mlajkim
commented
5 months ago plantuml code used here:
@startuml
title Run() SIA v3.2
note right
1. Run() runs once a day, if every step is successful
2. If anyone of them fails, it restarts from the beginning
(Specifically defined failures won't restart the process)
end note
start
repeat
if (idConfig.ProviderService != ""?) then (not empty)
#lightblue:IdentityProvisioning();
(not given) elseif (CERT_FILE & KEY_FILE both given?) then (given)
#red:Attempts to read instance cert on local directory;
else (not given)
:Write a debug
"Skipping to request/load x509 certificate";
endif
if (Successfully Prepared Instance Cert?) then (no)
if (IS BACKUP_MODE "read" or "read+write" && idConfig.ProviderService != ""?) then (yes)
#lightblue:Attempts to read from k8s secret;
else (no)
:Write a debug
"Skipping to load backup from k8s secret";
endif
else (yes)
endif
repeat while (Successfully prepared instance cert?) is (failed to prepare)
if (Is K8s Backup Secret used?) then (no)
else (yes)
#lightblue:IdentityProvisioning() with FORCE_INIT;
note right
It is just an attempt.
If it fails, it does not restart the flow,
as the instance cert is already prepared.
end note
endif
note right
Saves instance certificate into the cert reloader
end note
:CertReloader.UpdateCertificate();
:RoleCertProvisioningRequest();
:WriteFile();
note right
Color #lightblue: WriteFile() Should WRITE InstanceCert
Color #red: WriteFile() Should NOT write InstanceCert
end note
stop
@enduml
Background
Before the pr https://github.com/AthenZ/k8s-athenz-sia/pull/111, there was not enough check and cert loader panicked. The changes however has three different uploading part.
It will be great to bring it as one as the following instead:
TODOs