Skip to content

Commit 8742eeb

Browse files
Merge pull request #19514 from deads2k/controller-23-pull-secret
update docker config secret to include image-registry.openshift-image…
2 parents fa2dfed + f28c9fc commit 8742eeb

File tree

3 files changed

+67
-63
lines changed

3 files changed

+67
-63
lines changed

pkg/cmd/openshift-controller-manager/controller/serviceaccount.go

+1-2
Original file line numberDiff line numberDiff line change
@@ -68,13 +68,12 @@ func RunServiceAccountPullSecretsController(ctx ControllerContext) (bool, error)
6868
go dockercfgController.Run(5, ctx.Stop)
6969

7070
dockerRegistryControllerOptions := serviceaccountcontrollers.DockerRegistryServiceControllerOptions{
71-
RegistryNamespace: "default",
72-
RegistryServiceName: "docker-registry",
7371
DockercfgController: dockercfgController,
7472
DockerURLsInitialized: dockerURLsInitialized,
7573
}
7674
go serviceaccountcontrollers.NewDockerRegistryServiceController(
7775
ctx.ExternalKubeInformers.Core().V1().Secrets(),
76+
ctx.ExternalKubeInformers.Core().V1().Services(),
7877
kc,
7978
dockerRegistryControllerOptions,
8079
).Run(10, ctx.Stop)

pkg/serviceaccounts/controllers/docker_registry_service.go

+55-52
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,13 @@ import (
1010
"github.com/golang/glog"
1111

1212
"k8s.io/api/core/v1"
13-
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
14-
"k8s.io/apimachinery/pkg/fields"
1513
"k8s.io/apimachinery/pkg/runtime"
1614
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
1715
"k8s.io/apimachinery/pkg/util/sets"
1816
"k8s.io/apimachinery/pkg/util/wait"
19-
"k8s.io/apimachinery/pkg/watch"
2017
informers "k8s.io/client-go/informers/core/v1"
2118
kclientset "k8s.io/client-go/kubernetes"
19+
listers "k8s.io/client-go/listers/core/v1"
2220
"k8s.io/client-go/tools/cache"
2321
"k8s.io/client-go/util/workqueue"
2422
"k8s.io/kubernetes/pkg/controller"
@@ -31,54 +29,62 @@ type DockerRegistryServiceControllerOptions struct {
3129
// If zero, re-list will be delayed as long as possible
3230
Resync time.Duration
3331

34-
RegistryNamespace string
35-
RegistryServiceName string
36-
3732
DockercfgController *DockercfgController
3833

3934
// DockerURLsInitialized is used to send a signal to the DockercfgController that it has the correct set of docker urls
4035
DockerURLsInitialized chan struct{}
4136
}
4237

38+
type serviceLocation struct {
39+
namespace string
40+
name string
41+
}
42+
43+
var serviceLocations = []serviceLocation{
44+
{namespace: "default", name: "docker-registry"},
45+
{namespace: "openshift-image-registry", name: "registry"},
46+
}
47+
4348
// NewDockerRegistryServiceController returns a new *DockerRegistryServiceController.
44-
func NewDockerRegistryServiceController(secrets informers.SecretInformer, cl kclientset.Interface, options DockerRegistryServiceControllerOptions) *DockerRegistryServiceController {
49+
func NewDockerRegistryServiceController(secrets informers.SecretInformer, serviceInformer informers.ServiceInformer, cl kclientset.Interface, options DockerRegistryServiceControllerOptions) *DockerRegistryServiceController {
4550
e := &DockerRegistryServiceController{
4651
client: cl,
4752
dockercfgController: options.DockercfgController,
4853
registryLocationQueue: workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()),
4954
secretsToUpdate: workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()),
50-
serviceName: options.RegistryServiceName,
51-
serviceNamespace: options.RegistryNamespace,
5255
dockerURLsInitialized: options.DockerURLsInitialized,
5356
}
5457

55-
// does not use shared informers because we're only watching one item
56-
e.serviceCache, e.serviceController = cache.NewInformer(
57-
&cache.ListWatch{
58-
ListFunc: func(opts metav1.ListOptions) (runtime.Object, error) {
59-
opts.FieldSelector = fields.OneTermEqualSelector("metadata.name", options.RegistryServiceName).String()
60-
return e.client.Core().Services(options.RegistryNamespace).List(opts)
58+
// we're only watching two of these, but we already watch all services for the service serving cert signer
59+
// and this correctly handles namespaces coming and going
60+
serviceInformer.Informer().AddEventHandler(
61+
cache.FilteringResourceEventHandler{
62+
FilterFunc: func(obj interface{}) bool {
63+
switch t := obj.(type) {
64+
case *v1.Service:
65+
for _, location := range serviceLocations {
66+
if t.Namespace == location.namespace && t.Name == location.name {
67+
return true
68+
}
69+
}
70+
}
71+
return false
6172
},
62-
WatchFunc: func(opts metav1.ListOptions) (watch.Interface, error) {
63-
opts.FieldSelector = fields.OneTermEqualSelector("metadata.name", options.RegistryServiceName).String()
64-
return e.client.Core().Services(options.RegistryNamespace).Watch(opts)
65-
},
66-
},
67-
&v1.Service{},
68-
options.Resync,
69-
cache.ResourceEventHandlerFuncs{
70-
AddFunc: func(obj interface{}) {
71-
e.enqueueRegistryLocationQueue()
72-
},
73-
UpdateFunc: func(old, cur interface{}) {
74-
e.enqueueRegistryLocationQueue()
75-
},
76-
DeleteFunc: func(obj interface{}) {
77-
e.enqueueRegistryLocationQueue()
78-
},
79-
},
73+
Handler: cache.ResourceEventHandlerFuncs{
74+
AddFunc: func(obj interface{}) {
75+
e.enqueueRegistryLocationQueue()
76+
},
77+
UpdateFunc: func(old, cur interface{}) {
78+
e.enqueueRegistryLocationQueue()
79+
},
80+
DeleteFunc: func(obj interface{}) {
81+
e.enqueueRegistryLocationQueue()
82+
},
83+
}},
8084
)
81-
e.servicesSynced = e.serviceController.HasSynced
85+
e.servicesSynced = serviceInformer.Informer().HasSynced
86+
e.serviceLister = serviceInformer.Lister()
87+
8288
e.syncRegistryLocationHandler = e.syncRegistryLocationChange
8389

8490
e.secretCache = secrets.Informer().GetIndexer()
@@ -92,14 +98,11 @@ func NewDockerRegistryServiceController(secrets informers.SecretInformer, cl kcl
9298
type DockerRegistryServiceController struct {
9399
client kclientset.Interface
94100

95-
serviceName string
96-
serviceNamespace string
97-
98101
dockercfgController *DockercfgController
99102

100-
serviceController cache.Controller
101-
serviceCache cache.Store
102-
servicesSynced func() bool
103+
serviceLister listers.ServiceLister
104+
servicesSynced func() bool
105+
103106
syncRegistryLocationHandler func(key string) error
104107

105108
secretCache cache.Store
@@ -119,8 +122,6 @@ func (e *DockerRegistryServiceController) Run(workers int, stopCh <-chan struct{
119122
defer utilruntime.HandleCrash()
120123
defer e.registryLocationQueue.ShutDown()
121124

122-
go e.serviceController.Run(stopCh)
123-
124125
// Wait for the store to sync before starting any work in this controller.
125126
ready := make(chan struct{})
126127
go e.waitForDockerURLs(ready, stopCh)
@@ -212,19 +213,18 @@ func (e *DockerRegistryServiceController) watchForDockerURLChanges() {
212213

213214
// getDockerRegistryLocations returns the dns form and the ip form of the secret
214215
func (e *DockerRegistryServiceController) getDockerRegistryLocations() []string {
215-
key, err := controller.KeyFunc(&v1.Service{ObjectMeta: metav1.ObjectMeta{Name: e.serviceName, Namespace: e.serviceNamespace}})
216-
if err != nil {
217-
return []string{}
216+
ret := []string{}
217+
for _, location := range serviceLocations {
218+
ret = append(ret, getDockerRegistryLocations(e.serviceLister, location)...)
218219
}
220+
return ret
221+
}
219222

220-
obj, exists, err := e.serviceCache.GetByKey(key)
223+
func getDockerRegistryLocations(lister listers.ServiceLister, location serviceLocation) []string {
224+
service, err := lister.Services(location.namespace).Get(location.name)
221225
if err != nil {
222226
return []string{}
223227
}
224-
if !exists {
225-
return []string{}
226-
}
227-
service := obj.(*v1.Service)
228228

229229
hasClusterIP := (len(service.Spec.ClusterIP) > 0) && (net.ParseIP(service.Spec.ClusterIP) != nil)
230230
if hasClusterIP && len(service.Spec.Ports) > 0 {
@@ -239,8 +239,10 @@ func (e *DockerRegistryServiceController) getDockerRegistryLocations() []string
239239

