CLOUDP-342325 Basic enterprise search support (#309)

# Summary

<!-- Enter your issue summary here.-->

## Proof of Work

<!-- Enter your proof that it works here.-->

## Checklist

- [x] Have you linked a jira ticket and/or is the ticket in the title?
- [x] Have you checked whether your jira ticket required DOCSP changes?
- [x] Have you added changelog file?
    - use `skip-changelog` label if not needed
- refer to [Changelog files and Release
Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes)
section in CONTRIBUTING.md for more details

---------

Co-authored-by: Łukasz Sierant <lukasz.sierant@mongodb.com>

Author: fealebenpae

.evergreen-tasks.yml

@@ -1300,3 +1300,9 @@ tasks:
     tags: [ "patch-run" ]
     commands:
       - func: "e2e_test"
+
+  - name: e2e_search_enterprise_basic
+    tags: [ "patch-run" ]
+    commands:
+      - func: "e2e_test"
+

.evergreen.yml

@@ -815,6 +815,8 @@ task_groups:
       - e2e_replica_set_oidc_workforce
       - e2e_sharded_cluster_oidc_m2m_group
       - e2e_sharded_cluster_oidc_m2m_user
+      # MongoDBSearch test group
+      - e2e_search_enterprise_basic
     <<: *teardown_group
 
   # this task group contains just a one task, which is smoke testing whether the operator

controllers/operator/mongodbreplicaset_controller.go

@@ -4,12 +4,16 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/blang/semver"
 	"go.uber.org/zap"
 	"golang.org/x/xerrors"
 	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
@@ -22,6 +26,7 @@ import (
 
 	mdbv1 "github.com/mongodb/mongodb-kubernetes/api/v1/mdb"
 	rolev1 "github.com/mongodb/mongodb-kubernetes/api/v1/role"
+	searchv1 "github.com/mongodb/mongodb-kubernetes/api/v1/search"
 	mdbstatus "github.com/mongodb/mongodb-kubernetes/api/v1/status"
 	"github.com/mongodb/mongodb-kubernetes/controllers/om"
 	"github.com/mongodb/mongodb-kubernetes/controllers/om/backup"
@@ -39,6 +44,7 @@ import (
 	"github.com/mongodb/mongodb-kubernetes/controllers/operator/recovery"
 	"github.com/mongodb/mongodb-kubernetes/controllers/operator/watch"
 	"github.com/mongodb/mongodb-kubernetes/controllers/operator/workflow"
+	"github.com/mongodb/mongodb-kubernetes/controllers/search_controller"
 	mcoConstruct "github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/controllers/construct"
 	"github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/pkg/kube/annotations"
 	"github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/pkg/kube/configmap"
@@ -52,6 +58,7 @@ import (
 	"github.com/mongodb/mongodb-kubernetes/pkg/util/architectures"
 	"github.com/mongodb/mongodb-kubernetes/pkg/util/env"
 	util_int "github.com/mongodb/mongodb-kubernetes/pkg/util/int"
+	"github.com/mongodb/mongodb-kubernetes/pkg/util/maputil"
 	"github.com/mongodb/mongodb-kubernetes/pkg/vault"
 	"github.com/mongodb/mongodb-kubernetes/pkg/vault/vaultwatcher"
 )
@@ -219,6 +226,8 @@ func (r *ReconcileMongoDbReplicaSet) Reconcile(ctx context.Context, request reco
 		return r.updateStatus(ctx, rs, workflow.Failed(xerrors.Errorf("Failed to reconcileHostnameOverrideConfigMap: %w", err)), log)
 	}
 
