Skip to content

Commit

Permalink
Bug 1821666: thanos ruler secret cleanup
Browse files Browse the repository at this point in the history 
Fix cleanup of thanos rule grpc tls secret.
  • Loading branch information
@pgier
pgier committed Apr 23, 2020
1 parent 366dd8d commit f7f7ca6
Showing 1 changed file with 21 additions and 2 deletions.
23 changes: 21 additions & 2 deletions pkg/tasks/thanos_ruler_user_workload.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -393,9 +393,28 @@ func (t *ThanosRulerUserWorkloadTask) destroy() error {
return errors.Wrap(err, "initializing UserWorkload Thanos Ruler GRPC secret failed")
}

err = t.client.DeleteSecret(grpcTLS)
grpcTLS, err = t.client.WaitForSecret(grpcTLS)
if err != nil {
return errors.Wrap(err, "deleting Thanos Ruler GRPC secret failed")
return errors.Wrap(err, "waiting for UserWorkload Thanos Ruler GRPC secret failed")
}

s, err = t.factory.ThanosRulerGrpcTLSSecret()
if err != nil {
return errors.Wrap(err, "error initializing UserWorkload Thanos Ruler GRPC TLS secret")
}

s, err = t.factory.HashSecret(s,
"ca.crt", string(grpcTLS.Data["ca.crt"]),
"server.crt", string(grpcTLS.Data["prometheus-server.crt"]),
"server.key", string(grpcTLS.Data["prometheus-server.key"]),
)
if err != nil {
return errors.Wrap(err, "error hashing UserWorkload Thanos Ruler GRPC TLS secret")
}

err = t.client.DeleteSecret(s)
if err != nil {
return errors.Wrap(err, "error deleting UserWorkload Thanos Ruler GRPC TLS secret")
}

acs, err := t.factory.ThanosRulerAlertmanagerConfigSecret()
Expand Down

0 comments on commit f7f7ca6

Please sign in to comment.