Merge "Snipe watch secrets - remove adoption system"

controllers/nodepool.go

@@ -290,40 +290,30 @@ func (r *SFController) ensureNodepoolPromRule(cloudsYaml map[string]interface{})
 	return true
 }
 
-func (r *SFController) setProviderSecrets(volumeMount []apiv1.VolumeMount) (apiv1.Secret, []apiv1.VolumeMount, bool) {
-	// We set a place holder secret to ensure that the Secret is owned by the SoftwareFactory instance (ControllerReference)
+func (r *SFController) setProviderSecretsVolumeMounts(volumeMount []apiv1.VolumeMount) (apiv1.Secret, []apiv1.VolumeMount, bool) {
 	var nodepoolProvidersSecrets apiv1.Secret
-	if !r.GetM(NodepoolProvidersSecretsName, &nodepoolProvidersSecrets) {
-		r.CreateR(&apiv1.Secret{
-			Data:       map[string][]byte{},
-			ObjectMeta: metav1.ObjectMeta{Name: NodepoolProvidersSecretsName, Namespace: r.ns}})
-	} else {
-		if len(nodepoolProvidersSecrets.GetOwnerReferences()) == 0 {
-			r.log.V(1).Info("Adopting the providers secret to set the owner reference", "secret", NodepoolProvidersSecretsName)
-			if !r.UpdateR(&nodepoolProvidersSecrets) {
-				return nodepoolProvidersSecrets, volumeMount, false
-			}
+	if r.GetM(NodepoolProvidersSecretsName, &nodepoolProvidersSecrets) {
+		if data, ok := nodepoolProvidersSecrets.Data["clouds.yaml"]; ok && len(data) > 0 {
+			volumeMount = append(volumeMount, apiv1.VolumeMount{
+				Name:      "nodepool-providers-secrets",
+				SubPath:   "clouds.yaml",
+				MountPath: "/var/lib/nodepool/.config/openstack/clouds.yaml",
+				ReadOnly:  true,
+			})
 		}
-	}
-
-	if data, ok := nodepoolProvidersSecrets.Data["clouds.yaml"]; ok && len(data) > 0 {
-		volumeMount = append(volumeMount, apiv1.VolumeMount{
-			Name:      "nodepool-providers-secrets",
-			SubPath:   "clouds.yaml",
-			MountPath: "/var/lib/nodepool/.config/openstack/clouds.yaml",
-			ReadOnly:  true,
-		})
-	}
 
-	if data, ok := nodepoolProvidersSecrets.Data["kube.config"]; ok && len(data) > 0 {
-		volumeMount = append(volumeMount, apiv1.VolumeMount{
-			Name:      "nodepool-providers-secrets",
-			SubPath:   "kube.config",
-			MountPath: "/var/lib/nodepool/.kube/config",
-			ReadOnly:  true,
-		})
+		if data, ok := nodepoolProvidersSecrets.Data["kube.config"]; ok && len(data) > 0 {
+			volumeMount = append(volumeMount, apiv1.VolumeMount{
+				Name:      "nodepool-providers-secrets",
+				SubPath:   "kube.config",
+				MountPath: "/var/lib/nodepool/.kube/config",
+				ReadOnly:  true,
+			})
+		}
+		return nodepoolProvidersSecrets, volumeMount, true
+	} else {
+		return nodepoolProvidersSecrets, volumeMount, false
 	}
-	return nodepoolProvidersSecrets, volumeMount, true
 }
 
 func (r *SFController) DeployNodepoolBuilder(statsdExporterVolume apiv1.Volume, nodepoolStatsdMappingConfig string) bool {
@@ -423,7 +413,7 @@ func (r *SFController) DeployNodepoolBuilder(statsdExporterVolume apiv1.Volume,
 		},
 	}
 
