Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

change cert generate method and add pd and kv webhook #406

Merged
merged 11 commits into from
Apr 29, 2019
44 changes: 44 additions & 0 deletions pkg/controller/tidb_control.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
package controller

import (
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
Expand All @@ -27,12 +28,18 @@ const (
NotDDLOwnerError = "This node is not a ddl owner, can't be resigned."
)

type dbInfo struct {
IsOwner bool `json:"is_owner"`
}

// TiDBControlInterface is the interface that knows how to manage tidb peers
type TiDBControlInterface interface {
// GetHealth returns tidb's health info
GetHealth(tc *v1alpha1.TidbCluster) map[string]bool
// ResignDDLOwner resigns the ddl owner of tidb, if the tidb node is not a ddl owner returns (true,nil),else returns (false,err)
ResignDDLOwner(tc *v1alpha1.TidbCluster, ordinal int32) (bool, error)
// Get TIDB info return tidb's dbInfo
GetInfo(tc *v1alpha1.TidbCluster, ordinal int32) (*dbInfo, error)
}

// defaultTiDBControl is default implementation of TiDBControlInterface.
Expand Down Expand Up @@ -89,6 +96,37 @@ func (tdc *defaultTiDBControl) ResignDDLOwner(tc *v1alpha1.TidbCluster, ordinal
return false, err2
}

func (tdc *defaultTiDBControl) GetInfo(tc *v1alpha1.TidbCluster, ordinal int32) (*dbInfo, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Open an issue to remember to add unit tests to cover this method.

tcName := tc.GetName()
ns := tc.GetNamespace()

hostName := fmt.Sprintf("%s-%d", TiDBMemberName(tcName), ordinal)
url := fmt.Sprintf("http://%s.%s.%s:10080/info", hostName, TiDBPeerMemberName(tcName), ns)
req, err := http.NewRequest("POST", url, nil)
if err != nil {
return nil, err
}
res, err := tdc.httpClient.Do(req)
if err != nil {
return nil, err
}
defer DeferClose(res.Body, &err)
if res.StatusCode != http.StatusOK {
errMsg := fmt.Errorf(fmt.Sprintf("Error response %v", res.StatusCode))
return nil, errMsg
}
body, err := ioutil.ReadAll(res.Body)
if err != nil {
return nil, err
}
info := dbInfo{}
err = json.Unmarshal(body, &info)
if err != nil {
return nil, err
}
return &info, nil
}

func (tdc *defaultTiDBControl) getBodyOK(apiURL string) ([]byte, error) {
res, err := tdc.httpClient.Get(apiURL)
if err != nil {
Expand All @@ -112,6 +150,8 @@ type FakeTiDBControl struct {
healthInfo map[string]bool
resignDDLOwnerError error
notDDLOwner bool
tidbInfo *dbInfo
getInfoError error
}

// NewFakeTiDBControl returns a FakeTiDBControl instance
Expand Down Expand Up @@ -141,3 +181,7 @@ func (ftd *FakeTiDBControl) GetHealth(_ *v1alpha1.TidbCluster) map[string]bool {
func (ftd *FakeTiDBControl) ResignDDLOwner(tc *v1alpha1.TidbCluster, ordinal int32) (bool, error) {
return ftd.notDDLOwner, ftd.resignDDLOwnerError
}

func (ftd *FakeTiDBControl) GetInfo(tc *v1alpha1.TidbCluster, ordinal int32) (*dbInfo, error) {
return ftd.tidbInfo, ftd.getInfoError
}
54 changes: 33 additions & 21 deletions tests/actions.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
package tests

import (
"crypto/tls"
"database/sql"
"encoding/json"
"fmt"
Expand All @@ -31,6 +32,8 @@ import (
"github.com/golang/glog"
pingcapErrors "github.com/pingcap/errors"
"github.com/pingcap/kvproto/pkg/metapb"
"github.com/pingcap/tidb-operator/tests/pkg/apimachinery"
"github.com/pingcap/tidb-operator/tests/pkg/webhook"
admissionV1beta1 "k8s.io/api/admissionregistration/v1beta1"
"k8s.io/api/apps/v1beta1"
batchv1 "k8s.io/api/batch/v1"
Expand Down Expand Up @@ -125,7 +128,7 @@ type OperatorActions interface {
RegisterWebHookAndService(info *OperatorConfig) error
RegisterWebHookAndServiceOrDie(info *OperatorConfig)
CleanWebHookAndService(info *OperatorConfig) error
StartValidatingAdmissionWebhookServerOrDie()
StartValidatingAdmissionWebhookServerOrDie(info *OperatorConfig)
}

