Use a revision tracker to reconcile on KCerts

knative · Jan 18, 2024 · 8a08a96 · 8a08a96
1 parent 67cf527
commit 8a08a96
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/pkg/reconciler/revision/controller.go b/pkg/reconciler/revision/controller.go
@@ -108,6 +108,8 @@ func newControllerWithOptions(
 		return controller.Options{ConfigStore: configStore}
 	})
 
+	c.tracker = impl.Tracker
+
 	transport := http.DefaultTransport
 	if rt, err := newResolverTransport(k8sCertPath, digestResolutionWorkers, digestResolutionWorkers); err != nil {
 		logging.FromContext(ctx).Errorw("Failed to create resolver transport", zap.Error(err))
@@ -136,7 +138,15 @@ func newControllerWithOptions(
 	}
 	deploymentInformer.Informer().AddEventHandler(handleMatchingControllers)
 	paInformer.Informer().AddEventHandler(handleMatchingControllers)
-	certificateInformer.Informer().AddEventHandler(handleMatchingControllers)
+	certificateInformer.Informer().AddEventHandler(controller.HandleAll(
+		// Call the tracker's OnChanged method, but we've seen the objects
+		// coming through this path missing TypeMeta, so ensure it is properly
+		// populated.
+		controller.EnsureTypeMeta(
+			c.tracker.OnChanged,
+			v1.SchemeGroupVersion.WithKind("Certificate"),
+		),
+	))
 
 	// We don't watch for changes to Image because we don't incorporate any of its
 	// properties into our own status and should work completely in the absence of

diff --git a/pkg/reconciler/revision/reconcile_resources.go b/pkg/reconciler/revision/reconcile_resources.go
@@ -21,6 +21,7 @@ import (
 	"fmt"
 
 	"go.uber.org/zap"
+	"knative.dev/pkg/tracker"
 	networkingaccessor "knative.dev/serving/pkg/reconciler/accessor/networking"
 
 	appsv1 "k8s.io/api/apps/v1"
@@ -229,7 +230,7 @@ func (c *Reconciler) reconcileQueueProxyCertificate(ctx context.Context, rev *v1
 	}
 
 	desiredCert := resources.MakeQueueProxyCertificate(owningNs, certClass)
-	_, err = networkingaccessor.ReconcileCertificate(ctx, owningNs, desiredCert, c)
+	cert, err := networkingaccessor.ReconcileCertificate(ctx, owningNs, desiredCert, c)
 	if err != nil {
 		return fmt.Errorf("failed to reconcile Knative certificate %s/%s: %w", ns, networking.ServingCertName, err)
 	}
@@ -249,5 +250,17 @@ func (c *Reconciler) reconcileQueueProxyCertificate(ctx context.Context, rev *v1
 		return fmt.Errorf("certificate in secret %s/%s is not ready yet: private key not found", ns, networking.ServingCertName)
 	}
 
+	// Tell our trackers to reconcile when the KnativeCertificate changes
+	gvk := rev.GetGroupVersionKind()
+	apiVersion, kind := gvk.ToAPIVersionAndKind()
+	if err := c.tracker.TrackReference(tracker.Reference{
+		APIVersion: apiVersion,
+		Kind:       kind,
+		Namespace:  cert.GetNamespace(),
+		Name:       cert.GetName(),
+	}, cert); err != nil {
+		return err
+	}
+
 	return nil
 }
diff --git a/pkg/reconciler/revision/revision.go b/pkg/reconciler/revision/revision.go
@@ -32,6 +32,7 @@ import (
 	appsv1listers "k8s.io/client-go/listers/apps/v1"
 	cachingclientset "knative.dev/caching/pkg/client/clientset/versioned"
 	networkingclientset "knative.dev/networking/pkg/client/clientset/versioned"
+	"knative.dev/pkg/tracker"
 	clientset "knative.dev/serving/pkg/client/clientset/versioned"
 
 	revisionreconciler "knative.dev/serving/pkg/client/injection/reconciler/serving/v1/revision"
@@ -66,6 +67,7 @@ type Reconciler struct {
 	deploymentLister    appsv1listers.DeploymentLister
 	certificateLister   networkinglisters.CertificateLister
 
+	tracker  tracker.Interface
 	resolver resolver
 }