Merge branch 'main' into add-events-to-special-secrets

pdabelf5 · web-flow · commit 33a83d33561e · 2024-11-28T12:55:11.000Z
diff --git a/internal/configs/configurator.go b/internal/configs/configurator.go
@@ -295,7 +295,7 @@ func (cnf *Configurator) AddOrUpdateIngress(ingEx *IngressEx) (Warnings, error)
 		return warnings, fmt.Errorf("error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err)
 	}
 
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		return warnings, fmt.Errorf("error reloading NGINX for %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err)
 	}
 
@@ -430,7 +430,7 @@ func (cnf *Configurator) AddOrUpdateMergeableIngress(mergeableIngs *MergeableIng
 		return warnings, fmt.Errorf("error when adding or updating ingress %v/%v: %w", mergeableIngs.Master.Ingress.Namespace, mergeableIngs.Master.Ingress.Name, err)
 	}
 
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		return warnings, fmt.Errorf("error reloading NGINX for %v/%v: %w", mergeableIngs.Master.Ingress.Namespace, mergeableIngs.Master.Ingress.Name, err)
 	}
 
@@ -585,7 +585,7 @@ func (cnf *Configurator) AddOrUpdateVirtualServer(virtualServerEx *VirtualServer
 		cnf.EnableReloads()
 	}
 
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		return warnings, fmt.Errorf("error reloading NGINX for VirtualServer %v/%v: %w", virtualServerEx.VirtualServer.Namespace, virtualServerEx.VirtualServer.Name, err)
 	}
 
@@ -656,7 +656,7 @@ func (cnf *Configurator) AddOrUpdateVirtualServers(virtualServerExes []*VirtualS
 		allWeightUpdates = append(allWeightUpdates, weightUpdates...)
 	}
 
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		return allWarnings, fmt.Errorf("error when reloading NGINX when updating Policy: %w", err)
 	}
 
@@ -741,7 +741,7 @@ func (cnf *Configurator) AddOrUpdateTransportServer(transportServerEx *Transport
 	if err != nil {
 		return nil, fmt.Errorf("error adding or updating TransportServer %v/%v: %w", transportServerEx.TransportServer.Namespace, transportServerEx.TransportServer.Name, err)
 	}
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		return nil, fmt.Errorf("error reloading NGINX for TransportServer %v/%v: %w", transportServerEx.TransportServer.Namespace, transportServerEx.TransportServer.Name, err)
 	}
 	return warnings, nil
@@ -909,7 +909,7 @@ func (cnf *Configurator) AddOrUpdateResources(resources ExtendedResources, reloa
 	}
 
 	if configsChanged || reloadIfUnchanged {
-		if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+		if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 			return nil, fmt.Errorf("error when reloading NGINX when updating resources: %w", err)
 		}
 	}
@@ -923,24 +923,14 @@ func (cnf *Configurator) addOrUpdateTLSSecret(secret *api_v1.Secret) string {
 }
 
 // AddOrUpdateSpecialTLSSecrets adds or updates a file with a TLS cert and a key from a Special TLS Secret (eg. DefaultServerSecret, WildcardTLSSecret).
-func (cnf *Configurator) AddOrUpdateSpecialTLSSecrets(secret *api_v1.Secret, secretNames []string) error {
+func (cnf *Configurator) AddOrUpdateSpecialTLSSecrets(secret *api_v1.Secret, secretNames []string) {
 	l := nl.LoggerFromContext(cnf.CfgParams.Context)
 	nl.Debugf(l, "AddOrUpdateSpecialTLSSecrets: secrets [%v]", secretNames)
 	data := GenerateCertAndKeyFileContent(secret)
 
 	for _, secretName := range secretNames {
 		cnf.nginxManager.CreateSecret(secretName, data, nginx.ReadWriteOnlyFileMode)
 	}
-
-	if !cnf.DynamicSSLReloadEnabled() {
-		if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
-			return fmt.Errorf("error when reloading NGINX when updating the special Secrets: %w", err)
-		}
-	} else {
-		nl.Debugf(l, "Skipping reload for %d special Secrets", len(secretNames))
-	}
-
-	return nil
 }
 
