diff --git a/docs/deployment/secret_binding_provider_controller.md b/docs/deployment/secret_binding_provider_controller.md index 2a831e3b360..71d0ca6aed0 100644 --- a/docs/deployment/secret_binding_provider_controller.md +++ b/docs/deployment/secret_binding_provider_controller.md @@ -20,3 +20,8 @@ A Gardener landscape operator can follow the following steps: The `SecretBindingProviderValidation` feature gate of Gardener API server enables set of validations for the SecretBinding provider field. It forbids creating a Shoot that has a different provider type from the referenced SecretBinding's one. It also enforces immutability on the field. After making sure that SecretBinding provider controller is enabled and it populated the `.provider.type` field of a majority of the SecretBindings on a Gardener landscape (the SecretBindings that are unused will have their provider type unset), a Gardener landscape operator has to disable the SecretBinding provider controller and to enable the `SecretBindingProviderValidation` feature gate of Gardener API server. To disable the SecretBinding provider controller, in the ControllerManagerConfiguration set the `controller.secretBindingProvider.concurentSyncs` field to `0`. + +## Implementation History + +- Gardener v1.38: SecretBinding resource has a new optional field `.provider.type`. SecretBinding provider controller is disabled by default. `SecretBindingProviderValidation` feature gate of Gardener API server is disabled by default. +- Gardener v1.42: SecretBinding provider controller is enabled by default. diff --git a/example/20-componentconfig-gardener-controller-manager.yaml b/example/20-componentconfig-gardener-controller-manager.yaml index 7b6fe8a8c66..f2569fc1e13 100644 --- a/example/20-componentconfig-gardener-controller-manager.yaml +++ b/example/20-componentconfig-gardener-controller-manager.yaml @@ -14,7 +14,7 @@ controllers: secretBinding: concurrentSyncs: 5 secretBindingProvider: - concurrentSyncs: 0 + concurrentSyncs: 5 seed: concurrentSyncs: 5 syncPeriod: 30s diff --git a/pkg/controllermanager/apis/config/v1alpha1/defaults.go b/pkg/controllermanager/apis/config/v1alpha1/defaults.go index 7ea67645414..b6c9ca97186 100644 --- a/pkg/controllermanager/apis/config/v1alpha1/defaults.go +++ b/pkg/controllermanager/apis/config/v1alpha1/defaults.go @@ -126,10 +126,7 @@ func SetDefaults_ControllerManagerConfiguration(obj *ControllerManagerConfigurat if obj.Controllers.SecretBindingProvider == nil { obj.Controllers.SecretBindingProvider = &SecretBindingProviderControllerConfiguration{ - // The SecretBinding provider controller is disabled by default as it is considered alpha. - // - // TODO (ialidzhikov): Enable the controller by default. - ConcurrentSyncs: 0, + ConcurrentSyncs: 5, } } diff --git a/pkg/controllermanager/apis/config/v1alpha1/defaults_test.go b/pkg/controllermanager/apis/config/v1alpha1/defaults_test.go index 2f254c9d5ee..3ac5d695920 100644 --- a/pkg/controllermanager/apis/config/v1alpha1/defaults_test.go +++ b/pkg/controllermanager/apis/config/v1alpha1/defaults_test.go @@ -77,6 +77,8 @@ var _ = Describe("Defaults", func() { Expect(obj.Controllers.SecretBinding).NotTo(BeNil()) Expect(obj.Controllers.SecretBinding.ConcurrentSyncs).To(Equal(5)) + Expect(obj.Controllers.SecretBindingProvider).NotTo(BeNil()) + Expect(obj.Controllers.SecretBindingProvider.ConcurrentSyncs).To(Equal(5)) Expect(obj.Controllers.Seed).NotTo(BeNil()) Expect(obj.Controllers.Seed.ConcurrentSyncs).To(Equal(5))