cert-rotation: avoid using DynamicServingRotation

Call sync for targetcontrollers directly instead

pkg/operator/certrotationcontroller/certrotationcontroller.go

@@ -33,14 +33,14 @@ type CertRotationController struct {
 	networkLister        configlisterv1.NetworkLister
 	infrastructureLister configlisterv1.InfrastructureLister
 
-	serviceNetwork        *DynamicServingRotation
-	serviceHostnamesQueue workqueue.RateLimitingInterface
+	serviceNetworkTargetController factory.Controller
+	serviceHostnamesQueue          workqueue.RateLimitingInterface
 
-	externalLoadBalancer               *DynamicServingRotation
-	externalLoadBalancerHostnamesQueue workqueue.RateLimitingInterface
+	externalLoadBalancerTargetController factory.Controller
+	externalLoadBalancerHostnamesQueue   workqueue.RateLimitingInterface
 
-	internalLoadBalancer               *DynamicServingRotation
-	internalLoadBalancerHostnamesQueue workqueue.RateLimitingInterface
+	internalLoadBalancerTargetController factory.Controller
+	internalLoadBalancerHostnamesQueue   workqueue.RateLimitingInterface
 
 	recorder events.Recorder
 
@@ -59,14 +59,9 @@ func NewCertRotationController(
 		networkLister:        configInformer.Config().V1().Networks().Lister(),
 		infrastructureLister: configInformer.Config().V1().Infrastructures().Lister(),
 
-		serviceHostnamesQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "ServiceHostnames"),
-		serviceNetwork:        &DynamicServingRotation{hostnamesChanged: make(chan struct{}, 10)},
-
+		serviceHostnamesQueue:              workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "ServiceHostnames"),
 		externalLoadBalancerHostnamesQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "ExternalLoadBalancerHostnames"),
-		externalLoadBalancer:               &DynamicServingRotation{hostnamesChanged: make(chan struct{}, 10)},
-
 		internalLoadBalancerHostnamesQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "InternalLoadBalancerHostnames"),
-		internalLoadBalancer:               &DynamicServingRotation{hostnamesChanged: make(chan struct{}, 10)},
 
 		recorder: eventRecorder,
 		cachesToSync: []cache.InformerSynced{
@@ -374,12 +369,11 @@ func NewCertRotationController(
 		},
 		Validity: 30 * rotationDay,
 		Refresh:  15 * rotationDay,
+		Informer: kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace).Core().V1().Secrets(),
+		Lister:   kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace).Core().V1().Secrets().Lister(),
 		CertCreator: &certrotation.ServingRotation{
-			Hostnames:        ret.serviceNetwork.GetHostnames,
-			HostnamesChanged: ret.serviceNetwork.hostnamesChanged,
+			Hostnames: func() []string { return []string{} },
 		},
-		Informer:      kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace).Core().V1().Secrets(),
-		Lister:        kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace).Core().V1().Secrets().Lister(),
 		Client:        kubeClient.CoreV1(),
 		EventRecorder: eventRecorder,
 
@@ -395,6 +389,7 @@ func NewCertRotationController(
 		&certrotation.StaticPodConditionStatusReporter{OperatorClient: operatorClient},
 	)
 	ret.certRotators = append(ret.certRotators, serviceNetworkTargetCertRotator)
+	ret.serviceNetworkTargetController = serviceNetworkTargetCertRotator
 
 	loadbalancerServingSigner := certrotation.RotatedSigningCASecret{
 		Namespace: operatorclient.OperatorNamespace,
@@ -453,8 +448,7 @@ func NewCertRotationController(
 		Validity: 30 * rotationDay,
 		Refresh:  15 * rotationDay,
 		CertCreator: &certrotation.ServingRotation{
-			Hostnames:        ret.externalLoadBalancer.GetHostnames,
-			HostnamesChanged: ret.externalLoadBalancer.hostnamesChanged,
+			Hostnames: func() []string { return []string{} },
 		},
 		Informer:      kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace).Core().V1().Secrets(),
 		Lister:        kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace).Core().V1().Secrets().Lister(),
@@ -473,6 +467,7 @@ func NewCertRotationController(
 		&certrotation.StaticPodConditionStatusReporter{OperatorClient: operatorClient},
 	)
 	ret.certRotators = append(ret.certRotators, externalLoadbalancerServingTargetCertRotator)
+	ret.externalLoadBalancerTargetController = externalLoadbalancerServingTargetCertRotator
 
