Added ability for vSphere to reconnect on secret update

staging/src/k8s.io/legacy-cloud-providers/vsphere/BUILD

@@ -79,6 +79,7 @@ go_test(
         "//vendor/github.com/vmware/govmomi/vapi/tags:go_default_library",
         "//vendor/github.com/vmware/govmomi/vim25/mo:go_default_library",
         "//vendor/github.com/vmware/govmomi/vim25/types:go_default_library",
+        "//vendor/k8s.io/klog/v2:go_default_library",
     ],
 )
 

staging/src/k8s.io/legacy-cloud-providers/vsphere/nodemanager.go

@@ -281,13 +281,45 @@ func (nm *NodeManager) removeNode(node *v1.Node) {
 //
 // This method is a getter but it can cause side-effect of updating NodeInfo object.
 func (nm *NodeManager) GetNodeInfo(nodeName k8stypes.NodeName) (NodeInfo, error) {
-	getNodeInfo := func(nodeName k8stypes.NodeName) *NodeInfo {
-		nm.nodeInfoLock.RLock()
-		nodeInfo := nm.nodeInfoMap[convertToString(nodeName)]
-		nm.nodeInfoLock.RUnlock()
-		return nodeInfo
+	return nm.getRefreshedNodeInfo(nodeName)
+}
+
+// GetNodeDetails returns NodeDetails for all the discovered nodes.
+//
+// This method is a getter but it can cause side-effect of updating NodeInfo objects.
+func (nm *NodeManager) GetNodeDetails() ([]NodeDetails, error) {
+	nm.registeredNodesLock.Lock()
+	defer nm.registeredNodesLock.Unlock()
+	var nodeDetails []NodeDetails
+
+	for nodeName, nodeObj := range nm.registeredNodes {
+		nodeInfo, err := nm.GetNodeInfoWithNodeObject(nodeObj)
+		if err != nil {
+			return nil, err
+		}
+		klog.V(4).Infof("Updated NodeInfo %v for node %q.", nodeInfo, nodeName)
+		nodeDetails = append(nodeDetails, NodeDetails{nodeName, nodeInfo.vm, nodeInfo.vmUUID, nodeInfo.zone})
 	}
-	nodeInfo := getNodeInfo(nodeName)
+	return nodeDetails, nil
+}
+
+func (nm *NodeManager) refreshNodes() (errList []error) {
+	nm.registeredNodesLock.Lock()
+	defer nm.registeredNodesLock.Unlock()
+
+	for nodeName := range nm.registeredNodes {
+		nodeInfo, err := nm.getRefreshedNodeInfo(convertToK8sType(nodeName))
+		if err != nil {
+			errList = append(errList, err)
+			continue
+		}
+		klog.V(4).Infof("Updated NodeInfo %v for node %q.", nodeInfo, nodeName)
+	}
+	return errList
+}
+
+func (nm *NodeManager) getRefreshedNodeInfo(nodeName k8stypes.NodeName) (NodeInfo, error) {
+	nodeInfo := nm.getNodeInfo(nodeName)
 	var err error
 	if nodeInfo == nil {
 		// Rediscover node if no NodeInfo found.
@@ -297,7 +329,7 @@ func (nm *NodeManager) GetNodeInfo(nodeName k8stypes.NodeName) (NodeInfo, error)
 			klog.Errorf("Error %q node info for node %q not found", err, convertToString(nodeName))
 			return NodeInfo{}, err
 		}
-		nodeInfo = getNodeInfo(nodeName)
+		nodeInfo = nm.getNodeInfo(nodeName)
 	} else {
 		// Renew the found NodeInfo to avoid stale vSphere connection.
 		klog.V(4).Infof("Renewing NodeInfo %+v for node %q", nodeInfo, convertToString(nodeName))
@@ -311,31 +343,19 @@ func (nm *NodeManager) GetNodeInfo(nodeName k8stypes.NodeName) (NodeInfo, error)
 	return *nodeInfo, nil
 }
 
