Skip to content

Commit 9b0ef31

Browse files
dkoshkindkoshkin
committed
fix: set ownerRef on imageRegistry and globalMirror secrets
1 parent 7e4d245 commit 9b0ef31

File tree

1 file changed

+56
-20
lines changed
  • pkg/handlers/generic/mutation/imageregistries/credentials

1 file changed

+56
-20
lines changed

pkg/handlers/generic/mutation/imageregistries/credentials/inject.go

Lines changed: 56 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ import (
2828
"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/k8s/client"
2929
"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/generic/mutation/imageregistries"
3030
"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/generic/mutation/mirrors"
31+
handlersutils "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/utils"
3132
)
3233

3334
type imageRegistriesPatchHandler struct {
@@ -99,6 +100,15 @@ func (h *imageRegistriesPatchHandler) Mutate(
99100
return globalMirrorErr
100101
}
101102

103+
cluster, err := clusterGetter(ctx)
104+
if err != nil {
105+
log.Error(
106+
err,
107+
"failed to get cluster from Image Registry Credentials mutation handler",
108+
)
109+
return err
110+
}
111+
102112
registriesWithOptionalCredentials := make([]providerConfig, 0, len(imageRegistries))
103113
for _, imageRegistry := range imageRegistries {
104114
registryWithOptionalCredentials, generateErr := registryWithOptionalCredentialsFromImageRegistryCredentials(
@@ -115,6 +125,23 @@ func (h *imageRegistriesPatchHandler) Mutate(
115125
registriesWithOptionalCredentials,
116126
registryWithOptionalCredentials,
117127
)
128+
129+
if secretName := secretNameForImageRegistryCredentials(imageRegistry.Credentials); secretName != "" {
130+
// Ensure the Secret is owned by the Cluster so it is correctly moved and deleted with the Cluster.
131+
// This code assumes that Secret exists and that was validated before calling this function.
132+
err := handlersutils.EnsureOwnerRefForSecret(
133+
ctx,
134+
h.client,
135+
secretName,
136+
cluster,
137+
)
138+
if err != nil {
139+
return fmt.Errorf(
140+
"error updating owner references on image registry Secret: %w",
141+
err,
142+
)
143+
}
144+
}
118145
}
119146

120147
if globalMirrorErr == nil {
@@ -131,6 +158,23 @@ func (h *imageRegistriesPatchHandler) Mutate(
131158
registriesWithOptionalCredentials,
132159
mirrorCredentials,
133160
)
161+
162+
if secretName := secretNameForImageRegistryCredentials(globalMirror.Credentials); secretName != "" {
163+
// Ensure the Secret is owned by the Cluster so it is correctly moved and deleted with the Cluster.
164+
// This code assumes that Secret exists and that was validated before calling this function.
165+
err := handlersutils.EnsureOwnerRefForSecret(
166+
ctx,
167+
h.client,
168+
secretName,
169+
cluster,
170+
)
171+
if err != nil {
172+
return fmt.Errorf(
173+
"error updating owner references on global mirror Secret: %w",
174+
err,
175+
)
176+
}
177+
}
134178
}
135179

136180
needCredentials, err := needImageRegistryCredentialsConfiguration(
@@ -173,15 +217,6 @@ func (h *imageRegistriesPatchHandler) Mutate(
173217
commands...,
174218
)
175219

176-
cluster, err := clusterGetter(ctx)
177-
if err != nil {
178-
log.Error(
179-
err,
180-
"failed to get cluster from Image Registry Credentials mutation handler",
181-
)
182-
return err
183-
}
184-
185220
generateErr = createSecretIfNeeded(ctx, h.client, registriesWithOptionalCredentials, cluster)
186221
if generateErr != nil {
187222
return generateErr
@@ -226,15 +261,6 @@ func (h *imageRegistriesPatchHandler) Mutate(
226261
).Info("adding PreKubeadmCommands to worker node kubeadm config template")
227262
obj.Spec.Template.Spec.PreKubeadmCommands = append(obj.Spec.Template.Spec.PreKubeadmCommands, commands...)
228263

229-
cluster, err := clusterGetter(ctx)
230-
if err != nil {
231-
log.Error(
232-
err,
233-
"failed to get cluster from Image Registry Credentials mutation handler",
234-
)
235-
return err
236-
}
237-
238264
generateErr := createSecretIfNeeded(ctx, h.client, registriesWithOptionalCredentials, cluster)
239265
if generateErr != nil {
240266
return generateErr
@@ -390,12 +416,13 @@ func secretForImageRegistryCredentials(
390416
credentials *v1alpha1.RegistryCredentials,
391417
objectNamespace string,
392418
) (*corev1.Secret, error) {
393-
if credentials == nil || credentials.SecretRef == nil {
419+
name := secretNameForImageRegistryCredentials(credentials)
420+
if name == "" {
394421
return nil, nil
395422
}
396423

397424
key := ctrlclient.ObjectKey{
398-
Name: credentials.SecretRef.Name,
425+
Name: name,
399426
Namespace: objectNamespace,
400427
}
401428
secret := &corev1.Secret{}
@@ -434,3 +461,12 @@ func needImageRegistryCredentialsConfiguration(configs []providerConfig) (bool,
434461

435462
return true, nil
436463
}
464+
465+
// secretForImageRegistryCredentials returns the name of the Secret for the given RegistryCredentials.
466+
// Returns an empty string if the credentials or secret field is empty.
467+
func secretNameForImageRegistryCredentials(credentials *v1alpha1.RegistryCredentials) string {
468+
if credentials == nil || credentials.SecretRef == nil || credentials.SecretRef.Name == "" {
469+
return ""
470+
}
471+
return credentials.SecretRef.Name
472+
}

0 commit comments

Comments
 (0)