Uploaded image for project: 'OpenShift CFE'
  1. OpenShift CFE
  2. CFE-1020

Route controller design for router + secret monitor integration


    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • openshift-4.16
    • None
    • None
    • None
    • CFE Sprint 248, CFE Sprint 249, CFE Sprint 250, CFE Sprint 252, CFE Sprint 253

      As part of this EP, there is a use case where there is a need to trigger re-sync of routes based on secret changes observed. The caveat here is that, we are not using secret informers, rather a new interface aka secret monitor (reasons are in the EP but don't pertain to this query). Since the router uses RouterController and not specific controllers for each resource (routes, namespaces, endpoints, etc), it doesn't have access to lower level components of a controller (eg: the workqueue) and without this I don't really see a way to integrate router with the secret monitor. Is re-designing the routercontroller the way forward here? I'm open to suggestions on other way to integrate here.


      Router will take feature-gate info from CFE-987

      Router will integrate secret-monitor done in CFE-866

      Validations required on router

        - The secret created should be in the same namespace as that of the route.
        - The secret created is of type `kubernetes.io/tls`.
        - Verify certificate and key (PEM encode/decode)
        - Verify private key matches public certificate

            rh-ee-ckyal Chirag Kyal
            rh-ee-ckyal Chirag Kyal
            Xingxing Xia, Yuedong Wu
            Hongan Li Hongan Li
            0 Vote for this issue
            4 Start watching this issue