func internalReconcile()

in pkg/controller/agent/driver.go [90:155]

• 58 lines of code
• 13 McCabe index (conditional complexity)

func internalReconcile(params Params) (*reconciler.Results, agentv1alpha1.AgentStatus) {
	defer tracing.Span(&params.Context)()
	results := reconciler.NewResult(params.Context)

	agentVersion, err := version.Parse(params.Agent.Spec.Version)
	if err != nil {
		return results.WithError(err), params.Status
	}
	assocAllowed, err := association.AllowVersion(agentVersion, &params.Agent, params.Logger(), params.EventRecorder)
	if err != nil {
		return results.WithError(err), params.Status
	}
	if !assocAllowed {
		return results, params.Status // will eventually retry
	}

	svc, err := reconcileService(params)
	if err != nil {
		return results.WithError(err), params.Status
	}

	configHash := fnv.New32a()
	var fleetCerts *certificates.CertificatesSecret
	if params.Agent.Spec.FleetServerEnabled && params.Agent.Spec.HTTP.TLS.Enabled() {
		var caResults *reconciler.Results
		fleetCerts, caResults = certificates.Reconciler{
			K8sClient:                   params.Client,
			DynamicWatches:              params.Watches,
			Owner:                       &params.Agent,
			TLSOptions:                  params.Agent.Spec.HTTP.TLS,
			Namer:                       Namer,
			Labels:                      params.Agent.GetIdentityLabels(),
			Services:                    []corev1.Service{*svc},
			GlobalCA:                    params.OperatorParams.GlobalCA,
			CACertRotation:              params.OperatorParams.CACertRotation,
			CertRotation:                params.OperatorParams.CertRotation,
			GarbageCollectSecrets:       true,
			DisableInternalCADefaulting: true, // we do not want placeholder CAs in the internal certificates secret as FLEET_CA replaces otherwise all well known CAs
			ExtraHTTPSANs:               []commonv1.SubjectAlternativeName{{DNS: fmt.Sprintf("*.%s.%s.svc", HTTPServiceName(params.Agent.Name), params.Agent.Namespace)}},
		}.ReconcileCAAndHTTPCerts(params.Context)
		if caResults.HasError() {
			return results.WithResults(caResults), params.Status
		}
		_, _ = configHash.Write(fleetCerts.Data[certificates.CertFileName])
	}

	fleetToken := maybeReconcileFleetEnrollment(params, results)
	if results.HasRequeue() || results.HasError() {
		return results, params.Status
	}

	if res := reconcileConfig(params, configHash); res.HasError() {
		return results.WithResults(res), params.Status
	}

	// we need to deref the secret here (if any) to include it in the configHash otherwise Agent will not be rolled on content changes
	if err := commonassociation.WriteAssocsToConfigHash(params.Client, params.Agent.GetAssociations(), configHash); err != nil {
		return results.WithError(err), params.Status
	}

	podTemplate, err := buildPodTemplate(params, fleetCerts, fleetToken, configHash)
	if err != nil {
		return results.WithError(err), params.Status
	}
	return reconcilePodVehicle(params, podTemplate)
}