func()

in pkg/controller/keyvault/ingress_tls.go [50:114]


func (i *ingressTlsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.Result, err error) {
	defer func() {
		metrics.HandleControllerReconcileMetrics(ingressTlsControllerName, res, err)
	}()

	logger, err := logr.FromContext(ctx)
	if err != nil {
		return ctrl.Result{}, errors.New("getting logger from context")
	}
	logger = ingressTlsControllerName.AddToLogger(logger).WithValues("name", req.Name, "namespace", req.Namespace)

	logger.Info("getting Ingress")
	ing := &netv1.Ingress{}
	if err = i.client.Get(ctx, req.NamespacedName, ing); err != nil {
		return ctrl.Result{}, client.IgnoreNotFound(err)
	}

	managed, err := i.ingressManager.IsManaging(ing)
	if err != nil {
		logger.Error(err, "error checking if ingress is managed")
		return ctrl.Result{}, fmt.Errorf("checking if ingress is managed: %w", err)
	}

	if !managed {
		logger.Info("ingress is not managed by app routing")
		return ctrl.Result{}, nil
	}

	if val, ok := ing.Annotations[tlsCertManagedAnnotation]; !ok || strings.ToLower(val) != "true" {
		logger.Info("ingress does not have managed annotation")
		return ctrl.Result{}, nil
	}

	if _, ok := ing.Annotations[tlsCertKvUriAnnotation]; !ok {
		logger.Info("ingress does not have keyvault annotation")
		i.events.Eventf(ing, corev1.EventTypeWarning, "KeyvaultUriAnnotationMissing", "Ingress has %[1]s annotation but is missing %[2]s annotation. %[2]s annotation is needed to manage Ingress TLS.", tlsCertManagedAnnotation, tlsCertKvUriAnnotation)
		return ctrl.Result{}, nil
	}

	oldTls := ing.Spec.TLS
	logger.Info("adding TLS spec to ingress")
	ing.Spec.TLS = []netv1.IngressTLS{
		{
			SecretName: certSecretName(ing.Name),
			Hosts:      []string{},
		},
	}

	for _, rule := range ing.Spec.Rules {
		if host := rule.Host; host != "" {
			ing.Spec.TLS[0].Hosts = append(ing.Spec.TLS[0].Hosts, host)
		}
	}

	if !reflect.DeepEqual(oldTls, ing.Spec.TLS) {
		logger.Info("overwriting TLS spec on ingress", "old", fmt.Sprintf("%s", oldTls), "new", fmt.Sprintf("%s", ing.Spec.TLS))
	}

	if err := util.Upsert(ctx, i.client, ing); err != nil {
		logger.Error(err, "error updating ingress")
		return ctrl.Result{}, fmt.Errorf("updating ingress: %w", err)
	}

	return ctrl.Result{}, nil
}