 // GenerateCertAndKeyFileContent generates a pem file content from the TLS secret.
@@ -979,7 +969,7 @@ func (cnf *Configurator) DeleteIngress(key string, skipReload bool) error {
 	}
 
 	if !skipReload {
-		if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+		if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 			return fmt.Errorf("error when removing ingress %v: %w", key, err)
 		}
 	}
@@ -1002,7 +992,7 @@ func (cnf *Configurator) DeleteVirtualServer(key string, skipReload bool) error
 	}
 
 	if !skipReload {
-		if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+		if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 			return fmt.Errorf("error when removing VirtualServer %v: %w", key, err)
 		}
 	}
@@ -1021,7 +1011,7 @@ func (cnf *Configurator) DeleteTransportServer(key string) error {
 		return fmt.Errorf("error when removing TransportServer %v: %w", key, err)
 	}
 
-	err = cnf.reload(nginx.ReloadForOtherUpdate)
+	err = cnf.Reload(nginx.ReloadForOtherUpdate)
 	if err != nil {
 		return fmt.Errorf("error when removing TransportServer %v: %w", key, err)
 	}
@@ -1070,7 +1060,7 @@ func (cnf *Configurator) UpdateEndpoints(ingExes []*IngressEx) error {
 		return nil
 	}
 
-	if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForEndpointsUpdate); err != nil {
 		return fmt.Errorf("error reloading NGINX when updating endpoints: %w", err)
 	}
 
@@ -1105,7 +1095,7 @@ func (cnf *Configurator) UpdateEndpointsMergeableIngress(mergeableIngresses []*M
 		return nil
 	}
 
-	if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForEndpointsUpdate); err != nil {
 		return fmt.Errorf("error reloading NGINX when updating endpoints for %v: %w", mergeableIngresses, err)
 	}
 
@@ -1138,7 +1128,7 @@ func (cnf *Configurator) UpdateEndpointsForVirtualServers(virtualServerExes []*V
 		return nil
 	}
 
-	if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForEndpointsUpdate); err != nil {
 		return fmt.Errorf("error reloading NGINX when updating endpoints: %w", err)
 	}
 
@@ -1185,7 +1175,7 @@ func (cnf *Configurator) UpdateEndpointsForTransportServers(transportServerExes
 		nl.Debug(l, "No need to reload nginx")
 		return nil
 	}
-	if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForEndpointsUpdate); err != nil {
 		return fmt.Errorf("error reloading NGINX when updating endpoints: %w", err)
 	}
 	return nil
@@ -1272,7 +1262,8 @@ func (cnf *Configurator) DisableReloads() {
 	cnf.isReloadsEnabled = false
 }
 
-func (cnf *Configurator) reload(isEndpointsUpdate bool) error {
+// Reload reloads nginx if reloads is enabled
+func (cnf *Configurator) Reload(isEndpointsUpdate bool) error {
 	if !cnf.isReloadsEnabled {
 		return nil
 	}
@@ -1398,7 +1389,7 @@ func (cnf *Configurator) UpdateConfig(cfgParams *ConfigParams, resources Extende
 	}
 
 	cnf.nginxManager.SetOpenTracing(mainCfg.OpenTracingLoadModule)
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		return allWarnings, fmt.Errorf("error when updating config from ConfigMap: %w", err)
 	}
 
@@ -1414,7 +1405,7 @@ func (cnf *Configurator) ReloadForBatchUpdates(batchReloadsEnabled bool) error {
 	if !batchReloadsEnabled {
 		return nil
 	}
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		return fmt.Errorf("error when reloading NGINX after a batch event: %w", err)
 	}
 	return nil
@@ -1439,7 +1430,7 @@ func (cnf *Configurator) UpdateVirtualServers(updatedVSExes []*VirtualServerEx,
 		}
 	}
 
