Skip to content

Certificate Controller: Assignment 2 and 3 #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Certificate Controller: Assignment 2 and 3 #71

wants to merge 4 commits into from

Conversation

jshiwamV
Copy link
Contributor

@jshiwamV jshiwamV commented Oct 3, 2024
edited
Loading

This PR introduces the following methods and functionalities in the CertificateReconciler for managing certificates in Kubernetes:

1. Reconcile Method:

  • The Reconcile method is responsible for checking the state of the Certificate resource and performing necessary actions such as:
    • Creating a New Certificate: If the Certificate resource does not have an expiry date (i.e., it is being created for the first time), the method:
      • Parses the ValidFor field from the CertificateSpec.
      • Generates a self-signed certificate based on the provided domain and validity period.
      • Updates the status of the Certificate with appropriate conditions (e.g., Pending, Issued).
    • Renewing a Certificate: If the certificate is close to expiry (within 5 minutes), it:
      • Initiates the certificate renewal process.
      • Updates the status conditions to reflect the renewal (e.g., Renewing, Renewed).
  • Requeue Mechanism: The reconciler automatically requeues itself to check certificate expiration every minute.

2. createOrUpdateCertificate Method:

  • This method is responsible for creating or updating the Secret resource that stores the certificate's PEM-encoded public and private keys.
  • The method ensures that the secret is created with the appropriate owner reference (Certificate resource), allowing Kubernetes to clean up the secret automatically if the Certificate resource is deleted.
  • If the secret already exists, it performs a patch update.

3. updateStatus Method:

  • This method is used to update the status of the Certificate resource.
  • It takes inputs such as the condition (metav1.Condition) and optionally, expiredAt and renewedAt timestamps.
  • The status conditions (ConditionIssued, ConditionRenewed, etc.) are updated using this method along with the certificate's expiry and renewal times.
  • The method fetches the current Certificate resource, updates its conditions, and persists the changes.

Key Functionalities:

  • Certificate Creation: Generates a self-signed certificate when the Certificate resource is created and stores it in a Kubernetes Secret.
  • Certificate Renewal: Automatically renews the certificate before it expires, ensuring that the system always has a valid certificate.
  • Status Management: Continuously updates the status of the Certificate resource with relevant conditions, expiry dates, and renewal dates.
  • Requeuing Logic: Ensures continuous monitoring of certificate expiration by requeuing the reconciliation process every minute.

@jshiwamV jshiwamV marked this pull request as ready for review October 7, 2024 07:26
@jshiwamV jshiwamV changed the title Certificate Operator: Assignment 2 and 3 Certificate Controller: Assignment 2 and 3 Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jshiwamV