mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 02:33:34 +00:00
rebase: bump sigs.k8s.io/controller-runtime
Bumps the k8s-dependencies group with 1 update: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Updates `sigs.k8s.io/controller-runtime` from 0.19.3 to 0.19.4 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.19.3...v0.19.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot]
committed by
mergify[bot]
mergify[bot]
parent
c2fff75610
commit
853cecbee5
88
vendor/sigs.k8s.io/controller-runtime/pkg/certwatcher/certwatcher.go
generated
vendored
88
vendor/sigs.k8s.io/controller-runtime/pkg/certwatcher/certwatcher.go
generated
vendored
@ -20,10 +20,15 @@ import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"os"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/fsnotify/fsnotify"
|
||||
kerrors "k8s.io/apimachinery/pkg/util/errors"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics"
|
||||
logf "sigs.k8s.io/controller-runtime/pkg/internal/log"
|
||||
)
|
||||
@ -40,6 +45,7 @@ type CertWatcher struct {
|
||||
sync.RWMutex
|
||||
|
||||
currentCert *tls.Certificate
|
||||
watcher *fsnotify.Watcher
|
||||
interval time.Duration
|
||||
|
||||
certPath string
|
||||
@ -53,13 +59,25 @@ type CertWatcher struct {
|
||||
|
||||
// New returns a new CertWatcher watching the given certificate and key.
|
||||
func New(certPath, keyPath string) (*CertWatcher, error) {
|
||||
var err error
|
||||
|
||||
cw := &CertWatcher{
|
||||
certPath: certPath,
|
||||
keyPath: keyPath,
|
||||
interval: defaultWatchInterval,
|
||||
}
|
||||
|
||||
return cw, cw.ReadCertificate()
|
||||
// Initial read of certificate and key.
|
||||
if err := cw.ReadCertificate(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cw.watcher, err = fsnotify.NewWatcher()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return cw, nil
|
||||
}
|
||||
|
||||
// WithWatchInterval sets the watch interval and returns the CertWatcher pointer
|
||||
@ -88,14 +106,35 @@ func (cw *CertWatcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate,
|
||||
|
||||
// Start starts the watch on the certificate and key files.
|
||||
func (cw *CertWatcher) Start(ctx context.Context) error {
|
||||
files := sets.New(cw.certPath, cw.keyPath)
|
||||
|
||||
{
|
||||
var watchErr error
|
||||
if err := wait.PollUntilContextTimeout(ctx, 1*time.Second, 10*time.Second, true, func(ctx context.Context) (done bool, err error) {
|
||||
for _, f := range files.UnsortedList() {
|
||||
if err := cw.watcher.Add(f); err != nil {
|
||||
watchErr = err
|
||||
return false, nil //nolint:nilerr // We want to keep trying.
|
||||
}
|
||||
// We've added the watch, remove it from the set.
|
||||
files.Delete(f)
|
||||
}
|
||||
return true, nil
|
||||
}); err != nil {
|
||||
return fmt.Errorf("failed to add watches: %w", kerrors.NewAggregate([]error{err, watchErr}))
|
||||
}
|
||||
}
|
||||
|
||||
go cw.Watch()
|
||||
|
||||
ticker := time.NewTicker(cw.interval)
|
||||
defer ticker.Stop()
|
||||
|
||||
log.Info("Starting certificate watcher")
|
||||
log.Info("Starting certificate poll+watcher", "interval", cw.interval)
|
||||
for {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
return nil
|
||||
return cw.watcher.Close()
|
||||
case <-ticker.C:
|
||||
if err := cw.ReadCertificate(); err != nil {
|
||||
log.Error(err, "failed read certificate")
|
||||
@ -104,11 +143,26 @@ func (cw *CertWatcher) Start(ctx context.Context) error {
|
||||
}
|
||||
}
|
||||
|
||||
// Watch used to read events from the watcher's channel and reacts to changes,
|
||||
// it has currently no function and it's left here for backward compatibility until a future release.
|
||||
//
|
||||
// Deprecated: fsnotify has been removed and Start() is now polling instead.
|
||||
// Watch reads events from the watcher's channel and reacts to changes.
|
||||
func (cw *CertWatcher) Watch() {
|
||||
for {
|
||||
select {
|
||||
case event, ok := <-cw.watcher.Events:
|
||||
// Channel is closed.
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
cw.handleEvent(event)
|
||||
case err, ok := <-cw.watcher.Errors:
|
||||
// Channel is closed.
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
log.Error(err, "certificate watch error")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// updateCachedCertificate checks if the new certificate differs from the cache,
|
||||
@ -166,3 +220,23 @@ func (cw *CertWatcher) ReadCertificate() error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (cw *CertWatcher) handleEvent(event fsnotify.Event) {
|
||||
// Only care about events which may modify the contents of the file.
|
||||
switch {
|
||||
case event.Op.Has(fsnotify.Write):
|
||||
case event.Op.Has(fsnotify.Create):
|
||||
case event.Op.Has(fsnotify.Chmod), event.Op.Has(fsnotify.Remove):
|
||||
// If the file was removed or renamed, re-add the watch to the previous name
|
||||
if err := cw.watcher.Add(event.Name); err != nil {
|
||||
log.Error(err, "error re-watching file")
|
||||
}
|
||||
default:
|
||||
return
|
||||
}
|
||||
|
||||
log.V(1).Info("certificate event", "event", event)
|
||||
if err := cw.ReadCertificate(); err != nil {
|
||||
log.Error(err, "error re-reading certificate")
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user