From 5c9c5a301a72fc12b56ee1a975a37f7f125f0b08 Mon Sep 17 00:00:00 2001 From: Manuel de Brito Fontes Date: Fri, 5 May 2017 12:28:01 -0300 Subject: [PATCH] Avoid periodic check for secret changes --- core/pkg/ingress/controller/backend_ssl.go | 10 ++++++++-- core/pkg/ingress/controller/backend_ssl_test.go | 5 +++-- core/pkg/ingress/controller/controller.go | 13 ++++++++++--- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/core/pkg/ingress/controller/backend_ssl.go b/core/pkg/ingress/controller/backend_ssl.go index 9587829a1..c8bd334a0 100644 --- a/core/pkg/ingress/controller/backend_ssl.go +++ b/core/pkg/ingress/controller/backend_ssl.go @@ -34,7 +34,7 @@ import ( // syncSecret keeps in sync Secrets used by Ingress rules with the files on // disk to allow copy of the content of the secret to disk to be used // by external processes. -func (ic *GenericController) syncSecret() { +func (ic *GenericController) syncSecret(key string) { glog.V(3).Infof("starting syncing of secrets") if !ic.controllersInSync() { @@ -46,7 +46,13 @@ func (ic *GenericController) syncSecret() { var cert *ingress.SSLCert var err error - keys := ic.secretTracker.List() + // by default we sync just one secret + keys := []interface{}{key} + // if the key is empty we check all the secrets + if key == "" { + keys = ic.secretTracker.List() + } + for _, k := range keys { key := k.(string) cert, err = ic.getPemCertificate(key) diff --git a/core/pkg/ingress/controller/backend_ssl_test.go b/core/pkg/ingress/controller/backend_ssl_test.go index 47914fccf..248bb20b2 100644 --- a/core/pkg/ingress/controller/backend_ssl_test.go +++ b/core/pkg/ingress/controller/backend_ssl_test.go @@ -22,6 +22,7 @@ import ( "testing" "fmt" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" testclient "k8s.io/client-go/kubernetes/fake" api_v1 "k8s.io/client-go/pkg/api/v1" @@ -166,7 +167,7 @@ func TestSyncSecret(t *testing.T) { ic.secrLister.Add(secret) // for add - ic.syncSecret() + ic.syncSecret("") if foo.expectSuccess { // validate _, exist := ic.sslCertTracker.Get(foo.secretName) @@ -174,7 +175,7 @@ func TestSyncSecret(t *testing.T) { t.Errorf("Failed to sync secret: %s", foo.secretName) } else { // for update - ic.syncSecret() + ic.syncSecret("") } } }) diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go index 3ff7a778f..1985d44f6 100644 --- a/core/pkg/ingress/controller/controller.go +++ b/core/pkg/ingress/controller/controller.go @@ -30,7 +30,6 @@ import ( "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/util/wait" clientset "k8s.io/client-go/kubernetes" unversionedcore "k8s.io/client-go/kubernetes/typed/core/v1" def_api "k8s.io/client-go/pkg/api" @@ -203,6 +202,12 @@ func newIngressController(config *Configuration) *GenericController { } secrEventHandler := cache.ResourceEventHandlerFuncs{ + UpdateFunc: func(old, cur interface{}) { + if !reflect.DeepEqual(old, cur) { + sec := cur.(*api.Secret) + ic.syncSecret(fmt.Sprintf("%v/%v", sec.Namespace, sec.Name)) + } + }, DeleteFunc: func(obj interface{}) { sec := obj.(*api.Secret) ic.sslCertTracker.Delete(fmt.Sprintf("%v/%v", sec.Namespace, sec.Name)) @@ -1151,6 +1156,10 @@ func (ic GenericController) extractSecretNames(ing *extensions.Ingress) { } for _, tls := range ing.Spec.TLS { + if tls.SecretName == "" { + continue + } + key := fmt.Sprintf("%v/%v", ing.Namespace, tls.SecretName) _, exists := ic.secretTracker.Get(key) if !exists { @@ -1191,8 +1200,6 @@ func (ic GenericController) Start() { go ic.syncQueue.Run(10*time.Second, ic.stopCh) - go wait.Forever(ic.syncSecret, 10*time.Second) - if ic.syncStatus != nil { go ic.syncStatus.Run(ic.stopCh) }