From 1c17f05b8ee669ad309ad344dc443b0ae919328a Mon Sep 17 00:00:00 2001
From: Derek Nola <derek.nola@suse.com>
Date: Tue, 2 Aug 2022 14:08:06 -0700
Subject: [PATCH] Fix secrets reencryption for 8K+ secrets (#5936)

Signed-off-by: Derek Nola <derek.nola@suse.com>
---
 pkg/secretsencrypt/controller.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkg/secretsencrypt/controller.go b/pkg/secretsencrypt/controller.go
index 8077c416f2..621d64d964 100644
--- a/pkg/secretsencrypt/controller.go
+++ b/pkg/secretsencrypt/controller.go
@@ -11,6 +11,7 @@ import (
 	coreclient "github.com/rancher/wrangler/pkg/generated/controllers/core/v1"
 	"github.com/sirupsen/logrus"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -215,8 +216,12 @@ func (h *handler) updateSecrets(node *corev1.Node) error {
 	secretPager := pager.New(pager.SimplePageFunc(func(opts metav1.ListOptions) (runtime.Object, error) {
 		return h.secrets.List("", opts)
 	}))
+	secretsList, _, err := secretPager.List(h.ctx, metav1.ListOptions{})
+	if err != nil {
+		return err
+	}
 	i := 0
-	secretPager.EachListItem(h.ctx, metav1.ListOptions{}, func(obj runtime.Object) error {
+	err = meta.EachListItem(secretsList, func(obj runtime.Object) error {
 		if secret, ok := obj.(*corev1.Secret); ok {
 			if _, err := h.secrets.Update(secret); err != nil {
 				return fmt.Errorf("failed to reencrypted secret: %v", err)
@@ -228,6 +233,9 @@ func (h *handler) updateSecrets(node *corev1.Node) error {
 		}
 		return nil
 	})
+	if err != nil {
+		return err
+	}
 	h.recorder.Eventf(nodeRef, corev1.EventTypeNormal, secretsUpdateCompleteEvent, "completed reencrypt of %d secrets", i)
 	return nil
 }