+	shouldMirrorKeyfile := r.applySearchOverrides(ctx, rs, log)
+
 	sts := construct.DatabaseStatefulSet(*rs, rsConfig, log)
 	if status := r.ensureRoles(ctx, rs.Spec.DbCommonSpec, r.enableClusterMongoDBRoles, conn, kube.ObjectKeyFromApiObject(rs), log); !status.IsOK() {
 		return r.updateStatus(ctx, rs, status, log)
@@ -238,7 +247,7 @@ func (r *ReconcileMongoDbReplicaSet) Reconcile(ctx context.Context, request reco
 	// See CLOUDP-189433 and CLOUDP-229222 for more details.
 	if recovery.ShouldTriggerRecovery(rs.Status.Phase != mdbstatus.PhaseRunning, rs.Status.LastTransition) {
 		log.Warnf("Triggering Automatic Recovery. The MongoDB resource %s/%s is in %s state since %s", rs.Namespace, rs.Name, rs.Status.Phase, rs.Status.LastTransition)
-		automationConfigStatus := r.updateOmDeploymentRs(ctx, conn, rs.Status.Members, rs, sts, log, caFilePath, agentCertSecretSelector, prometheusCertHash, true).OnErrorPrepend("Failed to create/update (Ops Manager reconciliation phase):")
+		automationConfigStatus := r.updateOmDeploymentRs(ctx, conn, rs.Status.Members, rs, sts, log, caFilePath, agentCertSecretSelector, prometheusCertHash, true, shouldMirrorKeyfile).OnErrorPrepend("Failed to create/update (Ops Manager reconciliation phase):")
 		deploymentError := create.DatabaseInKubernetes(ctx, r.client, *rs, sts, rsConfig, log)
 		if deploymentError != nil {
 			log.Errorf("Recovery failed because of deployment errors, %w", deploymentError)
@@ -254,7 +263,7 @@ func (r *ReconcileMongoDbReplicaSet) Reconcile(ctx context.Context, request reco
 	}
 	status = workflow.RunInGivenOrder(publishAutomationConfigFirst(ctx, r.client, *rs, lastSpec, rsConfig, log),
 		func() workflow.Status {
-			return r.updateOmDeploymentRs(ctx, conn, rs.Status.Members, rs, sts, log, caFilePath, agentCertSecretSelector, prometheusCertHash, false).OnErrorPrepend("Failed to create/update (Ops Manager reconciliation phase):")
+			return r.updateOmDeploymentRs(ctx, conn, rs.Status.Members, rs, sts, log, caFilePath, agentCertSecretSelector, prometheusCertHash, false, shouldMirrorKeyfile).OnErrorPrepend("Failed to create/update (Ops Manager reconciliation phase):")
 		},
 		func() workflow.Status {
 			workflowStatus := create.HandlePVCResize(ctx, r.client, &sts, log)
@@ -408,14 +417,27 @@ func AddReplicaSetController(ctx context.Context, mgr manager.Manager, imageUrls
 			zap.S().Errorf("Failed to watch for vault secret changes: %w", err)
 		}
 	}
+
+	err = c.Watch(source.Kind(mgr.GetCache(), &searchv1.MongoDBSearch{},
+		handler.TypedEnqueueRequestsFromMapFunc(func(ctx context.Context, search *searchv1.MongoDBSearch) []reconcile.Request {
+			source := search.GetMongoDBResourceRef()
+			if source == nil {
+				return []reconcile.Request{}
+			}
+			return []reconcile.Request{{NamespacedName: types.NamespacedName{Namespace: source.Namespace, Name: source.Name}}}
+		})))
+	if err != nil {
+		return err
+	}
+
 	zap.S().Infof("Registered controller %s", util.MongoDbReplicaSetController)
 
