Skip to content

feat: made changes to avoid spinning up multiple go-rouintes and bettor error handling #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
varonix0 merged 3 commits into from
Feb 3, 2026
Merged

feat: made changes to avoid spinning up multiple go-rouintes and bettor error handling #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8f3879a
feat: made changes to avoid spinning up multiple go-rouintes and bett…
akhilmhdh Feb 3, 2026
35b14d3
feat: resolved all merge comments
akhilmhdh Feb 3, 2026
bcb5dac
requested changes
varonix0 Feb 3, 2026
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions api/v1alpha1/infisicalsecret_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ type InfisicalSecretSpec struct {
ManagedKubeConfigMapReferences []ManagedKubeConfigMapConfig `json:"managedKubeConfigMapReferences"`

// +kubebuilder:default:=60
// +kubebuilder:validation:Optional
ResyncInterval int `json:"resyncInterval"`

// Infisical host to pull secrets from
Expand All @@ -188,6 +189,18 @@ type InfisicalSecretSpec struct {

// +kubebuilder:validation:Optional
InstantUpdates bool `json:"instantUpdates"`

// +kubebuilder:validation:Optional
SyncConfig *InfisicalSecretSyncConfig `json:"syncConfig"`
}

type InfisicalSecretSyncConfig struct {
// +kubebuilder:validation:Optional
InstantUpdates bool `json:"instantUpdates"`

// +kubebuilder:validation:Optional
// +kubebuilder:default:="60s"
ResyncInterval string `json:"resyncInterval"`
}

// InfisicalSecretStatus defines the observed state of InfisicalSecret
Expand Down
20 changes: 20 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 8 additions & 2 deletions config/crd/bases/secrets.infisical.com_infisicalsecrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,14 @@ spec:
resyncInterval:
default: 60
type: integer
syncConfig:
properties:
instantUpdates:
type: boolean
resyncInterval:
default: 60s
type: string
type: object
tls:
properties:
caRef:
Expand Down Expand Up @@ -542,8 +550,6 @@ spec:
- secretName
- secretNamespace
type: object
required:
- resyncInterval
type: object
status:
description: InfisicalSecretStatus defines the observed state of InfisicalSecret
Expand Down
5 changes: 3 additions & 2 deletions config/samples/crd/infisicalsecret/infisicalSecretCrd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ metadata:
example.com/annotation-to-be-passed-to-managed-secret: "sample-value"
spec:
hostAPI: http://localhost:8080/api
resyncInterval: 10
instantUpdates: false
syncConfig:
resyncInterval: 10s
instantUpdates: false
# tls:
# caRef:
# secretName: custom-ca-certificate
Expand Down
10 changes: 8 additions & 2 deletions helm-charts/secrets-operator/templates/infisicalsecret-crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -509,6 +509,14 @@ spec:
resyncInterval:
default: 60
type: integer
syncConfig:
properties:
instantUpdates:
type: boolean
resyncInterval:
default: 60s
type: string
type: object
tls:
properties:
caRef:
Expand Down Expand Up @@ -542,8 +550,6 @@ spec:
- secretName
- secretNamespace
type: object
required:
- resyncInterval
type: object
status:
description: InfisicalSecretStatus defines the observed state of InfisicalSecret
Expand Down
49 changes: 39 additions & 10 deletions internal/controller/infisicalsecret_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ import (
"github.com/go-logr/logr"
)

const DEFAULT_RESYNC_INTERVAL = time.Minute

// InfisicalSecretReconciler reconciles a InfisicalSecret object
type InfisicalSecretReconciler struct {
client.Client
Expand Down Expand Up @@ -79,7 +81,6 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ
logger := r.GetLogger(req)

var infisicalSecretCRD secretsv1alpha1.InfisicalSecret
requeueTime := time.Minute // seconds

err := r.Get(ctx, req.NamespacedName, &infisicalSecretCRD)
if err != nil {
Expand Down Expand Up @@ -130,12 +131,32 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ
return ctrl.Result{}, nil
}