type operatorActions struct {
Expand All @@ -149,6 +152,7 @@ type OperatorConfig struct {
WebhookServiceName string
WebhookSecretName string
WebhookConfigName string
Context *apimachinery.CertContext
}

type TidbClusterConfig struct {
Expand Down Expand Up @@ -176,6 +180,16 @@ type TidbClusterConfig struct {
GrafanaClient *metrics.Client
}

func (oi *OperatorConfig) ConfigTLS() *tls.Config {
sCert, err := tls.X509KeyPair(oi.Context.Cert, oi.Context.Key)
if err != nil {
glog.Fatal(err)
}
return &tls.Config{
Certificates: []tls.Certificate{sCert},
}
}

func (tc *TidbClusterConfig) BackupHelmSetString(m map[string]string) string {

set := map[string]string{
Expand Down Expand Up @@ -629,6 +643,11 @@ func (oa *operatorActions) CheckScaledCorrectly(info *TidbClusterConfig, podUIDs
}

func (oa *operatorActions) UpgradeTidbCluster(info *TidbClusterConfig) error {
// record tikv leader count in webhook first
err := webhook.GetAllKVLeaders(oa.cli, info.Namespace, info.ClusterName)
if err != nil {
return err
}
oa.emitEvent(info, "UpgradeTidbCluster")

cmd := fmt.Sprintf("helm upgrade %s %s --set-string %s",
Expand Down Expand Up @@ -1942,23 +1961,8 @@ func (oa *operatorActions) RegisterWebHookAndService(info *OperatorConfig) error

namespace := os.Getenv("NAMESPACE")
configName := info.WebhookConfigName
filePath := "/webhook.local.config/certificates/ca.crt"

fd, err := os.Open(filePath)
if err != nil {
glog.Errorf("file can't open file path %s err %v", filePath, err)
return err
}
defer fd.Close()

ca, err := ioutil.ReadAll(fd)

if err != nil {
glog.Errorf("file can't read file path %s err %v", filePath, err)
return err
}

_, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionV1beta1.ValidatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionV1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: configName,
},
Expand All @@ -1979,7 +1983,7 @@ func (oa *operatorActions) RegisterWebHookAndService(info *OperatorConfig) error
Name: info.WebhookServiceName,
Path: strPtr("/pods"),
},
CABundle: ca,
CABundle: info.Context.SigningCert,
},
},
},
Expand Down Expand Up @@ -2076,13 +2080,21 @@ func (oa *operatorActions) drainerHealth(info *TidbClusterConfig, hostName strin
return len(healths.PumpPos) > 0 && healths.Synced
}

func (oa *operatorActions) StartValidatingAdmissionWebhookServerOrDie() {
func (oa *operatorActions) StartValidatingAdmissionWebhookServerOrDie(info *OperatorConfig) {

context, err := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), info.WebhookServiceName)
if err != nil {
glog.Fatalf("fail to setup server cert: %v", err)
}

info.Context = context

http.HandleFunc("/pods", webhook.ServePods)
server := &http.Server{
Addr: ":443",
TLSConfig: oa.cfg.ConfigTLS(),
TLSConfig: info.ConfigTLS(),
}
err := server.ListenAndServeTLS("", "")
err = server.ListenAndServeTLS("", "")
if err != nil {
glog.Errorf("fail to start webhook server err %v", err)
os.Exit(4)
Expand Down
6 changes: 3 additions & 3 deletions tests/cmd/e2e/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,6 @@ func main() {
cli, kubeCli := client.NewCliOrDie()
oa := tests.NewOperatorActions(cli, kubeCli, 5*time.Second, conf)