 	return nil
 }
 
 // updateOmDeploymentRs performs OM registration operation for the replicaset. So the changes will be finally propagated
 // to automation agents in containers
-func (r *ReconcileMongoDbReplicaSet) updateOmDeploymentRs(ctx context.Context, conn om.Connection, membersNumberBefore int, rs *mdbv1.MongoDB, set appsv1.StatefulSet, log *zap.SugaredLogger, caFilePath string, agentCertSecretSelector corev1.SecretKeySelector, prometheusCertHash string, isRecovering bool) workflow.Status {
+func (r *ReconcileMongoDbReplicaSet) updateOmDeploymentRs(ctx context.Context, conn om.Connection, membersNumberBefore int, rs *mdbv1.MongoDB, set appsv1.StatefulSet, log *zap.SugaredLogger, caFilePath string, agentCertSecretSelector corev1.SecretKeySelector, prometheusCertHash string, isRecovering bool, shouldMirrorKeyfileForMongot bool) workflow.Status {
 	log.Debug("Entering UpdateOMDeployments")
 	// Only "concrete" RS members should be observed
 	// - if scaling down, let's observe only members that will remain after scale-down operation
@@ -469,6 +491,11 @@ func (r *ReconcileMongoDbReplicaSet) updateOmDeploymentRs(ctx context.Context, c
 
 	err = conn.ReadUpdateDeployment(
 		func(d om.Deployment) error {
+			if shouldMirrorKeyfileForMongot {
+				if err := r.mirrorKeyfileIntoSecretForMongot(ctx, d, rs, log); err != nil {
+					return err
+				}
+			}
 			return ReconcileReplicaSetAC(ctx, d, rs.Spec.DbCommonSpec, lastRsConfig.ToMap(), rs.Name, replicaSet, caFilePath, internalClusterPath, &p, log)
 		},
 		log,
@@ -609,3 +636,70 @@ func getAllHostsRs(set appsv1.StatefulSet, clusterName string, membersCount int,
 	hostnames, _ := dns.GetDnsForStatefulSetReplicasSpecified(set, clusterName, membersCount, externalDomain)
 	return hostnames
 }
+
+func (r *ReconcileMongoDbReplicaSet) applySearchOverrides(ctx context.Context, rs *mdbv1.MongoDB, log *zap.SugaredLogger) bool {
+	search := r.lookupCorrespondingSearchResource(ctx, rs, log)
+	if search == nil {
+		log.Debugf("No MongoDBSearch resource found, skipping search overrides")
+		return false
+	}
+
+	log.Infof("Applying search overrides from MongoDBSearch %s", search.NamespacedName())
+
+	if rs.Spec.AdditionalMongodConfig == nil {
+		rs.Spec.AdditionalMongodConfig = mdbv1.NewEmptyAdditionalMongodConfig()
+	}
+	searchMongodConfig := search_controller.GetMongodConfigParameters(search)
+	rs.Spec.AdditionalMongodConfig.AddOption("setParameter", searchMongodConfig["setParameter"])
+
+	mdbVersion, err := semver.ParseTolerant(rs.Spec.Version)
+	if err != nil {
+		log.Warnf("Failed to parse MongoDB version %q: %w. Proceeding without the automatic creation of the searchCoordinator role that's necessary for MongoDB <8.2", rs.Spec.Version, err)
+	} else if semver.MustParse("8.2.0").GT(mdbVersion) {
+		log.Infof("Polyfilling the searchCoordinator role for MongoDB %s", rs.Spec.Version)
+
+		if rs.Spec.Security == nil {
+			rs.Spec.Security = &mdbv1.Security{}
+		}
+		rs.Spec.Security.Roles = append(rs.Spec.Security.Roles, search_controller.SearchCoordinatorRole())
+	}
+
+	return true
+}
+
+func (r *ReconcileMongoDbReplicaSet) mirrorKeyfileIntoSecretForMongot(ctx context.Context, d om.Deployment, rs *mdbv1.MongoDB, log *zap.SugaredLogger) error {
+	keyfileContents := maputil.ReadMapValueAsString(d, "auth", "key")
+	keyfileSecret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("%s-keyfile", rs.Name), Namespace: rs.Namespace}}
+
+	log.Infof("Mirroring the replicaset %s's keyfile into the secret %s", rs.ObjectKey(), kube.ObjectKeyFromApiObject(keyfileSecret))
+
+	_, err := controllerutil.CreateOrUpdate(ctx, r.client, keyfileSecret, func() error {
+		keyfileSecret.StringData = map[string]string{"keyfile": keyfileContents}
+		return controllerutil.SetOwnerReference(rs, keyfileSecret, r.client.Scheme())
+	})
+	if err != nil {
+		return xerrors.Errorf("Failed to mirror the replicaset's keyfile into a secret: %w", err)
+	} else {
+		return nil
+	}
+}
+
+func (r *ReconcileMongoDbReplicaSet) lookupCorrespondingSearchResource(ctx context.Context, rs *mdbv1.MongoDB, log *zap.SugaredLogger) *searchv1.MongoDBSearch {
+	var search *searchv1.MongoDBSearch
+	searchList := &searchv1.MongoDBSearchList{}
+	if err := r.client.List(ctx, searchList, &client.ListOptions{
+		FieldSelector: fields.OneTermEqualSelector(search_controller.MongoDBSearchIndexFieldName, rs.GetNamespace()+"/"+rs.GetName()),
+	}); err != nil {
+		log.Debugf("Failed to list MongoDBSearch resources: %v", err)
+	}
+	// this validates that there is exactly one MongoDBSearch pointing to this resource,
+	// and that this resource passes search validations. If either fails, proceed without a search target
+	// for the mongod automation config.
+	if len(searchList.Items) == 1 {
+		searchSource := search_controller.NewEnterpriseResourceSearchSource(rs)
+		if searchSource.Validate() == nil {
+			search = &searchList.Items[0]
+		}
+	}
+	return search
+}

