search

cert-manager / trust-manager

trust-manager is an operator for distributing trust bundles across a Kubernetes cluster.
https://cert-manager.io/docs/projects/trust-manager/
Apache License 2.0
243 stars 65 forks source link

fix: should encode additional target format just once per bundle reconcile #241

Closed erikgb closed 8 months ago

erikgb commented 9 months ago

While working on something else, I discovered that if a bundle specifies any additional format in targets, the JKS/PKCS12 is encoded for each and every target configmap/secret. This seems wrong to me, as encoding in these binary trust store formats is a quite heavy operation.

This PR moves the encoding of any additional target formats into buildSourceBundle method - which is executed once per bundle reconciliation. I tried to make this fix/refactoring as minimal as possible to not affect the WIP on https://github.com/cert-manager/trust-manager/pull/235 too much. We could eventually improve this even more in a follow-up PR - especially the tests, which have a lot of duplication at present.

erikgb commented 9 months ago

/retest

hawksight commented 9 months ago

@aidy - this might be interesting to review.

erikgb commented 8 months ago

/test pull-trust-manager-verify

erikgb commented 8 months ago

/test pull-trust-manager-verify

jetstack-bot commented 8 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: SgtCoDFish

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/cert-manager/trust-manager/blob/main/OWNERS)~~ [SgtCoDFish] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
SgtCoDFish commented 8 months ago

/unhold