diff --git a/internal/controller/kubecertagent/deleter.go b/internal/controller/kubecertagent/deleter.go index 61976352..99bf09e8 100644 --- a/internal/controller/kubecertagent/deleter.go +++ b/internal/controller/kubecertagent/deleter.go @@ -25,8 +25,6 @@ type deleterController struct { // NewDeleterController returns a controller that deletes any kube-cert-agent pods that are out of // sync with the known kube-controller-manager pods. -// -// This controller only uses the Template field of the provided agentInfo. func NewDeleterController( agentPodConfig *AgentPodConfig, k8sClient kubernetes.Interface, diff --git a/internal/controller/kubecertagent/execer.go b/internal/controller/kubecertagent/execer.go index 6b26994e..6791c6fd 100644 --- a/internal/controller/kubecertagent/execer.go +++ b/internal/controller/kubecertagent/execer.go @@ -30,6 +30,9 @@ type execerController struct { // NewExecerController returns a controllerlib.Controller that listens for agent pods with proper // cert/key path annotations and execs into them to get the cert/key material. It sets the retrieved // key material in a provided dynamicCertProvider. +// +// It also is tasked with updating the CredentialIssuerConfig, located via the provided +// credentialIssuerConfigLocationConfig, with any errors that it encounters. func NewExecerController( credentialIssuerConfigLocationConfig *CredentialIssuerConfigLocationConfig, dynamicCertProvider dynamiccert.Provider, diff --git a/internal/controller/kubecertagent/kubecertagent.go b/internal/controller/kubecertagent/kubecertagent.go index f9ee4b87..bd9c4bcd 100644 --- a/internal/controller/kubecertagent/kubecertagent.go +++ b/internal/controller/kubecertagent/kubecertagent.go @@ -33,8 +33,12 @@ const ( // ControllerManagerNamespace is the assumed namespace of the kube-controller-manager pod(s). ControllerManagerNamespace = "kube-system" + // controllerManagerNameAnnotationKey is used to store an agent pod's parent's name, i.e., the + // name of the controller manager pod with which it is supposed to be in sync. controllerManagerNameAnnotationKey = "kube-cert-agent.pinniped.dev/controller-manager-name" - controllerManagerUIDAnnotationKey = "kube-cert-agent.pinniped.dev/controller-manager-uid" + // controllerManagerUIDAnnotationKey is used to store an agent pod's parent's UID, i.e., the UID + // of the controller manager pod with which it is supposed to be in sync. + controllerManagerUIDAnnotationKey = "kube-cert-agent.pinniped.dev/controller-manager-uid" // agentPodLabelKey is used to identify which pods are created by the kube-cert-agent // controllers.