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie()

operatorInfo := &tests.OperatorConfig{
Namespace: "pingcap",
ReleaseName: "operator",
Expand All @@ -53,6 +50,9 @@ func main() {
WebhookConfigName: "webhook-config",
}

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie(operatorInfo)

initTidbVersion, err := conf.GetTiDBVersion()
if err != nil {
glog.Fatal(err)
Expand Down
6 changes: 3 additions & 3 deletions tests/cmd/stability/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,6 @@ func main() {
tidbVersion := conf.GetTiDBVersionOrDie()
upgardeTiDBVersions := conf.GetUpgradeTidbVersionsOrDie()

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie()

// operator config
operatorCfg := &tests.OperatorConfig{
Namespace: "pingcap",
Expand All @@ -60,6 +57,9 @@ func main() {
WebhookConfigName: "webhook-config",
}

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie(operatorCfg)

// TODO remove this
// create database and table and insert a column for test backup and restore
initSql := `"create database record;use record;create table test(t char(32))"`
Expand Down
16 changes: 0 additions & 16 deletions tests/config.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package tests

import (
"crypto/tls"
"flag"
"fmt"
"io/ioutil"
Expand Down Expand Up @@ -67,11 +66,6 @@ func NewConfig() (*Config, error) {
flag.StringVar(&cfg.TidbVersions, "tidb-versions", "v2.1.3,v2.1.4", "tidb versions")
flag.StringVar(&cfg.OperatorTag, "operator-tag", "master", "operator tag used to choose charts")
flag.StringVar(&cfg.OperatorImage, "operator-image", "pingcap/tidb-operator:latest", "operator image")
flag.StringVar(&cfg.CertFile, "tls-cert-file", cfg.CertFile, ""+
"File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated "+
"after server cert).")
flag.StringVar(&cfg.KeyFile, "tls-private-key-file", cfg.KeyFile, ""+
"File containing the default x509 private key matching --tls-cert-file.")
flag.StringVar(&cfg.OperatorRepoDir, "operator-repo-dir", "/tidb-operator", "local directory to which tidb-operator cloned")
flag.Parse()

Expand Down Expand Up @@ -150,16 +144,6 @@ func (c *Config) GetTiDBVersionOrDie() string {
return v
}

func (c *Config) ConfigTLS() *tls.Config {
sCert, err := tls.LoadX509KeyPair(c.CertFile, c.KeyFile)
if err != nil {
glog.Fatal(err)
}
return &tls.Config{
Certificates: []tls.Certificate{sCert},
}
}

func (c *Config) GetUpgradeTidbVersions() []string {
tidbVersions := strings.Split(c.TidbVersions, ",")

