refactor: make tls cert func not depending on cert controller (#4820)

* refactor: make tls cert func not depending on cert controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fmt Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2022-10-06 10:43:43 +02:00 · 2022-10-06 10:43:43 +02:00 · 74172f2079
commit 74172f2079
parent 13ce3f55ed
2 changed files with 9 additions and 28 deletions
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -498,10 +498,17 @@ func main() {
 		admissionReports,
 	)

+	secretLister := kubeKyvernoInformer.Core().V1().Secrets().Lister()
 	server := webhooks.NewServer(
 		policyHandlers,
 		resourceHandlers,
-		certManager.GetTLSPemPair,
+		func() ([]byte, []byte, error) {
+			secret, err := secretLister.Secrets(config.KyvernoNamespace()).Get(tls.GenerateTLSPairSecretName())
+			if err != nil {
+				return nil, nil, err
+			}
+			return secret.Data[corev1.TLSCertKey], secret.Data[corev1.TLSPrivateKeyKey], nil
+		},
 		configuration,
 		webhookCfg,
 		webhookMonitor,
--- a/pkg/controllers/certmanager/controller.go
+++ b/pkg/controllers/certmanager/controller.go
@ -19,19 +19,13 @@ import (
 // Workers is the number of workers for this controller
 const Workers = 1

-type Controller interface {
-	controllers.Controller
-	// GetTLSPemPair gets the existing TLSPemPair from the secret
-	GetTLSPemPair() ([]byte, []byte, error)
-}
-
 type controller struct {
 	renewer      *tls.CertRenewer
 	secretLister corev1listers.SecretLister
 	secretQueue  chan bool
 }

-func NewController(secretInformer corev1informers.SecretInformer, certRenewer *tls.CertRenewer) Controller {
+func NewController(secretInformer corev1informers.SecretInformer, certRenewer *tls.CertRenewer) controllers.Controller {
 	manager := &controller{
 		renewer:      certRenewer,
 		secretLister: secretInformer.Lister(),
@ -85,14 +79,6 @@ func (m *controller) updateSecretFunc(oldObj interface{}, newObj interface{}) {
 	}
 }

-func (m *controller) GetTLSPemPair() ([]byte, []byte, error) {
-	secret, err := m.secretLister.Secrets(config.KyvernoNamespace()).Get(tls.GenerateTLSPairSecretName())
-	if err != nil {
-		return nil, nil, err
-	}
-	return secret.Data[corev1.TLSCertKey], secret.Data[corev1.TLSPrivateKeyKey], nil
-}
-
 func (m *controller) renewCertificates() error {
 	if err := common.RetryFunc(time.Second, 5*time.Second, m.renewer.RenewCA, "failed to renew CA", logger)(); err != nil {
 		return err
@ -102,15 +88,3 @@ func (m *controller) renewCertificates() error {
 	}
 	return nil
 }
-
-func (m *controller) GetCAPem() ([]byte, error) {
-	secret, err := m.secretLister.Secrets(config.KyvernoNamespace()).Get(tls.GenerateRootCASecretName())
-	if err != nil {
-		return nil, err
-	}
-	result := secret.Data[corev1.TLSCertKey]
-	if len(result) == 0 {
-		result = secret.Data[tls.RootCAKey]
-	}
-	return result, nil
-}