Address review comments

jetstack · May 1, 2018 · b75fb1d · b75fb1d
1 parent 61acbfd
commit b75fb1d
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 17 deletions.
diff --git a/pkg/kubelego/configure.go b/pkg/kubelego/configure.go
@@ -2,6 +2,7 @@ package kubelego
 
 import (
 	"github.com/jetstack/kube-lego/pkg/kubelego_const"
+	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 
 	"fmt"
 	"strings"
@@ -53,32 +54,37 @@ func (kl *KubeLego) TlsIgnoreDuplicatedSecrets(tlsSlice []kubelego.Tls) []kubele
 }
 
 func (kl *KubeLego) processProvider(ing kubelego.Ingress) (err error) {
-
+	var errs []error
 	for providerName, provider := range kl.legoIngressProvider {
 		err := provider.Reset()
 		if err != nil {
-			provider.Log().Error(err)
-			continue
+			errs = append(errs, err)
 		}
 
 		if providerName == ing.IngressProvider() {
 			err = provider.Process(ing)
 			if err != nil {
-				provider.Log().Error(err)
+				errs = append(errs, err)
 			}
 		}
 
 		err = provider.Finalize()
 		if err != nil {
-			provider.Log().Error(err)
+			errs = append(errs, err)
 		}
 	}
-	return nil
+	return utilerrors.NewAggregate(errs)
 }
 
 func (kl *KubeLego) reconfigure(ing kubelego.Ingress) error {
+	if ing.Ignore() {
+		return nil
+	}
 	// setup providers
-	kl.processProvider(ing)
+	err := kl.processProvider(ing)
+	if err != nil {
+		return err
+	}
 
 	// normify tls config
 	// NOTE: this no longer performs a global deduplication
@@ -88,11 +94,9 @@ func (kl *KubeLego) reconfigure(ing kubelego.Ingress) error {
 	kl.Log().Info("process certificate requests for ingresses")
 	errs := kl.TlsProcessHosts(tlsSlice)
 	if len(errs) > 0 {
-		errsStr := []string{}
-		for _, err := range errs {
-			errsStr = append(errsStr, fmt.Sprintf("%s", err))
-		}
-		kl.Log().Error("Error while processing certificate requests: ", strings.Join(errsStr, ", "))
+		err := utilerrors.NewAggregate(errs)
+		kl.Log().Errorf("Error while processing certificate requests: %v", err)
+		return err
 	}
 
 	return nil

diff --git a/pkg/kubelego/watch.go b/pkg/kubelego/watch.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/jetstack/kube-lego/pkg/ingress"
+	klconst "github.com/jetstack/kube-lego/pkg/kubelego_const"
 
 	k8sMeta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -71,7 +72,7 @@ func (kl *KubeLego) WatchReconfigure() {
 				}
 				name, namespace, err := cache.SplitMetaNamespaceKey(key)
 				if err != nil {
-					kl.Log().Errorf("worker: invalid string in workqueue: %s", item)
+					kl.Log().Errorf("worker: invalid string in workqueue %q: %v", item, err)
 					kl.workQueue.Forget(item)
 					return
 				}
@@ -141,20 +142,24 @@ func (kl *KubeLego) WatchEvents() {
 				// skip processing deleted items, as there is no reason to due to
 				// the way kube-lego serialises authorization attempts
 				// kl.workQueue.AddRateLimited(key)
+				kl.workQueue.Forget(key)
 			}
 		},
 		UpdateFunc: func(old, cur interface{}) {
 			oldIng := old.(*k8sExtensions.Ingress)
 			upIng := cur.(*k8sExtensions.Ingress)
 
-			//ignore resource version in equality check
-			oldIng.ResourceVersion = ""
-			upIng.ResourceVersion = ""
+			shouldForceProcess := anyDifferent(oldIng.Annotations, upIng.Annotations,
+				klconst.AnnotationIngressClass,
+				klconst.AnnotationIngressProvider,
+				klconst.AnnotationKubeLegoManaged,
+				klconst.AnnotationSslRedirect,
+				klconst.AnnotationWhitelistSourceRange)
 
 			// we requeue ingresses only when their spec has changed, as the indicates
 			// a user has updated the specification of their ingress and as such we should
 			// re-trigger a validation if required.
-			if !reflect.DeepEqual(oldIng.Spec, upIng.Spec) {
+			if !reflect.DeepEqual(oldIng.Spec, upIng.Spec) || shouldForceProcess {
 				upIng := cur.(*k8sExtensions.Ingress)
 				if ingress.IgnoreIngress(upIng) != nil {
 					return
@@ -185,3 +190,21 @@ func (kl *KubeLego) WatchEvents() {
 
 	go controller.Run(kl.stopCh)
 }
+
+// anyDifferent returns true if any of the keys passed are different in the given
+// map.
+func anyDifferent(left, right map[string]string, keys ...string) bool {
+	// if either left or right are nil, and the other isn't, then
+	// return true to kick off re-processing
+	if left == nil && right == nil ||
+		left == nil && right != nil ||
+		left != nil && right == nil {
+		return true
+	}
+	for _, k := range keys {
+		if left[k] != right[k] {
+			return true
+		}
+	}
+	return false
+}