Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync SSL certificates on events #2342

Merged
merged 3 commits into from
Apr 13, 2018
Merged

Sync SSL certificates on events #2342

merged 3 commits into from
Apr 13, 2018

Conversation

antoineco
Copy link
Contributor

What this PR does / why we need it:

The background check for missing secrets leads to unnecessarily delayed synchronization of SSL secrets.

Illustrated scenario:

  1. An Ingress object with a reference to a Secret is created, the Secret does not exist yet
  2. A config synchronization is triggered, all sections supposed to use the Secret are ignored
  3. The Secret is created, but nothing happens until the next background check

This PR improves the tracking of Ingress->Secret references using a new ObjectRefMap interface. At all times the map contains an up-to-date list of Secrets referenced by one or more Ingresses, including Secrets that do not exist within the cluster.

All EventHandlers for Secret resources perform a lookup in the map in order to determine whether the object that triggered the event is being referenced, in which case:

  • annotations for matching Ingresses are extracted again
  • secrets for matching Ingresses are synced again (possibly leading to new a config synchronization in case the content of the Secret differs)

The result is a more immediate feedback to changes that does not rely on arbitrary delays.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Apr 13, 2018
@aledbf aledbf self-assigned this Apr 13, 2018
@antoineco
Sync secrets (SSL certificates) on events
fec3ddc 
Remove scheduled check for missing secrets.
@antoineco
Include missing secrets in secretIngressMap
c786f55 
Update secretIngressMap independently from stored annotations, which may
miss some secret references.
@antoineco
Copy link
Contributor Author

Failing some unrelated test, rebasing on master.

@codecov-io
Copy link

codecov-io commented Apr 13, 2018
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@8855460). Click here to learn what that means.
The diff coverage is 65%.

Impacted file tree graph

@@           Coverage Diff            @@
##             master   #2342   +/-   ##
========================================
  Coverage          ?   39.1%           
========================================
  Files             ?      73           
  Lines             ?    5202           
  Branches          ?       0           
========================================
  Hits              ?    2034           
  Misses            ?    2878           
  Partials          ?     290
Impacted Files Coverage Δ
internal/task/queue.go 79.41% <ø> (ø)
internal/ingress/sslcert.go 100% <ø> (ø)
internal/ingress/controller/controller.go 0% <0%> (ø)
internal/ingress/controller/store/backend_ssl.go 42.04% <33.33%> (ø)
internal/ingress/controller/store/store.go 51.62% <56.34%> (ø)
internal/ingress/controller/store/objectref.go 93.75% <93.75%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8855460...0a56365. Read the comment docs.

@aledbf
Copy link
Member

aledbf commented Apr 13, 2018

/approve

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 13, 2018
@aledbf
Copy link
Member

aledbf commented Apr 13, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 13, 2018
@aledbf
Copy link
Member

aledbf commented Apr 13, 2018

@antoineco thanks!

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf, antoineco

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 3fba5c0 into kubernetes:master Apr 13, 2018
@antoineco antoineco deleted the object-ref-map branch April 13, 2018 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@aledbf aledbf

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@antoineco @codecov-io @aledbf @k8s-ci-robot