* Introduce `NewContext`, deprecate `NewImplFull`.
Our generated `NewImpl` methods have long taken `context.Context`, but despite many iterations the forms we expose from our `controller` package never have. This change contains several elements:
1. Expose a new `NewContext` method that takes `context.Context` in addition to the current `NewImplFull` signature.
2. Call `NewContext` instead of the deprecated `NewImpl` from our generated controller code.
3. Call `NewContext` from all our webhook reconcilers.
* Add a Tracker to controller.Impl to cut down on downstream boilerplate.
* Switch to ed25519 and change the timeout of the certificate to seven days.
* Update comments to reflect the new grace period.
* Use oneWeek constant.
This change introduces a new `controller.NewSkipKey` method to designate certain reconciliations as "skipped".
The primary motivation for this is to squelch useless logging on non-leader replicas, which currently report success with trivial latency.
I have plumbed this through existing reconcilers and the code-gen so most things downstream should get this for free. In places where a key is observed, I do not mark the reconcile as skipped as the reconciler did some processing for which the awareness of side-effects and reported latency may be interesting.
* Use two lane queue instead of the regular workqueue
- we need to poll for len in the webhook tests because we have async propagation now, and check at the wrong time will be not correct.
- otherwise just a drop in replacement.
* update test
* cmt
* tests hardened
* Added common name to cert tmpl
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
* Added a common name test to TestCreateCert function
* Update webhook/certificates/resources/certs_test.go
Co-authored-by: Victor Agababov <vagababov@gmail.com>
* Update webhook/certificates/resources/certs_test.go
Co-authored-by: Victor Agababov <vagababov@gmail.com>
* Applied changes to improve formatting and style
* Update webhook/certificates/resources/certs_test.go
Co-authored-by: Matt Moore <mattmoor@vmware.com>
* Update webhook/certificates/resources/certs_test.go
Co-authored-by: Matt Moore <mattmoor@vmware.com>
* Added Subject to caParsedCert CommonName check
* Fixed failure message to remove reference to diff
* Update webhook/certificates/resources/certs_test.go
Co-authored-by: Victor Agababov <vagababov@gmail.com>
* Update webhook/certificates/resources/certs_test.go
Co-authored-by: Victor Agababov <vagababov@gmail.com>
* Update webhook/certificates/resources/certs.go
Co-authored-by: Matt Moore <mattmoor@vmware.com>
* Update webhook/certificates/resources/certs.go
Co-authored-by: Matt Moore <mattmoor@vmware.com>
* Update webhook/certificates/resources/certs.go
Co-authored-by: Matt Moore <mattmoor@vmware.com>
Co-authored-by: Victor Agababov <vagababov@gmail.com>
Co-authored-by: Matt Moore <mattmoor@vmware.com>
In general, imo, it's prettier to return things as is, rather than the pattern that was
there.
Also handle one more error case, which was kind of ignored before (probably in practice
impossible, but idk)
* Renews a webhook cert before it expires
* Moved checks out of webhook and into certificate
* Updated error messages and others from review
* Updated error messages and changed time comparison
* Added two tests cases for checking expiration
* Fixed issue with missing "." in webhook.go
* Create a new singleton Reconciler for the webhook secret.
This change creates a new Reconciler (not yet hooked up) that ensures that the
webhook secret has the appropriate shape. I call this a "singleton Reconciler"
because this reconciler exists to effectively reconcile a single resource, which
will be a pattern for the webhook's reconcilers.
* Address linter problems
Matt Moore