From 45326e4c583c3b3e3910c710184395b6aa626759 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Mon, 15 Jan 2018 17:54:17 -0300 Subject: [PATCH] Avoid data race syncing secrets --- internal/ingress/controller/store/backend_ssl.go | 3 +++ internal/ingress/controller/store/store.go | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/internal/ingress/controller/store/backend_ssl.go b/internal/ingress/controller/store/backend_ssl.go index 6f9a6d099..e232f15f4 100644 --- a/internal/ingress/controller/store/backend_ssl.go +++ b/internal/ingress/controller/store/backend_ssl.go @@ -37,6 +37,9 @@ import ( // disk to allow copy of the content of the secret to disk to be used // by external processes. func (s k8sStore) syncSecret(key string) { + s.mu.Lock() + defer s.mu.Unlock() + glog.V(3).Infof("starting syncing of secret %v", key) // TODO: getPemCertificate should not write to disk to avoid unnecessary overhead diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 711018c74..bf9ae2566 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -21,6 +21,7 @@ import ( "fmt" "io/ioutil" "reflect" + "sync" "time" "github.com/golang/glog" @@ -182,6 +183,8 @@ type k8sStore struct { filesystem file.Filesystem updateCh chan Event + + mu *sync.Mutex } // New creates a new object store to be used in the ingress controller @@ -200,6 +203,7 @@ func New(checkOCSP bool, filesystem: fs, updateCh: updateCh, backendConfig: ngx_config.NewDefault(), + mu: &sync.Mutex{}, } eventBroadcaster := record.NewBroadcaster()