Skip to content

Commit

Permalink
Address PR review feedback (2)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ialidzhikov
ialidzhikov committed Nov 29, 2024
1 parent 2d0cdb3 commit d0097d7
Show file tree
Hide file tree
Showing 9 changed files with 71 additions and 27 deletions.
4 changes: 2 additions & 2 deletions charts/gardener-extension-registry-cache/templates/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ rules:
- resources.gardener.cloud
resources:
- managedresources
# TODO(dimitar-kostadinov): Remove managedresources/status after v0.12.0.
# TODO(dimitar-kostadinov): Remove managedresources/status after May 2025.
- managedresources/status
verbs:
- get
Expand All @@ -52,7 +52,7 @@ rules:
- update
- patch
- delete
# TODO(dimitar-kostadinov): Remove the below rule for managedresources/status after v0.12.0.
# TODO(dimitar-kostadinov): Remove the below rule for managedresources/status after May 2025.
- apiGroups:
- resources.gardener.cloud
resources:
Expand Down
2 changes: 1 addition & 1 deletion example/controller-registration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: ControllerDeployment
metadata:
name: extension-registry-cache
helm:
rawChart: H4sIAAAAAAAAA+0da2/bOLKf9St47i62PVTyM0nPQA+XTbJtsG1iJLncHRaLgJYYmxtJ1JGSU2/b++03JPWWbdlO1n2sBkVsU+RwSM4MZ4ZDdYK5Q3zCTfI+JL6gzDc5mVAR8rlpY3tK2k8eDB2Ag7099QlQ/lTfu/1Bt7fX29+X5d393n7/Cdp7eNf1EIkQc4SecMbCVfXqnn+lMKldf2tKXI9OfMbJln3IBd4fDJauPyx7cf17nUGv8wR1HnWkS+BPvv5P0QiHIeG+QCFDepnR/ZT4aBxR16H+BAXYvsMTIizjKbqaUoFEFASMh/AFWMNFE5eNkYdDewq1XyBOXBzSGYF24TRXjn0HEPhkAk+Zj54FnNzS98RB9xTq/eW5hc59d46Yr1pKklBAOHKpTyzDOr68uQyBNkBxxDwPEFwfXSKHcmFYExq21V9NvmGNf+dt9TcpmE7a8k/yU8z8doZoDOOLAnRLXSKMv1riPoC/Y3wHf0MPvv8Pql5jTlkk0OnxCXQYcPYbsUPDog7BbV0PigxrJmzmkLbxuVd1faiX/6Mp5qE1x567bR918t/r75Xlv9dt5H8ngAN6Tbhc9yGadQ0cBOnPVtfqtAyHCJvTIFRFh+gNbAbIliyBbhlH4ZSg1zELoYuYcdCRZByUcpRl+NgjQ1TLa8Ys6btjQedfkRh9tVAv/w6zrQl7SB918n/QL9t/B/29g0b+dwHtNrocHf/b/Al2vyMWzGHLnIZXwAxDBFp4gC4PR+jyBIGoY1/9