encryption-controller: sync secrets conditionally

Update the version of library-go to include the latest changes that allow the encryption controller to synchronize the encryption-config secret only when the encryption controller should be run. This prevents the secrets from being unnecessarily deleted in the apiserver namespace whenever it doesn't exist in the config-managed namespace. Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
openshift · Dec 6, 2021 · cbfaa38 · cbfaa38
1 parent 42e684f
commit cbfaa38
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go
@@ -121,7 +121,7 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 	versionRecorder.SetVersion("operator", os.Getenv("OPERATOR_IMAGE_VERSION"))
 
 	openshiftNodeProvider := encryptiondeployer.NewDeploymentNodeProvider(operatorclient.TargetNamespace, kubeInformersForNamespaces)
-	openshiftDeployer, err := encryptiondeployer.NewRevisionLabelPodDeployer("revision", operatorclient.TargetNamespace, kubeInformersForNamespaces, resourceSyncController, kubeClient.CoreV1(), kubeClient.CoreV1(), openshiftNodeProvider)
+	openshiftDeployer, err := encryptiondeployer.NewRevisionLabelPodDeployer("revision", operatorclient.TargetNamespace, kubeInformersForNamespaces, kubeClient.CoreV1(), kubeClient.CoreV1(), openshiftNodeProvider)
 	if err != nil {
 		return err
 	}
@@ -228,6 +228,7 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 		configClient.ConfigV1().APIServers(),
 		configInformers.Config().V1().APIServers(),
 		kubeInformersForNamespaces,
+		resourceSyncController,
 	).WithSecretRevisionPruneController(
 		operatorclient.TargetNamespace,
 		[]string{"encryption-config-"},