From b1a35ebc816cf1ac83a29b1d414da77950967930 Mon Sep 17 00:00:00 2001 From: Antonin Stefanutti Date: Wed, 20 Dec 2023 23:44:48 +0100 Subject: [PATCH] Start cache in non leader elected instances (#166) Signed-off-by: Antonin Stefanutti --- pkg/rotator/rotator.go | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/pkg/rotator/rotator.go b/pkg/rotator/rotator.go index 68fc576..dc00c85 100644 --- a/pkg/rotator/rotator.go +++ b/pkg/rotator/rotator.go @@ -51,13 +51,13 @@ var crLog = logf.Log.WithName("cert-rotation") type WebhookType int const ( - // ValidatingWebhook indicates the webhook is a ValidatingWebhook. + // Validating indicates the webhook is a ValidatingWebhook. Validating WebhookType = iota - // MutingWebhook indicates the webhook is a MutatingWebhook. + // Mutating indicates the webhook is a MutatingWebhook. Mutating - // CRDConversionWebhook indicates the webhook is a conversion webhook. + // CRDConversion indicates the webhook is a conversion webhook. CRDConversion - // APIServiceWebhook indicates the webhook is an extension API server. + // APIService indicates the webhook is an extension API server. APIService // ExternalDataProvider indicates the webhook is a Gatekeeper External Data Provider. ExternalDataProvider @@ -68,6 +68,8 @@ var ( _ manager.LeaderElectionRunnable = &CertRotator{} _ manager.Runnable = controllerWrapper{} _ manager.LeaderElectionRunnable = controllerWrapper{} + _ manager.Runnable = &cacheWrapper{} + _ manager.LeaderElectionRunnable = &cacheWrapper{} ) type controllerWrapper struct { @@ -79,6 +81,15 @@ func (cw controllerWrapper) NeedLeaderElection() bool { return cw.needLeaderElection } +type cacheWrapper struct { + cache.Cache + needLeaderElection bool +} + +func (cw *cacheWrapper) NeedLeaderElection() bool { + return cw.needLeaderElection +} + // WebhookInfo is used by the rotator to receive info about resources to be updated with certificates. type WebhookInfo struct { // Name is the name of the webhook for a validating or mutating webhook, or the CRD name in case of a CRD conversion webhook @@ -106,7 +117,7 @@ func AddRotator(mgr manager.Manager, cr *CertRotator) error { if ns == "" { return fmt.Errorf("invalid namespace for secret") } - cache, err := addNamespacedCache(mgr, ns) + cache, err := addNamespacedCache(mgr, cr, ns) if err != nil { return fmt.Errorf("creating namespaced cache: %w", err) } @@ -174,7 +185,7 @@ func AddRotator(mgr manager.Manager, cr *CertRotator) error { // but will still have cluster-wide visibility into cluster-scoped resources. // The cache will be started by the manager when it starts, and consumers should synchronize on // it using WaitForCacheSync(). -func addNamespacedCache(mgr manager.Manager, namespace string) (cache.Cache, error) { +func addNamespacedCache(mgr manager.Manager, cr *CertRotator, namespace string) (cache.Cache, error) { var namespaces map[string]cache.Config if namespace != "" { namespaces = map[string]cache.Config{ @@ -191,13 +202,15 @@ func addNamespacedCache(mgr manager.Manager, namespace string) (cache.Cache, err if err != nil { return nil, err } - if err := mgr.Add(c); err != nil { + // Wrapping the cache to make sure it's also started when the manager + // hasn't been leader elected and CertRotator.RequireLeaderElection is false. + if err := mgr.Add(&cacheWrapper{Cache: c, needLeaderElection: cr.RequireLeaderElection}); err != nil { return nil, fmt.Errorf("registering namespaced cache: %w", err) } return c, nil } -// SyncingSource is a reader that needs syncing prior to being usable. +// SyncingReader is a reader that needs syncing prior to being usable. type SyncingReader interface { client.Reader WaitForCacheSync(ctx context.Context) bool @@ -685,9 +698,6 @@ func addController(mgr manager.Manager, r *ReconcileWH) error { if err != nil { return err } - if err := mgr.Add(controllerWrapper{c, r.needLeaderElection}); err != nil { - return err - } err = c.Watch( source.Kind(r.cache, &corev1.Secret{}), @@ -709,7 +719,7 @@ func addController(mgr manager.Manager, r *ReconcileWH) error { } } - return nil + return mgr.Add(controllerWrapper{c, r.needLeaderElection}) } var _ reconcile.Reconciler = &ReconcileWH{}