No need to list all secret in the namespace to find just one (#5669)

Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
kedacore · Apr 16, 2024 · ee4ab1b · ee4ab1b
1 parent bcaf5c0
commit ee4ab1b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -108,6 +108,7 @@ New deprecation(s):
 - **General**: Introduce ENABLE_OPENTELEMETRY in deploying/testing process ([#5375](https://github.com/kedacore/keda/issues/5375)|[#5578](https://github.com/kedacore/keda/issues/5578))
 - **General**: Migrate away from unmaintained golang/mock and use uber/gomock ([#5440](https://github.com/kedacore/keda/issues/5440))
 - **General**: Minor refactor to reduce copy/paste code in ScaledObject webhook ([#5397](https://github.com/kedacore/keda/issues/5397))
+- **General**: No need to list all secret in the namespace to find just one ([#5669](https://github.com/kedacore/keda/pull/5669))
 - **Kafka**: Expose GSSAPI service name ([#5474](https://github.com/kedacore/keda/issues/5474))
 
 ## v2.13.1

diff --git a/pkg/certificates/certificate_manager.go b/pkg/certificates/certificate_manager.go
@@ -24,6 +24,7 @@ import (
  "github.com/go-logr/logr"
  "github.com/open-policy-agent/cert-controller/pkg/rotator"
  corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
  v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "k8s.io/apimachinery/pkg/types"
  "sigs.k8s.io/controller-runtime/pkg/client"
@@ -109,26 +110,24 @@ func getDNSNames(service, k8sClusterDomain string) []string {
 
 // ensureSecret ensures that the secret used for storing TLS certificates exists
 func (cm CertManager) ensureSecret(ctx context.Context, mgr manager.Manager, secretName string) error {
- secrets := &corev1.SecretList{}
+ secret := &corev1.Secret{}
  kedaNamespace := kedautil.GetPodNamespace()
- opt := &client.ListOptions{
+ objKey := client.ObjectKey{
  Namespace: kedaNamespace,
+ Name: secretName,
  }
-
- err := mgr.GetAPIReader().List(ctx, secrets, opt)
+ create := false
+ err := mgr.GetAPIReader().Get(ctx, objKey, secret)
  if err != nil {
- cm.Logger.Error(err, "unable to check secrets")
- return err
- }
-
- exists := false
- for _, secret := range secrets.Items {
- if secret.Name == secretName {
- exists = true
- break
+ if errors.IsNotFound(err) {
+ create = true
+ } else {
+ cm.Logger.Error(err, "unable to check secret")
+ return err
  }
  }
- if !exists {
+
+ if create {
  secret := &corev1.Secret{
  ObjectMeta: v1.ObjectMeta{
  Name: secretName,