wLewUVIcEmQzL8D+XG7smQ6wmR9yOo5grxZGu20k+N9SG9iLmKdQLaS3lHDQJoFkMLMHkg71Jmw4kSgkajFFpo1aYwxfvnt9eHF8cnZycfPm8Ojnm+PTi3ZSz1S9MdcF/o25VhkXFjRbxs/IQt89s3GILKsN/65PLi5Pz8+exz/Je+wFLmkvQyy3QXSSoB6WUC944FHOGW/JAYKlpQypWH0SH4/B4kCFcWvLSqnWuFBaYFLL2oxzsDlQRhkqUGYEeexrq856+Q8JzAgQJ7b2BDf2/4Dz9ruN/7cL2GT9b8DcB5NcWGGwkS1Yo/+7nW6vtP69vYO9Rv/vAj58MJEDjhh4XS1ppbWQ+emTUW+pyXYEFL+sbeSRgH66pRONJm9c6nIrQWOlmIWV9GbZLouc9qyL3WCKu8Yd9Z0heGmyYaTVXNpvuVuXYIeA6wkqEqpRRxOwjHxTVzeT+tXhpIipB0pVY0NIPqG3aIrFSHmvqCWmuLe3P2wh6xq7ETjJqr4V4glKWwSc+uEtan0v/vG9KNfkJGCCwnY5X4WCuIIsQjjcGqGew9zXz82JDXwO2ET/2y4oSwL2jEs2igfU6P/+YL8c/+vv9bqN/t8FmKZZUNN8jG0LR+GUcfq7tizvXoIGYaCWE4Ws2eAC2MDwSIgdHOIhqJV1nXyEXDwGhSbbIISDwLqLxoT7JCSqo/XxICRj02Dtt5XRu26japfUBy7wbej2wwdkXcC2gAWxzoAQqRl5BHb60DChIX3NWRQo0k20dAuDp5wIFnGbxFVj0RHwY0b4OC6dkFB9ukCh+nIvo6UP6iirWvrZhhGG0XoEyG9B+i0KYIVJlSrseFRI3AU/RHNLlTAvCpUzc0/GU8bu7Pyuvj5VMS1qSjlJvgaLpy2loHbWPOzDDumkpVD4FF2dH58/c6hHQUGYdwzmz6E+mz0fogvisRmptIqnGFxkWGo061hdcG2thR1suhq5weamIFsjB1g2lMHxWqKlLwnSx+6RZGvlaa45jkec34XDX7KKrVYVnyAwIeGjT99afWvO9XBQ6j7u40E4kiGsIjJDJvVTuhQF89bBYjpmsChiPXqkyhUB1py/hYKyGePAZ6s1gFKqpQ7qEHtgy4MpC3rDshknTMCHt4AfbI4DomdVK76AM9ibpiQSSns/Mqd87l378WBL+28MloBclLXMwHr/v1uy//bAKGzsv13Aw+y/HzUb/EnMQBjwBbmV9CZaasV8Qa2qubz+7IhoLI+Yldmp8VwSPqM2ObRtFvnhRhOdqvfqwFRx4/7/aWEj/a9DeBunAtSe/+9X4r/wo9H/u4DS+X8+5PoOBwsU+wPVTIIsx0tD9NFUCllFV32wMpxcHNlCH5EPVBE/RINGUT02bC7/4LWYKqA8g/2JcROcSn7Pabg8Jlgn//Kwpyj/B4PBfiP/u4D4RKNwUnCtFvY8WVdUOslZS02AAkhFWZ8rWYBnMeOsqTrWMxgXd7yVwZeMSBEtboqMDlrLgEYh+49MCVg5fx9RXn99WUcum8i/QwKXzT0YyWY2wGr578L+X5b/fr/fxP93AmX/D2REZK7ecbriW7p4jyfXX5AjqDqik6mJZ5gC7dSl4dxMD7gXB0Xb4TwAfAK8OMINERB7qOJYMyrJegM0MT5/KwO3Q9RTTwKX2lhoEmL1EhceSQ9QUyLUETbjevJUtvXb3Gw+dD63mZxEYcQk5fhG4fN9Fuqof1IE1uCU2Hci8to6sJvP69LTWtTredtQH8BD22RlUkuyflerdJ9ZONmsLNyyCvQ8U+fx6DvrKh659SPMyEimv7fWMppaz1cPJd4ulowOZphTW1g6oexShkJl0liuQRYMzda/tWDxWkta6PAqtAl5RJZVkolrMdoSYSqlLY+9Mia3wLIPZ9rtZFoCVL9n/E7GNsvyy0wOYkc9YsIEazkGfem67J4467V3gOdXtViuO5gJzUwxhU1ImHJcGQ1maAfmYNAvYk4UjF4nyoDX5kcuFuKsOJFiLkBezb91OnFlUQgznW007VJsMYWK6VKaG+wVGpSUFMU9TsGx8uukykaR644YaMR5QUvqdJcgfZhvh/kkx2cmMmMF86pNQrtdMn1yTmqhiYffy2Z2xDlsjTAS+UNeH3mVoyLTYSJLdrKyZpdz3xZ50iTmKYF9a0xwaKY756tlGyda0hKQk3sTNBKsJAamkdQ5S0lL21mq3Wnc7FK3qnTjUCG1TE5DFzDHj4+yp6DXfmPUR60XrfJg9XUckwVEHwOb2d6wjFrd5DxpcZg2KOMuJXiZ1HmVZ6lquphVxhAfVMf8scZ6rGodS5UpVWF+bHE17UlZca2R1pd1+GB49egIL2NbsnsECzqNn5nytMfEjjy/Fa+GyzX8qk0r5lE3nC5Hp58vGn6qP+IbIvlBp7oyfpZvS/xZXtq1Mnp7cnh8cnFz8vbk6Or0/Ozm7PDdyeXo8OgkrYnQTOL+CTa4Ya4QoVtKXCc+BKiUyx1/mBo8Vsox25olCb2n7w5fn1wDsecXN+fXJxf/uji9qtA6RNrozfmp7YWO66pFcukMZlKIEWdjkh/jNAyD1yQsDjtQ423rVfu9+EgZA7VLK0GAppWjfHN1Nco9oD4NKXaPiYvnsTIaom4nrcGJzGzYlFbZar4TUveMfAeiyoWJRMceQYYu3UVHZcrWEW9lloXMZu4QXR2NlvFeamrk2+ZO1auhjazFRwRS72VhjW6nRvZnzI088k4aFAsmQqu03AA8WVEL04JdOVdRrqa8NDpE0jB9qJjVmPxLCKwI3Xr0FWZIz0/FaCpNjJ2E2/KcXRuU33hCNp2OFWQtiMWtiAEm4JBbHLnhO+YAikGvkxvElxM3+1Zgk/hfwByw73ikLoOOI2dC1gsE1uZ/7FfyP3qDJv63E8jH/gLlLWXRvxFzjtP1/lGt91cSBtzU+0+8ZXDs/unHUT0X6na/xAhbrM0F8UB5HslLmBz0699foa7V2zc7oGSPcKCjkhTw/Qyo4yW2XtPwOm8kR742duaw1CfgesiFThzqQ/cez8WhjCl8YWcWDTwebKL/N774EUOd/q+e//S6Tf7HbmCL/L8HXPz4Jo+Dll0PWZRoDXavX85bX5Vy/HiZ1rleHjebe0E2+lqRNnPRcqTRyCLxuXmRRsjnFppvCDbV/xslfsdQa/8PyvZ/f9Bv7n/vBLbU/w9L/P42t4Ht0sObvPAGPiNsov/j46mNXYAa/d/rdw7K9v9+p3n/005gYWJnrFL+UO1eyQNaJw/iljPPhFquY4bM1Acr6IdfPrSSM4/WsHV1NGq9aMlnreF6Zyeffv1hMwpULgYhjqkTY0zgIDBLhRknYBQIK9NROjJ9USZ9E2LSmTaTIFXcay5KBZ23ittY4YASetVIWxtNQ8AcU+3Pac/ZATlMA5V5a4Wr6F/ZZp4EBHXSXnyF63RUCQfuNkyZniVukAGWHOfEdVS/lSPPRef4xWPEwpnViiPMCuraDIfqcaUWp41OPz+3Gv1qYYv9H2tLc30zoPb+R6+8/w+6+839j51A2f8r2wCJW9E4eqkWBneOqQyA4hRdsTsCE3iLXUG+Hn20ifzPArzVe6Dr4j+Dfln+uweD5v3PO4GSJSGXWFsRTunWl+R6YYNpB2ZhOSIElUIKz0bMOYyrgTmwhcowof811UZioS0YQGK15rN/i2Va1+QSraCQJgk4ZvZgs/RnSYp6mf1yYiyP+ofaS8gybrIyNd4k7yp38fVlVrmSPLRWr/h9tde0bJte06RcR/cq3y/0X/gMhUx4MkottEWX5k0uunAkyyuXjrJUonXWQJ8S5FdYl+hMopwlKWcoX9nK6n15N/T+WKjX/zM9Zw/4DwDq9P9Bp/L+/8Fek/+zE9DXLZSCTF4bCp57xFlATIfZd+DxB3cTyyGzdsoq8X9/0Q6iMUhPWt7OvWyuIpshngyRMiOkVAe5ixunt2csHIHCkgJv5G+4yfwb4yl43KF8cZzQ7yrTnuoLRKyJpd/7JF3d8RypgEx2JcmIa8qxFf3iNBvzaZJqmGCVUh8weZeL+rkXbSf3fozEvX3ZedmRpOYORHms/eKdJYiGaK/j6ZQh4qlZ3R+8owaonowiJyVl0faU2xYSlR1j6vcAU52+a8mtuGUYWTqzIhymNHehQtGSvrU82RXzN1R0JnN6LjvU10EW3RUBujry6dI7GolxbBQ8+aGRXjrSRA4G/bgoSYHuyjdCGUb1cskQ/fKrYSzKZwV9/0ktsc6BH6rvWeQi4c+4GLpT03+RE4IJ7KnRWL5vrO3IuvKl9jCIwo+0+RbSw7VVI9p97rQr9Ch5afWtjtUxx2BIWV1YygTHUJ+Ox/9NR+vb36UaaKCBBhpooIEGGmiggceA/wPH7ihSAHgAAA==
rawChart: H4sIAAAAAAAAA+0da2/bOLKf9St47i62PVTyM0nPQA+XTbJtsG1iJLncHRaLgJYYmxtJ1JGSU2/b++03JPWWbdlO1n2sBkVsU+RwSM4MZ4ZDdYK5Q3zCTfI+JL6gzDc5mVAR8rlpY3tK2k8eDB2Ag7099QlQ/lTfu/1Bt7fX29+X5d393n7/Cdp7eNf1EIkQc4SecMbCVfXqnn+lMKldf2tKXI9OfMbJln3IBd4fDJauPyx7cf17nUGv8wR1HnWkS+BPvv5P0QiHIeG+QCFDepnR/ZT4aBxR16H+BAXYvsMTIizjKbqaUoFEFASMh/AFWMNFE5eNkYdDewq1XyBOXBzSGYF24TRXjn0HEPhkAk+Zj54FnNzS98RB9xTq/eW5hc59d46Yr1pKklBAOHKpTyzDOr68uQyBNkBxxDwPEFwfXSKHcmFYExq21V9NvmGNf+dt9TcpmE7a8k/yU8z8doZoDOOLAnRLXSKMv1riPoC/Y3wHf0MPvv8Pql5jTlkk0OnxCXQYcPYbsUPDog7BbV0PigxrJmzmkLbxuVd1faiX/6Mp5qE1x567bR918t/r75Xlv9dt5H8ngAN6Tbhc9yGadQ0cBOnPVtfqtAyHCJvTIFRFh+gNbAbIliyBbhlH4ZSg1zELoYuYcdCRZByUcpRl+NgjQ1TLa8Ys6btjQedfkRh9tVAv/w6zrQl7SB918n/QL9t/B/29g0b+dwHtNrocHf/b/Al2vyMWzGHLnIZXwAxDBFp4gC4PR+jyBIGoY1/9wLewUVIcEmQzL8D+XG7smQ6wmR9yOo5grxZGu20k+N9SG9iLmKdQLaS3lHDQJoFkMLMHkg71Jmw4kSgkajFFpo1aYwxfvnt9eHF8cnZycfPm8Ojnm+PTi3ZSz1S9MdcF/o25VhkXFjRbxs/IQt89s3GILKsN/65PLi5Pz8+exz/Je+wFLmkvQyy3QXSSoB6WUC944FHOGW/JAYKlpQypWH0SH4/B4kCFcWvLSqnWuFBaYFLL2oxzsDlQRhkqUGYEeexrq856+Q8JzAgQJ7b2BDf2/4Dz9ruN/7cL2GT9b8DcB5NcWGGwkS1Yo/+7nW6vtP69vYO9Rv/vAj58MJEDjhh4XS1ppbWQ+emTUW+pyXYEFL+sbeSRgH66pRONJm9c6nIrQWOlmIWV9GbZLouc9qyL3WCKu8Yd9Z0heGmyYaTVXNpvuVuXYIeA6wkqEqpRRxOwjHxTVzeT+tXhpIipB0pVY0NIPqG3aIrFSHmvqCWmuLe3P2wh6xq7ETjJqr4V4glKWwSc+uEtan0v/vG9KNfkJGCCwnY5X4WCuIIsQjjcGqGew9zXz82JDXwO2ET/2y4oSwL2jEs2igfU6P/+4KC8//f3uoNG/+8CTNMsqGk+xraFo3DKOP1dW5Z3L0GDMFDLiULWbHABbGB4JMQODvEQ1Mq6Tj5CLh6DQpNtEMJBYN1FY8J9EhLV0fp4EJKxabD228roXbdRtUvqAxf4NnT74QOyLmBbwIJYZ0CI1Iw8Ajt9aJjQkL7mLAoU6SZauoXBU04Ei7hN4qqx6Aj4MSN8HJdOSKg+XaBQfbmX0dIHdZRVLf1swwjDaD0C5Lcg/RYFsMKkShV2PCok7oIformlSpgXhcqZuSfjKWN3dn5XX5+qmBY1pZwkX4PF05ZSUDtrHvZhh3TSUih8iq7Oj8+fOdSjoCDMOwbz51CfzZ4P0QXx2IxUWsVTDC4yLDV6h+fShd6zFvaw6XLkRpubg2yRHODZUEbHa6mWziSIH7tHkq+Vq7nuQB5xhheOf8k6tlpVfILAjISPPn9r9a1518NBqfu4jwfhSIawisgMmdRQ6VIUDFwHi+mYwaKI9eiRSlcEWPP+FirKZowDo63WAUqtljqoQ+yBNQ/GLGgOy2acMAEf3gJ+sDkOiJ5VrfoCzmB3mpJIKP39yJzyufftx4It7b8xWAJySdYyA+v9/27J/tsDo7Cx/3YBD7P/ftRs8CcxA2HAF+RW0pvoqBXzBbWq5vL6syOisTxiVmanxnNJ+Iza5NC2WeSHG010qtyrA1PFjfv/p4WN9L8O4W2cClB7/r9fif/Cj0b/7wJK5//5kOs7HCxQ7A9UMwmyHC8N0UdTKWQVXfXBynBycWQLfUQ+UEX8EA0aRfXYsLn8g89iqoDyDPYnxk3wKfk9p+HymGCd/MvDnqL8HwwG+4387wLiE43CScG1WtjzZF1R6SRnLTUBCiAVZX2uZAGexYyzpupYz2Bc3PFWBl8yIkW0uCkyOmgtAxqF7D8yJWDl/H1Eef31ZR25bCL/DglcNvdgJJvZAKvlvwv7f1n++/1+t5H/XUDZ/wMZEZmrd5yu+JYu3uPJ9RfkCKqO6GRq4hmmQDt1aTg30wPuxSHRdjgPAJ8AL45wQwTEHqoo1oxKst4ATYzP38q47RD11JPApTYWmoRYvcSFR9ID1JQIdYTNuJ48lW39NjebD53PbSYnURgxSTm+Ufh8n4U66p8UgTU4JfadiLy2Duvm87r0tBb1et421Afw0DZZmdSSrN/VKt1nFk42Kwu3rAI9z9R5PPrOuopHbv0IMzKS6e+ttYym1vPVQ4m3iyWjgxnm1BaWTii7lIFQmTSWa5CFQrP1by1YvNaSFjq4Cm1CHpFllWTiWoy2RJhKactjr4zJLbDsw5l2O5mWANXvGb+Tsc2y/DKTg9hRj5gwwVqOQV+6LrsnznrtHeD5VS2W6w5mQjNTTGETEqYcV0aDGdqBORj0i5gTBaPXiTLgtfmRi4U4K06kmAuQV/NvnU5cWRTCTGcbTbsUW0yhYrqU5gZ7hQYlJUVxj1NwrPw6qbJR5LojBhpxXtCSOt0lSB/m22E+yfGZicxYwbxqk9Bul0yfnJNaaOLh97KZHXEOWyOMRP6Q10de5ajIdJjIkp2srNnl3LdFnjSJeUpg3xoTHJrpzvlq2caJlrQE5OTeBI0EK4mBaSR1zlLS0naWancaN7vUrSrdOFRILZPT0AXM8eOj7Cnotd8Y9VHrRas8WH0dx2QB0cfAZrY3LKNWNzlPWhymDcq4SwleJnVe5Vmqmi5mlTHEB9Uxf6yxHqtax1JlSlWYH1tcTXtSVlxrpPVlHT4YXj06wsvYluwewYJO42emPO0xsSNPb8Wr4XINv2rTinnUDafL0enni4af6o/4hkh+0KmujJ/l2xJ/lpd2rYzenhwen1zcnLw9Obo6PT+7OTt8d3I5Ojw6SWsiNJO4f4INbpgrROiWEteJDwEq5XLHH6YGj5VyzLZmSULv6bvD1yfXQOz5xc359cnFvy5Oryq0DpE2enN+anuh47pqkVw6g5kUYsTZmOTHOA3D4DUJi8MO1HjbetV+Lz5SxkDt0koQoGnlKN9cXY1yD6hPQ4rdY+LieayMhqjbSWtwIhMbNqVVtprvhNQ9I9+BqHJhItGxR5ChS3fRUZmydcRbmWUhs5k7RFdHo2W