From 453ae3d1095db741100dfa93528b48fc1b4064ee Mon Sep 17 00:00:00 2001 From: Arkadiusz Galwas Date: Fri, 20 Oct 2023 15:29:09 +0200 Subject: [PATCH] Added force rotation --- .../controller/gardener_cluster_controller.go | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/internal/controller/gardener_cluster_controller.go b/internal/controller/gardener_cluster_controller.go index 14d84534..134061e7 100644 --- a/internal/controller/gardener_cluster_controller.go +++ b/internal/controller/gardener_cluster_controller.go @@ -187,7 +187,7 @@ func (controller *GardenerClusterController) createOrRotateSecret(ctx context.Co return true, err } - if !secretNeedsToBeRotated(existingSecret, controller.rotationPeriod) { + if !secretNeedsToBeRotated(cluster, existingSecret, controller.rotationPeriod) { return false, nil } @@ -205,10 +205,15 @@ func (controller *GardenerClusterController) createOrRotateSecret(ctx context.Co return true, controller.createNewSecret(ctx, kubeconfig, cluster, lastSyncTime) } -func secretNeedsToBeRotated(secret *corev1.Secret, rotationPeriod time.Duration) bool { +func secretNeedsToBeRotated(cluster *imv1.GardenerCluster, secret *corev1.Secret, rotationPeriod time.Duration) bool { + return secretRotationTimePassed(secret, rotationPeriod) || secretRotationForced(cluster) +} + +func secretRotationTimePassed(secret *corev1.Secret, rotationPeriod time.Duration) bool { if secret == nil { return true } + annotations := secret.GetAnnotations() _, found := annotations[lastKubeconfigSyncAnnotation] @@ -228,6 +233,17 @@ func secretNeedsToBeRotated(secret *corev1.Secret, rotationPeriod time.Duration) return alreadyValidFor.Minutes() >= rotationPeriod.Minutes() } +func secretRotationForced(cluster *imv1.GardenerCluster) bool { + annotations := cluster.GetAnnotations() + if annotations == nil { + return false + } + + _, found := annotations[forceKubeconfigRotationAnnotation] + + return found +} + func (controller *GardenerClusterController) createNewSecret(ctx context.Context, kubeconfig string, cluster *imv1.GardenerCluster, lastSyncTime time.Time) error { controller.log.Info("Creating a new kubeconfig secret") newSecret := controller.newSecret(*cluster, kubeconfig, lastSyncTime)