Set NotAfter field in readiness controller
Signed-off-by: James Munnelly <james@munnelly.eu>
This commit is contained in:
James Munnelly
parent
1c26ae412d
commit
48958036bf
@ -17,7 +17,9 @@ go_library(
|
||||
"//pkg/controller/expcertificates/internal/predicate:go_default_library",
|
||||
"//pkg/controller/expcertificates/trigger/policies:go_default_library",
|
||||
"//pkg/logs:go_default_library",
|
||||
"//pkg/util/pki:go_default_library",
|
||||
"@com_github_go_logr_logr//:go_default_library",
|
||||
"@io_k8s_api//core/v1:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/api/errors:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
|
||||
"@io_k8s_apimachinery//pkg/labels:go_default_library",
|
||||
|
||||
@ -21,6 +21,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/go-logr/logr"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
@ -40,6 +41,7 @@ import (
|
||||
"github.com/jetstack/cert-manager/pkg/controller/expcertificates/internal/predicate"
|
||||
"github.com/jetstack/cert-manager/pkg/controller/expcertificates/trigger/policies"
|
||||
logf "github.com/jetstack/cert-manager/pkg/logs"
|
||||
"github.com/jetstack/cert-manager/pkg/util/pki"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -140,19 +142,19 @@ func (c *controller) ProcessItem(ctx context.Context, key string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
reason, message, reissue := c.policyChain.Evaluate(input)
|
||||
if !reissue {
|
||||
crt = crt.DeepCopy()
|
||||
apiutil.SetCertificateCondition(crt, cmapi.CertificateConditionReady, cmmeta.ConditionTrue, "Ready", "Certificate is up to date and has not expired")
|
||||
_, err = c.client.CertmanagerV1alpha2().Certificates(crt.Namespace).UpdateStatus(ctx, crt, metav1.UpdateOptions{})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
condition := readyCondition(c.policyChain, input)
|
||||
|
||||
crt = crt.DeepCopy()
|
||||
apiutil.SetCertificateCondition(crt, cmapi.CertificateConditionReady, cmmeta.ConditionFalse, reason, message)
|
||||
apiutil.SetCertificateCondition(crt, condition.Type, condition.Status, condition.Reason, condition.Message)
|
||||
|
||||
if input.Secret != nil && input.Secret.Data != nil {
|
||||
x509cert, err := pki.DecodeX509CertificateBytes(input.Secret.Data[corev1.TLSCertKey])
|
||||
if err == nil {
|
||||
t := metav1.NewTime(x509cert.NotAfter)
|
||||
crt.Status.NotAfter = &t
|
||||
}
|
||||
}
|
||||
|
||||
_, err = c.client.CertmanagerV1alpha2().Certificates(crt.Namespace).UpdateStatus(ctx, crt, metav1.UpdateOptions{})
|
||||
if err != nil {
|
||||
return err
|
||||
@ -161,6 +163,24 @@ func (c *controller) ProcessItem(ctx context.Context, key string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func readyCondition(chain policies.Chain, input policies.Input) cmapi.CertificateCondition {
|
||||
reason, message, reissue := chain.Evaluate(input)
|
||||
if !reissue {
|
||||
return cmapi.CertificateCondition{
|
||||
Type: cmapi.CertificateConditionReady,
|
||||
Status: cmmeta.ConditionTrue,
|
||||
Reason: "Ready",
|
||||
Message: "Certificate is up to date and has not expired",
|
||||
}
|
||||
}
|
||||
return cmapi.CertificateCondition{
|
||||
Type: cmapi.CertificateConditionReady,
|
||||
Status: cmmeta.ConditionFalse,
|
||||
Reason: reason,
|
||||
Message: message,
|
||||
}
|
||||
}
|
||||
|
||||
// controllerWrapper wraps the `controller` structure to make it implement
|
||||
// the controllerpkg.queueingController interface
|
||||
type controllerWrapper struct {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user