From bf02f551477e053286adeb7eccc2ddd8b1baf628 Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Tue, 13 Nov 2018 11:38:40 -0800 Subject: [PATCH] rootcacertpublisher: trigger resync on namespace add and update Last cleanup was a bit overzealous. --- cmd/kube-controller-manager/app/certificates.go | 1 + .../certificates/rootcacertpublisher/publisher.go | 10 +++++++++- .../certificates/rootcacertpublisher/publisher_test.go | 3 ++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/cmd/kube-controller-manager/app/certificates.go b/cmd/kube-controller-manager/app/certificates.go index 1a5c89e8ab..752e2c5a1b 100644 --- a/cmd/kube-controller-manager/app/certificates.go +++ b/cmd/kube-controller-manager/app/certificates.go @@ -143,6 +143,7 @@ func startRootCACertPublisher(ctx ControllerContext) (http.Handler, bool, error) sac, err := rootcacertpublisher.NewPublisher( ctx.InformerFactory.Core().V1().ConfigMaps(), + ctx.InformerFactory.Core().V1().Namespaces(), ctx.ClientBuilder.ClientOrDie("root-ca-cert-publisher"), rootCA, ) diff --git a/pkg/controller/certificates/rootcacertpublisher/publisher.go b/pkg/controller/certificates/rootcacertpublisher/publisher.go index 2da38db463..a1004ca793 100644 --- a/pkg/controller/certificates/rootcacertpublisher/publisher.go +++ b/pkg/controller/certificates/rootcacertpublisher/publisher.go @@ -43,7 +43,7 @@ const RootCACertCofigMapName = "kube-root-ca.crt" // NewPublisher construct a new controller which would manage the configmap // which stores certificates in each namespace. It will make sure certificate // configmap exists in each namespace. -func NewPublisher(cmInformer coreinformers.ConfigMapInformer, cl clientset.Interface, rootCA []byte) (*Publisher, error) { +func NewPublisher(cmInformer coreinformers.ConfigMapInformer, nsInformer coreinformers.NamespaceInformer, cl clientset.Interface, rootCA []byte) (*Publisher, error) { e := &Publisher{ client: cl, rootCA: rootCA, @@ -62,6 +62,12 @@ func NewPublisher(cmInformer coreinformers.ConfigMapInformer, cl clientset.Inter e.cmLister = cmInformer.Lister() e.cmListerSynced = cmInformer.Informer().HasSynced + nsInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ + AddFunc: e.namespaceAdded, + UpdateFunc: e.namespaceUpdated, + }) + e.nsListerSynced = nsInformer.Informer().HasSynced + e.syncHandler = e.syncNamespace return e, nil @@ -79,6 +85,8 @@ type Publisher struct { cmLister corelisters.ConfigMapLister cmListerSynced cache.InformerSynced + nsListerSynced cache.InformerSynced + queue workqueue.RateLimitingInterface } diff --git a/pkg/controller/certificates/rootcacertpublisher/publisher_test.go b/pkg/controller/certificates/rootcacertpublisher/publisher_test.go index 2bf9c909ff..4d8484ec7c 100644 --- a/pkg/controller/certificates/rootcacertpublisher/publisher_test.go +++ b/pkg/controller/certificates/rootcacertpublisher/publisher_test.go @@ -120,7 +120,8 @@ func TestConfigMapCreation(t *testing.T) { client := fake.NewSimpleClientset(caConfigMap, existNS) informers := informers.NewSharedInformerFactory(fake.NewSimpleClientset(), controller.NoResyncPeriodFunc()) cmInformer := informers.Core().V1().ConfigMaps() - controller, err := NewPublisher(cmInformer, client, fakeRootCA) + nsInformer := informers.Core().V1().Namespaces() + controller, err := NewPublisher(cmInformer, nsInformer, client, fakeRootCA) if err != nil { t.Fatalf("error creating ServiceAccounts controller: %v", err) }