func()

in pkg/controller/unnamedwatches/secret.go [99:171]

• 61 lines of code
• 12 McCabe index (conditional complexity)

func (w *WatchSecret) Reconcile(ctx context.Context) error {
	secret, err := w.client.CoreV1().Secrets(w.NamespaceName.Namespace).Get(ctx, w.NamespaceName.Name, metav1.GetOptions{})
	if err != nil {
		klog.Errorf("watchSecret reconcile failed to get secret, error=%s", err.Error())
		return err
	}

	ca := certificate.BuildCAFromSecret(secret)
	if ca != nil && certificate.ValidCA(ca) {
		return nil
	}

	dnsNames := []string{
		fmt.Sprintf("%s.%s", w.WebhookService, w.NamespaceName.Namespace),
		fmt.Sprintf("%s.%s.svc", w.WebhookService, w.NamespaceName.Namespace),
		fmt.Sprintf("%s.%s.svc.cluster.local", w.WebhookService, w.NamespaceName.Namespace),
		testDNSName,
	}

	// build new ca.
	cp := certificate.CAOptions{
		Subject: pkix.Name{
			CommonName:   w.GetName() + "-" + certificateType,
			Organization: []string{w.GetName()},
		},
		DnsNames: dnsNames,
	}
	ca, err = certificate.NewCAConfigSecret(cp)
	if err != nil {
		klog.Errorf("watchSecret reconcile failed to newCa, error=%s.", err)
		return err
	}

	ns := w.generateCASecret(ca)
	//update secret data
	secret.Data = ns.Data

	if _, err := w.client.CoreV1().Secrets(w.NamespaceName.Namespace).Update(ctx, secret, metav1.UpdateOptions{}); err != nil {
		klog.Errorf("watchSecret reconcile update secret name=%s，in namespace=%s failed, err=%s", secret.Name, secret.Namespace, err.Error())
		return err
	}

	mutatingWebhook, err := w.client.AdmissionregistrationV1().MutatingWebhookConfigurations().Get(ctx, w.MutatingWebhookConfigurationName, metav1.GetOptions{})
	if err != nil {
		klog.Errorf("watchSecret reconcile get mutatingwebhookconfiguration name=%s failed, err=%s.", w.MutatingWebhookConfigurationName, err.Error())
		return err
	}
	for i, _ := range mutatingWebhook.Webhooks {
		mutatingWebhook.Webhooks[i].ClientConfig.CABundle = ca.GetEncodeCert()
	}

	if _, err := w.client.AdmissionregistrationV1().MutatingWebhookConfigurations().Update(ctx, mutatingWebhook, metav1.UpdateOptions{}); err != nil {
		klog.Errorf("watchSecret reconcile update mutatingwebhookconfiguration name=%s failed, err=%s.", w.MutatingWebhookConfigurationName, err.Error())
		return err
	}

	validatingWebhook, err := w.client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Get(ctx, w.ValidatingWebhookConfigurationName, metav1.GetOptions{})
	if err != nil {
		klog.Errorf("watchSecret reconcile get validatingwebhookconfiguration name=%s failed, err=%s.", w.ValidatingWebhookConfigurationName, err.Error())
		return err
	}

	for i, _ := range validatingWebhook.Webhooks {
		validatingWebhook.Webhooks[i].ClientConfig.CABundle = ca.GetEncodeCert()
	}

	if _, err := w.client.AdmissionregistrationV1().ValidatingWebhookConfigurations().Update(ctx, validatingWebhook, metav1.UpdateOptions{}); err != nil {
		klog.Errorf("watchSecret reconcile update validatingwebhookconfiguration name=%s failed, err=%s.", w.ValidatingWebhookConfigurationName, err.Error())
		return err
	}
	w.updateOperatorPods(ctx, w.client, w.NamespaceName.Namespace)
	return nil
}