Passed	PR modifies only manifests/07_deployment.yaml. No Go code changes introduced. OTE binary already has klog.LogToStderr(true). Check not applicable to manifest-only changes.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests were added. Only manifests/07_deployment.yaml modified. Check applies only to new e2e tests, not applicable here.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ingvagabund]

/approve
/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ingvagabund

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ingvagabund]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ricardomaraschini]

/retest

[ricardomaraschini]

/retest

[ricardomaraschini]

/test all

[ricardomaraschini]

/retest

[openshift-ci]

@ricardomaraschini: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.