Skip to content

Commit

Permalink
change cert generate method and add pd and kv prestop webhook (#406)
Browse files Browse the repository at this point in the history
  • Loading branch information
shuijing198799 authored and weekface committed Apr 29, 2019
1 parent c7b154e commit 0bfd6dc
Show file tree
Hide file tree
Showing 9 changed files with 292 additions and 115 deletions.
44 changes: 44 additions & 0 deletions pkg/controller/tidb_control.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
package controller

import (
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
Expand All @@ -27,12 +28,18 @@ const (
NotDDLOwnerError = "This node is not a ddl owner, can't be resigned."
)

type dbInfo struct {
IsOwner bool `json:"is_owner"`
}

// TiDBControlInterface is the interface that knows how to manage tidb peers
type TiDBControlInterface interface {
// GetHealth returns tidb's health info
GetHealth(tc *v1alpha1.TidbCluster) map[string]bool
// ResignDDLOwner resigns the ddl owner of tidb, if the tidb node is not a ddl owner returns (true,nil),else returns (false,err)
ResignDDLOwner(tc *v1alpha1.TidbCluster, ordinal int32) (bool, error)
// Get TIDB info return tidb's dbInfo
GetInfo(tc *v1alpha1.TidbCluster, ordinal int32) (*dbInfo, error)
}

// defaultTiDBControl is default implementation of TiDBControlInterface.
Expand Down Expand Up @@ -89,6 +96,37 @@ func (tdc *defaultTiDBControl) ResignDDLOwner(tc *v1alpha1.TidbCluster, ordinal
return false, err2
}

func (tdc *defaultTiDBControl) GetInfo(tc *v1alpha1.TidbCluster, ordinal int32) (*dbInfo, error) {
tcName := tc.GetName()
ns := tc.GetNamespace()

hostName := fmt.Sprintf("%s-%d", TiDBMemberName(tcName), ordinal)
url := fmt.Sprintf("http://%s.%s.%s:10080/info", hostName, TiDBPeerMemberName(tcName), ns)
req, err := http.NewRequest("POST", url, nil)
if err != nil {
return nil, err
}
res, err := tdc.httpClient.Do(req)
if err != nil {
return nil, err
}
defer DeferClose(res.Body, &err)
if res.StatusCode != http.StatusOK {
errMsg := fmt.Errorf(fmt.Sprintf("Error response %v", res.StatusCode))
return nil, errMsg
}
body, err := ioutil.ReadAll(res.Body)
if err != nil {
return nil, err
}
info := dbInfo{}
err = json.Unmarshal(body, &info)
if err != nil {
return nil, err
}
return &info, nil
}

func (tdc *defaultTiDBControl) getBodyOK(apiURL string) ([]byte, error) {
res, err := tdc.httpClient.Get(apiURL)
if err != nil {
Expand All @@ -112,6 +150,8 @@ type FakeTiDBControl struct {
healthInfo map[string]bool
resignDDLOwnerError error
notDDLOwner bool
tidbInfo *dbInfo
getInfoError error
}

// NewFakeTiDBControl returns a FakeTiDBControl instance
Expand Down Expand Up @@ -141,3 +181,7 @@ func (ftd *FakeTiDBControl) GetHealth(_ *v1alpha1.TidbCluster) map[string]bool {
func (ftd *FakeTiDBControl) ResignDDLOwner(tc *v1alpha1.TidbCluster, ordinal int32) (bool, error) {
return ftd.notDDLOwner, ftd.resignDDLOwnerError
}

func (ftd *FakeTiDBControl) GetInfo(tc *v1alpha1.TidbCluster, ordinal int32) (*dbInfo, error) {
return ftd.tidbInfo, ftd.getInfoError
}
54 changes: 33 additions & 21 deletions tests/actions.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
package tests

import (
"crypto/tls"
"database/sql"
"encoding/json"
"fmt"
Expand All @@ -31,6 +32,8 @@ import (
"github.com/golang/glog"
pingcapErrors "github.com/pingcap/errors"
"github.com/pingcap/kvproto/pkg/metapb"
"github.com/pingcap/tidb-operator/tests/pkg/apimachinery"
"github.com/pingcap/tidb-operator/tests/pkg/webhook"
admissionV1beta1 "k8s.io/api/admissionregistration/v1beta1"
"k8s.io/api/apps/v1beta1"
batchv1 "k8s.io/api/batch/v1"
Expand Down Expand Up @@ -125,7 +128,7 @@ type OperatorActions interface {
RegisterWebHookAndService(info *OperatorConfig) error
RegisterWebHookAndServiceOrDie(info *OperatorConfig)
CleanWebHookAndService(info *OperatorConfig) error
StartValidatingAdmissionWebhookServerOrDie()
StartValidatingAdmissionWebhookServerOrDie(info *OperatorConfig)
}

type operatorActions struct {
Expand All @@ -149,6 +152,7 @@ type OperatorConfig struct {
WebhookServiceName string
WebhookSecretName string
WebhookConfigName string
Context *apimachinery.CertContext
}

type TidbClusterConfig struct {
Expand Down Expand Up @@ -176,6 +180,16 @@ type TidbClusterConfig struct {
GrafanaClient *metrics.Client
}

func (oi *OperatorConfig) ConfigTLS() *tls.Config {
sCert, err := tls.X509KeyPair(oi.Context.Cert, oi.Context.Key)
if err != nil {
glog.Fatal(err)
}
return &tls.Config{
Certificates: []tls.Certificate{sCert},
}
}

func (tc *TidbClusterConfig) BackupHelmSetString(m map[string]string) string {

set := map[string]string{
Expand Down Expand Up @@ -629,6 +643,11 @@ func (oa *operatorActions) CheckScaledCorrectly(info *TidbClusterConfig, podUIDs
}

func (oa *operatorActions) UpgradeTidbCluster(info *TidbClusterConfig) error {
// record tikv leader count in webhook first
err := webhook.GetAllKVLeaders(oa.cli, info.Namespace, info.ClusterName)
if err != nil {
return err
}
oa.emitEvent(info, "UpgradeTidbCluster")

cmd := fmt.Sprintf("helm upgrade %s %s --set-string %s",
Expand Down Expand Up @@ -1942,23 +1961,8 @@ func (oa *operatorActions) RegisterWebHookAndService(info *OperatorConfig) error

namespace := os.Getenv("NAMESPACE")
configName := info.WebhookConfigName
filePath := "/webhook.local.config/certificates/ca.crt"

fd, err := os.Open(filePath)
if err != nil {
glog.Errorf("file can't open file path %s err %v", filePath, err)
return err
}
defer fd.Close()

ca, err := ioutil.ReadAll(fd)

if err != nil {
glog.Errorf("file can't read file path %s err %v", filePath, err)
return err
}

_, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionV1beta1.ValidatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionV1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: configName,
},
Expand All @@ -1979,7 +1983,7 @@ func (oa *operatorActions) RegisterWebHookAndService(info *OperatorConfig) error
Name: info.WebhookServiceName,
Path: strPtr("/pods"),
},
CABundle: ca,
CABundle: info.Context.SigningCert,
},
},
},
Expand Down Expand Up @@ -2076,13 +2080,21 @@ func (oa *operatorActions) drainerHealth(info *TidbClusterConfig, hostName strin
return len(healths.PumpPos) > 0 && healths.Synced
}

func (oa *operatorActions) StartValidatingAdmissionWebhookServerOrDie() {
func (oa *operatorActions) StartValidatingAdmissionWebhookServerOrDie(info *OperatorConfig) {

context, err := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), info.WebhookServiceName)
if err != nil {
glog.Fatalf("fail to setup server cert: %v", err)
}

info.Context = context

http.HandleFunc("/pods", webhook.ServePods)
server := &http.Server{
Addr: ":443",
TLSConfig: oa.cfg.ConfigTLS(),
TLSConfig: info.ConfigTLS(),
}
err := server.ListenAndServeTLS("", "")
err = server.ListenAndServeTLS("", "")
if err != nil {
glog.Errorf("fail to start webhook server err %v", err)
os.Exit(4)
Expand Down
6 changes: 3 additions & 3 deletions tests/cmd/e2e/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,6 @@ func main() {
cli, kubeCli := client.NewCliOrDie()
oa := tests.NewOperatorActions(cli, kubeCli, 5*time.Second, conf)

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie()

operatorInfo := &tests.OperatorConfig{
Namespace: "pingcap",
ReleaseName: "operator",
Expand All @@ -53,6 +50,9 @@ func main() {
WebhookConfigName: "webhook-config",
}

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie(operatorInfo)

initTidbVersion, err := conf.GetTiDBVersion()
if err != nil {
glog.Fatal(err)
Expand Down
6 changes: 3 additions & 3 deletions tests/cmd/stability/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,6 @@ func main() {
tidbVersion := conf.GetTiDBVersionOrDie()
upgardeTiDBVersions := conf.GetUpgradeTidbVersionsOrDie()

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie()

// operator config
operatorCfg := &tests.OperatorConfig{
Namespace: "pingcap",
Expand All @@ -60,6 +57,9 @@ func main() {
WebhookConfigName: "webhook-config",
}

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie(operatorCfg)

// TODO remove this
// create database and table and insert a column for test backup and restore
initSql := `"create database record;use record;create table test(t char(32))"`
Expand Down
16 changes: 0 additions & 16 deletions tests/config.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package tests

import (
"crypto/tls"
"flag"
"fmt"
"io/ioutil"
Expand Down Expand Up @@ -67,11 +66,6 @@ func NewConfig() (*Config, error) {
flag.StringVar(&cfg.TidbVersions, "tidb-versions", "v2.1.3,v2.1.4", "tidb versions")
flag.StringVar(&cfg.OperatorTag, "operator-tag", "master", "operator tag used to choose charts")
flag.StringVar(&cfg.OperatorImage, "operator-image", "pingcap/tidb-operator:latest", "operator image")
flag.StringVar(&cfg.CertFile, "tls-cert-file", cfg.CertFile, ""+
"File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated "+
"after server cert).")
flag.StringVar(&cfg.KeyFile, "tls-private-key-file", cfg.KeyFile, ""+
"File containing the default x509 private key matching --tls-cert-file.")
flag.StringVar(&cfg.OperatorRepoDir, "operator-repo-dir", "/tidb-operator", "local directory to which tidb-operator cloned")
flag.Parse()

Expand Down Expand Up @@ -150,16 +144,6 @@ func (c *Config) GetTiDBVersionOrDie() string {
return v
}

func (c *Config) ConfigTLS() *tls.Config {
sCert, err := tls.LoadX509KeyPair(c.CertFile, c.KeyFile)
if err != nil {
glog.Fatal(err)
}
return &tls.Config{
Certificates: []tls.Certificate{sCert},
}
}

func (c *Config) GetUpgradeTidbVersions() []string {
tidbVersions := strings.Split(c.TidbVersions, ",")

Expand Down
20 changes: 0 additions & 20 deletions tests/manifests/e2e/e2e.yaml
Original file line number Diff line number Diff line change
@@ -1,15 +1,3 @@
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-secret
namespace: tidb-operator-e2e
type: Opaque
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2ekNDQWRPZ0F3SUJBZ0lJV2xBRzZaeDVxRDR3RFFZSktvWklodmNOQVFFTEJRQXdFakVRTUE0R0ExVUUKQXhNSFkyRXRZMlZ5ZERBZUZ3MHhPVEEwTVRjd016TTRNVGRhRncweU1EQTBNVFl3TXpNNE1UZGFNREF4TGpBcwpCZ05WQkFNVEpYZGxZbWh2YjJzdGMyVnlkbWxqWlM1MGFXUmlMVzl3WlhKaGRHOXlMV1V5WlM1emRtTXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzdGaHBoRWpRMWlMN1lKRjZBUmJhb1hHZEcKS21Lbkw3NHhvMkFnT2F3M1dmM3pVWXR3eUVsbUFzNDBLWXowL01saWFuMGRHalVRVVNQbEpFeEV5dUt1QVdPYQpnOXE4WUZKUklqNTQxUnZqZlI2NytwMDBPT0lTamJrUkhiemErcS93N1NTMkxjSUhBTXFsUVFNQnVUMVZScnUrCnF1R0M2K0VCLzVQMnB2RHRXWHo3dVFnYmhyOERFRmZsdFBWTUJWWnhOdDRMSUpTYm1UTkVsREdIVTl1R3NiZEsKd1FlNWp5T1dOOHNvT01PNEpkMzY4Y3MvSGFtenBOYktDZVpMbWVsTVpsc1Z3Y0tsOEt3dVdVSkM5dE11cHM1TQo1Zk1yMGE4OERhOFM3RkFVZ2ZZVkh5QTVXby9JOGlWQ21vUThrd2svaUxsNzd1bkkwdmVDZFhETFVsMHJBZ01CCkFBR2pKekFsTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNEQVRBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFWSG41Z3IyeWpydkdhaGtCWXBZT0JYZFBOb0Z3Ykg5K1BraG9YOVJKRmtMMgoxbVQ1TUpvdHNTT2hRR0RaS2VvQm5tdlFoRUNJakVSb2xiVm5wdG9JYkN4elBFNFV0ZVc0NGoxU1AwL2xmZGtJCm5Cb2MycmhhQ0NmR3ZnMWgzWDVZZ0ZMblJaL1F1Y3puVno4b1RnVTB1dVBxTlhJOXFQc2dKT2laaWpVa1pwRzQKV090cDYrVEY2blRhY25PMnJ6bFl2RjJ2NkxZN2I1TmNXU0xUbnc0MUYzdVJDYnU4MHZxcm5yd2xJMkUrcXpySAo1MVdpWHI5VmJaMHBJUlowWEZIdXdoY2hmWVpEaENUVDFHMlh0b2ZqaTF1aUsrZWJsWVE3czJ0NWU1ZXJqTnZNCmxRUnVPNVUzemhxcHltZG1QaHJ0SFdBbVRSMXZwOER1NnZTakhmQzFXUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXhZYVlSSTBOWWkrMkNSZWdFVzJxRnhuUmlwaXB5KytNYU5nSURtc04xbjk4MUdMCmNNaEpaZ0xPTkNtTTlQekpZbXA5SFJvMUVGRWo1U1JNUk1yaXJnRmptb1BhdkdCU1VTSStlTlViNDMwZXUvcWQKTkRqaUVvMjVFUjI4MnZxdjhPMGt0aTNDQndES3BVRURBYms5VlVhN3ZxcmhndXZoQWYrVDlxYnc3Vmw4KzdrSQpHNGEvQXhCWDViVDFUQVZXY1RiZUN5Q1VtNWt6UkpReGgxUGJockczU3NFSHVZOGpsamZMS0RqRHVDWGQrdkhMClB4MnBzNlRXeWdubVM1bnBUR1piRmNIQ3BmQ3NMbGxDUXZiVExxYk9UT1h6SzlHdlBBMnZFdXhRRklIMkZSOGcKT1ZxUHlQSWxRcHFFUEpNSlA0aTVlKzdweU5MM2duVnd5MUpkS3dJREFRQUJBb0lCQURHdUJlVS9DMFFvQXQycwprcmVuUzREYndNVGVIb0pjNkRtUU04ZDY2U050cjBUOG8zV1lpZjBmdzVnUWJKRGx5NmhwdEwyVXB3Q2xPMDN1CjNKM3I3bFBjcEpGMGNCSlQxYWdiMnRFRmJqbHprVVREb1Jrci9jU0ZnOTVxc2lySUpRNXFPclJ4NURNdDM2SVEKYUhiOXRLNi9jTDJKN1FaeUVyY1FJajkrUno0UGI3L3NqZDFNYzBETHJJS0ZvRWoxdkNpcDRCWWZ4YlliQXZOWQozQTZzVU8rUENja0ZXaytxeE9BMndVUS83Tjc3UDBIMGRYeURmYitIVUIzL1RRbWhxWXh5S1kxRXo4cWZXNkg0Cmp6ZWhDYjhUSGhqVXB2WnhvTzQ3R0YvWmt4SVBISlozK0djc0UySnROODlBSTExSk9SNEZCckFKK1N5Y1BjRXkKbTgxdmpza0NnWUVBeVMvQ1hoeXpMb2UwU3ZyL05sK3M1eE1KUnZTSmhGcmZSR3I5T1UxQUFxZk52WTVVUDhsagpqK3RZOC9VSTE2YjdvZjJvVUdMZFd6cVBxeC93ajNXNzlVZGZyVDJobmZ0OFhRQ3JvZFN3WXdLMUJaK2FMclpqCjBzSTdRWHV6WlMyaWMrVDdiR04ycHdiaHJwRGlxQ0hVUzBmU1IwOFNCS3NmVWpLSklvQnlRcFVDZ1lFQTdnN2oKMmxtR09hakJpN05MZ3lINmE4WFRNMFAxU0wzUGQ4QnNiQXZoM2pLVG8zbWYwZmhjMFhyR0d4b0xkLzJ2NHdqUApLS3ptVWlvNGpiZXJsaW5XTXNWM3pNSXYvREVqVEFhUHJKUWJGUHRuTW92ZEU2K1pVdmZGQU9uS2VhczRqZFIxCk5vd2tOcTlRbE45Wmg0OHF2TnhkVHByeGp6NmFKZFAwcFg1TDhMOENnWUJoK3JWeE9nNzFrVGQzOE1kTUJzcGcKK3Y5Z3BBVTVCVHlJeUlZc1d2ZmFremg2b1k5Y1JVc01zelJ1RXg3TVQ5RnFzZXMvd3ZaRTBMOVpPc1BnU2hsUQp1Z0xaanhOZnFqT0Y0NmF5dUs5eWVNWUtTQkZCd0tmYTQ2Y1NIQmxoSkJsaTBkaTBqN2dnWGhTWS9JeTJEMHVoCm9nZkJuTHVNdEg0YmZPc1dkM0d1QlFLQmdRQ1J1NXZSTjZ6cjcxdE00bDMvMFBVMHRNNHVQQlFVaTk1T09RWW0KdnI5dS94ZFNwRW9xaUJpS1JOYXlFS2VrdFREUGs3ejk4WnF1QWhyTTV2dXIyY0MvSkJQS3piWUNkVEplZ0VYRQpLSWJMdVh2YmZiUEJNV1p6WENyRi9GbHZVbG8wdVROb1NUS0NKNkQxQWlZVXpwZ2pOZVFKRXVGK0I1em1PM014ClBMZlFrUUtCZ0NhOVZ3OTBsMzRUQ0ZQVHR2VFh6ZmdHUDY1eWhoaE80TURSY21LODdueHJmekxDbnJGZUZ6VmQKTUhVRDdmbUVzbEViUjVJRTNCbnBTR2dkTlQ1T2RvR3g4OTN4QllMKzdvODN1RnJ0MnpVSk5Vbm1TOXBkWGFIdwp5WU9sN0J6YVlrOVVodjRoS2REYVJYSnd1YVlRYzhINVlZN3N2Q1NKVk1rWWhTc3lKNFlCCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN3akNDQWFxZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkallTMWoKWlhKME1CNFhEVEU1TURReE56QXpNemd4TjFvWERUSTVNRFF4TkRBek16Z3hOMW93RWpFUU1BNEdBMVVFQXhNSApZMkV0WTJWeWREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5tTDFRdGhGOVlVCklMOWlnNGJRc3F4bE42RVVuODRkWHg5akV0d0dQanNJU2xqVWtsSStjYmNRelhSd3BTK0JnUFZMQjdlNWtlTjQKYStlc0JISEN6WXZQZjZ5aUI1eXR1emc3VWJ0RnVTMXZkNmdTT01QcS9vVXpZYTVydkVTY2dMLzlWL2RLMVNObAp6R3poZlU4anlGeFNDMWt1U2lUMnI0VXBSZStwL1kyQnVwQ2U3UVhQUUVNYS9Qa0Z4UDBaekVyc3NnSmV0azJECnBPemlLcG5oQmhiNXN1amw2RWhqbStjakYwRWlxUDhrSXhSS3cxUE5lRFZ4WEdseHpaZzFLMjZyUXhCNUtJdW4KeHRmMFh2dDRZZ2NnMTJPVHVNMVRwcFlaaHhRM3k5TVBRdm9nK3lTRktoREZ4ZEJ6TUt0RDY0QXoxU1Q5VVUvawo1WjBSYVlyMlgrOENBd0VBQWFNak1DRXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CCkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBS21XczJYNXRuTm4vTmNnOENJSGpNMUIyRDN3SDE2d0ttb2oKelVQcFEvdXpBaWZ5ZW1WdytKNEVjWnVyVlpSUlpBUFp0Kyt1RTYvS2kxcUFPNmp1U0dSU0xXaVA3ZFA5SXF6dwpIRDZ6Nzl5dDBFMDJSRFlVUzhsbVJqWlFhbzJoNVJVTi81ZXVabmtqaWFFQ2VlOUMxVGkyaWwrMHdUZEdQbFl1CmFRTTZYMU45aXZiK3huSnROQlE2STJseTBDNG94aFZKM1o0SC80Ym9Vd3UzT3d0OEhmL21NYzA0bkl6N1lZOGwKUm12U3BrNWYxM0k1VjRLTUZuQ1V4WjAyWGVTbkY1dWVNYktpcUo0NXk3cVJ2SWIydlNBRVFHbWx4M1piRjNPRwpUdC9BWk1ITkM3ZnNWQmY5c1QrQUFEMGtTSXc3SERiMXBGOEFUVU84UHRHZzh5NGhJQTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
apiVersion: v1
kind: Service
metadata:
Expand Down Expand Up @@ -61,14 +49,9 @@ spec:
- --operator-tag=e2e
- --operator-image=pingcap/tidb-operator:latest
- --tidb-versions=v2.1.3,v2.1.4
- --tls-cert-file=/webhook.local.config/certificates/tls.crt
- --tls-private-key-file=/webhook.local.config/certificates/tls.key
volumeMounts:
- mountPath: /logDir
name: logdir
- name: webhook-certs
readOnly: true
mountPath: /webhook.local.config/certificates
env:
- name: NAMESPACE
valueFrom:
Expand All @@ -79,7 +62,4 @@ spec:
hostPath:
path: /var/log
type: Directory
- name: webhook-certs
secret:
secretName: webhook-secret
restartPolicy: Never
Loading

0 comments on commit 0bfd6dc

Please sign in to comment.