-// GetNodeDetails returns NodeDetails for all the discovered nodes.
-//
-// This method is a getter but it can cause side-effect of updating NodeInfo objects.
-func (nm *NodeManager) GetNodeDetails() ([]NodeDetails, error) {
-	nm.registeredNodesLock.Lock()
-	defer nm.registeredNodesLock.Unlock()
-	var nodeDetails []NodeDetails
-
-	for nodeName, nodeObj := range nm.registeredNodes {
-		nodeInfo, err := nm.GetNodeInfoWithNodeObject(nodeObj)
-		if err != nil {
-			return nil, err
-		}
-		klog.V(4).Infof("Updated NodeInfo %v for node %q.", nodeInfo, nodeName)
-		nodeDetails = append(nodeDetails, NodeDetails{nodeName, nodeInfo.vm, nodeInfo.vmUUID, nodeInfo.zone})
-	}
-	return nodeDetails, nil
-}
-
 func (nm *NodeManager) addNodeInfo(nodeName string, nodeInfo *NodeInfo) {
 	nm.nodeInfoLock.Lock()
 	nm.nodeInfoMap[nodeName] = nodeInfo
 	nm.nodeInfoLock.Unlock()
 }
 
+func (nm *NodeManager) getNodeInfo(nodeName k8stypes.NodeName) *NodeInfo {
+	nm.nodeInfoLock.RLock()
+	nodeInfo := nm.nodeInfoMap[convertToString(nodeName)]
+	nm.nodeInfoLock.RUnlock()
+	return nodeInfo
+}
+
 func (nm *NodeManager) GetVSphereInstance(nodeName k8stypes.NodeName) (VSphereInstance, error) {
 	nodeInfo, err := nm.GetNodeInfo(nodeName)
 	if err != nil {
@@ -417,35 +437,7 @@ func (nm *NodeManager) vcConnect(ctx context.Context, vsphereInstance *VSphereIn
 //
 // This method is a getter but it can cause side-effect of updating NodeInfo object.
 func (nm *NodeManager) GetNodeInfoWithNodeObject(node *v1.Node) (NodeInfo, error) {
-	nodeName := node.Name
-	getNodeInfo := func(nodeName string) *NodeInfo {
-		nm.nodeInfoLock.RLock()
-		nodeInfo := nm.nodeInfoMap[nodeName]
-		nm.nodeInfoLock.RUnlock()
-		return nodeInfo
-	}
-	nodeInfo := getNodeInfo(nodeName)
-	var err error
-	if nodeInfo == nil {
-		// Rediscover node if no NodeInfo found.
-		klog.V(4).Infof("No VM found for node %q. Initiating rediscovery.", nodeName)
-		err = nm.DiscoverNode(node)
-		if err != nil {
-			klog.Errorf("Error %q node info for node %q not found", err, nodeName)
-			return NodeInfo{}, err
-		}
-		nodeInfo = getNodeInfo(nodeName)
-	} else {
-		// Renew the found NodeInfo to avoid stale vSphere connection.
-		klog.V(4).Infof("Renewing NodeInfo %+v for node %q", nodeInfo, nodeName)
-		nodeInfo, err = nm.renewNodeInfo(nodeInfo, true)
-		if err != nil {
-			klog.Errorf("Error %q occurred while renewing NodeInfo for %q", err, nodeName)
-			return NodeInfo{}, err
-		}
-		nm.addNodeInfo(nodeName, nodeInfo)
-	}
-	return *nodeInfo, nil
+	return nm.getRefreshedNodeInfo(convertToK8sType(node.Name))
 }
 
 func (nm *NodeManager) CredentialManager() *SecretCredentialManager {

staging/src/k8s.io/legacy-cloud-providers/vsphere/vsphere.go

@@ -28,6 +28,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"reflect"
 	"runtime"
 	"strings"
 	"sync"
@@ -98,6 +99,7 @@ type VSphere struct {
 	nodeManager          *NodeManager
 	vmUUID               string
 	isSecretInfoProvided bool
+	isSecretManaged      bool
 }
 
