Skip to content

Commit eb96bab

Browse files
Merge branch 'add-csi-support' into feature/add-csi-support
2 parents a5d1012 + 779c3b0 commit eb96bab

16 files changed

Lines changed: 1667 additions & 73 deletions

File tree

go.mod

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ require (
1616
k8s.io/client-go v0.32.3
1717
k8s.io/kubectl v0.32.3
1818
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
19+
sigs.k8s.io/secrets-store-csi-driver v1.5.4
1920
)
2021

2122
require (

go.sum

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs=
7272
github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
7373
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
7474
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
75+
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
7576
github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
7677
github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
7778
github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
@@ -192,6 +193,8 @@ sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh
192193
sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
193194
sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
194195
sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
196+
sigs.k8s.io/secrets-store-csi-driver v1.5.4 h1:enl+v1+JbKDyVjdfT/7CillZsc4rLAM9tTHyf7GeLxc=
197+
sigs.k8s.io/secrets-store-csi-driver v1.5.4/go.mod h1:Ct85xqsKLk/dxkj8inRjWA3RJsXXkPLjNSAJ0db5vKs=
195198
sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc=
196199
sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
197200
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=

internal/pkg/cmd/reloader.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,16 @@ func startReloader(cmd *cobra.Command, args []string) {
160160

161161
var controllers []*controller.Controller
162162
for k := range kube.ResourceMap {
163+
if k == "secretproviderclasspodstatuses" {
164+
if !options.EnableCSIIntegration {
165+
continue
166+
}
167+
if !kube.IsCSIInstalled {
168+
logrus.Infof("Can't run secretproviderclasspodstatuses controller as CSI CRDs are not installed")
169+
continue
170+
}
171+
}
172+
163173
if ignoredResourcesList.Contains(k) || (len(namespaceLabelSelector) == 0 && k == "namespaces") {
164174
continue
165175
}

internal/pkg/constants/constants.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ const (
88
ConfigmapEnvVarPostfix = "CONFIGMAP"
99
// SecretEnvVarPostfix is a postfix for secret envVar
1010
SecretEnvVarPostfix = "SECRET"
11+
// SecretProviderClassEnvVarPostfix is a postfix for secretproviderclasspodstatus envVar
12+
SecretProviderClassEnvVarPostfix = "SECRETPROVIDERCLASS"
1113
// EnvVarPrefix is a Prefix for environment variable
1214
EnvVarPrefix = "STAKATER_"
1315

internal/pkg/controller/controller.go

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ import (
2222
"k8s.io/client-go/util/workqueue"
2323
"k8s.io/kubectl/pkg/scheme"
2424
"k8s.io/utils/strings/slices"
25+
csiv1 "sigs.k8s.io/secrets-store-csi-driver/apis/v1"
2526
)
2627

2728
// Controller for checking events
@@ -79,7 +80,16 @@ func NewController(
7980
}
8081
}
8182

82-
listWatcher := cache.NewFilteredListWatchFromClient(client.CoreV1().RESTClient(), resource, namespace, optionsModifier)
83+
getterRESTClient := client.CoreV1().RESTClient()
84+
if resource == "secretproviderclasspodstatuses" {
85+
csiClient, err := kube.GetCSIClient()
86+
if err != nil {
87+
logrus.Fatal(err)
88+
}
89+
getterRESTClient = csiClient.SecretsstoreV1().RESTClient()
90+
}
91+
92+
listWatcher := cache.NewFilteredListWatchFromClient(getterRESTClient, resource, namespace, optionsModifier)
8393

8494
_, informer := cache.NewInformerWithOptions(cache.InformerOptions{
8595
ListerWatcher: listWatcher,
@@ -108,6 +118,8 @@ func (c *Controller) Add(obj interface{}) {
108118
case *v1.Namespace:
109119
c.addSelectedNamespaceToCache(*object)
110120
return
121+
case *csiv1.SecretProviderClassPodStatus:
122+
return
111123
}
112124

113125
if options.ReloadOnCreate == "true" {
@@ -122,11 +134,13 @@ func (c *Controller) Add(obj interface{}) {
122134
}
123135

124136
func (c *Controller) resourceInIgnoredNamespace(raw interface{}) bool {
125-
switch object := raw.(type) {
137+
switch obj := raw.(type) {
126138
case *v1.ConfigMap:
127-
return c.ignoredNamespaces.Contains(object.Namespace)
139+
return c.ignoredNamespaces.Contains(obj.Namespace)
128140
case *v1.Secret:
129-
return c.ignoredNamespaces.Contains(object.Namespace)
141+
return c.ignoredNamespaces.Contains(obj.Namespace)
142+
case *csiv1.SecretProviderClassPodStatus:
143+
return c.ignoredNamespaces.Contains(obj.Namespace)
130144
}
131145
return false
132146
}
@@ -145,6 +159,10 @@ func (c *Controller) resourceInSelectedNamespaces(raw interface{}) bool {
145159
if slices.Contains(selectedNamespacesCache, object.GetNamespace()) {
146160
return true
147161
}
162+
case *csiv1.SecretProviderClassPodStatus:
163+
if slices.Contains(selectedNamespacesCache, object.GetNamespace()) {
164+
return true
165+
}
148166
}
149167
return false
150168
}
@@ -183,6 +201,9 @@ func (c *Controller) Update(old interface{}, new interface{}) {
183201

184202
// Delete function to add an object to the queue in case of deleting a resource
185203
func (c *Controller) Delete(old interface{}) {
204+
if _, ok := old.(*csiv1.SecretProviderClassPodStatus); ok {
205+
return
206+
}
186207

187208
if options.ReloadOnDelete == "true" {
188209
if !c.resourceInIgnoredNamespace(old) && c.resourceInSelectedNamespaces(old) && secretControllerInitialized && configmapControllerInitialized {

0 commit comments

Comments
 (0)