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		errList = append(errList, fmt.Errorf("error when updating VirtualServer: %w", err))
 	}
 
@@ -1467,7 +1458,7 @@ func (cnf *Configurator) UpdateTransportServers(updatedTSExes []*TransportServer
 		}
 	}
 
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		errList = append(errList, fmt.Errorf("error when updating TransportServers: %w", err))
 	}
 
@@ -1484,7 +1475,7 @@ func (cnf *Configurator) BatchDeleteVirtualServers(deletedKeys []string) []error
 		}
 	}
 
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		errList = append(errList, fmt.Errorf("error when reloading NGINX for deleted VirtualServers: %w", err))
 	}
 
@@ -1501,7 +1492,7 @@ func (cnf *Configurator) BatchDeleteIngresses(deletedKeys []string) []error {
 		}
 	}
 
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		errList = append(errList, fmt.Errorf("error when reloading NGINX for deleted Ingresses: %w", err))
 	}
 
@@ -1677,7 +1668,7 @@ func (cnf *Configurator) AddOrUpdateSpiffeCerts(svidResponse *workloadapi.X509Co
 	cnf.nginxManager.CreateSecret(spiffeCertFileName, pemCerts, spiffeCertsFileMode)
 	cnf.nginxManager.CreateSecret(spiffeBundleFileName, pemBundle, spiffeCertsFileMode)
 
-	err = cnf.reload(nginx.ReloadForOtherUpdate)
+	err = cnf.Reload(nginx.ReloadForOtherUpdate)
 	if err != nil {
 		return fmt.Errorf("error when reloading NGINX when updating the SPIFFE Certs: %w", err)
 	}
@@ -1822,7 +1813,7 @@ func (cnf *Configurator) AddOrUpdateAppProtectResource(resource *unstructured.Un
 		return warnings, fmt.Errorf("error when updating %v %v/%v: %w", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err)
 	}
 
-	err = cnf.reload(nginx.ReloadForOtherUpdate)
+	err = cnf.Reload(nginx.ReloadForOtherUpdate)
 	if err != nil {
 		return warnings, fmt.Errorf("error when reloading NGINX when updating %v %v/%v: %w", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err)
 	}
@@ -1837,7 +1828,7 @@ func (cnf *Configurator) AddOrUpdateResourcesThatUseDosProtected(ingExes []*Ingr
 		return warnings, fmt.Errorf("error when updating resources that use Dos: %w", err)
 	}
 
-	err = cnf.reload(nginx.ReloadForOtherUpdate)
+	err = cnf.Reload(nginx.ReloadForOtherUpdate)
 	if err != nil {
 		return warnings, fmt.Errorf("error when updating resources that use Dos: %w", err)
 	}
@@ -1925,7 +1916,7 @@ func (cnf *Configurator) RefreshAppProtectUserSigs(
 		fmt.Fprintf(&builder, "app_protect_user_defined_signatures %s;\n", fName)
 	}
 	cnf.nginxManager.CreateAppProtectResourceFile(appProtectUserSigIndex, []byte(builder.String()))
-	return allWarnings, cnf.reload(nginx.ReloadForOtherUpdate)
+	return allWarnings, cnf.Reload(nginx.ReloadForOtherUpdate)
 }
 
 func appProtectDosPolicyFileName(namespace string, name string) string {
@@ -1965,7 +1956,7 @@ func (cnf *Configurator) AddInternalRouteConfig() error {
 		return fmt.Errorf("error when writing main Config: %w", err)
 	}
 	cnf.nginxManager.CreateMainConfig(mainCfgContent)
-	if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {
+	if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {
 		return fmt.Errorf("error when reloading nginx: %w", err)
 	}
 	return nil
diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go
@@ -1781,20 +1781,53 @@ func (lbc *LoadBalancerController) handleSpecialSecretUpdate(secret *api_v1.Secr
 	var specialTLSSecretsToUpdate []string
 	secretNsName := generateSecretNSName(secret)
 
