UPSTREAM: <carry>: Ensure service ca is mounted for projected tokens

openshift · Dec 4, 2023 · b46b771 · b46b771
1 parent 3378e5e
commit b46b771
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/cmd/kube-controller-manager/app/certificates.go b/cmd/kube-controller-manager/app/certificates.go
@@ -226,7 +226,15 @@ func startRootCACertificatePublisherController(ctx context.Context, controllerCo
 	return nil, true, nil
 }
 
-func startServiceCACertPublisher(ctx context.Context, controllerContext ControllerContext) (controller.Interface, bool, error) {
+func newServiceCACertPublisher() *ControllerDescriptor {
+	return &ControllerDescriptor{
+		name:     names.ServiceCACertificatePublisherController,
+		aliases:  []string{"service-ca-cert-publisher"},
+		initFunc: startServiceCACertPublisher,
+	}
+}
+
+func startServiceCACertPublisher(ctx context.Context, controllerContext ControllerContext, controllerName string) (controller.Interface, bool, error) {
 	sac, err := servicecacertpublisher.NewPublisher(
 		controllerContext.InformerFactory.Core().V1().ConfigMaps(),
 		controllerContext.InformerFactory.Core().V1().Namespaces(),

diff --git a/cmd/kube-controller-manager/app/controllermanager.go b/cmd/kube-controller-manager/app/controllermanager.go
@@ -594,6 +594,7 @@ func NewControllerDescriptors() map[string]*ControllerDescriptor {
 	register(newPersistentVolumeProtectionControllerDescriptor())
 	register(newTTLAfterFinishedControllerDescriptor())
 	register(newRootCACertificatePublisherControllerDescriptor())
+	register(newServiceCACertPublisher())
 	register(newEphemeralVolumeControllerDescriptor())
 
 	// feature gated