 	internalLoadbalancerServingTarget := certrotation.RotatedSelfSignedCertKeySecret{
 		Namespace: operatorclient.TargetNamespace,
@@ -484,8 +479,7 @@ func NewCertRotationController(
 		Validity: 30 * rotationDay,
 		Refresh:  15 * rotationDay,
 		CertCreator: &certrotation.ServingRotation{
-			Hostnames:        ret.internalLoadBalancer.GetHostnames,
-			HostnamesChanged: ret.internalLoadBalancer.hostnamesChanged,
+			Hostnames: func() []string { return []string{} },
 		},
 		Informer:      kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace).Core().V1().Secrets(),
 		Lister:        kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace).Core().V1().Secrets().Lister(),
@@ -504,6 +498,7 @@ func NewCertRotationController(
 		&certrotation.StaticPodConditionStatusReporter{OperatorClient: operatorClient},
 	)
 	ret.certRotators = append(ret.certRotators, internalLoadbalancerServingTargetCertRotator)
+	ret.internalLoadBalancerTargetController = internalLoadbalancerServingTargetCertRotator
 
 	localhostRecoveryServingSigner := certrotation.RotatedSigningCASecret{
 		Namespace: operatorclient.OperatorNamespace,

pkg/operator/certrotationcontroller/externalloadbalancer.go

@@ -1,9 +1,11 @@
 package certrotationcontroller
 
 import (
+	"context"
 	"fmt"
 	"strings"
 
+	"github.com/openshift/library-go/pkg/controller/factory"
 	"k8s.io/klog/v2"
 
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -25,7 +27,7 @@ func (c *CertRotationController) syncExternalLoadBalancerHostnames() error {
 	hostname = hostname_arr[0]
 
 	klog.V(2).Infof("syncing external loadbalancer hostnames: %v", hostname)
-	c.externalLoadBalancer.setHostnames([]string{hostname})
+	c.externalLoadBalancerTargetController.Sync(context.Background(), factory.NewSyncContext("CertRotationController", c.recorder))
 	return nil
 }
 

pkg/operator/certrotationcontroller/internalloadbalancer.go

@@ -1,9 +1,11 @@
 package certrotationcontroller
 
 import (
+	"context"
 	"fmt"
 	"strings"
 
+	"github.com/openshift/library-go/pkg/controller/factory"
 	"k8s.io/klog/v2"
 
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -25,7 +27,7 @@ func (c *CertRotationController) syncInternalLoadBalancerHostnames() error {
 	hostname = hostname[0:strings.LastIndex(hostname, ":")]
 
 	klog.V(2).Infof("syncing internal loadbalancer hostnames: %v", hostname)
-	c.internalLoadBalancer.setHostnames([]string{hostname})
+	c.internalLoadBalancerTargetController.Sync(context.Background(), factory.NewSyncContext("CertRotationController", c.recorder))
 	return nil
 }
 

pkg/operator/certrotationcontroller/servicehostname.go

@@ -1,12 +1,14 @@
 package certrotationcontroller
 
 import (
+	"context"
 	"fmt"
 	"net"
 
 	"k8s.io/klog/v2"
 
 	"github.com/apparentlymart/go-cidr/cidr"
+	"github.com/openshift/library-go/pkg/controller/factory"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/client-go/tools/cache"
@@ -38,7 +40,7 @@ func (c *CertRotationController) syncServiceHostnames() error {
 	}
 
 	klog.V(2).Infof("syncing servicenetwork hostnames: %v", hostnames.List())
-	c.serviceNetwork.setHostnames(hostnames.List())
+	c.serviceNetworkTargetController.Sync(context.Background(), factory.NewSyncContext("CertRotationController", c.recorder))
 	return nil
 }