4 years ago · 96cb340ace
--- a/deploy/charts/external-secrets/README.md
+++ b/deploy/charts/external-secrets/README.md
@@ -53,6 +53,7 @@ The command removes all the Kubernetes components associated with the chart and
 
				 | certController.prometheus.enabled | bool | `false` | Specifies whether to expose Service resource for collecting Prometheus metrics |
			
 
				 | certController.prometheus.service.port | int | `8080` |  |
			
 
				 | certController.rbac.create | bool | `true` | Specifies whether role and rolebinding resources should be created. |
			
 
				+| certController.requeueInterval | string | `"5m"` |  |
			
 
				 | certController.resources | object | `{}` |  |
			
 
				 | certController.securityContext | object | `{}` |  |
			
 
				 | certController.serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
			
@@ -89,7 +90,7 @@ The command removes all the Kubernetes components associated with the chart and
 
				 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
			
 
				 | tolerations | list | `[]` |  |
			
 
				 | webhook.affinity | object | `{}` |  |
			
 
				-| webhook.certDir | string | `"/tmp/k8s-webhook-server/serving-certs"` |  |
			
 
				+| webhook.certDir | string | `"/tmp/certs"` |  |
			
 
				 | webhook.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
			
 
				 | webhook.extraArgs | object | `{}` |  |
			
 
				 | webhook.extraEnv | list | `[]` |  |
			
--- a/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml
+++ b/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml
@@ -44,6 +44,7 @@ spec:
 
				           image: "{{ .Values.certController.image.repository }}:{{ .Values.certController.image.tag | default .Chart.AppVersion }}"
			
 
				           imagePullPolicy: {{ .Values.certController.image.pullPolicy }}
			
 
				           args:
			
 
				+          - --crd-requeue-interval={{ .Values.certController.requeueInterval }}
			
 
				           - --service-name={{ include "external-secrets.fullname" . }}-webhook
			
 
				           - --service-namespace={{ .Release.Namespace }}
			
 
				           - --secret-name={{ include "external-secrets.fullname" . }}-webhook
			
--- a/deploy/charts/external-secrets/values.yaml
+++ b/deploy/charts/external-secrets/values.yaml
@@ -153,6 +153,7 @@ webhook:
 
				       #   memory: 32Mi
			
 
				 
			
 
				 certController:
			
 
				+  requeueInterval: "5m"
			
 
				   image:
			
 
				     repository: ghcr.io/external-secrets/external-secrets-cert-controller
			
 
				     pullPolicy: IfNotPresent
			
--- a/pkg/controllers/crds/crds_controller.go
+++ b/pkg/controllers/crds/crds_controller.go
@@ -73,6 +73,7 @@ type Reconciler struct {
 
				 	CAName                 string
			
 
				 	CAOrganization         string
			
 
				 	RestartOnSecretRefresh bool
			
 
				+	RequeueInterval        time.Duration
			
 
				 }
			
 
				 
			
 
				 type CertInfo struct {
			
@@ -103,7 +104,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 
				 			return ctrl.Result{}, err
			
 
				 		}
			
 
				 	}
			
 
				-	return ctrl.Result{}, nil
			
 
				+	return ctrl.Result{RequeueAfter: r.RequeueInterval}, nil
			
 
				 }
			
 
				 
			
 
				 func (r *Reconciler) ConvertToWebhookInfo() []WebhookInfo {
			
--- a/pkg/controllers/crds/crds_controller_test.go
+++ b/pkg/controllers/crds/crds_controller_test.go
@@ -174,7 +174,7 @@ func TestInjectSvcToConversionWebhook(t *testing.T) {
 
				 }
			
 
				 
			
 
				 func TestInjectCertToConversionWebhook(t *testing.T) {
			
 
				-	certPEM := []byte("certFooBar")
			
 
				+	certPEM := []byte("foobar")
			
 
				 	crd := newCRD()
			
 
				 	crdunmarshalled := make(map[string]interface{})
			
 
				 	crdJSON, err := json.Marshal(crd)
			
--- a/webhook/certcontroller/main.go
+++ b/webhook/certcontroller/main.go
@@ -17,6 +17,7 @@ package main
 
				 import (
			
 
				 	"flag"
			
 
				 	"os"
			
 
				+	"time"
			
 
				 
			
 
				 	"go.uber.org/zap/zapcore"
			
 
				 	"k8s.io/apimachinery/pkg/runtime"
			
@@ -54,6 +55,7 @@ func main() {
 
				 	var namespace string
			
 
				 	var serviceName, serviceNamespace string
			
 
				 	var secretName, secretNamespace string
			
 
				+	var crdRequeueInterval time.Duration
			
 
				 	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
			
 
				 	flag.StringVar(&serviceName, "service-name", "external-secrets-webhook", "Webhook service name")
			
 
				 	flag.StringVar(&serviceNamespace, "service-namespace", "default", "Webhook service namespace")
			
@@ -63,6 +65,7 @@ func main() {
 
				 		"Enable leader election for controller manager. "+
			
 
				 			"Enabling this will ensure there is only one active controller manager.")
			
 
				 	flag.StringVar(&loglevel, "loglevel", "info", "loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal")
			
 
				+	flag.DurationVar(&crdRequeueInterval, "crd-requeue-interval", time.Minute*5, "Time duration between reconciling CRDs for new certs")
			
 
				 	flag.Parse()
			
 
				 
			
 
				 	var lvl zapcore.Level
			
@@ -94,6 +97,7 @@ func main() {
 
				 		SvcNamespace:           serviceNamespace,
			
 
				 		SecretName:             secretName,
			
 
				 		SecretNamespace:        secretNamespace,
			
 
				+		RequeueInterval:        crdRequeueInterval,
			
 
				 		CrdResources:           []string{"externalsecrets.external-secrets.io", "clustersecretstores.external-secrets.io", "secretstores.external-secrets.io"},
			
 
				 		CAName:                 "external-secrets",
			
 
				 		CAOrganization:         "external-secrets",