Rebuild the cloud-init userdata if the soure VM secret changed

After 24 hours the userdata secret for a VM contains an outdated value. We must refetch and update the cloud init secret with the latest data, otherwise a node will fail the ignition stage. Fixes: kubernetes-sigs#169 Signed-off-by: Roy Golan <rgolan@redhat.com>
rgolangh · Mar 26, 2023 · 33c4c33 · 33c4c33
1 parent 68ebbe0
commit 33c4c33
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 8 deletions.
diff --git a/controllers/kubevirtmachine_controller.go b/controllers/kubevirtmachine_controller.go
@@ -515,14 +515,6 @@ func (r *KubevirtMachineReconciler) reconcileKubevirtBootstrapSecret(ctx *contex
 		return errors.New("error retrieving bootstrap data: linked Machine's bootstrap.dataSecretName is nil")
 	}
 
-	// Exit early if exists.
-	bootstrapDataSecret := &corev1.Secret{}
-	bootstrapDataSecretKey := client.ObjectKey{Namespace: vmNamespace, Name: *ctx.Machine.Spec.Bootstrap.DataSecretName + "-userdata"}
-	if err := infraClusterClient.Get(ctx, bootstrapDataSecretKey, bootstrapDataSecret); err == nil {
-		ctx.BootstrapDataSecret = bootstrapDataSecret
-		return nil
-	}
-
 	s := &corev1.Secret{}
 	key := client.ObjectKey{Namespace: ctx.Machine.GetNamespace(), Name: *ctx.Machine.Spec.Bootstrap.DataSecretName}
 	if err := r.Client.Get(ctx, key, s); err != nil {

diff --git a/controllers/kubevirtmachine_controller_test.go b/controllers/kubevirtmachine_controller_test.go
@@ -1063,6 +1063,36 @@ var _ = Describe("reconcile a kubevirt machine", func() {
 		Expect(err).ToNot(HaveOccurred())
 		Expect(out).To(Equal(ctrl.Result{RequeueAfter: 20 * time.Second}))
 	})
+
+	It("should fetch the latest bootstrap secret and update the machine context if changed", func() {
+		kubevirtMachine.Status.Ready = true
+		bootstrapSecret.Data["value"] = append(bootstrapSecret.Data["value"], []byte(" some change")...)
+
+		objects := []client.Object{
+			cluster,
+			kubevirtCluster,
+			machine,
+			kubevirtMachine,
+			sshKeySecret,
+			bootstrapSecret,
+			bootstrapUserDataSecret,
+		}
+
+		// test that if the source secret has changed, and there is alredy a secret exist, we still copy the source
+		// to the dest.
+		// the source is the bootstrap secret, the dest is the bootstrap user data secret
+
+		setupClient(kubevirt.DefaultMachineFactory{}, objects)
+
+		infraClusterMock.EXPECT().GenerateInfraClusterClient(kubevirtMachine.Spec.InfraClusterSecretRef, kubevirtMachine.Namespace, machineContext.Context).Return(fakeClient, kubevirtMachine.Namespace, nil)
+
+		Expect(machineContext.KubevirtMachine.Status.Ready).To(BeTrue())
+		out, err := kubevirtMachineReconciler.reconcileNormal(machineContext)
+		Expect(machineContext.KubevirtMachine.Status.Ready).To(BeFalse())
+		Expect(err).ToNot(HaveOccurred())
+		Expect(out).To(Equal(ctrl.Result{RequeueAfter: 20 * time.Second}))
+		Expect(machineContext.BootstrapDataSecret.Data["userdata"]).To(Equal(bootstrapSecret.Data["value"]))
+	})
 })
 
 var _ = Describe("updateNodeProviderID", func() {