Commit 5a9b3baa authored by Geoff Simmons's avatar Geoff Simmons

Fix managing the Secret in which PEM files are created.

The Secret must be in the same namespace of the Pods into which
their contents are mounted.
parent a8ea2fdc
......@@ -44,7 +44,6 @@ import (
const (
admSecretKey = "admin"
dplaneSecretKey = "dataplaneapi"
certSecretNs = "kube-system"
certSecretName = "tls-cert"
tlsSecretType = "kubernetes.io/tls"
)
......@@ -77,7 +76,6 @@ func (worker *NamespaceWorker) updateCertSecret(spec *haproxy.Spec) error {
tlsSecret.ObjectMeta.Name)
}
nsLister = worker.listers.secr.Secrets(certSecretNs)
certSecret, err := nsLister.Get(certSecretName)
if err != nil {
return err
......@@ -97,8 +95,8 @@ func (worker *NamespaceWorker) updateCertSecret(spec *haproxy.Spec) error {
"Ingress TLS Secret %s/%s", certSecret.ObjectMeta.Namespace,
certSecret.ObjectMeta.Name, certName,
tlsSecret.ObjectMeta.Namespace, tlsSecret.ObjectMeta.Name)
_, err = worker.client.CoreV1().Secrets("kube-system").
Update(certSecret)
_, err = worker.client.CoreV1().
Secrets(certSecret.ObjectMeta.Namespace).Update(certSecret)
if err != nil {
return err
}
......@@ -108,8 +106,7 @@ func (worker *NamespaceWorker) updateCertSecret(spec *haproxy.Spec) error {
}
func (worker *NamespaceWorker) deleteTLSSecret(secret *api_v1.Secret) error {
nsLister := worker.listers.secr.Secrets(certSecretNs)
certSecret, err := nsLister.Get(certSecretName)
certSecret, err := worker.secr.Get(certSecretName)
if err != nil {
return err
}
......@@ -125,8 +122,8 @@ func (worker *NamespaceWorker) deleteTLSSecret(secret *api_v1.Secret) error {
"contents from Ingress TLS Secret %s/%s",
certSecret.ObjectMeta.Namespace, certSecret.ObjectMeta.Name,
certName, secret.ObjectMeta.Namespace, secret.ObjectMeta.Name)
_, err = worker.client.CoreV1().Secrets("kube-system").
Update(certSecret)
_, err = worker.client.CoreV1().
Secrets(certSecret.ObjectMeta.Namespace).Update(certSecret)
return err
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment