Skip to content

Commit 5b3b68a

Browse files
stlazstlaz
committed
KCM: CTBPublisher: use generics to handle both alpha/beta APIs
1 parent d3f44a5 commit 5b3b68a

File tree

3 files changed

+226
-63
lines changed

3 files changed

+226
-63
lines changed

cmd/kube-controller-manager/app/certificates.go

Lines changed: 36 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,9 @@ import (
2323
"context"
2424
"fmt"
2525

26+
certificatesv1alpha1 "k8s.io/api/certificates/v1alpha1"
2627
certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
28+
"k8s.io/apimachinery/pkg/runtime/schema"
2729
"k8s.io/apiserver/pkg/server/dynamiccertificates"
2830
utilfeature "k8s.io/apiserver/pkg/util/feature"
2931
"k8s.io/client-go/kubernetes"
@@ -233,6 +235,8 @@ func newKubeAPIServerSignerClusterTrustBundledPublisherDescriptor() *ControllerD
233235
}
234236
}
235237

238+
type controllerConstructor func(string, dynamiccertificates.CAContentProvider, kubernetes.Interface) (ctbpublisher.PublisherRunner, error)
239+
236240
func newKubeAPIServerSignerClusterTrustBundledPublisherController(ctx context.Context, controllerContext ControllerContext, controllerName string) (controller.Interface, bool, error) {
237241
rootCA, err := getKubeAPIServerCAFileContents(controllerContext)
238242
if err != nil {
@@ -243,36 +247,50 @@ func newKubeAPIServerSignerClusterTrustBundledPublisherController(ctx context.Co
243247
return nil, false, nil
244248
}
245249

246-
apiserverSignerClient := controllerContext.ClientBuilder.ClientOrDie("kube-apiserver-serving-clustertrustbundle-publisher")
247-
ctbAvailable, err := clusterTrustBundlesAvailable(apiserverSignerClient)
250+
servingSigners, err := dynamiccertificates.NewStaticCAContent("kube-apiserver-serving", rootCA)
248251
if err != nil {
249-
return nil, false, fmt.Errorf("discovery failed for ClusterTrustBundle: %w", err)
252+
return nil, false, fmt.Errorf("failed to create a static CA content provider for the kube-apiserver-serving signer: %w", err)
250253
}
251254

252-
if !ctbAvailable {
253-
return nil, false, nil
255+
schemaControllerMapping := map[schema.GroupVersion]controllerConstructor{
256+
certificatesv1alpha1.SchemeGroupVersion: ctbpublisher.NewAlphaClusterTrustBundlePublisher,
257+
certificatesv1beta1.SchemeGroupVersion: ctbpublisher.NewBetaClusterTrustBundlePublisher,
254258
}
255259

256-
servingSigners, err := dynamiccertificates.NewStaticCAContent("kube-apiserver-serving", rootCA)
257-
if err != nil {
258-
return nil, false, fmt.Errorf("failed to create a static CA content provider for the kube-apiserver-serving signer: %w", err)
260+
apiserverSignerClient := controllerContext.ClientBuilder.ClientOrDie("kube-apiserver-serving-clustertrustbundle-publisher")
261+
var runner ctbpublisher.PublisherRunner
262+
for _, gv := range []schema.GroupVersion{certificatesv1beta1.SchemeGroupVersion, certificatesv1alpha1.SchemeGroupVersion} {
263+
ctbAvailable, err := clusterTrustBundlesAvailable(apiserverSignerClient, gv)
264+
if err != nil {
265+
return nil, false, fmt.Errorf("discovery failed for ClusterTrustBundle: %w", err)
266+
}
267+
268+
if !ctbAvailable {
269+
continue
270+
}
271+
272+
runner, err = schemaControllerMapping[gv](
273+
"kubernetes.io/kube-apiserver-serving",
274+
servingSigners,
275+
apiserverSignerClient,
276+
)
277+
if err != nil {
278+
return nil, false, fmt.Errorf("error creating kube-apiserver-serving signer certificates publisher: %w", err)
279+
}
280+
break
259281
}
260282

261-
ctbPublisher, err := ctbpublisher.NewClusterTrustBundlePublisher(
262-
"kubernetes.io/kube-apiserver-serving",
263-
servingSigners,
264-
apiserverSignerClient,
265-
)
266-
if err != nil {
267-
return nil, false, fmt.Errorf("error creating kube-apiserver-serving signer certificates publisher: %w", err)
283+
if runner == nil {
284+
klog.Info("no known scheme version was found for clustertrustbundles, cannot start kube-apiserver-serving-clustertrustbundle-publisher-controller")
285+
return nil, false, nil
268286
}
269287

270-
go ctbPublisher.Run(ctx)
288+
go runner.Run(ctx)
271289
return nil, true, nil
272290
}
273291

274-
func clusterTrustBundlesAvailable(client kubernetes.Interface) (bool, error) {
275-
resList, err := client.Discovery().ServerResourcesForGroupVersion(certificatesv1beta1.SchemeGroupVersion.String())
292+
func clusterTrustBundlesAvailable(client kubernetes.Interface, schemaVersion schema.GroupVersion) (bool, error) {
293+
resList, err := client.Discovery().ServerResourcesForGroupVersion(schemaVersion.String())
276294

277295
if resList != nil {
278296
// even in case of an error above there might be a partial list for APIs that

0 commit comments

Comments
 (0)