Fix managing the Secret in which PEM files are created.

The Secret must be in the same namespace of the Pods into which their contents are mounted.

Fix managing the Secret in which PEM files are created.
The Secret must be in the same namespace of the Pods into which their contents are mounted.
b2b566aa · Geoff Simmons · 43661229 · b2b566aa
Commit b2b566aa authored May 05, 2020 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 8 deletions

secret.go pkg/controller/secret.go +5 -8

No files found.
--- a/pkg/controller/secret.go
+++ b/pkg/controller/secret.go
@@ -44,7 +44,6 @@ import (
 const (
 	admSecretKey    = "admin"
 	dplaneSecretKey = "dataplaneapi"
-	certSecretNs    = "kube-system"
 	certSecretName  = "tls-cert"
 	tlsSecretType   = "kubernetes.io/tls"
 )
@@ -77,7 +76,6 @@ func (worker *NamespaceWorker) updateCertSecret(spec *haproxy.Spec) error {
 			tlsSecret.ObjectMeta.Name)
 	}

-	nsLister = worker.listers.secr.Secrets(certSecretNs)
 	certSecret, err := nsLister.Get(certSecretName)
 	if err != nil {
 		return err
@@ -97,8 +95,8 @@ func (worker *NamespaceWorker) updateCertSecret(spec *haproxy.Spec) error {
 		"Ingress TLS Secret %s/%s", certSecret.ObjectMeta.Namespace,
 		certSecret.ObjectMeta.Name, certName,
 		tlsSecret.ObjectMeta.Namespace, tlsSecret.ObjectMeta.Name)
-	_, err = worker.client.CoreV1().Secrets("kube-system").
-		Update(certSecret)
+	_, err = worker.client.CoreV1().
+		Secrets(certSecret.ObjectMeta.Namespace).Update(certSecret)
 	if err != nil {
 		return err
 	}
@@ -108,8 +106,7 @@ func (worker *NamespaceWorker) updateCertSecret(spec *haproxy.Spec) error {
 }

 func (worker *NamespaceWorker) deleteTLSSecret(secret *api_v1.Secret) error {
-	nsLister := worker.listers.secr.Secrets(certSecretNs)
-	certSecret, err := nsLister.Get(certSecretName)
+	certSecret, err := worker.secr.Get(certSecretName)
 	if err != nil {
 		return err
 	}
@@ -125,8 +122,8 @@ func (worker *NamespaceWorker) deleteTLSSecret(secret *api_v1.Secret) error {
 		"contents from Ingress TLS Secret %s/%s",
 		certSecret.ObjectMeta.Namespace, certSecret.ObjectMeta.Name,
 		certName, secret.ObjectMeta.Namespace, secret.ObjectMeta.Name)
-	_, err = worker.client.CoreV1().Secrets("kube-system").
-		Update(certSecret)
+	_, err = worker.client.CoreV1().
+		Secrets(certSecret.ObjectMeta.Namespace).Update(certSecret)
 	return err
 }