post-bump fixes

openshift · Apr 19, 2024 · 5fd0688 · 5fd0688
1 parent c22dcd9
commit 5fd0688
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go b/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go
@@ -3,14 +3,15 @@ package etcdcertsigner
 import (
 	"context"
 	"fmt"
+	"strings"
+	"time"
+
 	"github.com/openshift/library-go/pkg/crypto"
 	corev1informers "k8s.io/client-go/informers/core/v1"
 	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
 	corev1listers "k8s.io/client-go/listers/core/v1"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/component-base/metrics"
-	"strings"
-	"time"
 
 	apiannotations "github.com/openshift/api/annotations"
 	operatorv1 "github.com/openshift/api/operator/v1"
@@ -211,7 +212,8 @@ func (c *EtcdCertSignerController) syncAllMasterCertificates(ctx context.Context
 	c.reportExpirationMetric(signerCaPair, "signer-ca")
 
 	// EnsureConfigMapCABundle is stateful w.r.t to the configmap it manages, so we can simply add it to the bundle before the new one
-	_, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, signerCaPair)
+	signerName := fmt.Sprintf("%s/%s", operatorclient.GlobalUserSpecifiedConfigNamespace, tlshelpers.EtcdSignerCertSecretName)
+	_, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, signerCaPair, signerName)
 	if err != nil {
 		return fmt.Errorf("error on ensuring signer bundle for existing pair: %w", err)
 	}
@@ -222,7 +224,7 @@ func (c *EtcdCertSignerController) syncAllMasterCertificates(ctx context.Context
 		return fmt.Errorf("error on ensuring etcd-signer cert: %w", err)
 	}
 
-	signerBundle, err := c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, newSignerCaPair)
+	signerBundle, err := c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, newSignerCaPair, signerName)
 	if err != nil {
 		return fmt.Errorf("error on ensuring signer bundle for new pair: %w", err)
 	}
@@ -232,14 +234,14 @@ func (c *EtcdCertSignerController) syncAllMasterCertificates(ctx context.Context
 		return fmt.Errorf("error on ensuring etcd client cert: %w", err)
 	}
 
+	metricsSignerSecretName := fmt.Sprintf("%s/%s", operatorclient.GlobalUserSpecifiedConfigNamespace, tlshelpers.EtcdMetricsSignerCertSecretName)
 	metricsSignerCaPair, err := tlshelpers.ReadConfigMetricsSignerCert(ctx, c.secretClient)
 	if err != nil {
 		return err
 	}
 
 	c.reportExpirationMetric(metricsSignerCaPair, "metrics-signer-ca")
-
-	_, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsSignerCaPair)
+	_, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsSignerCaPair, metricsSignerSecretName)
 	if err != nil {
 		return fmt.Errorf("error on ensuring metrics signer bundle for existing pair: %w", err)
 	}
@@ -250,7 +252,7 @@ func (c *EtcdCertSignerController) syncAllMasterCertificates(ctx context.Context
 		return fmt.Errorf("error on ensuring metrics-signer cert: %w", err)
 	}
 
-	metricsSignerBundle, err := c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, newMetricsSignerCaPair)
+	metricsSignerBundle, err := c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, newMetricsSignerCaPair, metricsSignerSecretName)
 	if err != nil {
 		return fmt.Errorf("error on ensuring metrics signer bundle: %w", err)
 	}