240240
// syncRegistryLocationChange goes through all service account dockercfg secrets and updates them to point at a new docker-registry location
241241
func (e *DockerRegistryServiceController) syncRegistryLocationChange(key string) error {
242-
newDockerRegistryLocations := sets.NewString(e.getDockerRegistryLocations()...)
243-
if e.getRegistryURLs().Equal(newDockerRegistryLocations) {
242+
newLocations := e.getDockerRegistryLocations()
243+
newDockerRegistryLocations := sets.NewString(newLocations...)
244+
existingURLs := e.getRegistryURLs()
245+
if existingURLs.Equal(newDockerRegistryLocations) {
244246
glog.V(4).Infof("No effective update: %v", newDockerRegistryLocations)
245247
return nil
246248
}
@@ -266,6 +268,7 @@ func (e *DockerRegistryServiceController) syncRegistryLocationChange(key string)
266268
utilruntime.HandleError(fmt.Errorf("couldn't get key for object %#v: %v", obj, err))
267269
continue
268270
}
271+
269272
e.secretsToUpdate.Add(key)
270273
}
271274

pkg/serviceaccounts/controllers/docker_registry_service_test.go

+11-9
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,8 @@ import (
1919
)
2020

2121
const (
22-
registryNamespace = "ns"
23-
registryName = "registry"
22+
registryNamespace = "default"
23+
registryName = "docker-registry"
2424
)
2525

2626
var (
@@ -42,17 +42,19 @@ func controllerSetup(startingObjects []runtime.Object, t *testing.T, stopCh <-ch
4242
kubeclient.PrependReactor("update", "*", func(action clientgotesting.Action) (handled bool, ret runtime.Object, err error) {
4343
return true, action.(clientgotesting.UpdateAction).GetObject(), nil
4444
})
45-
kubeclient.PrependWatchReactor("services", clientgotesting.DefaultWatchReactor(fakeWatch, nil))
45+
kubeclient.PrependWatchReactor("services",
46+
func(action clientgotesting.Action) (handled bool, ret watch.Interface, err error) {
47+
return true, fakeWatch, nil
48+
})
4649

4750
informerFactory := informers.NewSharedInformerFactory(kubeclient, controller.NoResyncPeriodFunc())
4851

4952
controller := NewDockerRegistryServiceController(
5053
informerFactory.Core().V1().Secrets(),
54+
informerFactory.Core().V1().Services(),
5155
kubeclient,
5256
DockerRegistryServiceControllerOptions{
5357
Resync: 10 * time.Minute,
54-
RegistryNamespace: registryNamespace,
55-
RegistryServiceName: registryName,
5658
DockercfgController: &DockercfgController{},
5759
DockerURLsInitialized: make(chan struct{}),
5860
},
@@ -153,7 +155,7 @@ func TestUpdateNewStyleSecret(t *testing.T) {
153155
}
154156

155157
expectedDockercfgMap := credentialprovider.DockerConfig{}
156-
for _, key := range []string{"172.16.123.123:1235", "registry.ns.svc:1235"} {
158+
for _, key := range []string{"172.16.123.123:1235", "docker-registry.default.svc:1235"} {
157159
expectedDockercfgMap[key] = credentialprovider.DockerConfigEntry{
158160
Username: "serviceaccount",
159161
Password: newStyleDockercfgSecret.Annotations[ServiceAccountTokenValueAnnotation],
@@ -243,7 +245,7 @@ func TestUpdateOldStyleSecretWithKey(t *testing.T) {
243245
}
244246

245247
expectedDockercfgMap := credentialprovider.DockerConfig{}
246-
for _, key := range []string{"172.16.123.123:1235", "registry.ns.svc:1235"} {
248+
for _, key := range []string{"172.16.123.123:1235", "docker-registry.default.svc:1235"} {
247249
expectedDockercfgMap[key] = credentialprovider.DockerConfigEntry{
248250
Username: "serviceaccount",
249251
Password: "token-value",
@@ -334,7 +336,7 @@ func TestUpdateOldStyleSecretWithoutKey(t *testing.T) {
334336
}
335337

336338
expectedDockercfgMap := credentialprovider.DockerConfig{}
337-
for _, key := range []string{"172.16.123.123:1235", "registry.ns.svc:1235"} {
339+
for _, key := range []string{"172.16.123.123:1235", "docker-registry.default.svc:1235"} {
338340
expectedDockercfgMap[key] = credentialprovider.DockerConfigEntry{
339341
Username: "serviceaccount",
340342
Password: "the-sa-bearer-token",
@@ -463,7 +465,7 @@ func TestClearSecretAndRecreate(t *testing.T) {
463465
}
464466

465467
expectedDockercfgMap := credentialprovider.DockerConfig{}
466-
for _, key := range []string{"172.16.123.123:1235", "registry.ns.svc:1235"} {
468+
for _, key := range []string{"172.16.123.123:1235", "docker-registry.default.svc:1235"} {
467469
expectedDockercfgMap[key] = credentialprovider.DockerConfigEntry{
468470
Username: "serviceaccount",
469471
Password: "the-token",

0 commit comments

Comments
 (0)