From bc68bf5499c1030cb6387f52b40cbe7c7de51839 Mon Sep 17 00:00:00 2001
From: Darren Shepherd <darren@rancher.com>
Date: Tue, 4 Feb 2020 12:47:53 -0700
Subject: [PATCH] Fix merging of the k8s secret to reduce the number of writes

---
 factory/gen.go                   | 13 +++++++++++--
 listener.go                      |  2 +-
 storage/kubernetes/controller.go | 12 +++++++-----
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/factory/gen.go b/factory/gen.go
index 50314f4..bd47fc6 100644
--- a/factory/gen.go
+++ b/factory/gen.go
@@ -64,8 +64,8 @@ func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string,
 	return
 }
 
-func (t *TLS) Merge(secret, other *v1.Secret) (*v1.Secret, bool, error) {
-	return t.AddCN(secret, cns(other)...)
+func (t *TLS) Merge(target, additional *v1.Secret) (*v1.Secret, bool, error) {
+	return t.AddCN(target, cns(additional)...)
 }
 
 func (t *TLS) Refresh(secret *v1.Secret) (*v1.Secret, error) {
@@ -85,6 +85,11 @@ func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error) {
 		return secret, false, nil
 	}
 
+	secret = secret.DeepCopy()
+	if secret == nil {
+		secret = &v1.Secret{}
+	}
+
 	secret = populateCN(secret, cn...)
 
 	privateKey, err := getPrivateKey(secret)
@@ -133,6 +138,10 @@ func populateCN(secret *v1.Secret, cn ...string) *v1.Secret {
 }
 
 func NeedsUpdate(secret *v1.Secret, cn ...string) bool {
+	if secret == nil {
+		return true
+	}
+
 	if secret.Annotations[Static] == "true" {
 		return false
 	}
diff --git a/listener.go b/listener.go
index 80e070f..1914514 100644
--- a/listener.go
+++ b/listener.go
@@ -24,7 +24,7 @@ type TLSStorage interface {
 type TLSFactory interface {
 	Refresh(secret *v1.Secret) (*v1.Secret, error)
 	AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error)
-	Merge(secret *v1.Secret, existing *v1.Secret) (*v1.Secret, bool, error)
+	Merge(target *v1.Secret, additional *v1.Secret) (*v1.Secret, bool, error)
 }
 
 type SetFactory interface {
diff --git a/storage/kubernetes/controller.go b/storage/kubernetes/controller.go
index ac435ed..683ab9c 100644
--- a/storage/kubernetes/controller.go
+++ b/storage/kubernetes/controller.go
@@ -11,7 +11,6 @@ import (
 	"github.com/rancher/wrangler/pkg/start"
 	"github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/equality"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -132,7 +131,7 @@ func (s *storage) saveInK8s(secret *v1.Secret) (*v1.Secret, error) {
 	}
 
 	if existing, err := s.storage.Get(); err == nil && s.tls != nil {
-		if newSecret, updated, err := s.tls.Merge(secret, existing); err == nil && updated {
+		if newSecret, updated, err := s.tls.Merge(existing, secret); err == nil && updated {
 			secret = newSecret
 		}
 	}
@@ -142,9 +141,12 @@ func (s *storage) saveInK8s(secret *v1.Secret) (*v1.Secret, error) {
 		return nil, err
 	}
 
-	if equality.Semantic.DeepEqual(targetSecret.Annotations, secret.Annotations) &&
-		equality.Semantic.DeepEqual(targetSecret.Data, secret.Data) {
-		return secret, nil
+	if newSecret, updated, err := s.tls.Merge(targetSecret, secret); err != nil {
+		return nil, err
+	} else if !updated {
+		return newSecret, nil
+	} else {
+		secret = newSecret
 	}
 
 	targetSecret.Annotations = secret.Annotations