fix(kubernetes): Fix multi-instance clouddriver secret churn (#1525)

spinnaker · Apr 6, 2017 · 6dbd979 · 6dbd979
1 parent 16b3f3e
commit 6dbd979
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 10 deletions.
diff --git a/.../main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/api/KubernetesApiAdaptor.groovy b/.../main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/api/KubernetesApiAdaptor.groovy
@@ -361,9 +361,9 @@ class KubernetesApiAdaptor {
     }
   }
 
-  Boolean deleteSecret(String namespace, String secret) {
-    exceptionWrapper("secrets.delete", "Delete Secret $secret", namespace) {
-      client.secrets().inNamespace(namespace).withName(secret).delete()
+  DoneableSecret editSecret(String namespace, String secret) {
+    exceptionWrapper("secrets.edit", "Edit Secret $secret", namespace) {
+      client.secrets().inNamespace(namespace).withName(secret).edit()
     }
   }
 

diff --git a/...n/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentials.java b/...n/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentials.java
@@ -122,12 +122,6 @@ private void reconfigureRegistries(List<String> affectedNamespaces, List<String>
         SecretBuilder secretBuilder = new SecretBuilder();
         String secretName = registry.getAccountName();
 
-        Secret exists = apiAdaptor.getSecret(namespace, secretName);
-        if (exists != null) {
-          LOG.info("Secret for docker registry " + registry.getAccountName() + " in namespace " + namespace + " is being repopulated.");
-          apiAdaptor.deleteSecret(namespace, secretName);
-        }
-
         secretBuilder = secretBuilder.withNewMetadata().withName(secretName).withNamespace(namespace).endMetadata();
 
         HashMap<String, String> secretData = new HashMap<>(1);
@@ -145,7 +139,17 @@ private void reconfigureRegistries(List<String> affectedNamespaces, List<String>
 
         secretBuilder = secretBuilder.withData(secretData).withType("kubernetes.io/dockercfg");
         try {
-          apiAdaptor.createSecret(namespace, secretBuilder.build());
+          Secret newSecret = secretBuilder.build();
+          Secret oldSecret = apiAdaptor.getSecret(namespace, secretName);
+          if (oldSecret != null) {
+            if (oldSecret.getData().equals(newSecret.getData())) {
+              LOG.info("Skipping creation of duplicate secret " + secretName + " in namespace " + namespace);
+            } else {
+              apiAdaptor.editSecret(namespace, secretName).addToData(newSecret.getData()).done();
+            }
+          } else {
+            apiAdaptor.createSecret(namespace, secretBuilder.build());
+          }
         } catch (ConstraintViolationException cve) {
           throw new IllegalStateException("Unable to build secret: " + cve.getMessage() +
                                           " due to violations " + cve.getConstraintViolations(),