github.com/cilium/cilium@v1.16.2/operator/pkg/secretsync/cell.go

github.com/cilium/cilium@v1.16.2/operator/pkg/secretsync/cell.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package secretsync
     5  
     6  import (
     7  	"fmt"
     8  
     9  	"github.com/cilium/hive/cell"
    10  	"github.com/sirupsen/logrus"
    11  	ctrlRuntime "sigs.k8s.io/controller-runtime"
    12  )
    13  
    14  // Cell manages K8s Secret synchronization from application namespaces
    15  // into dedicated Cilium secrets namespace.
    16  //
    17  // Subsystems that are interested in having K8s Secrets synced
    18  // (e.g. Gateway API, Ingress, ...) can register themselves via
    19  // SecretSyncRegistrationOut.
    20  //
    21  // This way, multiple use-cases are sharing the same reconciler.
    22  // This potentially prevents multiple reconcilers from interfering
    23  // with each other.
    24  //
    25  // Example:
    26  //
    27  // cell.Provide(func registerSecretSyncRegistration(...) secretsync.SecretSyncRegistrationOut {...})
    28  var Cell = cell.Module(
    29  	"secret-sync",
    30  	"Syncs TLS secrets into a dedicated secrets namespace",
    31  
    32  	cell.Invoke(initSecretSyncReconciliation),
    33  )
    34  
    35  type secretSyncParams struct {
    36  	cell.In
    37  
    38  	Logger    logrus.FieldLogger
    39  	Lifecycle cell.Lifecycle
    40  
    41  	CtrlRuntimeManager ctrlRuntime.Manager
    42  	Registrations      []*SecretSyncRegistration `group:"secretSyncRegistrations"`
    43  }
    44  
    45  // SecretSyncRegistrationOut can be used by other subsystems
    46  // to register their need to have K8s Secrets synced into a
    47  // dedicated secrets namespace.
    48  type SecretSyncRegistrationOut struct {
    49  	cell.Out
    50  
    51  	SecretSyncRegistration *SecretSyncRegistration `group:"secretSyncRegistrations"`
    52  }
    53  
    54  func initSecretSyncReconciliation(params secretSyncParams) error {
    55  	if params.CtrlRuntimeManager == nil {
    56  		params.Logger.Debug("Skipping secret sync initialization due to uninitialized controller-runtime")
    57  		return nil
    58  	}
    59  
    60  	reconciler := NewSecretSyncReconciler(params.CtrlRuntimeManager.GetClient(), params.Logger, params.Registrations)
    61  
    62  	if !reconciler.hasRegistrations() {
    63  		params.Logger.Debug("Skipping secret sync initialization as no registrations are available")
    64  		return nil
    65  	}
    66  
    67  	if err := reconciler.SetupWithManager(params.CtrlRuntimeManager); err != nil {
    68  		return fmt.Errorf("failed to setup secret sync reconciler: %w", err)
    69  	}
    70  
    71  	return nil
    72  }