+	if ok := lbc.specialSecretValidation(secretNsName, secret, &specialTLSSecretsToUpdate); !ok {
+		// if not ok bail early
+		return
+	}
+
+	lbc.writeSpecialSecrets(secret, specialTLSSecretsToUpdate)
+
+	// reload nginx when the TLS special secrets are updated
+	switch secretNsName {
+	case lbc.specialSecrets.defaultServerSecret, lbc.specialSecrets.wildcardTLSSecret:
+		if ok := lbc.performDynamicSSLReload(secret); !ok {
+			return
+		}
+	}
+
+	lbc.recorder.Eventf(secret, api_v1.EventTypeNormal, "Updated", "the special Secret %v was updated", secretNsName)
+}
+
+func (lbc *LoadBalancerController) writeSpecialSecrets(secret *api_v1.Secret, specialTLSSecretsToUpdate []string) {
+	lbc.configurator.AddOrUpdateSpecialTLSSecrets(secret, specialTLSSecretsToUpdate)
+}
+
+func (lbc *LoadBalancerController) specialSecretValidation(secretNsName string, secret *api_v1.Secret, specialTLSSecretsToUpdate *[]string) bool {
 	if secretNsName == lbc.specialSecrets.defaultServerSecret {
-		lbc.validationTLSSpecialSecret(secret, configs.DefaultServerSecretFileName, &specialTLSSecretsToUpdate)
+		lbc.validationTLSSpecialSecret(secret, configs.DefaultServerSecretFileName, specialTLSSecretsToUpdate)
 	}
 	if secretNsName == lbc.specialSecrets.wildcardTLSSecret {
-		lbc.validationTLSSpecialSecret(secret, configs.WildcardSecretFileName, &specialTLSSecretsToUpdate)
+		lbc.validationTLSSpecialSecret(secret, configs.WildcardSecretFileName, specialTLSSecretsToUpdate)
 	}
+	return true
+}
 
-	err := lbc.configurator.AddOrUpdateSpecialTLSSecrets(secret, specialTLSSecretsToUpdate)
-	if err != nil {
-		nl.Errorf(lbc.Logger, "Error when updating the special Secret %v: %v", secretNsName, err)
+func (lbc *LoadBalancerController) performDynamicSSLReload(secret *api_v1.Secret) bool {
+	if !lbc.configurator.DynamicSSLReloadEnabled() {
+		return lbc.performNGINXReload(secret)
+	}
+	return true
+}
+
+func (lbc *LoadBalancerController) performNGINXReload(secret *api_v1.Secret) bool {
+	secretNsName := generateSecretNSName(secret)
+	if err := lbc.configurator.Reload(false); err != nil {
+		nl.Errorf(lbc.Logger, "error when reloading NGINX when updating the special Secrets: %v", err)
 		lbc.recorder.Eventf(secret, api_v1.EventTypeWarning, "UpdatedWithError", "the special Secret %v was updated, but not applied: %v", secretNsName, err)
-		return
+		return false
 	}
-	lbc.recorder.Eventf(secret, api_v1.EventTypeNormal, "Updated", "the special Secret %v was updated", secretNsName)
+	return true
 }
 
