Skip to content

Commit

Permalink
enhance: skip updating k8s secret if no change (#274)
Browse files Browse the repository at this point in the history
Signed-off-by: JenTing Hsiao <[email protected]>
  • Loading branch information
jenting authored Jul 24, 2024
1 parent f8f2aef commit 6bb39aa
Showing 1 changed file with 25 additions and 14 deletions.
39 changes: 25 additions & 14 deletions controllers/vaultsecret_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"context"
"fmt"
"os"
"reflect"
"text/template"
"time"

Expand Down Expand Up @@ -225,23 +226,33 @@ func (r *VaultSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
if instance.Spec.ReconcileStrategy == "Merge" {
secret = mergeSecretData(secret, found)

log.Info("Updating a Secret", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
err = r.Update(ctx, secret)
if err != nil {
log.Error(err, "Could not update secret")
r.updateConditions(ctx, instance, conditionReasonMergeFailed, err.Error(), metav1.ConditionFalse)
return ctrl.Result{}, err
if secret.Type == found.Type && reflect.DeepEqual(secret.Data, found.Data) &&
reflect.DeepEqual(secret.Labels, found.Labels) && reflect.DeepEqual(secret.Annotations, found.Annotations) {
log.Info("Skip updating a Secret cause data no change", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
} else {
log.Info("Updating a Secret", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
err = r.Update(ctx, secret)
if err != nil {
log.Error(err, "Could not update secret")
r.updateConditions(ctx, instance, conditionReasonMergeFailed, err.Error(), metav1.ConditionFalse)
return ctrl.Result{}, err
}
r.updateConditions(ctx, instance, conditionReasonUpdated, "Secret was updated", metav1.ConditionTrue)
}
r.updateConditions(ctx, instance, conditionReasonUpdated, "Secret was updated", metav1.ConditionTrue)
} else {
log.Info("Updating a Secret", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
err = r.Update(ctx, secret)
if err != nil {
log.Error(err, "Could not update secret")
r.updateConditions(ctx, instance, conditionReasonUpdateFailed, err.Error(), metav1.ConditionFalse)
return ctrl.Result{}, err
if secret.Type == found.Type && reflect.DeepEqual(secret.Data, found.Data) &&
reflect.DeepEqual(secret.Labels, found.Labels) && reflect.DeepEqual(secret.Annotations, found.Annotations) {
log.Info("Skip updating a Secret cause no change", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
} else {
log.Info("Updating a Secret", "Secret.Namespace", secret.Namespace, "Secret.Name", secret.Name)
err = r.Update(ctx, secret)
if err != nil {
log.Error(err, "Could not update secret")
r.updateConditions(ctx, instance, conditionReasonUpdateFailed, err.Error(), metav1.ConditionFalse)
return ctrl.Result{}, err
}
r.updateConditions(ctx, instance, conditionReasonUpdated, "Secret was updated", metav1.ConditionTrue)
}
r.updateConditions(ctx, instance, conditionReasonUpdated, "Secret was updated", metav1.ConditionTrue)
}

// Finally we add the vaultsecretsFinalizer to the VaultSecret. The finilizer is needed so that we can remove the
Expand Down

0 comments on commit 6bb39aa

Please sign in to comment.