controllers/operator/mongodbsearch_controller.go

@@ -14,12 +14,14 @@ import (
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	ctrl "sigs.k8s.io/controller-runtime"
 
+	mdbv1 "github.com/mongodb/mongodb-kubernetes/api/v1/mdb"
 	searchv1 "github.com/mongodb/mongodb-kubernetes/api/v1/search"
+	"github.com/mongodb/mongodb-kubernetes/controllers/operator/watch"
 	"github.com/mongodb/mongodb-kubernetes/controllers/search_controller"
 	mdbcv1 "github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/api/v1"
-	"github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/controllers/watch"
 	kubernetesClient "github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/pkg/kube/client"
 	"github.com/mongodb/mongodb-kubernetes/pkg/kube/commoncontroller"
 	"github.com/mongodb/mongodb-kubernetes/pkg/util"
@@ -28,15 +30,14 @@ import (
 
 type MongoDBSearchReconciler struct {
 	kubeClient           kubernetesClient.Client
-	mdbcWatcher          *watch.ResourceWatcher
+	watch                *watch.ResourceWatcher
 	operatorSearchConfig search_controller.OperatorSearchConfig
 }
 
 func newMongoDBSearchReconciler(client client.Client, operatorSearchConfig search_controller.OperatorSearchConfig) *MongoDBSearchReconciler {
-	mdbcWatcher := watch.New()
 	return &MongoDBSearchReconciler{
 		kubeClient:           kubernetesClient.NewClient(client),
-		mdbcWatcher:          &mdbcWatcher,
+		watch:                watch.NewResourceWatcher(),
 		operatorSearchConfig: operatorSearchConfig,
 	}
 }
@@ -51,36 +52,52 @@ func (r *MongoDBSearchReconciler) Reconcile(ctx context.Context, request reconci
 		return result, err
 	}
 
-	sourceResource, mdbc, err := getSourceMongoDBForSearch(ctx, r.kubeClient, mdbSearch)
+	searchSource, err := r.getSourceMongoDBForSearch(ctx, r.kubeClient, mdbSearch, log)
 	if err != nil {
 		return reconcile.Result{RequeueAfter: time.Second * util.RetryTimeSec}, err
 	}
 
-	if mdbc != nil {
-		r.mdbcWatcher.Watch(ctx, mdbc.NamespacedName(), request.NamespacedName)
-	}
+	r.watch.AddWatchedResourceIfNotAdded(searchSource.KeyfileSecretName(), mdbSearch.Namespace, watch.Secret, mdbSearch.NamespacedName())
 
