From a8d366ffbfd45196c323da964b70efa765e75425 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Thu, 8 Jul 2021 16:15:44 -0700 Subject: [PATCH 1/5] don't try to recreate pull secrets for refreshing gcp-auth --- hack/benchmark/time-to-k8s/time-to-k8s-repo | 2 +- pkg/addons/addons_gcpauth.go | 44 +++++++++++++++------ 2 files changed, 32 insertions(+), 14 deletions(-) diff --git a/hack/benchmark/time-to-k8s/time-to-k8s-repo b/hack/benchmark/time-to-k8s/time-to-k8s-repo index f6f6b2db9e..72506e9487 160000 --- a/hack/benchmark/time-to-k8s/time-to-k8s-repo +++ b/hack/benchmark/time-to-k8s/time-to-k8s-repo @@ -1 +1 @@ -Subproject commit f6f6b2db9e718f7c9af698b6247b232a7251522f +Subproject commit 72506e948764aeeafc01e58e6bec0ea741c61ca0 diff --git a/pkg/addons/addons_gcpauth.go b/pkg/addons/addons_gcpauth.go index b6b5d983b0..a3cb199336 100644 --- a/pkg/addons/addons_gcpauth.go +++ b/pkg/addons/addons_gcpauth.go @@ -139,18 +139,20 @@ func createPullSecret(cc *config.ClusterConfig, creds *google.Credentials) error secrets := client.Secrets(n.Name) exists := false - secList, err := secrets.List(context.TODO(), metav1.ListOptions{}) - if err != nil { - return err - } - for _, s := range secList.Items { - if s.Name == secretName { - exists = true - break + if !Refresh { + secList, err := secrets.List(context.TODO(), metav1.ListOptions{}) + if err != nil { + return err + } + for _, s := range secList.Items { + if s.Name == secretName { + exists = true + break + } } } - if !exists { + if !exists || Refresh { secretObj := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: secretName, @@ -159,6 +161,13 @@ func createPullSecret(cc *config.ClusterConfig, creds *google.Credentials) error Type: "kubernetes.io/dockercfg", } + if Refresh { + err := secrets.Delete(context.TODO(), secretName, metav1.DeleteOptions{}) + if err != nil { + klog.Infof("error deleting secret: %v", err) + } + } + _, err = secrets.Create(context.TODO(), secretObj, metav1.CreateOptions{}) if err != nil { return err @@ -183,10 +192,19 @@ func createPullSecret(cc *config.ClusterConfig, creds *google.Credentials) error ips := corev1.LocalObjectReference{Name: secretName} for _, sa := range salist.Items { - sa.ImagePullSecrets = append(sa.ImagePullSecrets, ips) - _, err := serviceaccounts.Update(context.TODO(), &sa, metav1.UpdateOptions{}) - if err != nil { - return err + add := true + for _, ps := range sa.ImagePullSecrets { + if ps.Name == secretName { + add = false + break + } + } + if add { + sa.ImagePullSecrets = append(sa.ImagePullSecrets, ips) + _, err := serviceaccounts.Update(context.TODO(), &sa, metav1.UpdateOptions{}) + if err != nil { + return err + } } } From 0b9a2aab4869d972c5960cfaf53baff752897498 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Tue, 13 Jul 2021 13:44:44 -0700 Subject: [PATCH 2/5] fix time-to-k8s --- hack/benchmark/time-to-k8s/time-to-k8s-repo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/benchmark/time-to-k8s/time-to-k8s-repo b/hack/benchmark/time-to-k8s/time-to-k8s-repo index 72506e9487..45ec230265 160000 --- a/hack/benchmark/time-to-k8s/time-to-k8s-repo +++ b/hack/benchmark/time-to-k8s/time-to-k8s-repo @@ -1 +1 @@ -Subproject commit 72506e948764aeeafc01e58e6bec0ea741c61ca0 +Subproject commit 45ec2302655e1483b537d235f991b059ab974968 From 4a2c2f7ffdc7882cd6bb00c53ddedd0867af9b27 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Tue, 13 Jul 2021 13:46:06 -0700 Subject: [PATCH 3/5] fix time to k8s again --- hack/benchmark/time-to-k8s/time-to-k8s-repo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/benchmark/time-to-k8s/time-to-k8s-repo b/hack/benchmark/time-to-k8s/time-to-k8s-repo index 45ec230265..f6f6b2db9e 160000 --- a/hack/benchmark/time-to-k8s/time-to-k8s-repo +++ b/hack/benchmark/time-to-k8s/time-to-k8s-repo @@ -1 +1 @@ -Subproject commit 45ec2302655e1483b537d235f991b059ab974968 +Subproject commit f6f6b2db9e718f7c9af698b6247b232a7251522f From a940203ed49d1e127c6b856bf29115a6c5182b45 Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Fri, 23 Jul 2021 12:22:51 -0700 Subject: [PATCH 4/5] update instead of delete/create --- pkg/addons/addons_gcpauth.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/addons/addons_gcpauth.go b/pkg/addons/addons_gcpauth.go index a3cb199336..84648cc1af 100644 --- a/pkg/addons/addons_gcpauth.go +++ b/pkg/addons/addons_gcpauth.go @@ -162,15 +162,15 @@ func createPullSecret(cc *config.ClusterConfig, creds *google.Credentials) error } if Refresh { - err := secrets.Delete(context.TODO(), secretName, metav1.DeleteOptions{}) + _, err := secrets.Update(context.TODO(), secretObj, metav1.UpdateOptions{}) if err != nil { klog.Infof("error deleting secret: %v", err) } - } - - _, err = secrets.Create(context.TODO(), secretObj, metav1.CreateOptions{}) - if err != nil { - return err + } else { + _, err = secrets.Create(context.TODO(), secretObj, metav1.CreateOptions{}) + if err != nil { + return err + } } } From 6d710b4e5975477ca161478ced056bf2ef9b616c Mon Sep 17 00:00:00 2001 From: Sharif Elgamal Date: Fri, 23 Jul 2021 13:11:07 -0700 Subject: [PATCH 5/5] only use update if the secret already exists --- pkg/addons/addons_gcpauth.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/addons/addons_gcpauth.go b/pkg/addons/addons_gcpauth.go index 84648cc1af..4c363818e0 100644 --- a/pkg/addons/addons_gcpauth.go +++ b/pkg/addons/addons_gcpauth.go @@ -161,10 +161,10 @@ func createPullSecret(cc *config.ClusterConfig, creds *google.Credentials) error Type: "kubernetes.io/dockercfg", } - if Refresh { + if exists && Refresh { _, err := secrets.Update(context.TODO(), secretObj, metav1.UpdateOptions{}) if err != nil { - klog.Infof("error deleting secret: %v", err) + return err } } else { _, err = secrets.Create(context.TODO(), secretObj, metav1.CreateOptions{})