Skip to content

Commit 3710352

Browse files
ajanikowajanikow
authored
[Feature] TLS Rotation on ALT Names change (#810)
1 parent b0d58c7 commit 3710352

File tree

92 files changed

+2049
-686
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

92 files changed

+2049
-686
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
- Add Topology support
99
- Add ARANGODB_ZONE env to Topology Managed pods
1010
- Add "Random pod names" feature
11+
- Rotate TLS Secrets on ALT Names change
1112

1213
## [1.2.3](https://github.com/arangodb/kube-arangodb/tree/1.2.3) (2021-09-24)
1314
- Update UBI Image to 8.4

pkg/apis/deployment/v1/deployment_member_status_element.go

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
//
2+
// DISCLAIMER
3+
//
4+
// Copyright 2020 ArangoDB GmbH, Cologne, Germany
5+
//
6+
// Licensed under the Apache License, Version 2.0 (the "License");
7+
// you may not use this file except in compliance with the License.
8+
// You may obtain a copy of the License at
9+
//
10+
// http://www.apache.org/licenses/LICENSE-2.0
11+
//
12+
// Unless required by applicable law or agreed to in writing, software
13+
// distributed under the License is distributed on an "AS IS" BASIS,
14+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15+
// See the License for the specific language governing permissions and
16+
// limitations under the License.
17+
//
18+
// Copyright holder is ArangoDB GmbH, Cologne, Germany
19+
//
20+
21+
package v1
22+
23+
type DeploymentStatusMemberElements []DeploymentStatusMemberElement
24+
25+
// DeploymentStatusMemberElement holds one specific element with group and member status
26+
type DeploymentStatusMemberElement struct {
27+
Group ServerGroup `json:"group,omitempty"`
28+
Member MemberStatus `json:"member,omitempty"`
29+
}
30+
31+
func (ds DeploymentStatusMembers) AsList() DeploymentStatusMemberElements {
32+
return ds.AsListInGroups(AllServerGroups...)
33+
}
34+
35+
func (ds DeploymentStatusMembers) AsListInGroups(groups ...ServerGroup) DeploymentStatusMemberElements {
36+
var elements []DeploymentStatusMemberElement
37+
38+
// Always return nil, so no error handling
39+
for _, g := range groups {
40+
elements = append(elements, ds.AsListInGroup(g)...)
41+
}
42+
43+
return elements
44+
}
45+
46+
func (ds DeploymentStatusMembers) AsListInGroup(group ServerGroup) DeploymentStatusMemberElements {
47+
var r DeploymentStatusMemberElements
48+
49+
for _, m := range ds.MembersOfGroup(group) {
50+
r = append(r, DeploymentStatusMemberElement{
51+
Group: group,
52+
Member: m,
53+
})
54+
}
55+
56+
return r
57+
}

pkg/apis/deployment/v1/zz_generated.deepcopy.go

Lines changed: 39 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/apis/deployment/v2alpha1/deployment_member_status_element.go

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
//
2+
// DISCLAIMER
3+
//
4+
// Copyright 2020 ArangoDB GmbH, Cologne, Germany
5+
//
6+
// Licensed under the Apache License, Version 2.0 (the "License");
7+
// you may not use this file except in compliance with the License.
8+
// You may obtain a copy of the License at
9+
//
10+
// http://www.apache.org/licenses/LICENSE-2.0
11+
//
12+
// Unless required by applicable law or agreed to in writing, software
13+
// distributed under the License is distributed on an "AS IS" BASIS,
14+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15+
// See the License for the specific language governing permissions and
16+
// limitations under the License.
17+
//
18+
// Copyright holder is ArangoDB GmbH, Cologne, Germany
19+
//
20+
21+
package v2alpha1
22+
23+
type DeploymentStatusMemberElements []DeploymentStatusMemberElement
24+
25+
// DeploymentStatusMemberElement holds one specific element with group and member status
26+
type DeploymentStatusMemberElement struct {
27+
Group ServerGroup `json:"group,omitempty"`
28+
Member MemberStatus `json:"member,omitempty"`
29+
}
30+
31+
func (ds DeploymentStatusMembers) AsList() DeploymentStatusMemberElements {
32+
return ds.AsListInGroups(AllServerGroups...)
33+
}
34+
35+
func (ds DeploymentStatusMembers) AsListInGroups(groups ...ServerGroup) DeploymentStatusMemberElements {
36+
var elements []DeploymentStatusMemberElement
37+
38+
// Always return nil, so no error handling
39+
for _, g := range groups {
40+
elements = append(elements, ds.AsListInGroup(g)...)
41+
}
42+
43+
return elements
44+
}
45+
46+
func (ds DeploymentStatusMembers) AsListInGroup(group ServerGroup) DeploymentStatusMemberElements {
47+
var r DeploymentStatusMemberElements
48+
49+
for _, m := range ds.MembersOfGroup(group) {
50+
r = append(r, DeploymentStatusMemberElement{
51+
Group: group,
52+
Member: m,
53+
})
54+
}
55+
56+
return r
57+
}

pkg/apis/deployment/v2alpha1/zz_generated.deepcopy.go

Lines changed: 39 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/deployment/cleanup.go

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -38,18 +38,17 @@ import (
3838
// removePodFinalizers removes all finalizers from all pods owned by us.
3939
func (d *Deployment) removePodFinalizers(ctx context.Context, cachedStatus inspectorInterface.Inspector) error {
4040
log := d.deps.Log
41-
kubecli := d.GetKubeCli()
4241

4342
if err := cachedStatus.IteratePods(func(pod *core.Pod) error {
44-
if err := k8sutil.RemovePodFinalizers(ctx, log, kubecli, pod, pod.GetFinalizers(), true); err != nil {
43+
if err := k8sutil.RemovePodFinalizers(ctx, cachedStatus, log, d.PodsModInterface(), pod, pod.GetFinalizers(), true); err != nil {
4544
log.Warn().Err(err).Msg("Failed to remove pod finalizers")
4645
return err
4746
}
4847

4948
ctxChild, cancel := context.WithTimeout(ctx, k8sutil.GetRequestTimeout())
5049
defer cancel()
5150

52-
if err := kubecli.CoreV1().Pods(pod.GetNamespace()).Delete(ctxChild, pod.GetName(), meta.DeleteOptions{
51+
if err := d.PodsModInterface().Delete(ctxChild, pod.GetName(), meta.DeleteOptions{
5352
GracePeriodSeconds: util.NewInt64(1),
5453
}); err != nil {
5554
if !k8sutil.IsNotFound(err) {
@@ -68,10 +67,9 @@ func (d *Deployment) removePodFinalizers(ctx context.Context, cachedStatus inspe
6867
// removePVCFinalizers removes all finalizers from all PVCs owned by us.
6968
func (d *Deployment) removePVCFinalizers(ctx context.Context, cachedStatus inspectorInterface.Inspector) error {
7069
log := d.deps.Log
71-
kubecli := d.GetKubeCli()
7270

7371
if err := cachedStatus.IteratePersistentVolumeClaims(func(pvc *core.PersistentVolumeClaim) error {
74-
if err := k8sutil.RemovePVCFinalizers(ctx, log, kubecli, pvc, pvc.GetFinalizers(), true); err != nil {
72+
if err := k8sutil.RemovePVCFinalizers(ctx, cachedStatus, log, d.PersistentVolumeClaimsModInterface(), pvc, pvc.GetFinalizers(), true); err != nil {
7573
log.Warn().Err(err).Msg("Failed to remove PVC finalizers")
7674
return err
7775
}

0 commit comments

Comments
 (0)