-	reconcileHelper := search_controller.NewMongoDBSearchReconcileHelper(kubernetesClient.NewClient(r.kubeClient), mdbSearch, sourceResource, r.operatorSearchConfig)
+	reconcileHelper := search_controller.NewMongoDBSearchReconcileHelper(kubernetesClient.NewClient(r.kubeClient), mdbSearch, searchSource, r.operatorSearchConfig)
 
 	return reconcileHelper.Reconcile(ctx, log).ReconcileResult()
 }
 
-func getSourceMongoDBForSearch(ctx context.Context, kubeClient client.Client, search *searchv1.MongoDBSearch) (search_controller.SearchSourceDBResource, *mdbcv1.MongoDBCommunity, error) {
+func (r *MongoDBSearchReconciler) getSourceMongoDBForSearch(ctx context.Context, kubeClient client.Client, search *searchv1.MongoDBSearch, log *zap.SugaredLogger) (search_controller.SearchSourceDBResource, error) {
 	if search.IsExternalMongoDBSource() {
-		return search_controller.NewSearchSourceDBResourceFromExternal(search.Namespace, search.Spec.Source.ExternalMongoDBSource), nil, nil
+		return search_controller.NewExternalSearchSource(search.Namespace, search.Spec.Source.ExternalMongoDBSource), nil
 	}
 
 	sourceMongoDBResourceRef := search.GetMongoDBResourceRef()
 	if sourceMongoDBResourceRef == nil {
-		return nil, nil, xerrors.New("MongoDBSearch source MongoDB resource reference is not set")
+		return nil, xerrors.New("MongoDBSearch source MongoDB resource reference is not set")
+	}
+
+	sourceName := types.NamespacedName{Namespace: search.GetNamespace(), Name: sourceMongoDBResourceRef.Name}
+	log.Infof("Looking up Search source %s", sourceName)
+
+	mdb := &mdbv1.MongoDB{}
+	if err := kubeClient.Get(ctx, sourceName, mdb); err != nil {
+		if !apierrors.IsNotFound(err) {
+			return nil, xerrors.Errorf("error getting MongoDB %s: %w", sourceName, err)
+		}
+	} else {
+		r.watch.AddWatchedResourceIfNotAdded(sourceMongoDBResourceRef.Name, sourceMongoDBResourceRef.Namespace, watch.MongoDB, search.NamespacedName())
+		return search_controller.NewEnterpriseResourceSearchSource(mdb), nil
 	}
 
-	mdbcName := types.NamespacedName{Namespace: search.GetNamespace(), Name: sourceMongoDBResourceRef.Name}
 	mdbc := &mdbcv1.MongoDBCommunity{}
-	if err := kubeClient.Get(ctx, mdbcName, mdbc); err != nil {
-		return nil, nil, xerrors.Errorf("error getting MongoDBCommunity %s: %w", mdbcName, err)
+	if err := kubeClient.Get(ctx, sourceName, mdbc); err != nil {
+		if !apierrors.IsNotFound(err) {
+			return nil, xerrors.Errorf("error getting MongoDBCommunity %s: %w", sourceName, err)
+		}
+	} else {
+		r.watch.AddWatchedResourceIfNotAdded(sourceMongoDBResourceRef.Name, sourceMongoDBResourceRef.Namespace, "MongoDBCommunity", search.NamespacedName())
+		return search_controller.NewCommunityResourceSearchSource(mdbc), nil
 	}
-	return search_controller.NewSearchSourceDBResourceFromMongoDBCommunity(mdbc), mdbc, nil
+
+	return nil, xerrors.Errorf("No database resource named %s found", sourceName)
 }
 
