github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-02-14 18:09:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: support for ca update on crds objects

Browse Source
This commit is contained in:
Dario Tranchitella
2022-09-20 18:37:02 +02:00
parent 85aa53df6f
commit d20e466732
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
controllers/tls/manager.go
View File

@@ -132,7 +132,10 @@ func (r Reconciler) ReconcileCertificates(ctx context.Context, certSecret *corev
return r.updateValidatingWebhookConfiguration(ctx, caBundle)
})
group.Go(func() error {
return r.updateCustomResourceDefinition(ctx, caBundle)
return r.updateTenantCustomResourceDefinition(ctx, "tenants.capsule.clastix.io", caBundle)
})
group.Go(func() error {
return r.updateTenantCustomResourceDefinition(ctx, "capsuleconfigurations.capsule.clastix.io", caBundle)
})
operatorPods, err := r.getOperatorPods(ctx)
@@ -214,10 +217,10 @@ func (r Reconciler) shouldUpdateCertificate(secret *corev1.Secret) bool {
// By default helm doesn't allow to use templates in CRD (https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-1-let-helm-do-it-for-you).
// In order to overcome this, we are setting conversion strategy in helm chart to None, and then update it with CA and namespace information.
func (r *Reconciler) updateCustomResourceDefinition(ctx context.Context, caBundle []byte) error {
func (r *Reconciler) updateTenantCustomResourceDefinition(ctx context.Context, name string, caBundle []byte) error {
return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) {
crd := &apiextensionsv1.CustomResourceDefinition{}
err = r.Get(ctx, types.NamespacedName{Name: "tenants.capsule.clastix.io"}, crd)
err = r.Get(ctx, types.NamespacedName{Name: name}, crd)
if err != nil {
r.Log.Error(err, "cannot retrieve CustomResourceDefinition")