mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-28 14:07:14 +00:00
optimize certificate cleaner
No need to parse certificates for every conditions
This commit is contained in:
parent
df1d9b9e98
commit
855842c468
@ -118,11 +118,11 @@ func (ccc *CSRCleanerController) handle(csr *capi.CertificateSigningRequest) err
|
|||||||
// isIssuedExpired checks if the CSR has been issued a certificate and if the
|
// isIssuedExpired checks if the CSR has been issued a certificate and if the
|
||||||
// expiration of the certificate (the NotAfter value) has passed.
|
// expiration of the certificate (the NotAfter value) has passed.
|
||||||
func isIssuedExpired(csr *capi.CertificateSigningRequest) (bool, error) {
|
func isIssuedExpired(csr *capi.CertificateSigningRequest) (bool, error) {
|
||||||
for _, c := range csr.Status.Conditions {
|
|
||||||
isExpired, err := isExpired(csr)
|
isExpired, err := isExpired(csr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
for _, c := range csr.Status.Conditions {
|
||||||
if c.Type == capi.CertificateApproved && isIssued(csr) && isExpired {
|
if c.Type == capi.CertificateApproved && isIssued(csr) && isExpired {
|
||||||
glog.Infof("Cleaning CSR %q as the associated certificate is expired.", csr.Name)
|
glog.Infof("Cleaning CSR %q as the associated certificate is expired.", csr.Name)
|
||||||
return true, nil
|
return true, nil
|
||||||
|
Loading…
Reference in New Issue
Block a user