diff --git a/pkg/secretsencrypt/controller.go b/pkg/secretsencrypt/controller.go index cc149dc76e..fe4f4ac2e6 100644 --- a/pkg/secretsencrypt/controller.go +++ b/pkg/secretsencrypt/controller.go @@ -13,7 +13,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - + "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/pager" "k8s.io/client-go/tools/record" @@ -65,8 +65,17 @@ func (h *handler) onChangeNode(key string, node *corev1.Node) (*corev1.Node, err return node, nil } + // This is consistent with events attached to the node generated by the kubelet + // https://github.com/kubernetes/kubernetes/blob/612130dd2f4188db839ea5c2dea07a96b0ad8d1c/pkg/kubelet/kubelet.go#L479-L485 + nodeRef := &corev1.ObjectReference{ + Kind: "Node", + Name: node.Name, + UID: types.UID(node.Name), + Namespace: "", + } + if valid, err := h.validateReencryptStage(node, ann); err != nil { - h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) + h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } else if !valid { return node, nil @@ -74,19 +83,19 @@ func (h *handler) onChangeNode(key string, node *corev1.Node) (*corev1.Node, err reencryptHash, err := GenReencryptHash(h.controlConfig.Runtime, EncryptionReencryptActive) if err != nil { - h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) + h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } ann = EncryptionReencryptActive + "-" + reencryptHash node.Annotations[EncryptionHashAnnotation] = ann node, err = h.nodes.Update(node) if err != nil { - h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) + h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } if err := h.updateSecrets(node); err != nil { - h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) + h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } @@ -102,26 +111,26 @@ func (h *handler) onChangeNode(key string, node *corev1.Node) (*corev1.Node, err // Remove last key curKeys, err := GetEncryptionKeys(h.controlConfig.Runtime) if err != nil { - h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) + h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } curKeys = curKeys[:len(curKeys)-1] if err = WriteEncryptionConfig(h.controlConfig.Runtime, curKeys, true); err != nil { - h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) + h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } logrus.Infoln("Removed key: ", curKeys[len(curKeys)-1]) if err != nil { - h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) + h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } if err := WriteEncryptionHashAnnotation(h.controlConfig.Runtime, node, EncryptionReencryptFinished); err != nil { - h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) + h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } if err := cluster.Save(h.ctx, h.controlConfig, true); err != nil { - h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) + h.recorder.Event(nodeRef, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error()) return node, err } return node, nil @@ -175,6 +184,12 @@ func (h *handler) validateReencryptStage(node *corev1.Node, annotation string) ( } func (h *handler) updateSecrets(node *corev1.Node) error { + nodeRef := &corev1.ObjectReference{ + Kind: "Node", + Name: node.Name, + UID: types.UID(node.Name), + Namespace: "", + } secretPager := pager.New(pager.SimplePageFunc(func(opts metav1.ListOptions) (runtime.Object, error) { return h.secrets.List("", opts) })) @@ -185,12 +200,12 @@ func (h *handler) updateSecrets(node *corev1.Node) error { return fmt.Errorf("failed to reencrypted secret: %v", err) } if i != 0 && i%10 == 0 { - h.recorder.Eventf(node, corev1.EventTypeNormal, secretsProgressEvent, "reencrypted %d secrets", i) + h.recorder.Eventf(nodeRef, corev1.EventTypeNormal, secretsProgressEvent, "reencrypted %d secrets", i) } i++ } return nil }) - h.recorder.Eventf(node, corev1.EventTypeNormal, secretsUpdateCompleteEvent, "completed reencrypt of %d secrets", i) + h.recorder.Eventf(nodeRef, corev1.EventTypeNormal, secretsUpdateCompleteEvent, "completed reencrypt of %d secrets", i) return nil }