github.com/cilium/cilium@v1.16.2/operator/pkg/ingress/secretsync.go

github.com/cilium/cilium@v1.16.2/operator/pkg/ingress/secretsync.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package ingress
     5  
     6  import (
     7  	"context"
     8  
     9  	"github.com/sirupsen/logrus"
    10  	corev1 "k8s.io/api/core/v1"
    11  	networkingv1 "k8s.io/api/networking/v1"
    12  	"k8s.io/apimachinery/pkg/types"
    13  	"sigs.k8s.io/controller-runtime/pkg/client"
    14  	"sigs.k8s.io/controller-runtime/pkg/handler"
    15  	"sigs.k8s.io/controller-runtime/pkg/reconcile"
    16  
    17  	"github.com/cilium/cilium/pkg/logging/logfields"
    18  )
    19  
    20  func EnqueueReferencedTLSSecrets(c client.Client, logger logrus.FieldLogger) handler.EventHandler {
    21  	return handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []reconcile.Request {
    22  		scopedLog := logger.WithFields(logrus.Fields{
    23  			logfields.Controller: "secrets",
    24  			logfields.Resource:   obj.GetName(),
    25  		})
    26  
    27  		ing, ok := obj.(*networkingv1.Ingress)
    28  		if !ok {
    29  			return nil
    30  		}
    31  
    32  		// Check whether Ingress is managed by Cilium
    33  		if !isCiliumManagedIngress(ctx, c, logger, *ing) {
    34  			return nil
    35  		}
    36  
    37  		var reqs []reconcile.Request
    38  		for _, tls := range ing.Spec.TLS {
    39  			if len(tls.SecretName) == 0 {
    40  				continue
    41  			}
    42  
    43  			s := types.NamespacedName{
    44  				Namespace: ing.Namespace,
    45  				Name:      tls.SecretName,
    46  			}
    47  			reqs = append(reqs, reconcile.Request{NamespacedName: s})
    48  			scopedLog.WithField("secret", s).Debug("Enqueued secret for Ingress")
    49  		}
    50  		return reqs
    51  	})
    52  }
    53  
    54  func enqueueAllSecrets(c client.Client) handler.EventHandler {
    55  	return handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []reconcile.Request {
    56  		secretList := &corev1.SecretList{}
    57  		if err := c.List(ctx, secretList); err != nil {
    58  			return nil
    59  		}
    60  
    61  		requests := []reconcile.Request{}
    62  		for _, s := range secretList.Items {
    63  			requests = append(requests, reconcile.Request{
    64  				NamespacedName: types.NamespacedName{
    65  					Namespace: s.GetNamespace(),
    66  					Name:      s.GetName(),
    67  				},
    68  			})
    69  		}
    70  
    71  		return requests
    72  	})
    73  }
    74  
    75  func IsReferencedByCiliumIngress(ctx context.Context, c client.Client, logger logrus.FieldLogger, obj *corev1.Secret) bool {
    76  	ingresses := networkingv1.IngressList{}
    77  	if err := c.List(ctx, &ingresses, client.InNamespace(obj.GetNamespace())); err != nil {
    78  		return false
    79  	}
    80  
    81  	for _, i := range ingresses.Items {
    82  		if isCiliumManagedIngress(ctx, c, logger, i) {
    83  			for _, t := range i.Spec.TLS {
    84  				if t.SecretName == obj.GetName() {
    85  					return true
    86  				}
    87  			}
    88  		}
    89  	}
    90  
    91  	return false
    92  }