-
Notifications
You must be signed in to change notification settings - Fork 717
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix webhook certname in helm template #7775
Conversation
Tested it locally
setting the secret name
|
@@ -79,6 +79,6 @@ data: | |||
{{- if not .Values.config.containerSuffix }} | |||
ubi-only: {{ .Values.config.ubiOnly }} | |||
{{- end }} | |||
{{- with .Values.webhook.secret }} | |||
{{- with .Values.webhook.certsSecret }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure we should keep this as webhook.secret
and change the docs ? since the operator config itself is named webhook-secret
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even if we fix this I don't understand how this can be used today since the WEBHOOK_SECRET
env. variable seems to take precedence over webhook-secret
in the configmap :
cloud-on-k8s/deploy/eck-operator/templates/statefulset.yaml
Lines 73 to 76 in 233cbd0
{{- if .Values.webhook.enabled }} | |
- name: WEBHOOK_SECRET | |
value: {{ include "eck-operator.webhookSecretName" . }} | |
{{- end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's maybe add a unit test?
--- a/deploy/eck-operator/templates/tests/statefulset_test.yaml
+++ b/deploy/eck-operator/templates/tests/statefulset_test.yaml
@@ -4,6 +4,20 @@ templates:
- statefulset.yaml
- configmap.yaml
tests:
+ - it: should use the specified webhook secret name
+ set:
+ webhook:
+ manageCerts: false
+ certsSecret: "my-webhook-server-cert"
+ asserts:
+ - template: statefulset.yaml
+ equal:
+ path: spec.template.spec.volumes[1].name
+ value: cert
+ - template: statefulset.yaml
+ equal:
+ path: spec.template.spec.volumes[1].secret.secretName
+ value: my-webhook-server-cert
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Updated unit test proposal to cover the env. variable:
diff --git a/deploy/eck-operator/templates/tests/statefulset_test.yaml b/deploy/eck-operator/templates/tests/statefulset_test.yaml
index 99425f476..d82a72621 100644
--- a/deploy/eck-operator/templates/tests/statefulset_test.yaml
+++ b/deploy/eck-operator/templates/tests/statefulset_test.yaml
@@ -4,6 +4,28 @@ templates:
- statefulset.yaml
- configmap.yaml
tests:
+ - it: should use the specified webhook secret name
+ set:
+ webhook:
+ manageCerts: false
+ certsSecret: "my-webhook-server-cert"
+ asserts:
+ - template: statefulset.yaml
+ equal:
+ path: spec.template.spec.volumes[1].name
+ value: cert
+ - template: statefulset.yaml
+ equal:
+ path: spec.template.spec.volumes[1].secret.secretName
+ value: my-webhook-server-cert
+ - template: statefulset.yaml
+ equal:
+ path: spec.template.spec.containers[0].env[2].name
+ value: WEBHOOK_SECRET
+ - template: statefulset.yaml
+ equal:
+ path: spec.template.spec.containers[0].env[2].value
+ value: my-webhook-server-cert
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM +1 for adding a unit test though
* fix webhook secret name in the helm charts and add a unit test as well. (cherry picked from commit 15d3ca2)
fixes: #7771 where the webhook secret name was not being set correctly in the _helpers file.
Also renaming
webhook.secret
towebhook.certsSecret
to match what is there in our documentation.