8l5oa+ba5M/VqaCNr8RGB1HtZWKPbqZH9GXMjj7yTBsWCidAqLTcAT1bUwrRgV85VlKspL40OkTRMHypmNSb/EgIrQrcefYUZ0vNTMZpKE2Mn4bY8Z9cG5TeekE2nYwVZC2JxK2KACTjkFkdu+I45gGLQ6+QG8eXEzb4V2CT+FzAH7Dseqcug48iZkPUCgbX5H/uV/I/eoIn/7QTysb9AeUtZ9G/EnON0vX9U6/2VhAE39f4Tbxkcu3/6cVTPhbrdLzHCFmtzQTxQnkfyEiYH/fr3V6hr9fbNDijZIxzoqCQFfD8D6niJrdc0vM4byZGvjZ05LPUJuB5yoROH+tC9x3NxKGMKX9iZRQOPB5vo/40vfsRQp/+r5z+9bpP/sRvYIv/vARc/vsnjoGXXQxalWYPd65ez1lclHD9ennWul8fN5V6Qi75WpM1ctBxpNLJIfG5epBHyuYXmG4JN9f9Gid8x1Nr/g7L93x/0m/vfO4Et9f/DEr+/zW1gu/TwJi+8gc8Im+j/+HhqYxegRv/3+p2Dsv2/32ne/7QTWJjYGauUP1S7V/KA1smDuOXMM6GW65ghM/XBCvrhlw+t5MyjNWxdHY1aL1ryWWu43tnJp19/2IwClYtBiGPqxBgTOAjMUmHGCRgFwsp0lI5MX5RJ34SYdKbNJEgV95qLUkHnreI2VjighF410tZG0xAwx1T7c9pzdkAO00Bl3lrhKvpXtpknAUGdtBdf4TodVcKBuw1TpmeJG2SAJcc5cR3Vb+XIc9E5fvEYsXBmteIIs4K6NsOhelypxWmj08/PrUa/Wthi/8fa0lzfDKi9/9Er7/+D7n5z/2MnUPb/yjZA4lY0jl6qhcGdYyoDoDhFV+yOwATeYleQr0cfbSL/swBv9R7ouvjPoF+W/+7BoHn/806gZEnIJdZWhFO69SW5Xthg2oFZWI4IQaWQwrMRcw7jamAObKEyTOh/TbWRWGgLBpBYrfns32KZ1jW5RCsopEkCjpk92Cz9WZKiXma/nBjLo/6h9hKyjJusTI03ybvKXXx9mVWuJA+t1St+X+01Ldum1zQp19G9ytcL/Rc+QyETnoxSC23RpXmTiy4cyfLKpaMslWidNdCnBPkV1iU6kyhnScoZyle2snpf3g29Pxbq9f9Mz9kD/gOAOv1/0Km8/3+w1+T/7AT0dQulIJPXhoLnHnEWENNh9h14/MHdxHLIrJ2ySvzfX7SDaAzSk5a3cy+bq8hmiCdDpMwIKdVB7uLG6e0ZC0egsKTAG/kbbjL/xngKHncoXxwn9KvKtKf6AhFrYum3PklXdzxHKiCTXUky4ppybEW/OM3GfJqkGiZYpdQHTN7lon7uRdvJvR8jcW9fdl52JKm5A1Eea794ZwmiIdrreDpliHhqVvcH76gBqiejyElJWbQ95baFRGXHmPo9wFSn71pyK24ZRpbOrAiHKc1dqFC0pG8tT3bF/A0VncmcnssO9XWQRXdFgK6OfLr0jkZiHBsFT35opJeONJGDQT8uSlKgu/KNUIZRvVwyRL/8ahiL8llB339SS6xz4Ifqexa5SPgzLobu1PRf5IRgAntqNJZvG2s7sq58qT0MovAjbb6F9HBt1Yh2nzvtCj1KXlp9q2N1zDEYUlYXljLBMdSn4/F/09H69nepBhpooIEGGmiggQYaaOAx4P8+Q4pRAHgAAA==
values:
image:
tag: v0.13.0-dev
Expand Down
22 changes: 9 additions & 13 deletions pkg/component/registrycaches/registry_caches.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,21 +194,16 @@ func (r *registryCaches) CASecretName() string {
return r.caSecretName
}

