From 5fd06884bec3d8a319057b8f855112f9959afec5 Mon Sep 17 00:00:00 2001 From: Vadim Rutkovsky Date: Fri, 12 Apr 2024 15:17:57 +0200 Subject: [PATCH] post-bump fixes --- .../etcdcertsigner/etcdcertsignercontroller.go | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go b/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go index 0f6a9c4f29..747a7e58f3 100644 --- a/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go +++ b/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go @@ -3,14 +3,15 @@ package etcdcertsigner import ( "context" "fmt" + "strings" + "time" + "github.com/openshift/library-go/pkg/crypto" corev1informers "k8s.io/client-go/informers/core/v1" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" corev1listers "k8s.io/client-go/listers/core/v1" "k8s.io/client-go/tools/cache" "k8s.io/component-base/metrics" - "strings" - "time" apiannotations "github.com/openshift/api/annotations" operatorv1 "github.com/openshift/api/operator/v1" @@ -211,7 +212,8 @@ func (c *EtcdCertSignerController) syncAllMasterCertificates(ctx context.Context c.reportExpirationMetric(signerCaPair, "signer-ca") // EnsureConfigMapCABundle is stateful w.r.t to the configmap it manages, so we can simply add it to the bundle before the new one - _, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, signerCaPair) + signerName := fmt.Sprintf("%s/%s", operatorclient.GlobalUserSpecifiedConfigNamespace, tlshelpers.EtcdSignerCertSecretName) + _, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, signerCaPair, signerName) if err != nil { return fmt.Errorf("error on ensuring signer bundle for existing pair: %w", err) } @@ -222,7 +224,7 @@ func (c *EtcdCertSignerController) syncAllMasterCertificates(ctx context.Context return fmt.Errorf("error on ensuring etcd-signer cert: %w", err) } - signerBundle, err := c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, newSignerCaPair) + signerBundle, err := c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, newSignerCaPair, signerName) if err != nil { return fmt.Errorf("error on ensuring signer bundle for new pair: %w", err) } @@ -232,14 +234,14 @@ func (c *EtcdCertSignerController) syncAllMasterCertificates(ctx context.Context return fmt.Errorf("error on ensuring etcd client cert: %w", err) } + metricsSignerSecretName := fmt.Sprintf("%s/%s", operatorclient.GlobalUserSpecifiedConfigNamespace, tlshelpers.EtcdMetricsSignerCertSecretName) metricsSignerCaPair, err := tlshelpers.ReadConfigMetricsSignerCert(ctx, c.secretClient) if err != nil { return err } c.reportExpirationMetric(metricsSignerCaPair, "metrics-signer-ca") - - _, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsSignerCaPair) + _, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsSignerCaPair, metricsSignerSecretName) if err != nil { return fmt.Errorf("error on ensuring metrics signer bundle for existing pair: %w", err) } @@ -250,7 +252,7 @@ func (c *EtcdCertSignerController) syncAllMasterCertificates(ctx context.Context return fmt.Errorf("error on ensuring metrics-signer cert: %w", err) } - metricsSignerBundle, err := c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, newMetricsSignerCaPair) + metricsSignerBundle, err := c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, newMetricsSignerCaPair, metricsSignerSecretName) if err != nil { return fmt.Errorf("error on ensuring metrics signer bundle: %w", err) }