Add a new "legacy pod cleaner" controller.

This controller is responsible for cleaning up kube-cert-agent pods that were deployed by previous versions. They are easily identified because they use a different `kube-cert-agent.pinniped.dev` label compared to the new agent pods (`true` vs. `v2`). Signed-off-by: Matt Moyer <moyerm@vmware.com>
2026-01-07 14:05:50 +00:00 · 2021-04-20 14:56:43 -05:00
parent 54a8297cc4
commit e532a88647
5 changed files with 281 additions and 0 deletions
--- a/internal/controllermanager/prepare_controllers.go
+++ b/internal/controllermanager/prepare_controllers.go
@@ -207,6 +207,17 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) {
 			),
 			singletonWorker,
 		).
+		// The kube-cert-agent legacy pod cleaner controller is responsible for cleaning up pods that were deployed by
+		// versions of Pinniped prior to v0.7.0. If we stop supporting upgrades from v0.7.0, we can safely remove this.
+		WithController(
+			kubecertagent.NewLegacyPodCleanerController(
+				agentConfig,
+				client,
+				informers.installationNamespaceK8s.Core().V1().Pods(),
+				klogr.New(),
+			),
+			singletonWorker,
+		).
 		// The cache filler/cleaner controllers are responsible for keep an in-memory representation of active
 		// authenticators up to date.
 		WithController(