gardener-controller-manager: Enable SecretBinding provider controller (…

…gardener#5499) Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
nickytd · Mar 2, 2022 · a2344b1 · a2344b1
1 parent 1c41ec4
commit a2344b1
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 5 deletions.
diff --git a/docs/deployment/secret_binding_provider_controller.md b/docs/deployment/secret_binding_provider_controller.md
@@ -20,3 +20,8 @@ A Gardener landscape operator can follow the following steps:
 
    The `SecretBindingProviderValidation` feature gate of Gardener API server enables set of validations for the SecretBinding provider field. It forbids creating a Shoot that has a different provider type from the referenced SecretBinding's one. It also enforces immutability on the field.
    After making sure that SecretBinding provider controller is enabled and it populated the `.provider.type` field of a majority of the SecretBindings on a Gardener landscape (the SecretBindings that are unused will have their provider type unset), a Gardener landscape operator has to disable the SecretBinding provider controller and to enable the `SecretBindingProviderValidation` feature gate of Gardener API server. To disable the SecretBinding provider controller, in the ControllerManagerConfiguration set the `controller.secretBindingProvider.concurentSyncs` field to `0`.
+
+## Implementation History
+
+- Gardener v1.38: SecretBinding resource has a new optional field `.provider.type`. SecretBinding provider controller is disabled by default. `SecretBindingProviderValidation` feature gate of Gardener API server is disabled by default.
+- Gardener v1.42: SecretBinding provider controller is enabled by default.
diff --git a/example/20-componentconfig-gardener-controller-manager.yaml b/example/20-componentconfig-gardener-controller-manager.yaml
@@ -14,7 +14,7 @@ controllers:
   secretBinding:
     concurrentSyncs: 5
   secretBindingProvider:
-    concurrentSyncs: 0
+    concurrentSyncs: 5
   seed:
     concurrentSyncs: 5
     syncPeriod: 30s

diff --git a/pkg/controllermanager/apis/config/v1alpha1/defaults.go b/pkg/controllermanager/apis/config/v1alpha1/defaults.go
@@ -126,10 +126,7 @@ func SetDefaults_ControllerManagerConfiguration(obj *ControllerManagerConfigurat
 
 	if obj.Controllers.SecretBindingProvider == nil {
 		obj.Controllers.SecretBindingProvider = &SecretBindingProviderControllerConfiguration{
-			// The SecretBinding provider controller is disabled by default as it is considered alpha.
-			//
-			// TODO (ialidzhikov): Enable the controller by default.
-			ConcurrentSyncs: 0,
+			ConcurrentSyncs: 5,
 		}
 	}
 

diff --git a/pkg/controllermanager/apis/config/v1alpha1/defaults_test.go b/pkg/controllermanager/apis/config/v1alpha1/defaults_test.go
@@ -77,6 +77,8 @@ var _ = Describe("Defaults", func() {
 
 			Expect(obj.Controllers.SecretBinding).NotTo(BeNil())
 			Expect(obj.Controllers.SecretBinding.ConcurrentSyncs).To(Equal(5))
+			Expect(obj.Controllers.SecretBindingProvider).NotTo(BeNil())
+			Expect(obj.Controllers.SecretBindingProvider.ConcurrentSyncs).To(Equal(5))
 
 			Expect(obj.Controllers.Seed).NotTo(BeNil())
 			Expect(obj.Controllers.Seed.ConcurrentSyncs).To(Equal(5))