in pkg/controller/keyvault/placeholder_pod.go [212:241]
func (p *PlaceholderPodController) placeholderPodCleanCheck(spc *secv1.SecretProviderClass, obj client.Object) (bool, error) {
switch t := obj.(type) {
case *v1alpha1.NginxIngressController:
if t.Spec.DefaultSSLCertificate == nil || t.Spec.DefaultSSLCertificate.KeyVaultURI == nil {
return true, nil
}
case *netv1.Ingress:
managed, err := p.ingressManager.IsManaging(t)
if err != nil {
return false, fmt.Errorf("determining if ingress is managed: %w", err)
}
if t.Name == "" || t.Spec.IngressClassName == nil || !managed {
return true, nil
}
case *gatewayv1.Gateway:
if !shouldReconcileGateway(t) {
return true, nil
}
for _, listener := range t.Spec.Listeners {
if spc.Name != generateGwListenerCertName(t.Name, listener.Name) {
continue
}
return !listenerIsKvEnabled(listener), nil
}
// couldn't find the listener the pod belongs to so return true
return true, nil
}
return false, nil
}