mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

refactor: make tls cert func not depending on cert controller (#4820)

Browse source 
* refactor: make tls cert func not depending on cert controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fmt

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* clean

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-10-06 10:43:43 +02:00 committed by GitHub
parent 13ce3f55ed
commit 74172f2079
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
cmd/kyverno/main.go
View file

@ -498,10 +498,17 @@ func main() {
admissionReports, admissionReports,
) )
secretLister := kubeKyvernoInformer.Core().V1().Secrets().Lister()
server := webhooks.NewServer( server := webhooks.NewServer(
policyHandlers, policyHandlers,
resourceHandlers, resourceHandlers,
certManager.GetTLSPemPair, func() ([]byte, []byte, error) {
secret, err := secretLister.Secrets(config.KyvernoNamespace()).Get(tls.GenerateTLSPairSecretName())
if err != nil {
return nil, nil, err
}
return secret.Data[corev1.TLSCertKey], secret.Data[corev1.TLSPrivateKeyKey], nil
},
configuration, configuration,
webhookCfg, webhookCfg,
webhookMonitor, webhookMonitor,

28
pkg/controllers/certmanager/controller.go
View file

@ -19,19 +19,13 @@ import (
// Workers is the number of workers for this controller // Workers is the number of workers for this controller
const Workers = 1 const Workers = 1
type Controller interface {
controllers.Controller
// GetTLSPemPair gets the existing TLSPemPair from the secret
GetTLSPemPair() ([]byte, []byte, error)
}
type controller struct { type controller struct {
renewer *tls.CertRenewer renewer *tls.CertRenewer
secretLister corev1listers.SecretLister secretLister corev1listers.SecretLister
secretQueue chan bool secretQueue chan bool
} }
func NewController(secretInformer corev1informers.SecretInformer, certRenewer *tls.CertRenewer) Controller { func NewController(secretInformer corev1informers.SecretInformer, certRenewer *tls.CertRenewer) controllers.Controller {
manager := &controller{ manager := &controller{
renewer: certRenewer, renewer: certRenewer,
secretLister: secretInformer.Lister(), secretLister: secretInformer.Lister(),
@ -85,14 +79,6 @@ func (m *controller) updateSecretFunc(oldObj interface{}, newObj interface{}) {
} }
} }
func (m *controller) GetTLSPemPair() ([]byte, []byte, error) {
secret, err := m.secretLister.Secrets(config.KyvernoNamespace()).Get(tls.GenerateTLSPairSecretName())
if err != nil {
return nil, nil, err
}
return secret.Data[corev1.TLSCertKey], secret.Data[corev1.TLSPrivateKeyKey], nil
}
func (m *controller) renewCertificates() error { func (m *controller) renewCertificates() error {
if err := common.RetryFunc(time.Second, 5*time.Second, m.renewer.RenewCA, "failed to renew CA", logger)(); err != nil { if err := common.RetryFunc(time.Second, 5*time.Second, m.renewer.RenewCA, "failed to renew CA", logger)(); err != nil {
return err return err
@ -102,15 +88,3 @@ func (m *controller) renewCertificates() error {
} }
return nil return nil
} }
func (m *controller) GetCAPem() ([]byte, error) {
secret, err := m.secretLister.Secrets(config.KyvernoNamespace()).Get(tls.GenerateRootCASecretName())
if err != nil {
return nil, err
}
result := secret.Data[corev1.TLSCertKey]
if len(result) == 0 {
result = secret.Data[tls.RootCAKey]
}
return result, nil
}