 func generateSecretNSName(secret *api_v1.Secret) string {

Original file line number	Diff line number	Diff line change
`@@ -295,7 +295,7 @@ func (cnf Configurator) AddOrUpdateIngress(ingEx IngressEx) (Warnings, error)`
`295`	`295`	`return warnings, fmt.Errorf("error adding or updating ingress %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err)`
`296`	`296`	`}`
`297`	`297`
`298`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`298`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`299`	`299`	`return warnings, fmt.Errorf("error reloading NGINX for %v/%v: %w", ingEx.Ingress.Namespace, ingEx.Ingress.Name, err)`
`300`	`300`	`}`
`301`	`301`
`@@ -430,7 +430,7 @@ func (cnf Configurator) AddOrUpdateMergeableIngress(mergeableIngs MergeableIng`
`430`	`430`	`return warnings, fmt.Errorf("error when adding or updating ingress %v/%v: %w", mergeableIngs.Master.Ingress.Namespace, mergeableIngs.Master.Ingress.Name, err)`
`431`	`431`	`}`
`432`	`432`
`433`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`433`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`434`	`434`	`return warnings, fmt.Errorf("error reloading NGINX for %v/%v: %w", mergeableIngs.Master.Ingress.Namespace, mergeableIngs.Master.Ingress.Name, err)`
`435`	`435`	`}`
`436`	`436`
`@@ -585,7 +585,7 @@ func (cnf Configurator) AddOrUpdateVirtualServer(virtualServerEx VirtualServer`
`585`	`585`	`cnf.EnableReloads()`
`586`	`586`	`}`
`587`	`587`
`588`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`588`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`589`	`589`	`return warnings, fmt.Errorf("error reloading NGINX for VirtualServer %v/%v: %w", virtualServerEx.VirtualServer.Namespace, virtualServerEx.VirtualServer.Name, err)`
`590`	`590`	`}`
`591`	`591`
`@@ -656,7 +656,7 @@ func (cnf Configurator) AddOrUpdateVirtualServers(virtualServerExes []VirtualS`
`656`	`656`	`allWeightUpdates = append(allWeightUpdates, weightUpdates...)`
`657`	`657`	`}`
`658`	`658`
`659`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`659`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`660`	`660`	`return allWarnings, fmt.Errorf("error when reloading NGINX when updating Policy: %w", err)`
`661`	`661`	`}`
`662`	`662`
`@@ -741,7 +741,7 @@ func (cnf Configurator) AddOrUpdateTransportServer(transportServerEx Transport`
`741`	`741`	`if err != nil {`
`742`	`742`	`return nil, fmt.Errorf("error adding or updating TransportServer %v/%v: %w", transportServerEx.TransportServer.Namespace, transportServerEx.TransportServer.Name, err)`
`743`	`743`	`}`
`744`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`744`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`745`	`745`	`return nil, fmt.Errorf("error reloading NGINX for TransportServer %v/%v: %w", transportServerEx.TransportServer.Namespace, transportServerEx.TransportServer.Name, err)`
`746`	`746`	`}`
`747`	`747`	`return warnings, nil`
`@@ -909,7 +909,7 @@ func (cnf *Configurator) AddOrUpdateResources(resources ExtendedResources, reloa`
`909`	`909`	`}`
`910`	`910`
`911`	`911`	`if configsChanged \|\| reloadIfUnchanged {`
`912`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`912`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`913`	`913`	`return nil, fmt.Errorf("error when reloading NGINX when updating resources: %w", err)`
`914`	`914`	`}`
`915`	`915`	`}`
`@@ -923,24 +923,14 @@ func (cnf Configurator) addOrUpdateTLSSecret(secret api_v1.Secret) string {`
