recreate generated service cert secret when deleted #12853
Conversation
|
@deads2k PTAL |
|
[test] |
| @@ -116,6 +139,11 @@ func NewServiceServingCertController(serviceClient kcoreclient.ServicesGetter, s | |||
| func (sc *ServiceServingCertController) Run(workers int, stopCh <-chan struct{}) { | |||
| defer utilruntime.HandleCrash() | |||
| go sc.serviceController.Run(stopCh) | |||
| go sc.secretController.Run(stopCh) | |||
| if !waitForCacheSync(stopCh, sc.serviceHasSynced, sc.secretHasSynced) { | |||
There was a problem hiding this comment.
@deads2k any reason you did not waited for the caches to sync before?
There was a problem hiding this comment.
@deads2k any reason you did not waited for the caches to sync before?
Things would self-settle since the first mutation would fail until the cache updated and the services aren't self referential.
| return false | ||
| } | ||
| if getNumFailures(service) >= sc.maxRetries { | ||
| return false | ||
| } | ||
| if _, exists, _ := sc.secretCache.GetByKey(service.Namespace + "/" + secretName); !exists { |
| @@ -125,6 +153,27 @@ func (sc *ServiceServingCertController) Run(workers int, stopCh <-chan struct{}) | |||
| sc.queue.ShutDown() | |||
| } | |||
|
|
|||
| func (sc *ServiceServingCertController) recreateServiceSecret(obj interface{}) { | |||
There was a problem hiding this comment.
I'd prefer deleteSecret with a comment explaining what its checking.
|
nits and it needs a test. lgtm otherwise. |
mfojtik
force-pushed
the
fix-secret-regen
branch
from
5a68ae6 to
5358689
Compare
|
@deads2k all fixed, thanks :-) |
|
Evaluated for origin test up to 5358689 |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13682/) (Base Commit: bcddac6) |
|
[merge] |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13682/) (Image: devenv-rhel7_5877) |
|
Evaluated for origin merge up to 5358689 |
Fixes: #12834