func (r *registryCaches) computeResourcesData(ctx context.Context, secrets map[string]*corev1.Secret) (map[string][]byte, error) {
func (r *registryCaches) computeResourcesData(ctx context.Context, generatedSecrets map[string]*corev1.Secret) (map[string][]byte, error) {
var objects []client.Object

remappedSecrets := make(map[string]*corev1.Secret, len(secrets))
for _, secret := range secrets {
remappedSecrets[secret.Labels["name"]] = secret
}

for _, cache := range r.values.Caches {
tlsSecretName := strings.ReplaceAll(cache.Upstream, ":", "-") + "-tls"

secret, ok := remappedSecrets[tlsSecretName]
tlsSecretName := secrets.TLSSecretNameForUpstream(cache.Upstream)
secret, ok := generatedSecrets[tlsSecretName]
if !ok {
return nil, fmt.Errorf("secret for upstream %s not found", cache.Upstream)
}

cacheObjects, err := r.computeResourcesDataForRegistryCache(ctx, &cache, secret)
if err != nil {
return nil, fmt.Errorf("failed to compute resources for upstream %s: %w", cache.Upstream, err)
Expand Down Expand Up @@ -290,7 +285,7 @@ func (r *registryCaches) computeResourcesDataForRegistryCache(ctx context.Contex
}
utilruntime.Must(kubernetesutils.MakeUnique(configSecret))

secretTLS := &corev1.Secret{
tlsSecret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: name + "-tls",
Namespace: metav1.NamespaceSystem,
Expand All @@ -299,7 +294,7 @@ func (r *registryCaches) computeResourcesDataForRegistryCache(ctx context.Contex
Type: corev1.SecretTypeOpaque,
Data: secret.Data,
}
utilruntime.Must(kubernetesutils.MakeUnique(secretTLS))
utilruntime.Must(kubernetesutils.MakeUnique(tlsSecret))

statefulSet := &appsv1.StatefulSet{
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -437,7 +432,8 @@ source /entrypoint.sh /etc/distribution/config.yml
Name: registryCertsVolumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: secretTLS.Name,
SecretName: tlsSecret.Name,
DefaultMode: ptr.To[int32](0640),
},
},
},
Expand Down Expand Up @@ -519,7 +515,7 @@ source /entrypoint.sh /etc/distribution/config.yml

return []client.Object{
configSecret,
secretTLS,
tlsSecret,
statefulSet,
vpa,
}, nil
Expand Down
1 change: 1 addition & 0 deletions pkg/component/registrycaches/registry_caches_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,7 @@ spec:
secretName: ` + configSecretName + `
- name: certs-volume
secret:
defaultMode: 416
secretName: ` + tlsSecretName + `
updateStrategy: {}
volumeClaimTemplates:
Expand Down
10 changes: 7 additions & 3 deletions pkg/controller/cache/actuator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func (a *actuator) Reconcile(ctx context.Context, logger logr.Logger, ex *extens
return fmt.Errorf("failed to decode provider config: %w", err)
}

// TODO(dimitar-kostadinov): Clean up this invocation after March 2025.
// TODO(dimitar-kostadinov): Clean up this invocation after May 2025.
{
if err := a.removeServicesFromManagedResourceStatus(ctx, namespace); err != nil {
return fmt.Errorf("failed to remove Services from the ManagedResource status: %w", err)
Expand Down Expand Up @@ -266,15 +266,19 @@ func (a *actuator) updateProviderStatus(ctx context.Context, ex *extensionsv1alp

// removeServicesFromManagedResourceStatus removes all resources with kind=Service from the ManagedResources .status.resources field.
//
// TODO(dimitar-kostadinov): Clean up this function after March 2025.
// TODO(dimitar-kostadinov): Clean up this function after May 2025.
func (a *actuator) removeServicesFromManagedResourceStatus(ctx context.Context, namespace string) error {
mr := &resourcesv1alpha1.ManagedResource{
ObjectMeta: metav1.ObjectMeta{
Name: "extension-registry-cache",
Namespace: namespace,
},
}
if err := a.client.Get(ctx, client.ObjectKeyFromObject(mr), mr); err != nil && !apierrors.IsNotFound(err) {
if err := a.client.Get(ctx, client.ObjectKeyFromObject(mr), mr); err != nil {
if apierrors.IsNotFound(err) {
return nil
}

return err
}

Expand Down
9 changes: 8 additions & 1 deletion pkg/secrets/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,10 @@ func ConfigsFor(services []corev1.Service) []extensionssecretsmanager.SecretConf
Options: []secretsmanager.GenerateOption{secretsmanager.Persist()},
},
}

for _, service := range services {
upstream := service.Annotations[constants.UpstreamAnnotation]
name := strings.ReplaceAll(upstream, ":", "-") + "-tls"
name := TLSSecretNameForUpstream(upstream)

configs = append(configs, extensionssecretsmanager.SecretConfigWithOptions{
Config: &secretutils.CertificateSecretConfig{
Expand All @@ -54,5 +55,11 @@ func ConfigsFor(services []corev1.Service) []extensionssecretsmanager.SecretConf
Options: []secretsmanager.GenerateOption{secretsmanager.SignedByCA(CAName, secretsmanager.UseOldCA)},
})
}

return configs
}

// TLSSecretNameForUpstream returns a TLS Secret name for a given upstream.
func TLSSecretNameForUpstream(upstream string) string {
return strings.ReplaceAll(upstream, ":", "-") + "-tls"
}
30 changes: 30 additions & 0 deletions pkg/secrets/config_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0

package secrets_test

import (
"testing"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"

