Run cert-rotation controller as a sidecar in the operator too

openshift · Apr 25, 2024 · 9e56192 · 9e56192
1 parent 5aca194
commit 9e56192
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 20 deletions.
diff --git a/manifests/0000_20_kube-apiserver-operator_06_deployment.yaml b/manifests/0000_20_kube-apiserver-operator_06_deployment.yaml
@@ -72,6 +72,18 @@ spec:
             fieldRef:
               fieldPath: metadata.name
         terminationMessagePolicy: FallbackToLogsOnError
+      - name: cert-regeneration-controller
+        image: docker.io/openshift/origin-cluster-kube-apiserver-operator:v4.0
+        imagePullPolicy: IfNotPresent
+        terminationMessagePolicy: FallbackToLogsOnError
+        command: ["cluster-kube-apiserver-operator", "cert-regeneration-controller"]
+        args:
+          - --namespace=openshift-kube-apiserver
+          - -v=2
+        resources:
+          requests:
+            memory: 50Mi
+            cpu: 5m
       volumes:
       - name: serving-cert
         secret:

diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go
@@ -17,7 +17,6 @@ import (
 	operatorcontrolplaneclient "github.com/openshift/client-go/operatorcontrolplane/clientset/versioned"
 	"github.com/openshift/cluster-kube-apiserver-operator/bindata"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/boundsatokensignercontroller"
-	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/certrotationcontroller"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/certrotationtimeupgradeablecontroller"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configmetrics"
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/configobservation/configobservercontroller"
@@ -36,7 +35,6 @@ import (
 	"github.com/openshift/cluster-kube-apiserver-operator/pkg/operator/workloadpartitioning"
 	"github.com/openshift/library-go/pkg/controller/controllercmd"
 	"github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy"
-	"github.com/openshift/library-go/pkg/operator/certrotation"
 	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	"github.com/openshift/library-go/pkg/operator/encryption"
 	"github.com/openshift/library-go/pkg/operator/encryption/controllers/migrators"
@@ -315,23 +313,6 @@ func RunOperator(ctx context.Context, controllerContext *controllercmd.Controlle
 		controllerContext.EventRecorder,
 	)
 
-	certRotationScale, err := certrotation.GetCertRotationScale(ctx, kubeClient, operatorclient.GlobalUserSpecifiedConfigNamespace)
-	if err != nil {
-		return err
-	}
-
-	certRotationController, err := certrotationcontroller.NewCertRotationController(
-		kubeClient,
-		operatorClient,
-		configInformers,
-		kubeInformersForNamespaces,
-		controllerContext.EventRecorder.WithComponentSuffix("cert-rotation-controller"),
-		certRotationScale,
-	)
-	if err != nil {
-		return err
-	}
-
 	staticPodNodeProvider := encryptiondeployer.StaticPodNodeProvider{OperatorClient: operatorClient}
 	deployer, err := encryptiondeployer.NewRevisionLabelPodDeployer("revision", operatorclient.TargetNamespace, kubeInformersForNamespaces, kubeClient.CoreV1(), kubeClient.CoreV1(), staticPodNodeProvider)
 	if err != nil {
@@ -463,7 +444,6 @@ func RunOperator(ctx context.Context, controllerContext *controllercmd.Controlle
 	go nodeKubeconfigController.Run(ctx, 1)
 	go configObserver.Run(ctx, 1)
 	go clusterOperatorStatus.Run(ctx, 1)
-	go certRotationController.Run(ctx, 1)
 	go encryptionControllers.Run(ctx, 1)
 	go certRotationTimeUpgradeableController.Run(ctx, 1)
 	go terminationObserver.Run(ctx, 1)