-	nodepoolProvidersSecrets, volumeMount, ready := r.setProviderSecrets(volumeMount)
+	nodepoolProvidersSecrets, volumeMount, ready := r.setProviderSecretsVolumeMounts(volumeMount)
 	if !ready {
 		return false
 	}
@@ -578,7 +568,7 @@ func (r *SFController) DeployNodepoolLauncher(statsdExporterVolume apiv1.Volume,
 		configScriptVolumeMount,
 	}
 
-	nodepoolProvidersSecrets, volumeMount, ready := r.setProviderSecrets(volumeMount)
+	nodepoolProvidersSecrets, volumeMount, ready := r.setProviderSecretsVolumeMounts(volumeMount)
 	if !ready {
 		return false
 	}
@@ -665,7 +655,7 @@ func (r *SFController) DeployNodepool() map[string]bool {
 
 	// We need to initialize the providers secrets early
 	var v []apiv1.VolumeMount
-	var nodepoolProvidersSecrets, _, ready = r.setProviderSecrets(v)
+	var nodepoolProvidersSecrets, _, ready = r.setProviderSecretsVolumeMounts(v)
 	if !ready {
 		deployments[launcherIdent] = false
 		deployments[builderIdent] = false

controllers/utils.go

@@ -296,13 +296,13 @@ func (r *SFUtilContext) ensureHTTPSRoute(
 	name string, host string, serviceName string, path string,
 	port int, annotations map[string]string, fqdn string, le *sfv1.LetsEncryptSpec) bool {
 
-	var tlsDataReady bool
+	tlsDataReady := true
 	var sslCA, sslCrt, sslKey []byte
 
 	if le == nil {
 		// Letsencrypt config has not been set so we check the `customSSLSecretName` Secret
 		// for any custom TLS data to setup the Route
-		tlsDataReady, sslCA, sslCrt, sslKey = r.extractStaticTLSFromSecret(name, host)
+		sslCA, sslCrt, sslKey = r.extractStaticTLSFromSecret(name, host)
 	} else {
 		// Letsencrypt config has been set so we ensure we set a Certificate via the
 		// cert-manager Issuer and then we'll setup the Route based on the Certificate's Secret
@@ -471,27 +471,16 @@ func GetCustomRouteSSLSecretName(host string) string {
 	return host + "-ssl-cert"
 }
 
-func (r *SFUtilContext) extractStaticTLSFromSecret(name string, host string) (bool, []byte, []byte, []byte) {
+func (r *SFUtilContext) extractStaticTLSFromSecret(name string, host string) ([]byte, []byte, []byte) {
 	var customSSLSecret apiv1.Secret
 	customSSLSecretName := GetCustomRouteSSLSecretName(host)
 
-	// We set a place holder secret to ensure that the Secret is owned (ControllerReference)
-	// Or we adopt the existing secret
 	if !r.GetM(customSSLSecretName, &customSSLSecret) {
-		r.CreateR(&apiv1.Secret{
-			Data:       map[string][]byte{},
-			ObjectMeta: metav1.ObjectMeta{Name: customSSLSecretName, Namespace: r.ns}})
-		return false, nil, nil, nil
+		return nil, nil, nil
 	} else {
-		if len(customSSLSecret.GetOwnerReferences()) == 0 {
-			r.log.V(1).Info("Adopting the route secret to set the owner reference", "secret", customSSLSecretName, "route name", name)
-			if !r.UpdateR(&customSSLSecret) {
-				return false, nil, nil, nil
-			}
-		}
+		// Fetching secret expected TLS Keys content
+		return customSSLSecret.Data["CA"], customSSLSecret.Data["crt"], customSSLSecret.Data["key"]
 	}
-	// Fetching secret expected TLS Keys content
-	return true, customSSLSecret.Data["CA"], customSSLSecret.Data["crt"], customSSLSecret.Data["key"]
 }
 
 func (r *SFUtilContext) extractTLSFromLECertificateSecret(name string, host string, fqdn string, le sfv1.LetsEncryptSpec) (bool, []byte, []byte, []byte) {