if infisicalSecretCRD.Spec.ResyncInterval != 0 {
requeueTime = time.Second * time.Duration(infisicalSecretCRD.Spec.ResyncInterval)
logger.Info(fmt.Sprintf("Manual re-sync interval set. Interval: %v", requeueTime))
syncConfig := infisicalSecretCRD.Spec.SyncConfig
var requeueTime time.Duration

if syncConfig == nil {
syncConfig = &secretsv1alpha1.InfisicalSecretSyncConfig{
ResyncInterval: fmt.Sprintf("%ds", infisicalSecretCRD.Spec.ResyncInterval),
InstantUpdates: infisicalSecretCRD.Spec.InstantUpdates,
}

logger.Info("\n\n\nThe fields `instantUpdates` and `resyncInterval` are deprecated. Please use `syncConfig.instantUpdates` and `syncConfig.resyncInterval` instead.\n\nRefer to the documentation for more information: https://infisical.com/docs/integrations/platforms/kubernetes/infisical-secret-crd\n\n\n")

}

if duration, err := util.ConvertResyncIntervalToDuration(syncConfig.ResyncInterval, true); err == nil {
// successfully parsed the resync interval. if its parsed to 0, we should use the default of 60 seconds
if duration != 0 {
requeueTime = duration
logger.Info(fmt.Sprintf("resync interval set from syncConfig. interval: %v", requeueTime))
} else {
logger.Info(fmt.Sprintf("resync interval set to 0, using default of %v", DEFAULT_RESYNC_INTERVAL))
requeueTime = DEFAULT_RESYNC_INTERVAL
}
} else {
logger.Info(fmt.Sprintf("Re-sync interval set. Interval: %v", requeueTime))
// failed to parse the resync interval
logger.Error(err, fmt.Sprintf("failed to parse resync interval from syncConfig, using default of %v. [err=%v]", DEFAULT_RESYNC_INTERVAL, err))
requeueTime = DEFAULT_RESYNC_INTERVAL
}

// Check if the resource is already marked for deletion
Expand Down Expand Up @@ -185,13 +206,13 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ
return ctrl.Result{}, fmt.Errorf("unable to reconcile auto redeployment: %w", err)
}

if infisicalSecretCRD.Spec.InstantUpdates {
if syncConfig.InstantUpdates {
if err := handler.OpenInstantUpdatesStream(ctx, logger, &infisicalSecretCRD, infisicalSecretResourceVariablesMap, r.SourceCh); err != nil {
logger.Error(err, "event stream failed")
return ctrl.Result{}, fmt.Errorf("event stream failed: %w", err)
// Log SSE errors but don't fail reconciliation - periodic resync will continue
logger.Error(err, "instant updates stream failed, falling back to periodic sync only")
} else {
logger.Info("Instant updates are enabled")
}

logger.Info("Instant updates are enabled")
} else {
handler.CloseInstantUpdatesStream(ctx, logger, &infisicalSecretCRD, infisicalSecretResourceVariablesMap)
}
Expand All @@ -218,6 +239,10 @@ func (r *InfisicalSecretReconciler) SetupWithManager(mgr ctrl.Manager) error {

if infisicalSecretResourceVariablesMap != nil {
if rv, ok := infisicalSecretResourceVariablesMap[string(e.ObjectNew.GetUID())]; ok {
// Explicit SSE cleanup before context cancellation
if rv.ServerSentEvents != nil {
rv.ServerSentEvents.Close()
}
rv.CancelCtx()
delete(infisicalSecretResourceVariablesMap, string(e.ObjectNew.GetUID()))
}
Expand All @@ -227,6 +252,10 @@ func (r *InfisicalSecretReconciler) SetupWithManager(mgr ctrl.Manager) error {
DeleteFunc: func(e event.DeleteEvent) bool {
if infisicalSecretResourceVariablesMap != nil {
if rv, ok := infisicalSecretResourceVariablesMap[string(e.Object.GetUID())]; ok {
// Explicit SSE cleanup before context cancellation
if rv.ServerSentEvents != nil {
rv.ServerSentEvents.Close()
}
rv.CancelCtx()
delete(infisicalSecretResourceVariablesMap, string(e.Object.GetUID()))
}
Expand Down
Loading