From 99918a8e9066561aee506cefe4d4d1f8891f6d88 Mon Sep 17 00:00:00 2001 From: Katherine Stanley <11195226+katheris@users.noreply.github.com> Date: Wed, 11 Jun 2025 17:14:00 +0100 Subject: [PATCH] Create all CA secrets in parallel instead of chaining futures Signed-off-by: Katherine Stanley <11195226+katheris@users.noreply.github.com> --- .../operator/assembly/CaReconciler.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/cluster-operator/src/main/java/io/strimzi/operator/cluster/operator/assembly/CaReconciler.java b/cluster-operator/src/main/java/io/strimzi/operator/cluster/operator/assembly/CaReconciler.java index afba656fb94..434818a52db 100644 --- a/cluster-operator/src/main/java/io/strimzi/operator/cluster/operator/assembly/CaReconciler.java +++ b/cluster-operator/src/main/java/io/strimzi/operator/cluster/operator/assembly/CaReconciler.java @@ -273,7 +273,7 @@ Future reconcileCas(Clock clock) { generateClientsCa, clientsCaConfig != null ? clientsCaConfig.getCertificateExpirationPolicy() : null); - List>> secretReconciliations = new ArrayList<>(2); + List>> secretReconciliations = new ArrayList<>(4); if (generateClusterCa) { clusterCa.createRenewOrReplace(Util.isMaintenanceTimeWindowsSatisfied(reconciliation, maintenanceWindows, clock.instant()), @@ -281,12 +281,12 @@ Future reconcileCas(Clock clock) { isForceRenew(existingClusterCaCertSecret)); OwnerReference ownerReference = clusterCaConfig != null && !clusterCaConfig.isGenerateSecretOwnerReference() ? null : ownerRef; + clusterCaCertSecret = createCaCertSecret(clusterCaCertName, clusterCaCertLabels, clusterCaCertAnnotations, ownerReference, clusterCa, existingClusterCaCertSecret); - Secret clusterCaKeySecret = createCaKeySecret(clusterCaKeyName, ownerReference, clusterCa, existingClusterCaKeySecret); + secretReconciliations.add(secretOperator.reconcile(reconciliation, reconciliation.namespace(), clusterCaCertName, clusterCaCertSecret)); - Future> clusterSecretReconciliation = secretOperator.reconcile(reconciliation, reconciliation.namespace(), clusterCaCertName, clusterCaCertSecret) - .compose(ignored -> secretOperator.reconcile(reconciliation, reconciliation.namespace(), clusterCaKeyName, clusterCaKeySecret)); - secretReconciliations.add(clusterSecretReconciliation); + Secret clusterCaKeySecret = createCaKeySecret(clusterCaKeyName, ownerReference, clusterCa, existingClusterCaKeySecret); + secretReconciliations.add(secretOperator.reconcile(reconciliation, reconciliation.namespace(), clusterCaKeyName, clusterCaKeySecret)); } else { clusterCaCertSecret = existingClusterCaCertSecret; } @@ -297,12 +297,12 @@ Future reconcileCas(Clock clock) { isForceRenew(existingClientsCaCertSecret)); OwnerReference ownerReference = clientsCaConfig != null && !clientsCaConfig.isGenerateSecretOwnerReference() ? null : ownerRef; + Secret clientsCaCertSecret = createCaCertSecret(clientsCaCertName, Map.of(), Map.of(), ownerReference, clientsCa, existingClientsCaCertSecret); - Secret clientsCaKeySecret = createCaKeySecret(clientsCaKeyName, ownerReference, clientsCa, existingClientsCaKeySecret); + secretReconciliations.add(secretOperator.reconcile(reconciliation, reconciliation.namespace(), clientsCaCertName, clientsCaCertSecret)); - Future> clientsSecretReconciliation = secretOperator.reconcile(reconciliation, reconciliation.namespace(), clientsCaCertName, clientsCaCertSecret) - .compose(ignored -> secretOperator.reconcile(reconciliation, reconciliation.namespace(), clientsCaKeyName, clientsCaKeySecret)); - secretReconciliations.add(clientsSecretReconciliation); + Secret clientsCaKeySecret = createCaKeySecret(clientsCaKeyName, ownerReference, clientsCa, existingClientsCaKeySecret); + secretReconciliations.add(secretOperator.reconcile(reconciliation, reconciliation.namespace(), clientsCaKeyName, clientsCaKeySecret)); } Promise caUpdatePromise = Promise.promise();