2020-07-16 16:40:44 +00:00
|
|
|
/*
|
|
|
|
Copyright 2020 VMware, Inc.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
*/
|
|
|
|
|
2020-08-11 17:14:57 +00:00
|
|
|
package apicerts
|
2020-07-16 16:40:44 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
|
|
"k8s.io/client-go/util/retry"
|
2020-08-09 17:04:05 +00:00
|
|
|
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
|
2020-07-16 16:40:44 +00:00
|
|
|
|
2020-08-24 19:30:45 +00:00
|
|
|
pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1"
|
2020-08-04 23:46:27 +00:00
|
|
|
)
|
2020-07-16 16:40:44 +00:00
|
|
|
|
2020-08-04 23:46:27 +00:00
|
|
|
// UpdateAPIService updates the APIService's CA bundle.
|
2020-08-09 17:04:05 +00:00
|
|
|
func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, aggregatedAPIServerCA []byte) error {
|
|
|
|
apiServices := aggregatorClient.ApiregistrationV1().APIServices()
|
2020-08-20 17:54:15 +00:00
|
|
|
apiServiceName := pinnipedv1alpha1.SchemeGroupVersion.Version + "." + pinnipedv1alpha1.GroupName
|
2020-07-16 16:40:44 +00:00
|
|
|
|
|
|
|
if err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
|
2020-08-04 23:46:27 +00:00
|
|
|
// Retrieve the latest version of the Service before attempting update.
|
|
|
|
// RetryOnConflict uses exponential backoff to avoid exhausting the API server.
|
|
|
|
fetchedAPIService, err := apiServices.Get(ctx, apiServiceName, metav1.GetOptions{})
|
2020-07-16 16:40:44 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("could not get existing version of API service: %w", err)
|
|
|
|
}
|
|
|
|
|
2020-08-04 23:46:27 +00:00
|
|
|
// Update just the field we care about.
|
|
|
|
fetchedAPIService.Spec.CABundle = aggregatedAPIServerCA
|
2020-07-16 16:40:44 +00:00
|
|
|
|
2020-08-04 23:46:27 +00:00
|
|
|
_, updateErr := apiServices.Update(ctx, fetchedAPIService, metav1.UpdateOptions{})
|
2020-07-16 16:40:44 +00:00
|
|
|
return updateErr
|
|
|
|
}); err != nil {
|
|
|
|
return fmt.Errorf("could not update API service: %w", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|