mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-15 04:57:56 +00:00
nfd-worker: support certificate rotation
Watch for changes in TLS files and re-connect to nfd-master in the event of changes.
This commit is contained in:
parent
e771a35a21
commit
2d20a2ff7c
1 changed files with 17 additions and 0 deletions
|
@ -108,6 +108,7 @@ type NfdWorker interface {
|
||||||
|
|
||||||
type nfdWorker struct {
|
type nfdWorker struct {
|
||||||
args Args
|
args Args
|
||||||
|
certWatch *utils.FsWatcher
|
||||||
clientConn *grpc.ClientConn
|
clientConn *grpc.ClientConn
|
||||||
client pb.LabelerClient
|
client pb.LabelerClient
|
||||||
configFilePath string
|
configFilePath string
|
||||||
|
@ -194,6 +195,12 @@ func (w *nfdWorker) Run() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Create watcher for TLS certificates
|
||||||
|
w.certWatch, err = utils.CreateFsWatcher(time.Second, w.args.CaFile, w.args.CertFile, w.args.KeyFile)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// Connect to NFD master
|
// Connect to NFD master
|
||||||
err = w.connect()
|
err = w.connect()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -241,9 +248,17 @@ func (w *nfdWorker) Run() error {
|
||||||
// comes into effect even if the sleep interval is long (or infinite)
|
// comes into effect even if the sleep interval is long (or infinite)
|
||||||
labelTrigger = time.After(0)
|
labelTrigger = time.After(0)
|
||||||
|
|
||||||
|
case <-w.certWatch.Events:
|
||||||
|
klog.Infof("TLS certificate update, renewing connection to nfd-master")
|
||||||
|
w.disconnect()
|
||||||
|
if err := w.connect(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
case <-w.stop:
|
case <-w.stop:
|
||||||
klog.Infof("shutting down nfd-worker")
|
klog.Infof("shutting down nfd-worker")
|
||||||
configWatch.Close()
|
configWatch.Close()
|
||||||
|
w.certWatch.Close()
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -298,6 +313,7 @@ func (w *nfdWorker) connect() error {
|
||||||
} else {
|
} else {
|
||||||
dialOpts = append(dialOpts, grpc.WithInsecure())
|
dialOpts = append(dialOpts, grpc.WithInsecure())
|
||||||
}
|
}
|
||||||
|
klog.Infof("connecting to nfd-master at %s ...", w.args.Server)
|
||||||
conn, err := grpc.DialContext(dialCtx, w.args.Server, dialOpts...)
|
conn, err := grpc.DialContext(dialCtx, w.args.Server, dialOpts...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -311,6 +327,7 @@ func (w *nfdWorker) connect() error {
|
||||||
// disconnect closes the connection to NFD master
|
// disconnect closes the connection to NFD master
|
||||||
func (w *nfdWorker) disconnect() {
|
func (w *nfdWorker) disconnect() {
|
||||||
if w.clientConn != nil {
|
if w.clientConn != nil {
|
||||||
|
klog.Infof("closing connection to nfd-master ...")
|
||||||
w.clientConn.Close()
|
w.clientConn.Close()
|
||||||
}
|
}
|
||||||
w.clientConn = nil
|
w.clientConn = nil
|
||||||
|
|
Loading…
Add table
Reference in a new issue