mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
fix: use new client in tls package (#4746)
* fix: use new client in tls package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix import Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
1c337bdf44
commit
13ce3f55ed
2 changed files with 10 additions and 7 deletions
|
|
@ -437,7 +437,10 @@ func main() {
|
||||||
policyCacheController := policycachecontroller.NewController(policyCache, kyvernoV1.ClusterPolicies(), kyvernoV1.Policies())
|
policyCacheController := policycachecontroller.NewController(policyCache, kyvernoV1.ClusterPolicies(), kyvernoV1.Policies())
|
||||||
|
|
||||||
certRenewer, err := tls.NewCertRenewer(
|
certRenewer, err := tls.NewCertRenewer(
|
||||||
kubeClient,
|
metrics.ObjectClient[*corev1.Secret](
|
||||||
|
metrics.NamespacedClientQueryRecorder(metricsConfig, config.KyvernoNamespace(), "Secret", metrics.KubeClient),
|
||||||
|
kubeClient.CoreV1().Secrets(config.KyvernoNamespace()),
|
||||||
|
),
|
||||||
clientConfig,
|
clientConfig,
|
||||||
tls.CertRenewalInterval,
|
tls.CertRenewalInterval,
|
||||||
tls.CAValidityDuration,
|
tls.CAValidityDuration,
|
||||||
|
|
|
||||||
|
|
@ -10,10 +10,10 @@ import (
|
||||||
"github.com/go-logr/logr"
|
"github.com/go-logr/logr"
|
||||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
"github.com/kyverno/kyverno/pkg/config"
|
"github.com/kyverno/kyverno/pkg/config"
|
||||||
|
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/client-go/kubernetes"
|
|
||||||
"k8s.io/client-go/rest"
|
"k8s.io/client-go/rest"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -33,7 +33,7 @@ const (
|
||||||
// webhook configurations and webhook server
|
// webhook configurations and webhook server
|
||||||
// renews RootCA at the given interval
|
// renews RootCA at the given interval
|
||||||
type CertRenewer struct {
|
type CertRenewer struct {
|
||||||
client kubernetes.Interface
|
client controllerutils.ObjectClient[*corev1.Secret]
|
||||||
certRenewalInterval time.Duration
|
certRenewalInterval time.Duration
|
||||||
caValidityDuration time.Duration
|
caValidityDuration time.Duration
|
||||||
tlsValidityDuration time.Duration
|
tlsValidityDuration time.Duration
|
||||||
|
|
@ -44,7 +44,7 @@ type CertRenewer struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewCertRenewer returns an instance of CertRenewer
|
// NewCertRenewer returns an instance of CertRenewer
|
||||||
func NewCertRenewer(client kubernetes.Interface, clientConfig *rest.Config, certRenewalInterval, caValidityDuration, tlsValidityDuration time.Duration, serverIP string, log logr.Logger) (*CertRenewer, error) {
|
func NewCertRenewer(client controllerutils.ObjectClient[*corev1.Secret], clientConfig *rest.Config, certRenewalInterval, caValidityDuration, tlsValidityDuration time.Duration, serverIP string, log logr.Logger) (*CertRenewer, error) {
|
||||||
certProps, err := newCertificateProps(clientConfig)
|
certProps, err := newCertificateProps(clientConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
@ -152,7 +152,7 @@ func (c *CertRenewer) ValidateCert() (bool, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *CertRenewer) getSecret(name string) (*corev1.Secret, error) {
|
func (c *CertRenewer) getSecret(name string) (*corev1.Secret, error) {
|
||||||
if s, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Get(context.TODO(), name, metav1.GetOptions{}); err != nil {
|
if s, err := c.client.Get(context.TODO(), name, metav1.GetOptions{}); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
} else {
|
} else {
|
||||||
return s, nil
|
return s, nil
|
||||||
|
|
@ -226,14 +226,14 @@ func (c *CertRenewer) writeSecret(name string, key *rsa.PrivateKey, certs ...*x5
|
||||||
corev1.TLSPrivateKeyKey: privateKeyToPem(key),
|
corev1.TLSPrivateKeyKey: privateKeyToPem(key),
|
||||||
}
|
}
|
||||||
if secret.ResourceVersion == "" {
|
if secret.ResourceVersion == "" {
|
||||||
if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Create(context.TODO(), secret, metav1.CreateOptions{}); err != nil {
|
if _, err := c.client.Create(context.TODO(), secret, metav1.CreateOptions{}); err != nil {
|
||||||
logger.Error(err, "failed to update secret")
|
logger.Error(err, "failed to update secret")
|
||||||
return err
|
return err
|
||||||
} else {
|
} else {
|
||||||
logger.Info("secret created")
|
logger.Info("secret created")
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if _, err := c.client.CoreV1().Secrets(config.KyvernoNamespace()).Update(context.TODO(), secret, metav1.UpdateOptions{}); err != nil {
|
if _, err := c.client.Update(context.TODO(), secret, metav1.UpdateOptions{}); err != nil {
|
||||||
logger.Error(err, "failed to update secret")
|
logger.Error(err, "failed to update secret")
|
||||||
return err
|
return err
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue