Merge 217d22baa1 into bc6e5840b6

core/pkg/ingress/controller/backend_ssl.go

@@ -33,38 +33,34 @@ import (
 // syncSecret keeps in sync Secrets used by Ingress rules with the files on
 // disk to allow copy of the content of the secret to disk to be used
 // by external processes.
-func (ic *GenericController) syncSecret() {
+func (ic *GenericController) syncSecret(s *api.Secret) {
 	glog.V(3).Infof("starting syncing of secrets")
 
 	var cert *ingress.SSLCert
 	var err error
+	key := ic.secretKey(s.Namespace, s.Name)
+	ic.secretTracker.Add(key, key)
 
-	for _, k := range ic.secretTracker.List() {
+	cert, err = ic.getPemCertificate(key)
-		key := k.(string)
+	if err != nil {
-		cert, err = ic.getPemCertificate(key)
+		glog.Warningf("error obtaining PEM from secret %v: %v", key, err)
-		if err != nil {
+		return
-			glog.Warningf("error obtaining PEM from secret %v: %v", key, err)
-			continue
-		}
-
-		// create certificates and add or update the item in the store
-		cur, exists := ic.sslCertTracker.Get(key)
-		if exists {
-			s := cur.(*ingress.SSLCert)
-			if reflect.DeepEqual(s, cert) {
-				// no need to update
-				continue
-			}
-			glog.Infof("updating secret %v in the local store", key)
-			ic.sslCertTracker.Update(key, cert)
-			ic.reloadRequired = true
-			continue
-		}
-
-		glog.Infof("adding secret %v to the local store", key)
-		ic.sslCertTracker.Add(key, cert)
-		ic.reloadRequired = true
 	}
+
+	// create certificates and add or update the item in the store
+	cur, exists := ic.sslCertTracker.Get(key)
+	if exists {
+		s := cur.(*ingress.SSLCert)
+		if reflect.DeepEqual(s, cert) {
+			// no need to update
+			return
+		}
+		glog.Infof("updating secret %v in the local store", key)
+		ic.sslCertTracker.Update(key, cert)
+	}
+
+	glog.Infof("adding secret %v to the local store", key)
+	ic.sslCertTracker.Add(key, cert)
 }
 
 // getPemCertificate receives a secret, and creates a ingress.SSLCert as return.

core/pkg/ingress/controller/backend_ssl_test.go

@@ -167,7 +167,7 @@ func TestSyncSecret(t *testing.T) {
 			ic.secrLister.Add(secret)
 
 			// for add
-			ic.syncSecret()
+			ic.syncSecret(secret)
 			if foo.expectSuccess {
 				// validate
 				_, exist := ic.sslCertTracker.Get(foo.secretName)
@@ -175,7 +175,7 @@ func TestSyncSecret(t *testing.T) {
 					t.Errorf("Failed to sync secret: %s", foo.secretName)
 				} else {
 					// for update
-					ic.syncSecret()
+					ic.syncSecret(secret)
 				}
 			}
 		})

core/pkg/ingress/controller/controller.go

@@ -32,7 +32,6 @@ import (
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/runtime"
-	"k8s.io/apimachinery/pkg/util/wait"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/scheme"
 	unversionedcore "k8s.io/client-go/kubernetes/typed/core/v1"
@@ -219,16 +218,32 @@ func newIngressController(config *Configuration) *GenericController {
 	}
 
 	secrEventHandler := cache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			sec := obj.(*api.Secret)
+			ic.recorder.Eventf(sec, api.EventTypeNormal, "ADD", fmt.Sprintf("Secret %s/%s", sec.Namespace, sec.Name))
+			if sec.Type == api.SecretTypeTLS {
+				ic.syncSecret(sec)
+				ic.syncQueue.Enqueue(sec)
+			}
+		},
 		UpdateFunc: func(old, cur interface{}) {
 			if !reflect.DeepEqual(old, cur) {
-				ic.syncSecret()
+				curlSec := cur.(*api.Secret)
+				ic.recorder.Eventf(curlSec, api.EventTypeNormal, "UPDATE", fmt.Sprintf("Secret %s/%s", curlSec.Namespace, curlSec.Name))
+				if curlSec.Type == api.SecretTypeTLS {
+					ic.syncSecret(curlSec)
+					ic.syncQueue.Enqueue(cur)
+				}
 			}
 		},
 		DeleteFunc: func(obj interface{}) {
 			sec := obj.(*api.Secret)
-			key := fmt.Sprintf("%v/%v", sec.Namespace, sec.Name)
+			ic.recorder.Eventf(sec, api.EventTypeNormal, "DELETE", fmt.Sprintf("Secret %s/%s", sec.Namespace, sec.Name))
-			ic.sslCertTracker.Delete(key)
+			if sec.Type == api.SecretTypeTLS {
-			ic.secretTracker.Delete(key)
+				key := ic.secretKey(sec.Namespace, sec.Name)
+				ic.sslCertTracker.Delete(key)
+				ic.secretTracker.Delete(key)
+			}
 		},
 	}
 
