github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Ignore value conflicts when reencrypting secrets (#6919) 

* Ignore conflict secrets

Signed-off-by: Derek Nola <derek.nola@suse.com>
pull/6936/head
Derek Nola 2023-02-08 12:14:22 -08:00 committed by GitHub
parent 8fc229521a
commit 4944776f88
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/secretsencrypt/controller.go
View File

@ -11,6 +11,7 @@ import (
coreclient "github.com/rancher/wrangler/pkg/generated/controllers/core/v1" coreclient "github.com/rancher/wrangler/pkg/generated/controllers/core/v1"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
@ -223,8 +224,8 @@ func (h *handler) updateSecrets(node *corev1.Node) error {
i := 0 i := 0
err = meta.EachListItem(secretsList, func(obj runtime.Object) error { err = meta.EachListItem(secretsList, func(obj runtime.Object) error {
if secret, ok := obj.(*corev1.Secret); ok { if secret, ok := obj.(*corev1.Secret); ok {
if _, err := h.secrets.Update(secret); err != nil { if _, err := h.secrets.Update(secret); err != nil && !apierrors.IsConflict(err) {
return fmt.Errorf("failed to reencrypted secret: %v", err) return fmt.Errorf("failed to update secret: %v", err)
} }
if i != 0 && i%10 == 0 { if i != 0 && i%10 == 0 {
h.recorder.Eventf(nodeRef, corev1.EventTypeNormal, secretsProgressEvent, "reencrypted %d secrets", i) h.recorder.Eventf(nodeRef, corev1.EventTypeNormal, secretsProgressEvent, "reencrypted %d secrets", i)