`923`	`923`	`}`
`924`	`924`
`925`	`925`	`// AddOrUpdateSpecialTLSSecrets adds or updates a file with a TLS cert and a key from a Special TLS Secret (eg. DefaultServerSecret, WildcardTLSSecret).`
`926`		`-func (cnf Configurator) AddOrUpdateSpecialTLSSecrets(secret api_v1.Secret, secretNames []string) error {`
	`926`	`+func (cnf Configurator) AddOrUpdateSpecialTLSSecrets(secret api_v1.Secret, secretNames []string) {`
`927`	`927`	`l := nl.LoggerFromContext(cnf.CfgParams.Context)`
`928`	`928`	`nl.Debugf(l, "AddOrUpdateSpecialTLSSecrets: secrets [%v]", secretNames)`
`929`	`929`	`data := GenerateCertAndKeyFileContent(secret)`
`930`	`930`
`931`	`931`	`for _, secretName := range secretNames {`
`932`	`932`	`cnf.nginxManager.CreateSecret(secretName, data, nginx.ReadWriteOnlyFileMode)`
`933`	`933`	`}`
`934`		`-`
`935`		`- if !cnf.DynamicSSLReloadEnabled() {`
`936`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
`937`		`- return fmt.Errorf("error when reloading NGINX when updating the special Secrets: %w", err)`
`938`		`- }`
`939`		`- } else {`
`940`		`- nl.Debugf(l, "Skipping reload for %d special Secrets", len(secretNames))`
`941`		`- }`
`942`		`-`
`943`		`- return nil`
`944`	`934`	`}`
`945`	`935`
`946`	`936`	`// GenerateCertAndKeyFileContent generates a pem file content from the TLS secret.`
`@@ -979,7 +969,7 @@ func (cnf *Configurator) DeleteIngress(key string, skipReload bool) error {`
`979`	`969`	`}`
`980`	`970`
`981`	`971`	`if !skipReload {`
`982`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`972`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`983`	`973`	`return fmt.Errorf("error when removing ingress %v: %w", key, err)`
`984`	`974`	`}`
`985`	`975`	`}`
`@@ -1002,7 +992,7 @@ func (cnf *Configurator) DeleteVirtualServer(key string, skipReload bool) error`
`1002`	`992`	`}`
`1003`	`993`
`1004`	`994`	`if !skipReload {`
`1005`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`995`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`1006`	`996`	`return fmt.Errorf("error when removing VirtualServer %v: %w", key, err)`
`1007`	`997`	`}`
`1008`	`998`	`}`
`@@ -1021,7 +1011,7 @@ func (cnf *Configurator) DeleteTransportServer(key string) error {`
`1021`	`1011`	`return fmt.Errorf("error when removing TransportServer %v: %w", key, err)`
`1022`	`1012`	`}`
`1023`	`1013`
`1024`		`- err = cnf.reload(nginx.ReloadForOtherUpdate)`
	`1014`	`+ err = cnf.Reload(nginx.ReloadForOtherUpdate)`
`1025`	`1015`	`if err != nil {`
`1026`	`1016`	`return fmt.Errorf("error when removing TransportServer %v: %w", key, err)`
`1027`	`1017`	`}`
`@@ -1070,7 +1060,7 @@ func (cnf Configurator) UpdateEndpoints(ingExes []IngressEx) error {`
`1070`	`1060`	`return nil`
`1071`	`1061`	`}`
`1072`	`1062`
`1073`		`- if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil {`
	`1063`	`+ if err := cnf.Reload(nginx.ReloadForEndpointsUpdate); err != nil {`
`1074`	`1064`	`return fmt.Errorf("error reloading NGINX when updating endpoints: %w", err)`
`1075`	`1065`	`}`
`1076`	`1066`
`@@ -1105,7 +1095,7 @@ func (cnf Configurator) UpdateEndpointsMergeableIngress(mergeableIngresses []M`
`1105`	`1095`	`return nil`
`1106`	`1096`	`}`
`1107`	`1097`
`1108`		`- if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil {`
	`1098`	`+ if err := cnf.Reload(nginx.ReloadForEndpointsUpdate); err != nil {`
