github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

controller: a couple of fixes for csr 

Fixes:
* delete resource handler wasn't taking into account tombstones
* csr would requeue twice on update failure
pull/6/head
Michail Kargakis 2016-09-18 22:48:46 +02:00
parent 4b5c74eed8
commit 2fd3c490df
1 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pkg/controller/certificates/controller.go
View File

@ -49,8 +49,6 @@ type CertificateController struct {
csrController *cache.Controller
csrStore cache.StoreToCertificateRequestLister
// To allow injection of updateCertificateRequestStatus for testing.
updateHandler func(csr *certificates.CertificateSigningRequest) error
syncHandler func(csrKey string) error
approveAllKubeletCSRsForGroup string
@ -107,7 +105,19 @@ func NewCertificateController(kubeClient clientset.Interface, syncPeriod time.Du
cc.enqueueCertificateRequest(new)
},
DeleteFunc: func(obj interface{}) {
csr := obj.(*certificates.CertificateSigningRequest)
csr, ok := obj.(*certificates.CertificateSigningRequest)
if !ok {
tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
if !ok {
glog.V(2).Infof("Couldn't get object from tombstone %#v", obj)
return
}
csr, ok = tombstone.Obj.(*certificates.CertificateSigningRequest)
if !ok {
glog.V(2).Infof("Tombstone contained object that is not a CSR: %#v", obj)
return
}
}
glog.V(4).Infof("Deleting certificate request %s", csr.Name)
cc.enqueueCertificateRequest(obj)
},
@ -166,18 +176,6 @@ func (cc *CertificateController) enqueueCertificateRequest(obj interface{}) {
cc.queue.Add(key)
}
func (cc *CertificateController) updateCertificateRequestStatus(csr *certificates.CertificateSigningRequest) error {
_, updateErr := cc.kubeClient.Certificates().CertificateSigningRequests().UpdateStatus(csr)
if updateErr == nil {
// success!
return nil
}
// retry on failure
cc.enqueueCertificateRequest(csr)
return updateErr
}
// maybeSignCertificate will inspect the certificate request and, if it has
// been approved and meets policy expectations, generate an X509 cert using the
// cluster CA assets. If successful it will update the CSR approve subresource
@ -217,7 +215,8 @@ func (cc *CertificateController) maybeSignCertificate(key string) error {
csr.Status.Certificate = certBytes
}
return cc.updateCertificateRequestStatus(csr)
_, err = cc.kubeClient.Certificates().CertificateSigningRequests().UpdateStatus(csr)
return err
}
func (cc *CertificateController) maybeAutoApproveCSR(csr *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error) {