Skip to content

Commit

Permalink
Hash cloudprovider secret on CCM pod annotation
Browse files Browse the repository at this point in the history
Storing the secrets content hash triggers a restart on CCM,
when secrets content changes.
  • Loading branch information
Nuckal777 committed Jan 10, 2025
1 parent b2847ce commit 1fd2de2
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
3 changes: 2 additions & 1 deletion pkg/controller/controlplane/valuesprovider.go
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,8 @@ func getCCMChartValues(
"clusterName": cp.Namespace,
"podNetwork": strings.Join(extensionscontroller.GetPodNetwork(cluster), ","),
"podAnnotations": map[string]any{
"checksum/secret-" + internal.CloudProviderConfigMapName: checksums[internal.CloudProviderConfigMapName],
"checksum/config-" + internal.CloudProviderConfigMapName: checksums[internal.CloudProviderConfigMapName],
"checksum/secret-" + v1beta1constants.SecretNameCloudProvider: checksums[v1beta1constants.SecretNameCloudProvider],
},
"podLabels": podLabels,
"tlsCipherSuites": kutil.TLSCipherSuites,
Expand Down
7 changes: 5 additions & 2 deletions pkg/controller/controlplane/valuesprovider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (

"github.com/gardener/gardener/extensions/pkg/controller"
gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants"
extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
secretsmanager "github.com/gardener/gardener/pkg/utils/secrets/manager"
fakesecretsmanager "github.com/gardener/gardener/pkg/utils/secrets/manager/fake"
Expand Down Expand Up @@ -229,7 +230,8 @@ var _ = Describe("Valueprovider Reconcile", func() {
}

checksums := map[string]string{
metal.CloudProviderConfigName: "8bafb35ff1ac60275d62e1cbd495aceb511fb354f74a20f7d06ecb48b3a68432",
metal.CloudProviderConfigName: "8bafb35ff1ac60275d62e1cbd495aceb511fb354f74a20f7d06ecb48b3a68432",
v1beta1constants.SecretNameCloudProvider: "abc",
}
values, err := vp.GetControlPlaneChartValues(ctx, cp, cluster, fakeSecretsManager, checksums, false)
Expect(err).NotTo(HaveOccurred())
Expand All @@ -242,7 +244,8 @@ var _ = Describe("Valueprovider Reconcile", func() {
"replicas": 1,
"clusterName": ns.Name,
"podAnnotations": map[string]any{
"checksum/secret-cloud-provider-config": "8bafb35ff1ac60275d62e1cbd495aceb511fb354f74a20f7d06ecb48b3a68432",
"checksum/config-cloud-provider-config": "8bafb35ff1ac60275d62e1cbd495aceb511fb354f74a20f7d06ecb48b3a68432",
"checksum/secret-cloudprovider": "abc",
},
"podLabels": map[string]any{
"maintenance.gardener.cloud/restart": "true",
Expand Down

0 comments on commit 1fd2de2

Please sign in to comment.