Fix merging of the k8s secret to reduce the number of writes

2025-07-03 18:06:13 +00:00 · 2020-02-04 12:47:53 -07:00 · 2020-02-04 12:47:53 -07:00 · bc68bf5499
commit bc68bf5499
parent 795bb90214
3 changed files with 19 additions and 8 deletions
--- a/factory/gen.go
+++ b/factory/gen.go
@ -64,8 +64,8 @@ func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string,
 	return
 }

-func (t *TLS) Merge(secret, other *v1.Secret) (*v1.Secret, bool, error) {
-	return t.AddCN(secret, cns(other)...)
+func (t *TLS) Merge(target, additional *v1.Secret) (*v1.Secret, bool, error) {
+	return t.AddCN(target, cns(additional)...)
 }

 func (t *TLS) Refresh(secret *v1.Secret) (*v1.Secret, error) {
@ -85,6 +85,11 @@ func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error) {
 		return secret, false, nil
 	}

+	secret = secret.DeepCopy()
+	if secret == nil {
+		secret = &v1.Secret{}
+	}
+
 	secret = populateCN(secret, cn...)

 	privateKey, err := getPrivateKey(secret)
@ -133,6 +138,10 @@ func populateCN(secret *v1.Secret, cn ...string) *v1.Secret {
 }

 func NeedsUpdate(secret *v1.Secret, cn ...string) bool {
+	if secret == nil {
+		return true
+	}
+
 	if secret.Annotations[Static] == "true" {
 		return false
 	}
--- a/listener.go
+++ b/listener.go
@ -24,7 +24,7 @@ type TLSStorage interface {
 type TLSFactory interface {
 	Refresh(secret *v1.Secret) (*v1.Secret, error)
 	AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error)
-	Merge(secret *v1.Secret, existing *v1.Secret) (*v1.Secret, bool, error)
+	Merge(target *v1.Secret, additional *v1.Secret) (*v1.Secret, bool, error)
 }

 type SetFactory interface {
--- a/storage/kubernetes/controller.go
+++ b/storage/kubernetes/controller.go
@ -11,7 +11,6 @@ import (
 	"github.com/rancher/wrangler/pkg/start"
 	"github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/equality"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@ -132,7 +131,7 @@ func (s *storage) saveInK8s(secret *v1.Secret) (*v1.Secret, error) {
 	}

 	if existing, err := s.storage.Get(); err == nil && s.tls != nil {
-		if newSecret, updated, err := s.tls.Merge(secret, existing); err == nil && updated {
+		if newSecret, updated, err := s.tls.Merge(existing, secret); err == nil && updated {
 			secret = newSecret
 		}
 	}
@ -142,9 +141,12 @@ func (s *storage) saveInK8s(secret *v1.Secret) (*v1.Secret, error) {
 		return nil, err
 	}

-	if equality.Semantic.DeepEqual(targetSecret.Annotations, secret.Annotations) &&
-		equality.Semantic.DeepEqual(targetSecret.Data, secret.Data) {
-		return secret, nil
+	if newSecret, updated, err := s.tls.Merge(targetSecret, secret); err != nil {
+		return nil, err
+	} else if !updated {
+		return newSecret, nil
+	} else {
+		secret = newSecret
 	}

 	targetSecret.Annotations = secret.Annotations