@@ -328,7 +343,7 @@ func newIngressController(config *Configuration) *GenericController {
 		glog.Warning("Update of ingress status is disabled (flag --update-status=false was specified)")
 	}
 
-	ic.annotations = newAnnotationExtractor(ic)
+	ic.annotations = newAnnotationExtractor(&ic)
 
 	ic.cfg.Backend.SetListers(ingress.StoreLister{
 		Ingress:   ic.ingLister,
@@ -341,24 +356,26 @@ func newIngressController(config *Configuration) *GenericController {
 
 	return &ic
 }
-
+func (ic *GenericController) secretKey(ns, name string) string {
+	return fmt.Sprintf("%v/%v", ns, name)
+}
 // Info returns information about the backend
-func (ic GenericController) Info() *ingress.BackendInfo {
+func (ic *GenericController) Info() *ingress.BackendInfo {
 	return ic.cfg.Backend.Info()
 }
 
 // IngressClass returns information about the backend
-func (ic GenericController) IngressClass() string {
+func (ic *GenericController) IngressClass() string {
 	return ic.cfg.IngressClass
 }
 
 // GetDefaultBackend returns the default backend
-func (ic GenericController) GetDefaultBackend() defaults.Backend {
+func (ic *GenericController) GetDefaultBackend() defaults.Backend {
 	return ic.cfg.Backend.BackendDefaults()
 }
 
 // GetSecret searches for a secret in the local secrets Store
-func (ic GenericController) GetSecret(name string) (*api.Secret, error) {
+func (ic *GenericController) GetSecret(name string) (*api.Secret, error) {
 	s, exists, err := ic.secrLister.Store.GetByKey(name)
 	if err != nil {
 		return nil, err
@@ -753,7 +770,7 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress
 }
 
 // GetAuthCertificate ...
-func (ic GenericController) GetAuthCertificate(secretName string) (*resolver.AuthSSLCert, error) {
+func (ic *GenericController) GetAuthCertificate(secretName string) (*resolver.AuthSSLCert, error) {
 	if _, exists := ic.secretTracker.Get(secretName); !exists {
 		ic.secretTracker.Add(secretName, secretName)
 	}
@@ -1161,13 +1178,13 @@ func (ic *GenericController) getEndpoints(
 }
 
 // extractSecretNames extracts information about secrets inside the Ingress rule
-func (ic GenericController) extractSecretNames(ing *extensions.Ingress) {
+func (ic *GenericController) extractSecretNames(ing *extensions.Ingress) {
 	for _, tls := range ing.Spec.TLS {
 		if tls.SecretName == "" {
 			continue
 		}
 
-		key := fmt.Sprintf("%v/%v", ing.Namespace, tls.SecretName)
+		key := ic.secretKey(ing.Namespace, tls.SecretName)
 		_, exists := ic.secretTracker.Get(key)
 		if !exists {
 			ic.secretTracker.Add(key, key)
@@ -1176,7 +1193,7 @@ func (ic GenericController) extractSecretNames(ing *extensions.Ingress) {
 }
 
 // Stop stops the loadbalancer controller.
-func (ic GenericController) Stop() error {
+func (ic *GenericController) Stop() error {
 	ic.stopLock.Lock()
 	defer ic.stopLock.Unlock()
 
@@ -1195,7 +1212,7 @@ func (ic GenericController) Stop() error {
 }
 
 // Start starts the Ingress controller.
-func (ic GenericController) Start() {
+func (ic *GenericController) Start() {
 	glog.Infof("starting Ingress controller")
 
 	go ic.ingController.Run(ic.stopCh)
@@ -1219,8 +1236,6 @@ func (ic GenericController) Start() {
 
 	go ic.syncQueue.Run(10*time.Second, ic.stopCh)
 
-	go wait.Forever(ic.syncSecret, 10*time.Second)
-
 	if ic.syncStatus != nil {
 		go ic.syncStatus.Run(ic.stopCh)
 	}