Merge pull request 'sriov webhooks to reload the renewed certificate.' (#348) from antaloala/Factory:edge-1759 into main

Reviewed-on: #348
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>

network-resources-injector/injector-webhook-load-renewed-certs.patch

@@ -0,0 +1,39 @@
+diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go
+index 1c8f418..b21de81 100644
+--- a/cmd/webhook/main.go
++++ b/cmd/webhook/main.go
+@@ -121,7 +121,7 @@ func main() {
+ 	// initialize webhook with controlSwitches
+ 	webhook.SetControlSwitches(controlSwitches)
+ 
+-	//initialize webhook with cache
++	// initialize webhook with cache
+ 	netAnnotationCache := netcache.Create()
+ 	netAnnotationCache.Start()
+ 	webhook.SetNetAttachDefCache(netAnnotationCache)
+@@ -192,11 +192,10 @@ func main() {
+ 
+ 	certUpdated := false
+ 	keyUpdated := false
++	watcher.Add(*cert)
++	watcher.Add(*key)
+ 
+ 	for {
+-		watcher.Add(*cert)
+-		watcher.Add(*key)
+-
+ 		select {
+ 		case event, ok := <-watcher.Events:
+ 			if !ok {
+@@ -209,9 +208,11 @@ func main() {
+ 				glog.V(2).Infof("modified file: %v", event.Name)
+ 				if event.Name == *cert {
+ 					certUpdated = true
++					watcher.Add(*cert)
+ 				}
+ 				if event.Name == *key {
+ 					keyUpdated = true
++					watcher.Add(*key)
+ 				}
+ 				if keyUpdated && certUpdated {
+ 					if err := keyPair.Reload(); err != nil {

network-resources-injector/network-resources-injector.spec

@@ -24,6 +24,9 @@ License:        Apache-2.0
 URL:            https://github.com/k8snetworkplumbingwg/network-resources-injector
 Source:         %{name}-%{version}.tar
 Source1:        vendor.tar.gz
+# Patch1 below backports changes from PR#187 (https://github.com/k8snetworkplumbingwg/network-resources-injector/pull/187);
+# to be removed once bumping (>= v1.9.0 upstream)
+Patch1:         injector-webhook-load-renewed-certs.patch
 BuildRequires:  golang(API) = 1.24
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}

sriov-network-operator/operator-webhook-load-renewed-certs.patch

@@ -0,0 +1,51 @@
+diff --git a/cmd/webhook/start.go b/cmd/webhook/start.go
+index c66d6c8b..23eaf928 100644
+--- a/cmd/webhook/start.go
++++ b/cmd/webhook/start.go
+@@ -25,14 +25,12 @@ var (
+ 	enableHTTP2 bool
+ )
+ 
+-var (
+-	startCmd = &cobra.Command{
+-		Use:   "start",
+-		Short: "Starts Webhook Daemon",
+-		Long:  "Starts Webhook Daemon",
+-		Run:   runStartCmd,
+-	}
+-)
++var startCmd = &cobra.Command{
++	Use:   "start",
++	Short: "Starts Webhook Daemon",
++	Long:  "Starts Webhook Daemon",
++	Run:   runStartCmd,
++}
+ 
+ // admitv1Func handles a v1 admission
+ type admitv1Func func(v1.AdmissionReview) *v1.AdmissionResponse
+@@ -190,10 +188,10 @@ func runStartCmd(cmd *cobra.Command, args []string) {
+ 	certUpdated := false
+ 	keyUpdated := false
+ 
+-	for {
+-		watcher.Add(certFile)
+-		watcher.Add(keyFile)
++	watcher.Add(certFile)
++	watcher.Add(keyFile)
+ 
++	for {
+ 		select {
+ 		case event, ok := <-watcher.Events:
+ 			if !ok {
+@@ -206,9 +204,11 @@ func runStartCmd(cmd *cobra.Command, args []string) {
+ 				setupLog.Info("modified file", "name", event.Name)
+ 				if event.Name == certFile {
+ 					certUpdated = true
++					watcher.Add(certFile)
+ 				}
+ 				if event.Name == keyFile {
+ 					keyUpdated = true
++					watcher.Add(keyFile)
+ 				}
+ 				if keyUpdated && certUpdated {
+ 					if err := keyPair.Reload(); err != nil {

sriov-network-operator/sriov-network-operator.spec

@@ -24,6 +24,9 @@ License:        Apache-2.0
 URL:            https://github.com/k8snetworkplumbingwg/sriov-network-operator
 Source:         sriov-network-operator-%{version}.tar
 Source1:        vendor.tar.gz
+# Patch1 below backports changes from PR#946 (https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/946);
+# to be removed once bumping (>= v1.7.0 upstrean)
+Patch1:         operator-webhook-load-renewed-certs.patch
 BuildRequires:  golang(API) = 1.23
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}