From 417601ec1d72a73a364f3eb84a4b7fd8d56a32dc640800996f476a52e1d6c210 Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 22 Dec 2025 10:43:22 +0100 Subject: [PATCH 1/2] Adds injector-webhook-load-renewed-certs.patch to network-resources-injector srpm --- .../injector-webhook-load-renewed-certs.patch | 39 +++++++++++++++++++ .../network-resources-injector.spec | 3 ++ 2 files changed, 42 insertions(+) create mode 100644 network-resources-injector/injector-webhook-load-renewed-certs.patch diff --git a/network-resources-injector/injector-webhook-load-renewed-certs.patch b/network-resources-injector/injector-webhook-load-renewed-certs.patch new file mode 100644 index 0000000..c861467 --- /dev/null +++ b/network-resources-injector/injector-webhook-load-renewed-certs.patch @@ -0,0 +1,39 @@ +diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go +index 1c8f418..b21de81 100644 +--- a/cmd/webhook/main.go ++++ b/cmd/webhook/main.go +@@ -121,7 +121,7 @@ func main() { + // initialize webhook with controlSwitches + webhook.SetControlSwitches(controlSwitches) + +- //initialize webhook with cache ++ // initialize webhook with cache + netAnnotationCache := netcache.Create() + netAnnotationCache.Start() + webhook.SetNetAttachDefCache(netAnnotationCache) +@@ -192,11 +192,10 @@ func main() { + + certUpdated := false + keyUpdated := false ++ watcher.Add(*cert) ++ watcher.Add(*key) + + for { +- watcher.Add(*cert) +- watcher.Add(*key) +- + select { + case event, ok := <-watcher.Events: + if !ok { +@@ -209,9 +208,11 @@ func main() { + glog.V(2).Infof("modified file: %v", event.Name) + if event.Name == *cert { + certUpdated = true ++ watcher.Add(*cert) + } + if event.Name == *key { + keyUpdated = true ++ watcher.Add(*key) + } + if keyUpdated && certUpdated { + if err := keyPair.Reload(); err != nil { diff --git a/network-resources-injector/network-resources-injector.spec b/network-resources-injector/network-resources-injector.spec index ff880aa..3364c57 100644 --- a/network-resources-injector/network-resources-injector.spec +++ b/network-resources-injector/network-resources-injector.spec @@ -24,6 +24,9 @@ License: Apache-2.0 URL: https://github.com/k8snetworkplumbingwg/network-resources-injector Source: %{name}-%{version}.tar Source1: vendor.tar.gz +# Patch1 below backports changes from PR#187 (https://github.com/k8snetworkplumbingwg/network-resources-injector/pull/187); +# to be removed once bumping (>= v1.9.0 upstream) +Patch1: injector-webhook-load-renewed-certs.patch BuildRequires: golang(API) = 1.24 ExcludeArch: s390 ExcludeArch: %{ix86} -- 2.51.1 From a164be3522d9e248da66076a7400dbb8aad0c3974601386a2024f97c58a18a9a Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 22 Dec 2025 10:48:44 +0100 Subject: [PATCH 2/2] Adds operator-webhook-load-renewed-certs.patch to sriov-network-operator srpm --- .../operator-webhook-load-renewed-certs.patch | 51 +++++++++++++++++++ .../sriov-network-operator.spec | 3 ++ 2 files changed, 54 insertions(+) create mode 100644 sriov-network-operator/operator-webhook-load-renewed-certs.patch diff --git a/sriov-network-operator/operator-webhook-load-renewed-certs.patch b/sriov-network-operator/operator-webhook-load-renewed-certs.patch new file mode 100644 index 0000000..cd9f74c --- /dev/null +++ b/sriov-network-operator/operator-webhook-load-renewed-certs.patch @@ -0,0 +1,51 @@ +diff --git a/cmd/webhook/start.go b/cmd/webhook/start.go +index c66d6c8b..23eaf928 100644 +--- a/cmd/webhook/start.go ++++ b/cmd/webhook/start.go +@@ -25,14 +25,12 @@ var ( + enableHTTP2 bool + ) + +-var ( +- startCmd = &cobra.Command{ +- Use: "start", +- Short: "Starts Webhook Daemon", +- Long: "Starts Webhook Daemon", +- Run: runStartCmd, +- } +-) ++var startCmd = &cobra.Command{ ++ Use: "start", ++ Short: "Starts Webhook Daemon", ++ Long: "Starts Webhook Daemon", ++ Run: runStartCmd, ++} + + // admitv1Func handles a v1 admission + type admitv1Func func(v1.AdmissionReview) *v1.AdmissionResponse +@@ -190,10 +188,10 @@ func runStartCmd(cmd *cobra.Command, args []string) { + certUpdated := false + keyUpdated := false + +- for { +- watcher.Add(certFile) +- watcher.Add(keyFile) ++ watcher.Add(certFile) ++ watcher.Add(keyFile) + ++ for { + select { + case event, ok := <-watcher.Events: + if !ok { +@@ -206,9 +204,11 @@ func runStartCmd(cmd *cobra.Command, args []string) { + setupLog.Info("modified file", "name", event.Name) + if event.Name == certFile { + certUpdated = true ++ watcher.Add(certFile) + } + if event.Name == keyFile { + keyUpdated = true ++ watcher.Add(keyFile) + } + if keyUpdated && certUpdated { + if err := keyPair.Reload(); err != nil { diff --git a/sriov-network-operator/sriov-network-operator.spec b/sriov-network-operator/sriov-network-operator.spec index 2d2bed9..6e49474 100644 --- a/sriov-network-operator/sriov-network-operator.spec +++ b/sriov-network-operator/sriov-network-operator.spec @@ -24,6 +24,9 @@ License: Apache-2.0 URL: https://github.com/k8snetworkplumbingwg/sriov-network-operator Source: sriov-network-operator-%{version}.tar Source1: vendor.tar.gz +# Patch1 below backports changes from PR#946 (https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/946); +# to be removed once bumping (>= v1.7.0 upstrean) +Patch1: operator-webhook-load-renewed-certs.patch BuildRequires: golang(API) = 1.23 ExcludeArch: s390 ExcludeArch: %{ix86} -- 2.51.1