Add redeploy on serving cert and operator pod template change

stlaz · stlaz · commit ca12aa145e7f · 2019-02-25T15:12:38.000+01:00
diff --git a/pkg/operator2/ca.go b/pkg/operator2/ca.go
@@ -15,18 +15,19 @@ const (
 	injectCABundleAnnotationValue = "true"
 )
 
-func (c *authOperator) handleServiceCA() (*corev1.ConfigMap, error) {
+func (c *authOperator) handleServiceCA() (*corev1.ConfigMap, *corev1.Secret, error) {
 	cm := c.configMaps.ConfigMaps(targetName)
+	secret := c.secrets.Secrets(targetName)
 	serviceCA, err := cm.Get(serviceCAName, metav1.GetOptions{})
 	if errors.IsNotFound(err) {
 		serviceCA, err = cm.Create(defaultServiceCA())
 	}
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
 	if len(serviceCA.Data[serviceCAKey]) == 0 {
-		return nil, fmt.Errorf("config map has no service ca data: %#v", serviceCA)
+		return nil, nil, fmt.Errorf("config map has no service ca data: %#v", serviceCA)
 	}
 
 	if err := isValidServiceCA(serviceCA); err != nil {
@@ -36,10 +37,15 @@ func (c *authOperator) handleServiceCA() (*corev1.ConfigMap, error) {
 		if err := cm.Delete(serviceCA.Name, opts); err != nil && !errors.IsNotFound(err) {
 			glog.Infof("failed to delete invalid service CA config map: %v", err)
 		}
-		return nil, err
+		return nil, nil, err
 	}
 
-	return serviceCA, nil
+	servingCert, err := secret.Get(servingCertName, metav1.GetOptions{})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return serviceCA, servingCert, nil
 }
 
 func isValidServiceCA(ca *corev1.ConfigMap) error {
diff --git a/pkg/operator2/operator.go b/pkg/operator2/operator.go
@@ -180,11 +180,11 @@ func (c *authOperator) handleSync(operatorConfig *operatorv1.Authentication) err
 	}
 	resourceVersions = append(resourceVersions, route.GetResourceVersion())
 
-	serviceCA, err := c.handleServiceCA()
+	serviceCA, servingCert, err := c.handleServiceCA()
 	if err != nil {
 		return err
 	}
-	resourceVersions = append(resourceVersions, serviceCA.GetResourceVersion())
+	resourceVersions = append(resourceVersions, serviceCA.GetResourceVersion(), servingCert.GetResourceVersion())
 
 	metadata, _, err := resourceapply.ApplyConfigMap(c.configMaps, c.recorder, getMetadataConfigMap(route))
 	if err != nil {
@@ -235,9 +235,14 @@ func (c *authOperator) handleSync(operatorConfig *operatorv1.Authentication) err
 	}
 	resourceVersions = append(resourceVersions, cliConfig.GetResourceVersion())
 
+	operatorDeploymentRV, err := c.getOperatorDeploymentResourceVersion()
+	if err != nil {
+		return err
+	}
+	resourceVersions = append(resourceVersions, operatorDeploymentRV)
+
 	// deployment, have RV of all resources
 	// TODO use ExpectedDeploymentGeneration func
-	// TODO we also need the RV for the serving-cert secret (servingCertName)
 	expectedDeployment := defaultDeployment(
 		operatorConfig,
 		syncData,
@@ -284,3 +289,13 @@ func getPrefixFilter() controller.Filter {
 		DeleteFunc: prefix,
 	}
 }
+
+func (c *authOperator) getOperatorDeploymentResourceVersion() (string, error) {
+	deployments := c.deployments.Deployments(targetNameOperator)
+	operator, err := deployments.Get(targetNameOperator, metav1.GetOptions{})
+	if err != nil {
+		return "", err
+	}
+
+	return operator.GetResourceVersion(), nil
+}

Original file line number	Diff line number	Diff line change
`@@ -15,18 +15,19 @@ const (`
`15`	`15`	`injectCABundleAnnotationValue = "true"`
`16`	`16`	`)`
`17`	`17`
`18`		`-func (c authOperator) handleServiceCA() (corev1.ConfigMap, error) {`
	`18`	`+func (c authOperator) handleServiceCA() (corev1.ConfigMap, *corev1.Secret, error) {`
`19`	`19`	`cm := c.configMaps.ConfigMaps(targetName)`
	`20`	`+ secret := c.secrets.Secrets(targetName)`
`20`	`21`	`serviceCA, err := cm.Get(serviceCAName, metav1.GetOptions{})`
`21`	`22`	`if errors.IsNotFound(err) {`
`22`	`23`	`serviceCA, err = cm.Create(defaultServiceCA())`
`23`	`24`	`}`
`24`	`25`	`if err != nil {`
`25`		`- return nil, err`
	`26`	`+ return nil, nil, err`
`26`	`27`	`}`
`27`	`28`
`28`	`29`	`if len(serviceCA.Data[serviceCAKey]) == 0 {`
`29`		`- return nil, fmt.Errorf("config map has no service ca data: %#v", serviceCA)`
	`30`	`+ return nil, nil, fmt.Errorf("config map has no service ca data: %#v", serviceCA)`
`30`	`31`	`}`
`31`	`32`
`32`	`33`	`if err := isValidServiceCA(serviceCA); err != nil {`
`@@ -36,10 +37,15 @@ func (c authOperator) handleServiceCA() (corev1.ConfigMap, error) {`
`36`	`37`	`if err := cm.Delete(serviceCA.Name, opts); err != nil && !errors.IsNotFound(err) {`
`37`	`38`	`glog.Infof("failed to delete invalid service CA config map: %v", err)`
`38`	`39`	`}`
`39`		`- return nil, err`
	`40`	`+ return nil, nil, err`
`40`	`41`	`}`
`41`	`42`
`42`		`- return serviceCA, nil`
	`43`	`+ servingCert, err := secret.Get(servingCertName, metav1.GetOptions{})`
	`44`	`+ if err != nil {`
	`45`	`+ return nil, nil, err`
	`46`	`+ }`
	`47`	`+`
	`48`	`+ return serviceCA, servingCert, nil`
`43`	`49`	`}`
`44`	`50`
`45`	`51`	`func isValidServiceCA(ca *corev1.ConfigMap) error {`