search

intel / trusted-certificate-issuer

Trusted Certificate Service (TCS) is a K8s service to protect signing keys using Intel's SGX technology. K8s CSR and cert-manager CR APIs are both supported. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).
Apache License 2.0
29 stars 15 forks source link

controllers/CR: avoid double status updates #8

Closed avalluri closed 2 years ago

avalluri commented 2 years ago

We could combine both status certificate and ready condition with a single object patch call.

avalluri commented 2 years ago

I didn't try this code out, but conceptually and looking at the code this looks good.

I amend the commit with a minor fix of unnecessary reconciliation re-queues. And tested with istio (istio-csr) 1.12. Now the logs looks as below:

2022-02-09T21:24:22.462Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.462Z        INFO    controllers.CertificateRequest  cr has not been approved yet. Ignoring. {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.492Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.493Z        INFO    controllers.CertificateRequest  Initializing Ready condition    {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.493Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.512Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.512Z        INFO    controllers.CertificateRequest  Signing ...     {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.592Z        INFO    controllers.CertificateRequest  Signing done    {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.592Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.685Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.685Z        INFO    controllers.CertificateRequest  cr is Ready. Ignoring.  {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:22.685Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-pv8m7"}
2022-02-09T21:24:24.521Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.521Z        INFO    controllers.CertificateRequest  cr has not been approved yet. Ignoring. {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.547Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.547Z        INFO    controllers.CertificateRequest  Initializing Ready condition    {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.547Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.565Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.565Z        INFO    controllers.CertificateRequest  Signing ...     {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.684Z        INFO    controllers.CertificateRequest  Signing done    {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.685Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.707Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.707Z        INFO    controllers.CertificateRequest  cr is Ready. Ignoring.  {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:24.719Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-crfs4"}
2022-02-09T21:24:28.204Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.205Z        INFO    controllers.CertificateRequest  cr has not been approved yet. Ignoring. {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.230Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.230Z        INFO    controllers.CertificateRequest  Initializing Ready condition    {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.230Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.250Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.251Z        INFO    controllers.CertificateRequest  Signing ...     {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.484Z        INFO    controllers.CertificateRequest  Signing done    {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.484Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.509Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:28.509Z        INFO    controllers.CertificateRequest  Initializing Ready condition    {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:28.509Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:28.528Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-6wprk"}
2022-02-09T21:24:28.528Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:28.528Z        INFO    controllers.CertificateRequest  Signing ...     {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:28.692Z        INFO    controllers.CertificateRequest  Signing done    {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:28.692Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:28.784Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:28.784Z        INFO    controllers.CertificateRequest  cr is Ready. Ignoring.  {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:28.785Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-cwcm4"}
2022-02-09T21:24:29.172Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.172Z        INFO    controllers.CertificateRequest  cr has not been approved yet. Ignoring. {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.198Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.198Z        INFO    controllers.CertificateRequest  Initializing Ready condition    {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.198Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.215Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.215Z        INFO    controllers.CertificateRequest  Signing ...     {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.387Z        INFO    controllers.CertificateRequest  Signing done    {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.387Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.410Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.410Z        INFO    controllers.CertificateRequest  cr is Ready. Ignoring.  {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:29.423Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-fh476"}
2022-02-09T21:24:30.506Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.506Z        INFO    controllers.CertificateRequest  cr has not been approved yet. Ignoring. {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.533Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.534Z        INFO    controllers.CertificateRequest  Initializing Ready condition    {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.534Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.558Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.558Z        INFO    controllers.CertificateRequest  Signing ...     {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.686Z        INFO    controllers.CertificateRequest  Signing done    {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.686Z        INFO    controllers.CertificateRequest  Updating CR status      {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.705Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.705Z        INFO    controllers.CertificateRequest  cr is Ready. Ignoring.  {"req": "istio-system/istio-csr-lz52n"}
2022-02-09T21:24:30.719Z        INFO    controllers.CertificateRequest  Reconcile       {"req": "istio-system/istio-csr-lz52n"}