 // Represents a vSphere instance where one or more kubernetes nodes are running.
@@ -175,6 +177,8 @@ type VSphereConfig struct {
 		SecretName string `gcfg:"secret-name"`
 		// Secret Namespace where secret will be present that has vCenter credentials.
 		SecretNamespace string `gcfg:"secret-namespace"`
+		// Secret changes being ingnored for cloud resources
+		SecretNotManaged bool `gcfg:"secret-not-managed"`
 	}
 
 	VirtualCenter map[string]*VirtualCenterConfig
@@ -276,6 +280,15 @@ func (vs *VSphere) SetInformers(informerFactory informers.SharedInformerFactory)
 				VirtualCenter: make(map[string]*Credential),
 			},
 		}
+		if vs.isSecretManaged {
+			klog.V(4).Infof("Setting up secret informers for vSphere Cloud Provider")
+			secretInformer := informerFactory.Core().V1().Secrets().Informer()
+			secretInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
+				AddFunc:    vs.SecretAdded,
+				UpdateFunc: vs.SecretUpdated,
+			})
+			klog.V(4).Infof("Secret informers in vSphere cloud provider initialized")
+		}
 		vs.nodeManager.UpdateCredentialManager(secretCredentialManager)
 	}
 
@@ -530,6 +543,7 @@ func buildVSphereFromConfig(cfg VSphereConfig) (*VSphere, error) {
 			registeredNodes:    make(map[string]*v1.Node),
 		},
 		isSecretInfoProvided: isSecretInfoProvided,
+		isSecretManaged:      !cfg.Global.SecretNotManaged,
 		cfg:                  &cfg,
 	}
 	return &vs, nil
@@ -1502,6 +1516,54 @@ func (vs *VSphere) NodeDeleted(obj interface{}) {
 	}
 }
 
+// Notification handler when credentials secret is added.
+func (vs *VSphere) SecretAdded(obj interface{}) {
+	secret, ok := obj.(*v1.Secret)
+	if secret == nil || !ok {
+		klog.Warningf("Unrecognized secret object %T", obj)
+		return
+	}
+
+	if secret.Name != vs.cfg.Global.SecretName ||
+		secret.Namespace != vs.cfg.Global.SecretNamespace {
+		return
+	}
+
+	klog.V(4).Infof("secret added: %+v", obj)
+	vs.refreshNodesForSecretChange()
+}
+
+// Notification handler when credentials secret is updated.
+func (vs *VSphere) SecretUpdated(obj interface{}, newObj interface{}) {
+	oldSecret, ok := obj.(*v1.Secret)
+	if oldSecret == nil || !ok {
+		klog.Warningf("Unrecognized secret object %T", obj)
+		return
+	}
+
+	secret, ok := newObj.(*v1.Secret)
+	if secret == nil || !ok {
+		klog.Warningf("Unrecognized secret object %T", newObj)
+		return
+	}
+
+	if secret.Name != vs.cfg.Global.SecretName ||
+		secret.Namespace != vs.cfg.Global.SecretNamespace ||
+		reflect.DeepEqual(secret.Data, oldSecret.Data) {
+		return
+	}
+
+	klog.V(4).Infof("secret updated: %+v", newObj)
+	vs.refreshNodesForSecretChange()
+}
+
+func (vs *VSphere) refreshNodesForSecretChange() {
+	err := vs.nodeManager.refreshNodes()
+	if err != nil {
+		klog.Errorf("failed to rediscover nodes: %v", err)
+	}
+}
+
 func (vs *VSphere) NodeManager() (nodeManager *NodeManager) {
 	if vs == nil {
 		return nil