 func mdbcSearchIndexBuilder(rawObj client.Object) []string {
@@ -103,7 +120,9 @@ func AddMongoDBSearchController(ctx context.Context, mgr manager.Manager, operat
 	return ctrl.NewControllerManagedBy(mgr).
 		WithOptions(controller.Options{MaxConcurrentReconciles: env.ReadIntOrDefault(util.MaxConcurrentReconcilesEnv, 1)}). // nolint:forbidigo
 		For(&searchv1.MongoDBSearch{}).
-		Watches(&mdbcv1.MongoDBCommunity{}, r.mdbcWatcher).
+		Watches(&mdbv1.MongoDB{}, &watch.ResourcesHandler{ResourceType: watch.MongoDB, ResourceWatcher: r.watch}).
+		Watches(&mdbcv1.MongoDBCommunity{}, &watch.ResourcesHandler{ResourceType: "MongoDBCommunity", ResourceWatcher: r.watch}).
+		Watches(&corev1.Secret{}, &watch.ResourcesHandler{ResourceType: watch.Secret, ResourceWatcher: r.watch}).
 		Owns(&appsv1.StatefulSet{}).
 		Owns(&corev1.Secret{}).
 		Complete(r)

controllers/operator/mongodbsearch_controller_test.go

@@ -8,11 +8,8 @@ import (
 	"github.com/ghodss/yaml"
 	"github.com/stretchr/testify/assert"
 	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/client-go/util/workqueue"
 	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllertest"
-	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	appsv1 "k8s.io/api/apps/v1"
@@ -29,6 +26,7 @@ import (
 	mdbcv1 "github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/api/v1"
 	"github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/api/v1/common"
 	"github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/pkg/mongot"
+	"github.com/mongodb/mongodb-kubernetes/mongodb-community-operator/pkg/util/constants"
 )
 
 func newMongoDBCommunity(name, namespace string) *mdbcv1.MongoDBCommunity {
@@ -62,7 +60,16 @@ func newSearchReconcilerWithOperatorConfig(
 	builder.WithIndex(&searchv1.MongoDBSearch{}, search_controller.MongoDBSearchIndexFieldName, mdbcSearchIndexBuilder)
 
 	if mdbc != nil {
-		builder.WithObjects(mdbc)
+		keyfileSecret := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      mdbc.GetAgentKeyfileSecretNamespacedName().Name,
+				Namespace: mdbc.Namespace,
+			},
+			StringData: map[string]string{
+				constants.AgentKeyfileKey: "keyfile",
+			},
+		}
+		builder.WithObjects(mdbc, keyfileSecret)
 	}
 
 	for _, search := range searches {
@@ -183,10 +190,6 @@ func TestMongoDBSearchReconcile_Success(t *testing.T) {
 	sts := &appsv1.StatefulSet{}
 	err = c.Get(ctx, search.StatefulSetNamespacedName(), sts)
 	assert.NoError(t, err)
-
-	queue := controllertest.Queue{Interface: workqueue.New()}
-	reconciler.mdbcWatcher.Create(ctx, event.CreateEvent{Object: mdbc}, &queue)
-	assert.Equal(t, 1, queue.Len())
 }
 
 func checkSearchReconcileFailed(

controllers/operator/watch/config_change_handler.go

@@ -14,8 +14,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	corev1 "k8s.io/api/core/v1"
-
-	rolev1 "github.com/mongodb/mongodb-kubernetes/api/v1/role"
 )
 
 // Type is an enum for all kubernetes types watched by controller for changes for configuration
@@ -87,10 +85,14 @@ func (c *ResourcesHandler) doHandle(namespace, name string, q workqueue.RateLimi
 
 // Seems we don't need to react on config map/secret removal..
 func (c *ResourcesHandler) Delete(ctx context.Context, e event.DeleteEvent, q workqueue.RateLimitingInterface) {
-	switch v := e.Object.(type) {
-	case *rolev1.ClusterMongoDBRole:
-		c.doHandle(v.GetNamespace(), v.GetName(), q)
+	switch e.Object.(type) {
+	case *corev1.ConfigMap:
+		return
+	case *corev1.Secret:
+		return
 	}
+
+	c.doHandle(e.Object.GetNamespace(), e.Object.GetName(), q)
 }
 
 func (c *ResourcesHandler) Generic(ctx context.Context, _ event.GenericEvent, _ workqueue.RateLimitingInterface) {