`1109`	`1099`	`return fmt.Errorf("error reloading NGINX when updating endpoints for %v: %w", mergeableIngresses, err)`
`1110`	`1100`	`}`
`1111`	`1101`
`@@ -1138,7 +1128,7 @@ func (cnf Configurator) UpdateEndpointsForVirtualServers(virtualServerExes []V`
`1138`	`1128`	`return nil`
`1139`	`1129`	`}`
`1140`	`1130`
`1141`		`- if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil {`
	`1131`	`+ if err := cnf.Reload(nginx.ReloadForEndpointsUpdate); err != nil {`
`1142`	`1132`	`return fmt.Errorf("error reloading NGINX when updating endpoints: %w", err)`
`1143`	`1133`	`}`
`1144`	`1134`
`@@ -1185,7 +1175,7 @@ func (cnf *Configurator) UpdateEndpointsForTransportServers(transportServerExes`
`1185`	`1175`	`nl.Debug(l, "No need to reload nginx")`
`1186`	`1176`	`return nil`
`1187`	`1177`	`}`
`1188`		`- if err := cnf.reload(nginx.ReloadForEndpointsUpdate); err != nil {`
	`1178`	`+ if err := cnf.Reload(nginx.ReloadForEndpointsUpdate); err != nil {`
`1189`	`1179`	`return fmt.Errorf("error reloading NGINX when updating endpoints: %w", err)`
`1190`	`1180`	`}`
`1191`	`1181`	`return nil`
`@@ -1272,7 +1262,8 @@ func (cnf *Configurator) DisableReloads() {`
`1272`	`1262`	`cnf.isReloadsEnabled = false`
`1273`	`1263`	`}`
`1274`	`1264`
`1275`		`-func (cnf *Configurator) reload(isEndpointsUpdate bool) error {`
	`1265`	`+// Reload reloads nginx if reloads is enabled`
	`1266`	`+func (cnf *Configurator) Reload(isEndpointsUpdate bool) error {`
`1276`	`1267`	`if !cnf.isReloadsEnabled {`
`1277`	`1268`	`return nil`
`1278`	`1269`	`}`
`@@ -1398,7 +1389,7 @@ func (cnf Configurator) UpdateConfig(cfgParams ConfigParams, resources Extende`
`1398`	`1389`	`}`
`1399`	`1390`
`1400`	`1391`	`cnf.nginxManager.SetOpenTracing(mainCfg.OpenTracingLoadModule)`
`1401`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`1392`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`1402`	`1393`	`return allWarnings, fmt.Errorf("error when updating config from ConfigMap: %w", err)`
`1403`	`1394`	`}`
`1404`	`1395`
`@@ -1414,7 +1405,7 @@ func (cnf *Configurator) ReloadForBatchUpdates(batchReloadsEnabled bool) error {`
`1414`	`1405`	`if !batchReloadsEnabled {`
`1415`	`1406`	`return nil`
`1416`	`1407`	`}`
`1417`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`1408`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`1418`	`1409`	`return fmt.Errorf("error when reloading NGINX after a batch event: %w", err)`
`1419`	`1410`	`}`
`1420`	`1411`	`return nil`
`@@ -1439,7 +1430,7 @@ func (cnf Configurator) UpdateVirtualServers(updatedVSExes []VirtualServerEx,`
`1439`	`1430`	`}`
`1440`	`1431`	`}`
`1441`	`1432`
`1442`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`1433`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`1443`	`1434`	`errList = append(errList, fmt.Errorf("error when updating VirtualServer: %w", err))`
`1444`	`1435`	`}`
`1445`	`1436`
`@@ -1467,7 +1458,7 @@ func (cnf Configurator) UpdateTransportServers(updatedTSExes []TransportServer`
`1467`	`1458`	`}`
`1468`	`1459`	`}`
`1469`	`1460`
`1470`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`1461`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`1471`	`1462`	`errList = append(errList, fmt.Errorf("error when updating TransportServers: %w", err))`
`1472`	`1463`	`}`
`1473`	`1464`
`@@ -1484,7 +1475,7 @@ func (cnf *Configurator) BatchDeleteVirtualServers(deletedKeys []string) []error`
`1484`	`1475`	`}`
`1485`	`1476`	`}`
`1486`	`1477`
`1487`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`1478`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`1488`	`1479`	`errList = append(errList, fmt.Errorf("error when reloading NGINX for deleted VirtualServers: %w", err))`
`1489`	`1480`	`}`
`1490`	`1481`
`@@ -1501,7 +1492,7 @@ func (cnf *Configurator) BatchDeleteIngresses(deletedKeys []string) []error {`
`1501`	`1492`	`}`
`1502`	`1493`	`}`
`1503`	`1494`
`1504`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`1495`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`1505`	`1496`	`errList = append(errList, fmt.Errorf("error when reloading NGINX for deleted Ingresses: %w", err))`
`1506`	`1497`	`}`
`1507`	`1498`
`@@ -1677,7 +1668,7 @@ func (cnf Configurator) AddOrUpdateSpiffeCerts(svidResponse workloadapi.X509Co`
`1677`	`1668`	`cnf.nginxManager.CreateSecret(spiffeCertFileName, pemCerts, spiffeCertsFileMode)`
`1678`	`1669`	`cnf.nginxManager.CreateSecret(spiffeBundleFileName, pemBundle, spiffeCertsFileMode)`
`1679`	`1670`
`1680`		`- err = cnf.reload(nginx.ReloadForOtherUpdate)`
	`1671`	`+ err = cnf.Reload(nginx.ReloadForOtherUpdate)`
`1681`	`1672`	`if err != nil {`
`1682`	`1673`	`return fmt.Errorf("error when reloading NGINX when updating the SPIFFE Certs: %w", err)`
`1683`	`1674`	`}`
`@@ -1822,7 +1813,7 @@ func (cnf Configurator) AddOrUpdateAppProtectResource(resource unstructured.Un`
`1822`	`1813`	`return warnings, fmt.Errorf("error when updating %v %v/%v: %w", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err)`
`1823`	`1814`	`}`
`1824`	`1815`
`1825`		`- err = cnf.reload(nginx.ReloadForOtherUpdate)`
	`1816`	`+ err = cnf.Reload(nginx.ReloadForOtherUpdate)`
`1826`	`1817`	`if err != nil {`
`1827`	`1818`	`return warnings, fmt.Errorf("error when reloading NGINX when updating %v %v/%v: %w", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err)`
`1828`	`1819`	`}`
`@@ -1837,7 +1828,7 @@ func (cnf Configurator) AddOrUpdateResourcesThatUseDosProtected(ingExes []Ingr`
`1837`	`1828`	`return warnings, fmt.Errorf("error when updating resources that use Dos: %w", err)`
`1838`	`1829`	`}`
`1839`	`1830`
`1840`		`- err = cnf.reload(nginx.ReloadForOtherUpdate)`
	`1831`	`+ err = cnf.Reload(nginx.ReloadForOtherUpdate)`
`1841`	`1832`	`if err != nil {`
`1842`	`1833`	`return warnings, fmt.Errorf("error when updating resources that use Dos: %w", err)`
`1843`	`1834`	`}`
`@@ -1925,7 +1916,7 @@ func (cnf *Configurator) RefreshAppProtectUserSigs(`
`1925`	`1916`	`fmt.Fprintf(&builder, "app_protect_user_defined_signatures %s;\n", fName)`
`1926`	`1917`	`}`
`1927`	`1918`	`cnf.nginxManager.CreateAppProtectResourceFile(appProtectUserSigIndex, []byte(builder.String()))`
`1928`		`- return allWarnings, cnf.reload(nginx.ReloadForOtherUpdate)`
	`1919`	`+ return allWarnings, cnf.Reload(nginx.ReloadForOtherUpdate)`
`1929`	`1920`	`}`
`1930`	`1921`
`1931`	`1922`	`func appProtectDosPolicyFileName(namespace string, name string) string {`
`@@ -1965,7 +1956,7 @@ func (cnf *Configurator) AddInternalRouteConfig() error {`
`1965`	`1956`	`return fmt.Errorf("error when writing main Config: %w", err)`
`1966`	`1957`	`}`
`1967`	`1958`	`cnf.nginxManager.CreateMainConfig(mainCfgContent)`
`1968`		`- if err := cnf.reload(nginx.ReloadForOtherUpdate); err != nil {`
	`1959`	`+ if err := cnf.Reload(nginx.ReloadForOtherUpdate); err != nil {`
`1969`	`1960`	`return fmt.Errorf("error when reloading nginx: %w", err)`
`1970`	`1961`	`}`
`1971`	`1962`	`return nil`