diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 73cfac4b..3af6bc84 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -18,6 +18,7 @@ import ( "context" "fmt" "os" + "strings" "time" "github.com/nephio-project/porch/api/porch/install" @@ -281,9 +282,14 @@ func (c completedConfig) New() (*PorchServer, error) { func (s *PorchServer) Run(ctx context.Context) error { porch.RunBackground(ctx, s.coreClient, s.cache) + webhookNs, found := os.LookupEnv("CERT_NAMESPACE") + if !found || strings.TrimSpace(webhookNs) == "" { + webhookNs = "porch-system" + } + certStorageDir, found := os.LookupEnv("CERT_STORAGE_DIR") - if found && certStorageDir != "" { - if err := setupWebhooks(ctx, certStorageDir); err != nil { + if found && strings.TrimSpace(certStorageDir) != "" { + if err := setupWebhooks(ctx, webhookNs, certStorageDir); err != nil { klog.Errorf("%v\n", err) return err } diff --git a/pkg/apiserver/webhooks.go b/pkg/apiserver/webhooks.go index 8196ec3f..48ecc0d5 100644 --- a/pkg/apiserver/webhooks.go +++ b/pkg/apiserver/webhooks.go @@ -51,12 +51,12 @@ const ( serverEndpoint = "/validate-deletion" ) -func setupWebhooks(ctx context.Context, certStorageDir string) error { - caBytes, err := createCerts(certStorageDir) +func setupWebhooks(ctx context.Context, webhookNs string, certStorageDir string) error { + caBytes, err := createCerts(webhookNs, certStorageDir) if err != nil { return err } - if err := createValidatingWebhook(ctx, caBytes); err != nil { + if err := createValidatingWebhook(ctx, webhookNs, caBytes); err != nil { return err } if err := runWebhookServer(certStorageDir); err != nil { @@ -65,11 +65,11 @@ func setupWebhooks(ctx context.Context, certStorageDir string) error { return nil } -func createCerts(certStorageDir string) ([]byte, error) { - klog.Infoln("creating self-signing TLS cert and key ") +func createCerts(webhookNs string, certStorageDir string) ([]byte, error) { + klog.Infoln("creating self-signing TLS cert and key with namespace " + webhookNs + " in directory " + certStorageDir) dnsNames := []string{"api", - "api.porch-system", "api.porch-system.svc"} - commonName := "api.porch-system.svc" + "api." + webhookNs, "api." + webhookNs + ".svc"} + commonName := "api." + webhookNs + ".svc" var caPEM, serverCertPEM, serverPrivateKeyPEM *bytes.Buffer // CA config @@ -165,8 +165,8 @@ func WriteFile(filepath string, c []byte) error { return nil } -func createValidatingWebhook(ctx context.Context, caCert []byte) error { - klog.Infoln("Creating validating webhook") +func createValidatingWebhook(ctx context.Context, webhookNs string, caCert []byte) error { + klog.Infoln("Creating validating webhook with namespace " + webhookNs) cfg := ctrl.GetConfigOrDie() kubeClient, err := kubernetes.NewForConfig(cfg) @@ -175,7 +175,7 @@ func createValidatingWebhook(ctx context.Context, caCert []byte) error { } var ( - webhookNamespace = "porch-system" + webhookNamespace = webhookNs validationCfgName = "packagerev-deletion-validating-webhook" webhookService = "api" path = serverEndpoint diff --git a/pkg/apiserver/webhooks_test.go b/pkg/apiserver/webhooks_test.go index 9a24c9ca..5223148d 100644 --- a/pkg/apiserver/webhooks_test.go +++ b/pkg/apiserver/webhooks_test.go @@ -36,7 +36,7 @@ func TestCreateCerts(t *testing.T) { require.NoError(t, os.RemoveAll(dir)) }() - caCert, err := createCerts(dir) + caCert, err := createCerts("", dir) require.NoError(t, err) caStr := strings.TrimSpace(string(caCert))