-
Notifications
You must be signed in to change notification settings - Fork 0
/
secret_controller.go
104 lines (93 loc) · 2.6 KB
/
secret_controller.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package secretcontroller
import (
"context"
"reflect"
"strings"
"time"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
coreinformersv1 "k8s.io/client-go/informers/core/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/klog/v2"
"github.com/openshift/library-go/pkg/controller/factory"
"github.com/openshift/library-go/pkg/operator/events"
apierrors "k8s.io/apimachinery/pkg/api/errors"
)
// SecretController is a generic controller that manages a deployment.
type SecretController struct {
name string
kubeClient kubernetes.Interface
// operatorClient v1helpers.OperatorClientWithFinalizers
secretInformer coreinformersv1.SecretInformer
}
func NewSecretController(
name string,
recorder events.Recorder,
// operatorClient v1helpers.OperatorClientWithFinalizers,
kubeClient kubernetes.Interface,
secretInformer coreinformersv1.SecretInformer,
optionalInformers []factory.Informer,
) factory.Controller {
c := &SecretController{
name: name,
// operatorClient: operatorClient,
kubeClient: kubeClient,
secretInformer: secretInformer,
}
informers := append(
optionalInformers,
// operatorClient.Informer(),
secretInformer.Informer(),
)
return factory.New().WithInformers(
informers...,
).WithSync(
c.sync,
).ResyncEvery(
time.Minute,
// ).WithSyncDegradedOnError(
// operatorClient,
).ToController(
c.name,
recorder.WithComponentSuffix(strings.ToLower(name)+"-controller-"),
)
}
func (c *SecretController) Name() string {
return c.name
}
func (c *SecretController) sync(ctx context.Context, syncContext factory.SyncContext) error {
// Sync awsCred
awsCred := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "my-aws-cred",
Namespace: "kube-system",
},
Data: map[string][]byte{
"aws_access_key_id": {1, 2, 3, 4},
"aws_secret_access_key": {1, 2, 3, 4},
},
}
// Ensure awsCred always exists
gotSec, err := c.secretInformer.Lister().Secrets("kube-system").Get(awsCred.Name)
if err != nil {
if apierrors.IsNotFound(err) {
klog.Info("Creating kube-system/my-aws-cred secret")
if _, err := c.kubeClient.CoreV1().Secrets("kube-system").Create(ctx, awsCred, metav1.CreateOptions{}); err != nil {
return err
}
} else {
return err
}
} else {
// If gotSec exists, compare its data with awsCred and update if necessary
if !reflect.DeepEqual(gotSec.Data, awsCred.Data) {
klog.Info("Updating kube-system/my-aws-cred secret")
gotSec.Data = awsCred.Data
_, err := c.kubeClient.CoreV1().Secrets("kube-system").Update(ctx, gotSec, metav1.UpdateOptions{})
if err != nil {
return err
}
}
}
return nil
}