diff --git a/pkg/controller/bootstrap/tokencleaner.go b/pkg/controller/bootstrap/tokencleaner.go index dbab79c4b90..93c62a86d57 100644 --- a/pkg/controller/bootstrap/tokencleaner.go +++ b/pkg/controller/bootstrap/tokencleaner.go @@ -25,6 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/watch" clientset "k8s.io/client-go/kubernetes" "k8s.io/client-go/pkg/api" @@ -47,7 +48,9 @@ type TokenCleanerOptions struct { // DefaultTokenCleanerOptions returns a set of default options for creating a // TokenCleaner func DefaultTokenCleanerOptions() TokenCleanerOptions { - return TokenCleanerOptions{} + return TokenCleanerOptions{ + TokenSecretNamespace: api.NamespaceSystem, + } } // TokenCleaner is a controller that deletes expired tokens @@ -97,9 +100,16 @@ func NewTokenCleaner(cl clientset.Interface, options TokenCleanerOptions) *Token // Run runs controller loops and returns when they are done func (tc *TokenCleaner) Run(stopCh <-chan struct{}) { go tc.secretsController.Run(stopCh) + go wait.Until(tc.evalSecrets, 10*time.Second, stopCh) <-stopCh } +func (tc *TokenCleaner) evalSecrets() { + for _, obj := range tc.secrets.List() { + tc.evalSecret(obj) + } +} + func (tc *TokenCleaner) evalSecret(o interface{}) { secret := o.(*v1.Secret) if isSecretExpired(secret) {