1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2025-03-15 04:57:56 +00:00

nfd-worker: support certificate rotation

Watch for changes in TLS files and re-connect to nfd-master in the event
of changes.
This commit is contained in:
Markus Lehtonen 2021-02-18 14:18:30 +02:00
parent e771a35a21
commit 2d20a2ff7c

View file

@ -108,6 +108,7 @@ type NfdWorker interface {
type nfdWorker struct {
args Args
certWatch *utils.FsWatcher
clientConn *grpc.ClientConn
client pb.LabelerClient
configFilePath string
@ -194,6 +195,12 @@ func (w *nfdWorker) Run() error {
return err
}
// Create watcher for TLS certificates
w.certWatch, err = utils.CreateFsWatcher(time.Second, w.args.CaFile, w.args.CertFile, w.args.KeyFile)
if err != nil {
return err
}
// Connect to NFD master
err = w.connect()
if err != nil {
@ -241,9 +248,17 @@ func (w *nfdWorker) Run() error {
// comes into effect even if the sleep interval is long (or infinite)
labelTrigger = time.After(0)
case <-w.certWatch.Events:
klog.Infof("TLS certificate update, renewing connection to nfd-master")
w.disconnect()
if err := w.connect(); err != nil {
return err
}
case <-w.stop:
klog.Infof("shutting down nfd-worker")
configWatch.Close()
w.certWatch.Close()
return nil
}
}
@ -298,6 +313,7 @@ func (w *nfdWorker) connect() error {
} else {
dialOpts = append(dialOpts, grpc.WithInsecure())
}
klog.Infof("connecting to nfd-master at %s ...", w.args.Server)
conn, err := grpc.DialContext(dialCtx, w.args.Server, dialOpts...)
if err != nil {
return err
@ -311,6 +327,7 @@ func (w *nfdWorker) connect() error {
// disconnect closes the connection to NFD master
func (w *nfdWorker) disconnect() {
if w.clientConn != nil {
klog.Infof("closing connection to nfd-master ...")
w.clientConn.Close()
}
w.clientConn = nil