Skip to content

Commit

Permalink
Merge pull request cert-manager#101 from SgtCoDFish/jacksgt-use-certi…
Browse files Browse the repository at this point in the history
…ficates

Use Certificates over CertificateRequests (cert-manager#55 followup)
  • Loading branch information
cert-manager-prow[bot] authored Oct 3, 2024
2 parents c426d47 + b55e587 commit e8a79cc
Show file tree
Hide file tree
Showing 9 changed files with 1,256 additions and 1,003 deletions.
12 changes: 10 additions & 2 deletions deploy/charts/openshift-routes/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ rules:
- apiGroups:
- cert-manager.io
resources:
- certificaterequests
- certificates
verbs:
- create
- get
Expand All @@ -41,11 +41,19 @@ rules:
- apiGroups:
- cert-manager.io
resources:
- certificaterequests/status
- certificates/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
Expand Down
12 changes: 7 additions & 5 deletions internal/cmd/app/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,19 +69,21 @@ func Command() *cobra.Command {
return fmt.Errorf("connected to the Kubernetes API, but the Openshift Route v1 CRD does not appear to be installed")
}

// Check if v1 cert-manager CertificateRequests exist in the API server
apiServerHasCertificateRequests := false
// Check if v1 cert-manager Certificates exist in the API server
apiServerHasCertificates := false
cmResources, err := cl.Discovery().ServerResourcesForGroupVersion("cert-manager.io/v1")
if err != nil {
return fmt.Errorf("couldn't check if cert-manager.io/v1 exists in the kubernetes API: %w", err)
}

for _, r := range cmResources.APIResources {
if r.Kind == "CertificateRequest" {
apiServerHasCertificateRequests = true
if r.Kind == "Certificate" {
apiServerHasCertificates = true
break
}
}
if !apiServerHasCertificateRequests {

if !apiServerHasCertificates {
return fmt.Errorf("connected to the Kubernetes API, but the cert-manager v1 CRDs do not appear to be installed")
}

Expand Down
19 changes: 14 additions & 5 deletions internal/controller/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ import (
routev1client "github.com/openshift/client-go/route/clientset/versioned"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/record"
"sigs.k8s.io/controller-runtime/pkg/builder"
Expand All @@ -35,9 +37,10 @@ import (
"github.com/cert-manager/openshift-routes/internal/cmd/app/options"
)

type Route struct {
type RouteController struct {
routeClient routev1client.Interface
certClient cmclient.Interface
coreClient corev1client.CoreV1Interface
eventRecorder record.EventRecorder

log logr.Logger
Expand Down Expand Up @@ -67,7 +70,7 @@ func shouldSync(log logr.Logger, route *routev1.Route) bool {
return false
}

func (r *Route) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) {
func (r *RouteController) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) {
log := r.log.WithValues("object", req.NamespacedName)
log.V(5).Info("started reconciling")
route, err := r.routeClient.RouteV1().Routes(req.Namespace).Get(ctx, req.Name, metav1.GetOptions{})
Expand All @@ -86,7 +89,7 @@ func (r *Route) Reconcile(ctx context.Context, req reconcile.Request) (reconcile
return r.sync(ctx, req, route.DeepCopy())
}

func New(base logr.Logger, config *rest.Config, recorder record.EventRecorder) (*Route, error) {
func New(base logr.Logger, config *rest.Config, recorder record.EventRecorder) (*RouteController, error) {
routeClient, err := routev1client.NewForConfig(config)
if err != nil {
return nil, err
Expand All @@ -95,10 +98,15 @@ func New(base logr.Logger, config *rest.Config, recorder record.EventRecorder) (
if err != nil {
return nil, err
}
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
return nil, err
}

return &Route{
return &RouteController{
routeClient: routeClient,
certClient: certClient,
coreClient: clientset.CoreV1(),
log: base.WithName("route"),
eventRecorder: recorder,
}, nil
Expand All @@ -109,9 +117,10 @@ func AddToManager(mgr manager.Manager, opts *options.Options) error {
if err != nil {
return err
}

return builder.
ControllerManagedBy(mgr).
For(&routev1.Route{}).
Owns(&cmapi.CertificateRequest{}).
Owns(&cmapi.Certificate{}).
Complete(controller)
}
Loading

0 comments on commit e8a79cc

Please sign in to comment.