Skip to content

Commit 5473892

Browse files
agrevtsevagrevtsev
committed
use secret-type as FieldSelector
1 parent 6da33d0 commit 5473892

File tree

1 file changed

+16
-20
lines changed

1 file changed

+16
-20
lines changed

internal/kubernetes.go

Lines changed: 16 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -37,28 +37,24 @@ func (exporter *Exporter) parseAllKubeSecrets() ([]*certificateRef, []error) {
3737
}
3838

3939
for _, namespace := range namespaces {
40-
secrets, err := exporter.getWatchedSecrets(namespace)
41-
if err != nil {
42-
outputErrors = append(outputErrors, fmt.Errorf("failed to fetch secrets from namespace \"%s\": %s", namespace, err.Error()))
43-
continue
44-
}
40+
for _, secretType := range exporter.KubeSecretTypes {
41+
typeAndKey := strings.Split(secretType, ":")
42+
secrets, err := exporter.getWatchedSecrets(namespace, typeAndKey[0])
43+
if err != nil {
44+
outputErrors = append(outputErrors, fmt.Errorf("failed to fetch secrets from namespace \"%s\": %s", namespace, err.Error()))
45+
continue
46+
}
4547

46-
for _, secret := range secrets {
47-
for _, secretType := range exporter.KubeSecretTypes {
48-
typeAndKey := strings.Split(secretType, ":")
49-
50-
if secret.Type == v1.SecretType(typeAndKey[0]) && len(secret.Data[typeAndKey[1]]) > 0 {
51-
output = append(output, &certificateRef{
52-
path: fmt.Sprintf("k8s/%s/%s", namespace, secret.GetName()),
53-
format: certificateFormatKubeSecret,
54-
kubeSecret: secret,
55-
kubeSecretKey: typeAndKey[1],
56-
})
57-
}
48+
for _, secret := range secrets {
49+
output = append(output, &certificateRef{
50+
path: fmt.Sprintf("k8s/%s/%s", namespace, secret.GetName()),
51+
format: certificateFormatKubeSecret,
52+
kubeSecret: secret,
53+
kubeSecretKey: typeAndKey[1],
54+
})
5855
}
5956
}
6057
}
61-
6258
return output, outputErrors
6359
}
6460

@@ -95,7 +91,7 @@ func (exporter *Exporter) listNamespacesToWatch() ([]string, error) {
9591
return namespaces, nil
9692
}
9793

98-
func (exporter *Exporter) getWatchedSecrets(namespace string) ([]v1.Secret, error) {
94+
func (exporter *Exporter) getWatchedSecrets(namespace string, secretType string) ([]v1.Secret, error) {
9995
cachedSecrets, cached := exporter.secretsCache.Get(namespace)
10096
if cached {
10197
return cachedSecrets.([]v1.Secret), nil
@@ -124,7 +120,7 @@ func (exporter *Exporter) getWatchedSecrets(namespace string) ([]v1.Secret, erro
124120
}
125121

126122
labelSelector := metav1.LabelSelector{MatchLabels: includedLabelsWithValue}
127-
fieldSelector := fields.SelectorFromSet(fields.Set{"type": "kubernetes.io/tls"})
123+
fieldSelector := fields.SelectorFromSet(fields.Set{"type" : secretType})
128124
secrets, err := exporter.kubeClient.CoreV1().Secrets(namespace).List(context.Background(), metav1.ListOptions{
129125
LabelSelector: labels.Set(labelSelector.MatchLabels).String(),
130126
FieldSelector: fieldSelector.String(),

0 commit comments

Comments
 (0)