Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ready channel is never signaled on non-leaders #53

Open
AlmogBaku opened this issue Jan 15, 2023 · 3 comments
Open

Ready channel is never signaled on non-leaders #53

AlmogBaku opened this issue Jan 15, 2023 · 3 comments

Comments

@AlmogBaku
Copy link

With the addition of #45, the cert-controller can be set to run only in the leader - instructing the leader to be responsible for the certificate injection and management.

But how can we send the same signal to the followers?
With the current implementation, the ready channel will never be signaled.

@maxsmythe
Copy link
Contributor

Good question. I suppose there is no reason the following go routines need to be launched by the manager calling Start():

// Once the certs are ready, close the channel.
go cr.ensureCertsMounted()
go cr.ensureReady()

Since they are purely passive, though the exponential backoff does assume that something will eventually write a cert file.

@AlmogBaku
Copy link
Author

it won't help to take them out since they're waiting on the wasCAInjected atomic boolean which is set only by the reconciler

@zbindenren
Copy link

Same Issue here:

I wanted to fatal exit when setup was not possible. This only works with replicas=1.

	//nolint:gocritic // enable again when issue https://github.com/open-policy-agent/cert-controller/issues/53 is fixed
	/* ticker := time.NewTicker(startTimeout)
	defer ticker.Stop() */

	select {
	case err := <-errCh:
		return err
	case <-setupFinished:
		m.manager.GetLogger().Info("rotator setup finished")
		/* case <-ticker.C:
		return errors.New("rotator setup timout") */
	} //nolint:wsl // enable again when issue https://github.com/open-policy-agent/cert-controller/issues/53 is fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants