authn-trust: don't react to target CM updates

If kube-apiservers run at a different version (during upgrades) and each has different opinion on what the `extension-apiserver-authentication` config map should look like, they would start dueling with config map writes. This commit removes handling of the update events of the target CM in order to reduce the amount of such dueling to once a minute, as the controller is guaranteed to run at least once a minute anyway. The idea is that a cluster state with two different versions of kube-apiserver should never be permanent, and so a reduced amount of dueling for that period is tolerable.
2025-07-30 06:54:01 +00:00 · 2025-03-07 17:33:51 +01:00 · 2025-03-07 17:33:51 +01:00 · dbf780a48a
commit dbf780a48a
parent 9d9e1afdf7
1 changed files with 0 additions and 3 deletions
--- a/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go
+++ b/pkg/controlplane/controller/clusterauthenticationtrust/cluster_authentication_trust_controller.go
@ -128,9 +128,6 @@ func NewClusterAuthenticationTrustController(requiredAuthenticationData ClusterA
 			AddFunc: func(obj interface{}) {
 				c.queue.Add(keyFn())
 			},
-			UpdateFunc: func(oldObj, newObj interface{}) {
-				c.queue.Add(keyFn())
-			},
 			DeleteFunc: func(obj interface{}) {
 				c.queue.Add(keyFn())
 			},