Merge pull request #293 from SSmallMonster/eh-ca-gen

fix(admission): update when secrets found but not found data
hwameistor · Jul 26, 2024 · a5f8337 · a5f8337
2 parents 787c670 + ce4a146
commit a5f8337
Showing 1 changed file with 15 additions and 10 deletions.
diff --git a/pkg/install/admissioncontroller/admission_controller.go b/pkg/install/admissioncontroller/admission_controller.go
@@ -331,13 +331,18 @@ func (m *AdmissionControllerMaintainer) Uninstall() error {
 func (m *AdmissionControllerMaintainer) ensureAdmissionCA() error {
 	// skip generation if the ca already exists
 	secret := corev1.Secret{}
-	if err := m.Client.Get(context.Background(), client.ObjectKey{Name: "hwameistor-admission-ca", Namespace: m.ClusterInstance.Spec.TargetNamespace}, &secret); err != nil {
+	secret.Name = "hwameistor-admission-ca"
+	secret.Namespace = m.ClusterInstance.Spec.TargetNamespace
+
+	secretExist := false
+	if err := m.Client.Get(context.Background(), client.ObjectKey{Name: secret.Name, Namespace: secret.Namespace}, &secret); err != nil {
 		if !apierrors.IsNotFound(err) {
 			log.WithError(err).Error("failed to get admission ca secret")
 			return err
 		}
 	} else {
-		if secret.Data != nil || secret.Data[corev1.TLSPrivateKeyKey] != nil || secret.Data[corev1.TLSCertKey] != nil {
+		secretExist = true
+		if secret.Data != nil && secret.Data[corev1.TLSPrivateKeyKey] != nil && secret.Data[corev1.TLSCertKey] != nil {
 			log.Info("admission ca secret found, skip generation")
 			return nil
 		}
@@ -356,21 +361,21 @@ func (m *AdmissionControllerMaintainer) ensureAdmissionCA() error {
 		log.WithError(err).Error("failed to generate certs")
 		return err
 	}
-	secret.Name = "hwameistor-admission-ca"
-	secret.Namespace = m.ClusterInstance.Spec.TargetNamespace
 
 	if secret.Data == nil {
 		secret.Data = make(map[string][]byte)
-		secret.Data[corev1.TLSCertKey] = serverCertPEM.Bytes()
-		secret.Data[corev1.TLSPrivateKeyKey] = serverPrivateKeyPEM.Bytes()
-		log.Info("creating hwameistor-admission-ca secret...")
+	}
+	secret.Data[corev1.TLSCertKey] = serverCertPEM.Bytes()
+	secret.Data[corev1.TLSPrivateKeyKey] = serverPrivateKeyPEM.Bytes()
+
+	if !secretExist {
 		err = m.Client.Create(context.Background(), &secret)
+		log.Info("creating hwameistor-admission-ca secret...")
 	} else {
-		secret.Data[corev1.TLSCertKey] = serverCertPEM.Bytes()
-		secret.Data[corev1.TLSPrivateKeyKey] = serverPrivateKeyPEM.Bytes()
-		log.Info("updating hwameistor-admission-ca secret...")
 		err = m.Client.Update(context.Background(), &secret)
+		log.Info("updating hwameistor-admission-ca secret...")
 	}
+
 	if err != nil {
 		log.WithError(err).Error("failed to update admission ca secret")
 	}