diff --git a/pkg/controller/cluster/operator.go b/pkg/controller/cluster/operator.go index 2b7d106dae8..a216a34ed29 100644 --- a/pkg/controller/cluster/operator.go +++ b/pkg/controller/cluster/operator.go @@ -83,12 +83,12 @@ func (c *Controller) generateTLSCert() (string, string) { operatorTLSCert, err := c.kubeClientSet.CoreV1().Secrets(namespace).Get(ctx, OperatorTLSSecretName, metav1.GetOptions{}) if err != nil { if k8serrors.IsNotFound(err) { - klog.Infof("operator TLS secret not found %v", err) + klog.Infof("operator TLS secret not found: %v", err) if err = c.checkAndCreateOperatorCSR(ctx, operatorDeployment); err != nil { klog.Infof("Waiting for the operator certificates to be issued %v", err.Error()) time.Sleep(time.Second * 10) } else { - if err = c.kubeClientSet.CertificatesV1().CertificateSigningRequests().Delete(ctx, "operator-auto-tls", metav1.DeleteOptions{}); err != nil { + if err = c.kubeClientSet.CertificatesV1().CertificateSigningRequests().Delete(ctx, c.operatorCSRName(), metav1.DeleteOptions{}); err != nil { klog.Infof(err.Error()) } } @@ -207,25 +207,24 @@ func (c *Controller) createOperatorCSR(ctx context.Context, operator metav1.Obje return err } namespace := miniov2.GetNSFromFile() - operatorCSRName := fmt.Sprintf("operator-%s-csr", namespace) - err = c.createCertificateSigningRequest(ctx, map[string]string{}, operatorCSRName, namespace, csrBytes, operator, "server") + err = c.createCertificateSigningRequest(ctx, map[string]string{}, c.operatorCSRName(), namespace, csrBytes, operator, "server") if err != nil { - klog.Errorf("Unexpected error during the creation of the csr/%s: %v", operatorCSRName, err) + klog.Errorf("Unexpected error during the creation of the csr/%s: %v", c.operatorCSRName(), err) return err } // fetch certificate from CSR - certBytes, err := c.fetchCertificate(ctx, operatorCSRName) + certBytes, err := c.fetchCertificate(ctx, c.operatorCSRName()) if err != nil { - klog.Errorf("Unexpected error during the creation of the csr/%s: %v", operatorCSRName, err) + klog.Errorf("Unexpected error during the creation of the csr/%s: %v", c.operatorCSRName(), err) return err } // PEM encode private ECDSA key - encodedPrivKey := pem.EncodeToMemory(&pem.Block{Type: privateKeyType, Bytes: privKeysBytes}) + encodedPrivateKey := pem.EncodeToMemory(&pem.Block{Type: privateKeyType, Bytes: privKeysBytes}) // Create secret for operator to use - err = c.createOperatorSecret(ctx, operator, map[string]string{}, "operator-tls", encodedPrivKey, certBytes) + err = c.createOperatorSecret(ctx, operator, map[string]string{}, "operator-tls", encodedPrivateKey, certBytes) if err != nil { klog.Errorf("Unexpected error during the creation of the secret/%s: %v", "operator-tls", err) return err @@ -234,7 +233,7 @@ func (c *Controller) createOperatorCSR(ctx context.Context, operator metav1.Obje } func (c *Controller) checkAndCreateOperatorCSR(ctx context.Context, operator metav1.Object) error { - if _, err := c.kubeClientSet.CertificatesV1().CertificateSigningRequests().Get(ctx, "operator-auto-tls", metav1.GetOptions{}); err != nil { + if _, err := c.kubeClientSet.CertificatesV1().CertificateSigningRequests().Get(ctx, c.operatorCSRName(), metav1.GetOptions{}); err != nil { if k8serrors.IsNotFound(err) { klog.V(2).Infof("Creating a new Certificate Signing Request for Operator Server Certs, cluster %q") if err = c.createOperatorCSR(ctx, operator); err != nil { @@ -280,3 +279,8 @@ func (c *Controller) createUsers(ctx context.Context, tenant *miniov2.Tenant, te return nil } + +func (c *Controller) operatorCSRName() string { + namespace := miniov2.GetNSFromFile() + return fmt.Sprintf("operator-%s-csr", namespace) +}