diff --git a/internal/controller/apicerts/apiservice_updater.go b/internal/controller/apicerts/apiservice_updater.go index 68bade3d..88ab0fd9 100644 --- a/internal/controller/apicerts/apiservice_updater.go +++ b/internal/controller/apicerts/apiservice_updater.go @@ -19,10 +19,12 @@ type apiServiceUpdaterController struct { namespace string aggregatorClient aggregatorclient.Interface secretInformer corev1informers.SecretInformer + apiServiceName string } func NewAPIServiceUpdaterController( namespace string, + apiServiceName string, aggregatorClient aggregatorclient.Interface, secretInformer corev1informers.SecretInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, @@ -34,6 +36,7 @@ func NewAPIServiceUpdaterController( namespace: namespace, aggregatorClient: aggregatorClient, secretInformer: secretInformer, + apiServiceName: apiServiceName, }, }, withInformer( @@ -58,7 +61,7 @@ func (c *apiServiceUpdaterController) Sync(ctx controllerlib.Context) error { } // Update the APIService to give it the new CA bundle. - if err := UpdateAPIService(ctx.Context, c.aggregatorClient, certSecret.Data[caCertificateSecretKey]); err != nil { + if err := UpdateAPIService(ctx.Context, c.aggregatorClient, c.apiServiceName, certSecret.Data[caCertificateSecretKey]); err != nil { return fmt.Errorf("could not update the API service: %w", err) } diff --git a/internal/controller/apicerts/apiservice_updater_test.go b/internal/controller/apicerts/apiservice_updater_test.go index bac00257..afaaa910 100644 --- a/internal/controller/apicerts/apiservice_updater_test.go +++ b/internal/controller/apicerts/apiservice_updater_test.go @@ -41,6 +41,7 @@ func TestAPIServiceUpdaterControllerOptions(t *testing.T) { secretsInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().Secrets() _ = NewAPIServiceUpdaterController( installedInNamespace, + pinnipedv1alpha1.SchemeGroupVersion.Version+"."+pinnipedv1alpha1.GroupName, nil, secretsInformer, observableWithInformerOption.WithInformer, // make it possible to observe the behavior of the Filters @@ -118,6 +119,7 @@ func TestAPIServiceUpdaterControllerSync(t *testing.T) { // Set this at the last second to allow for injection of server override. subject = NewAPIServiceUpdaterController( installedInNamespace, + pinnipedv1alpha1.SchemeGroupVersion.Version+"."+pinnipedv1alpha1.GroupName, aggregatorAPIClient, kubeInformers.Core().V1().Secrets(), controllerlib.WithInformer, diff --git a/internal/controller/apicerts/update_api_service.go b/internal/controller/apicerts/update_api_service.go index cfc5a7ad..ea159385 100644 --- a/internal/controller/apicerts/update_api_service.go +++ b/internal/controller/apicerts/update_api_service.go @@ -11,14 +11,11 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" - - pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" ) // UpdateAPIService updates the APIService's CA bundle. -func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, aggregatedAPIServerCA []byte) error { +func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, apiServiceName string, aggregatedAPIServerCA []byte) error { apiServices := aggregatorClient.ApiregistrationV1().APIServices() - apiServiceName := pinnipedv1alpha1.SchemeGroupVersion.Version + "." + pinnipedv1alpha1.GroupName if err := retry.RetryOnConflict(retry.DefaultRetry, func() error { // Retrieve the latest version of the Service. diff --git a/internal/controller/apicerts/update_api_service_test.go b/internal/controller/apicerts/update_api_service_test.go index 92a6851f..0beb522c 100644 --- a/internal/controller/apicerts/update_api_service_test.go +++ b/internal/controller/apicerts/update_api_service_test.go @@ -16,6 +16,8 @@ import ( kubetesting "k8s.io/client-go/testing" apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" aggregatorv1fake "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/fake" + + pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" ) func TestUpdateAPIService(t *testing.T) { @@ -179,7 +181,7 @@ func TestUpdateAPIService(t *testing.T) { tt.mocks(client) } - err := UpdateAPIService(ctx, client, tt.caInput) + err := UpdateAPIService(ctx, client, pinnipedv1alpha1.SchemeGroupVersion.Version+"."+pinnipedv1alpha1.GroupName, tt.caInput) if tt.wantErr != "" { require.EqualError(t, err, tt.wantErr) return diff --git a/internal/controllermanager/prepare_controllers.go b/internal/controllermanager/prepare_controllers.go index c9c6fcb1..ebab153b 100644 --- a/internal/controllermanager/prepare_controllers.go +++ b/internal/controllermanager/prepare_controllers.go @@ -15,6 +15,7 @@ import ( "k8s.io/klog/v2/klogr" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" + pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" pinnipedclientset "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" pinnipedinformers "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions" "github.com/suzerain-io/pinniped/internal/controller/apicerts" @@ -83,6 +84,7 @@ func PrepareControllers( WithController( apicerts.NewAPIServiceUpdaterController( serverInstallationNamespace, + pinnipedv1alpha1.SchemeGroupVersion.Version+"."+pinnipedv1alpha1.GroupName, aggregatorClient, installationNamespaceK8sInformers.Core().V1().Secrets(), controllerlib.WithInformer,