Avoid periodic check for secret changes
This commit is contained in:
Manuel de Brito Fontes
parent
c1cf8ffb31
commit
5c9c5a301a
3 changed files with 21 additions and 7 deletions
|
|
@ -34,7 +34,7 @@ import (
|
||||||
// syncSecret keeps in sync Secrets used by Ingress rules with the files on
|
// syncSecret keeps in sync Secrets used by Ingress rules with the files on
|
||||||
// disk to allow copy of the content of the secret to disk to be used
|
// disk to allow copy of the content of the secret to disk to be used
|
||||||
// by external processes.
|
// by external processes.
|
||||||
func (ic *GenericController) syncSecret() {
|
func (ic *GenericController) syncSecret(key string) {
|
||||||
glog.V(3).Infof("starting syncing of secrets")
|
glog.V(3).Infof("starting syncing of secrets")
|
||||||
|
|
||||||
if !ic.controllersInSync() {
|
if !ic.controllersInSync() {
|
||||||
|
|
@ -46,7 +46,13 @@ func (ic *GenericController) syncSecret() {
|
||||||
var cert *ingress.SSLCert
|
var cert *ingress.SSLCert
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
keys := ic.secretTracker.List()
|
// by default we sync just one secret
|
||||||
|
keys := []interface{}{key}
|
||||||
|
// if the key is empty we check all the secrets
|
||||||
|
if key == "" {
|
||||||
|
keys = ic.secretTracker.List()
|
||||||
|
}
|
||||||
|
|
||||||
for _, k := range keys {
|
for _, k := range keys {
|
||||||
key := k.(string)
|
key := k.(string)
|
||||||
cert, err = ic.getPemCertificate(key)
|
cert, err = ic.getPemCertificate(key)
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
testclient "k8s.io/client-go/kubernetes/fake"
|
testclient "k8s.io/client-go/kubernetes/fake"
|
||||||
api_v1 "k8s.io/client-go/pkg/api/v1"
|
api_v1 "k8s.io/client-go/pkg/api/v1"
|
||||||
|
|
@ -166,7 +167,7 @@ func TestSyncSecret(t *testing.T) {
|
||||||
ic.secrLister.Add(secret)
|
ic.secrLister.Add(secret)
|
||||||
|
|
||||||
// for add
|
// for add
|
||||||
ic.syncSecret()
|
ic.syncSecret("")
|
||||||
if foo.expectSuccess {
|
if foo.expectSuccess {
|
||||||
// validate
|
// validate
|
||||||
_, exist := ic.sslCertTracker.Get(foo.secretName)
|
_, exist := ic.sslCertTracker.Get(foo.secretName)
|
||||||
|
|
@ -174,7 +175,7 @@ func TestSyncSecret(t *testing.T) {
|
||||||
t.Errorf("Failed to sync secret: %s", foo.secretName)
|
t.Errorf("Failed to sync secret: %s", foo.secretName)
|
||||||
} else {
|
} else {
|
||||||
// for update
|
// for update
|
||||||
ic.syncSecret()
|
ic.syncSecret("")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,6 @@ import (
|
||||||
|
|
||||||
"k8s.io/apimachinery/pkg/fields"
|
"k8s.io/apimachinery/pkg/fields"
|
||||||
"k8s.io/apimachinery/pkg/util/intstr"
|
"k8s.io/apimachinery/pkg/util/intstr"
|
||||||
"k8s.io/apimachinery/pkg/util/wait"
|
|
||||||
clientset "k8s.io/client-go/kubernetes"
|
clientset "k8s.io/client-go/kubernetes"
|
||||||
unversionedcore "k8s.io/client-go/kubernetes/typed/core/v1"
|
unversionedcore "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||||
def_api "k8s.io/client-go/pkg/api"
|
def_api "k8s.io/client-go/pkg/api"
|
||||||
|
|
@ -203,6 +202,12 @@ func newIngressController(config *Configuration) *GenericController {
|
||||||
}
|
}
|
||||||
|
|
||||||
secrEventHandler := cache.ResourceEventHandlerFuncs{
|
secrEventHandler := cache.ResourceEventHandlerFuncs{
|
||||||
|
UpdateFunc: func(old, cur interface{}) {
|
||||||
|
if !reflect.DeepEqual(old, cur) {
|
||||||
|
sec := cur.(*api.Secret)
|
||||||
|
ic.syncSecret(fmt.Sprintf("%v/%v", sec.Namespace, sec.Name))
|
||||||
|
}
|
||||||
|
},
|
||||||
DeleteFunc: func(obj interface{}) {
|
DeleteFunc: func(obj interface{}) {
|
||||||
sec := obj.(*api.Secret)
|
sec := obj.(*api.Secret)
|
||||||
ic.sslCertTracker.Delete(fmt.Sprintf("%v/%v", sec.Namespace, sec.Name))
|
ic.sslCertTracker.Delete(fmt.Sprintf("%v/%v", sec.Namespace, sec.Name))
|
||||||
|
|
@ -1151,6 +1156,10 @@ func (ic GenericController) extractSecretNames(ing *extensions.Ingress) {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tls := range ing.Spec.TLS {
|
for _, tls := range ing.Spec.TLS {
|
||||||
|
if tls.SecretName == "" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
key := fmt.Sprintf("%v/%v", ing.Namespace, tls.SecretName)
|
key := fmt.Sprintf("%v/%v", ing.Namespace, tls.SecretName)
|
||||||
_, exists := ic.secretTracker.Get(key)
|
_, exists := ic.secretTracker.Get(key)
|
||||||
if !exists {
|
if !exists {
|
||||||
|
|
@ -1191,8 +1200,6 @@ func (ic GenericController) Start() {
|
||||||
|
|
||||||
go ic.syncQueue.Run(10*time.Second, ic.stopCh)
|
go ic.syncQueue.Run(10*time.Second, ic.stopCh)
|
||||||
|
|
||||||
go wait.Forever(ic.syncSecret, 10*time.Second)
|
|
||||||
|
|
||||||
if ic.syncStatus != nil {
|
if ic.syncStatus != nil {
|
||||||
go ic.syncStatus.Run(ic.stopCh)
|
go ic.syncStatus.Run(ic.stopCh)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue