Skip to content

Commit

Permalink
cache secrets in KCP, CABPK and ClusterCacheTracker
Browse files Browse the repository at this point in the history
Signed-off-by: Stefan Büringer buringerst@vmware.com
  • Loading branch information
sbueringer committed Jun 30, 2023
1 parent 39353b9 commit bde9624
Show file tree
Hide file tree
Showing 22 changed files with 535 additions and 218 deletions.
12 changes: 7 additions & 5 deletions bootstrap/kubeadm/controllers/alias.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ const (

// KubeadmConfigReconciler reconciles a KubeadmConfig object.
type KubeadmConfigReconciler struct {
Client client.Client
Client client.Client
SecretCachingClient client.Client

Tracker *remote.ClusterCacheTracker

Expand All @@ -52,9 +53,10 @@ type KubeadmConfigReconciler struct {
// SetupWithManager sets up the reconciler with the Manager.
func (r *KubeadmConfigReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager, options controller.Options) error {
return (&kubeadmbootstrapcontrollers.KubeadmConfigReconciler{
Client: r.Client,
Tracker: r.Tracker,
WatchFilterValue: r.WatchFilterValue,
TokenTTL: r.TokenTTL,
Client: r.Client,
SecretCachingClient: r.SecretCachingClient,
Tracker: r.Tracker,
WatchFilterValue: r.WatchFilterValue,
TokenTTL: r.TokenTTL,
}).SetupWithManager(ctx, mgr, options)
}
21 changes: 13 additions & 8 deletions bootstrap/kubeadm/internal/controllers/kubeadmconfig_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,10 @@ type InitLocker interface {

// KubeadmConfigReconciler reconciles a KubeadmConfig object.
type KubeadmConfigReconciler struct {
Client client.Client
Tracker *remote.ClusterCacheTracker
KubeadmInitLock InitLocker
Client client.Client
SecretCachingClient client.Client
Tracker *remote.ClusterCacheTracker
KubeadmInitLock InitLocker

// WatchFilterValue is the label value used to filter events prior to reconciliation.
WatchFilterValue string
Expand Down Expand Up @@ -453,13 +454,15 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex
// Otherwise rely on certificates generated by the ControlPlane controller.
// Note: A cluster does not have a ControlPlane reference when using standalone CP machines.
if scope.Cluster.Spec.ControlPlaneRef == nil {
err = certificates.LookupOrGenerate(
err = certificates.LookupOrGenerateCached(
ctx,
r.SecretCachingClient,
r.Client,
util.ObjectKey(scope.Cluster),
*metav1.NewControllerRef(scope.Config, bootstrapv1.GroupVersion.WithKind("KubeadmConfig")))
} else {
err = certificates.Lookup(ctx,
err = certificates.LookupCached(ctx,
r.SecretCachingClient,
r.Client,
util.ObjectKey(scope.Cluster))
}
Expand Down Expand Up @@ -531,8 +534,9 @@ func (r *KubeadmConfigReconciler) joinWorker(ctx context.Context, scope *Scope)
scope.Info("Creating BootstrapData for the worker node")

certificates := secret.NewCertificatesForWorker(scope.Config.Spec.JoinConfiguration.CACertPath)
err := certificates.Lookup(
err := certificates.LookupCached(
ctx,
r.SecretCachingClient,
r.Client,
util.ObjectKey(scope.Cluster),
)
Expand Down Expand Up @@ -645,8 +649,9 @@ func (r *KubeadmConfigReconciler) joinControlplane(ctx context.Context, scope *S
}

certificates := secret.NewControlPlaneJoinCerts(scope.Config.Spec.ClusterConfiguration)
err := certificates.Lookup(
err := certificates.LookupCached(
ctx,
r.SecretCachingClient,
r.Client,
util.ObjectKey(scope.Cluster),
)
Expand Down Expand Up @@ -1055,7 +1060,7 @@ func (r *KubeadmConfigReconciler) storeBootstrapData(ctx context.Context, scope
// Ensure the bootstrap secret has the KubeadmConfig as a controller OwnerReference.
func (r *KubeadmConfigReconciler) ensureBootstrapSecretOwnersRef(ctx context.Context, scope *Scope) error {
secret := &corev1.Secret{}
err := r.Client.Get(ctx, client.ObjectKey{Namespace: scope.Config.Namespace, Name: scope.Config.Name}, secret)
err := r.SecretCachingClient.Get(ctx, client.ObjectKey{Namespace: scope.Config.Namespace, Name: scope.Config.Name}, secret)
if err != nil {
// If the secret has not been created yet return early.
if apierrors.IsNotFound(err) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ func TestKubeadmConfigReconciler(t *testing.T) {
}(cluster, machine, config, ns)

reconciler := KubeadmConfigReconciler{
Client: env,
Client: env,
SecretCachingClient: secretCachingClient,
}
t.Log("Calling reconcile should requeue")
result, err := reconciler.Reconcile(ctx, ctrl.Request{
Expand Down
Loading

0 comments on commit bde9624

Please sign in to comment.