"github.com/gardener/gardener-extension-registry-cache/pkg/secrets"
)

func TestSecrets(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "Secrets")
}

var _ = Describe("Secrets", func() {

DescribeTable("#TLSSecretNameForUpstream",
func(upstream, expected string) {
Expect(secrets.TLSSecretNameForUpstream(upstream)).To(Equal(expected))
},
Entry("upstream without port", "my-registry.io", "my-registry.io-tls"),
Entry("upstream ends with port", "my-registry.io:5000", "my-registry.io-5000-tls"),
)
})
2 changes: 1 addition & 1 deletion pkg/utils/registry/registry.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ func GetUpstreamURL(upstream string) string {
return "https://" + upstream
}

// GetLabels returns a map with 'app' and 'upstream-host' labels
// GetLabels returns a map with 'app' and 'upstream-host' labels.
func GetLabels(name, upstreamLabel string) map[string]string {
return map[string]string{
"app": name,
Expand Down
18 changes: 12 additions & 6 deletions pkg/webhook/cache/ensurer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ func (e *ensurer) EnsureCRIConfig(ctx context.Context, gctx gcontext.GardenConte
return fmt.Errorf("failed to get the cluster resource: %w", err)
}

if !e.mutate(cluster) {
if !e.shouldMutate(cluster) {
return nil
}

Expand Down Expand Up @@ -95,7 +95,7 @@ func (e *ensurer) EnsureAdditionalFiles(ctx context.Context, gctx gcontext.Garde
return fmt.Errorf("failed to get the cluster resource: %w", err)
}

if !e.mutate(cluster) {
if !e.shouldMutate(cluster) {
return nil
}

Expand All @@ -110,9 +110,13 @@ func (e *ensurer) EnsureAdditionalFiles(ctx context.Context, gctx gcontext.Garde
Namespace: cluster.ObjectMeta.Name,
},
}

if err := e.client.Get(ctx, client.ObjectKeyFromObject(caSecret), caSecret); err != nil {
return fmt.Errorf("failed to get secret CA bundle '%s': %w", client.ObjectKeyFromObject(caSecret), err)
return fmt.Errorf("failed to get CA bundle secret '%s': %w", client.ObjectKeyFromObject(caSecret), err)
}

caBundle, ok := caSecret.Data["bundle.crt"]
if !ok {
return fmt.Errorf("failed to find 'bundle.crt' key in the CA bundle secret '%s'", client.ObjectKeyFromObject(caSecret))
}

*new = extensionswebhook.EnsureFileWithPath(*new, extensionsv1alpha1.File{
Expand All @@ -121,26 +125,28 @@ func (e *ensurer) EnsureAdditionalFiles(ctx context.Context, gctx gcontext.Garde
Content: extensionsv1alpha1.FileContent{
Inline: &extensionsv1alpha1.FileContentInline{
Encoding: "b64",
Data: base64.StdEncoding.EncodeToString(caSecret.Data["bundle.crt"]),
Data: base64.StdEncoding.EncodeToString(caBundle),
},
},
})

return nil
}

func (e *ensurer) mutate(cluster *extensionscontroller.Cluster) bool {
func (e *ensurer) shouldMutate(cluster *extensionscontroller.Cluster) bool {
if cluster.Shoot.DeletionTimestamp != nil {
e.logger.Info("Shoot has a deletion timestamp set, skipping the OperatingSystemConfig mutation", "shoot", client.ObjectKeyFromObject(cluster.Shoot))
return false
}

// If hibernation is enabled for Shoot, then the .status.providerStatus field of the registry-cache Extension can be missing (on Shoot creation)
// or outdated (if for hibernated Shoot a new registry is added). Hence, we skip the OperatingSystemConfig mutation when hibernation is enabled.
// When Shoot is waking up, then .status.providerStatus will be updated in the Extension and the OperatingSystemConfig will be mutated according to it.
if v1beta1helper.HibernationIsEnabled(cluster.Shoot) {
e.logger.Info("Hibernation is enabled for Shoot, skipping the OperatingSystemConfig mutation", "shoot", client.ObjectKeyFromObject(cluster.Shoot))
return false
}

return true
}

Expand Down

0 comments on commit d0097d7

Please sign in to comment.