Skip to content

Commit 979b2e0

Browse files
sharifelgamalsharifelgamal
authored
Merge pull request #12497 from sharifelgamal/gcp-auth-fixes
fix refreshing gcp-auth pull secret
2 parents 24ab296 + 95acc28 commit 979b2e0

File tree

2 files changed

+17
-13
lines changed

2 files changed

+17
-13
lines changed

deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ metadata:
6161
name: gcp-auth-certs-create
6262
namespace: gcp-auth
6363
spec:
64+
ttlSecondsAfterFinished: 30
6465
template:
6566
metadata:
6667
name: gcp-auth-certs-create
@@ -120,6 +121,7 @@ metadata:
120121
name: gcp-auth-certs-patch
121122
namespace: gcp-auth
122123
spec:
124+
ttlSecondsAfterFinished: 30
123125
template:
124126
metadata:
125127
name: gcp-auth-certs-patch

pkg/addons/addons_gcpauth.go

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -169,22 +169,20 @@ func createPullSecret(cc *config.ClusterConfig, creds *google.Credentials) error
169169
}
170170

171171
for _, n := range namespaces.Items {
172-
if n.Name == "kube-system" {
172+
if skipNamespace(n.Name) {
173173
continue
174174
}
175175
secrets := client.Secrets(n.Name)
176176

177177
exists := false
178-
if !Refresh {
179-
secList, err := secrets.List(context.TODO(), metav1.ListOptions{})
180-
if err != nil {
181-
return err
182-
}
183-
for _, s := range secList.Items {
184-
if s.Name == secretName {
185-
exists = true
186-
break
187-
}
178+
secList, err := secrets.List(context.TODO(), metav1.ListOptions{})
179+
if err != nil {
180+
return err
181+
}
182+
for _, s := range secList.Items {
183+
if s.Name == secretName {
184+
exists = true
185+
break
188186
}
189187
}
190188

@@ -261,7 +259,7 @@ func refreshExistingPods(cc *config.ClusterConfig) error {
261259
}
262260
for _, n := range namespaces.Items {
263261
// Ignore kube-system and gcp-auth namespaces
264-
if n.Name == metav1.NamespaceSystem || n.Name == namespaceName {
262+
if skipNamespace(n.Name) {
265263
continue
266264
}
267265

@@ -331,7 +329,7 @@ func disableAddonGCPAuth(cfg *config.ClusterConfig) error {
331329

332330
// No need to check for an error here, if the secret doesn't exist, no harm done.
333331
for _, n := range namespaces.Items {
334-
if n.Name == "kube-system" {
332+
if skipNamespace(n.Name) {
335333
continue
336334
}
337335
secrets := client.Secrets(n.Name)
@@ -397,3 +395,7 @@ func verifyGCPAuthAddon(cc *config.ClusterConfig, name string, val string) error
397395

398396
return err
399397
}
398+
399+
func skipNamespace(name string) bool {
400+
return name == metav1.NamespaceSystem || name == namespaceName
401+
}

0 commit comments

Comments
 (0)