Expand Down
20 changes: 0 additions & 20 deletions tests/manifests/e2e/e2e.yaml
Original file line number Diff line number Diff line change
@@ -1,15 +1,3 @@
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-secret
namespace: tidb-operator-e2e
type: Opaque
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2ekNDQWRPZ0F3SUJBZ0lJV2xBRzZaeDVxRDR3RFFZSktvWklodmNOQVFFTEJRQXdFakVRTUE0R0ExVUUKQXhNSFkyRXRZMlZ5ZERBZUZ3MHhPVEEwTVRjd016TTRNVGRhRncweU1EQTBNVFl3TXpNNE1UZGFNREF4TGpBcwpCZ05WQkFNVEpYZGxZbWh2YjJzdGMyVnlkbWxqWlM1MGFXUmlMVzl3WlhKaGRHOXlMV1V5WlM1emRtTXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzdGaHBoRWpRMWlMN1lKRjZBUmJhb1hHZEcKS21Lbkw3NHhvMkFnT2F3M1dmM3pVWXR3eUVsbUFzNDBLWXowL01saWFuMGRHalVRVVNQbEpFeEV5dUt1QVdPYQpnOXE4WUZKUklqNTQxUnZqZlI2NytwMDBPT0lTamJrUkhiemErcS93N1NTMkxjSUhBTXFsUVFNQnVUMVZScnUrCnF1R0M2K0VCLzVQMnB2RHRXWHo3dVFnYmhyOERFRmZsdFBWTUJWWnhOdDRMSUpTYm1UTkVsREdIVTl1R3NiZEsKd1FlNWp5T1dOOHNvT01PNEpkMzY4Y3MvSGFtenBOYktDZVpMbWVsTVpsc1Z3Y0tsOEt3dVdVSkM5dE11cHM1TQo1Zk1yMGE4OERhOFM3RkFVZ2ZZVkh5QTVXby9JOGlWQ21vUThrd2svaUxsNzd1bkkwdmVDZFhETFVsMHJBZ01CCkFBR2pKekFsTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNEQVRBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFWSG41Z3IyeWpydkdhaGtCWXBZT0JYZFBOb0Z3Ykg5K1BraG9YOVJKRmtMMgoxbVQ1TUpvdHNTT2hRR0RaS2VvQm5tdlFoRUNJakVSb2xiVm5wdG9JYkN4elBFNFV0ZVc0NGoxU1AwL2xmZGtJCm5Cb2MycmhhQ0NmR3ZnMWgzWDVZZ0ZMblJaL1F1Y3puVno4b1RnVTB1dVBxTlhJOXFQc2dKT2laaWpVa1pwRzQKV090cDYrVEY2blRhY25PMnJ6bFl2RjJ2NkxZN2I1TmNXU0xUbnc0MUYzdVJDYnU4MHZxcm5yd2xJMkUrcXpySAo1MVdpWHI5VmJaMHBJUlowWEZIdXdoY2hmWVpEaENUVDFHMlh0b2ZqaTF1aUsrZWJsWVE3czJ0NWU1ZXJqTnZNCmxRUnVPNVUzemhxcHltZG1QaHJ0SFdBbVRSMXZwOER1NnZTakhmQzFXUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXhZYVlSSTBOWWkrMkNSZWdFVzJxRnhuUmlwaXB5KytNYU5nSURtc04xbjk4MUdMCmNNaEpaZ0xPTkNtTTlQekpZbXA5SFJvMUVGRWo1U1JNUk1yaXJnRmptb1BhdkdCU1VTSStlTlViNDMwZXUvcWQKTkRqaUVvMjVFUjI4MnZxdjhPMGt0aTNDQndES3BVRURBYms5VlVhN3ZxcmhndXZoQWYrVDlxYnc3Vmw4KzdrSQpHNGEvQXhCWDViVDFUQVZXY1RiZUN5Q1VtNWt6UkpReGgxUGJockczU3NFSHVZOGpsamZMS0RqRHVDWGQrdkhMClB4MnBzNlRXeWdubVM1bnBUR1piRmNIQ3BmQ3NMbGxDUXZiVExxYk9UT1h6SzlHdlBBMnZFdXhRRklIMkZSOGcKT1ZxUHlQSWxRcHFFUEpNSlA0aTVlKzdweU5MM2duVnd5MUpkS3dJREFRQUJBb0lCQURHdUJlVS9DMFFvQXQycwprcmVuUzREYndNVGVIb0pjNkRtUU04ZDY2U050cjBUOG8zV1lpZjBmdzVnUWJKRGx5NmhwdEwyVXB3Q2xPMDN1CjNKM3I3bFBjcEpGMGNCSlQxYWdiMnRFRmJqbHprVVREb1Jrci9jU0ZnOTVxc2lySUpRNXFPclJ4NURNdDM2SVEKYUhiOXRLNi9jTDJKN1FaeUVyY1FJajkrUno0UGI3L3NqZDFNYzBETHJJS0ZvRWoxdkNpcDRCWWZ4YlliQXZOWQozQTZzVU8rUENja0ZXaytxeE9BMndVUS83Tjc3UDBIMGRYeURmYitIVUIzL1RRbWhxWXh5S1kxRXo4cWZXNkg0Cmp6ZWhDYjhUSGhqVXB2WnhvTzQ3R0YvWmt4SVBISlozK0djc0UySnROODlBSTExSk9SNEZCckFKK1N5Y1BjRXkKbTgxdmpza0NnWUVBeVMvQ1hoeXpMb2UwU3ZyL05sK3M1eE1KUnZTSmhGcmZSR3I5T1UxQUFxZk52WTVVUDhsagpqK3RZOC9VSTE2YjdvZjJvVUdMZFd6cVBxeC93ajNXNzlVZGZyVDJobmZ0OFhRQ3JvZFN3WXdLMUJaK2FMclpqCjBzSTdRWHV6WlMyaWMrVDdiR04ycHdiaHJwRGlxQ0hVUzBmU1IwOFNCS3NmVWpLSklvQnlRcFVDZ1lFQTdnN2oKMmxtR09hakJpN05MZ3lINmE4WFRNMFAxU0wzUGQ4QnNiQXZoM2pLVG8zbWYwZmhjMFhyR0d4b0xkLzJ2NHdqUApLS3ptVWlvNGpiZXJsaW5XTXNWM3pNSXYvREVqVEFhUHJKUWJGUHRuTW92ZEU2K1pVdmZGQU9uS2VhczRqZFIxCk5vd2tOcTlRbE45Wmg0OHF2TnhkVHByeGp6NmFKZFAwcFg1TDhMOENnWUJoK3JWeE9nNzFrVGQzOE1kTUJzcGcKK3Y5Z3BBVTVCVHlJeUlZc1d2ZmFremg2b1k5Y1JVc01zelJ1RXg3TVQ5RnFzZXMvd3ZaRTBMOVpPc1BnU2hsUQp1Z0xaanhOZnFqT0Y0NmF5dUs5eWVNWUtTQkZCd0tmYTQ2Y1NIQmxoSkJsaTBkaTBqN2dnWGhTWS9JeTJEMHVoCm9nZkJuTHVNdEg0YmZPc1dkM0d1QlFLQmdRQ1J1NXZSTjZ6cjcxdE00bDMvMFBVMHRNNHVQQlFVaTk1T09RWW0KdnI5dS94ZFNwRW9xaUJpS1JOYXlFS2VrdFREUGs3ejk4WnF1QWhyTTV2dXIyY0MvSkJQS3piWUNkVEplZ0VYRQpLSWJMdVh2YmZiUEJNV1p6WENyRi9GbHZVbG8wdVROb1NUS0NKNkQxQWlZVXpwZ2pOZVFKRXVGK0I1em1PM014ClBMZlFrUUtCZ0NhOVZ3OTBsMzRUQ0ZQVHR2VFh6ZmdHUDY1eWhoaE80TURSY21LODdueHJmekxDbnJGZUZ6VmQKTUhVRDdmbUVzbEViUjVJRTNCbnBTR2dkTlQ1T2RvR3g4OTN4QllMKzdvODN1RnJ0MnpVSk5Vbm1TOXBkWGFIdwp5WU9sN0J6YVlrOVVodjRoS2REYVJYSnd1YVlRYzhINVlZN3N2Q1NKVk1rWWhTc3lKNFlCCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN3akNDQWFxZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkallTMWoKWlhKME1CNFhEVEU1TURReE56QXpNemd4TjFvWERUSTVNRFF4TkRBek16Z3hOMW93RWpFUU1BNEdBMVVFQXhNSApZMkV0WTJWeWREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5tTDFRdGhGOVlVCklMOWlnNGJRc3F4bE42RVVuODRkWHg5akV0d0dQanNJU2xqVWtsSStjYmNRelhSd3BTK0JnUFZMQjdlNWtlTjQKYStlc0JISEN6WXZQZjZ5aUI1eXR1emc3VWJ0RnVTMXZkNmdTT01QcS9vVXpZYTVydkVTY2dMLzlWL2RLMVNObAp6R3poZlU4anlGeFNDMWt1U2lUMnI0VXBSZStwL1kyQnVwQ2U3UVhQUUVNYS9Qa0Z4UDBaekVyc3NnSmV0azJECnBPemlLcG5oQmhiNXN1amw2RWhqbStjakYwRWlxUDhrSXhSS3cxUE5lRFZ4WEdseHpaZzFLMjZyUXhCNUtJdW4KeHRmMFh2dDRZZ2NnMTJPVHVNMVRwcFlaaHhRM3k5TVBRdm9nK3lTRktoREZ4ZEJ6TUt0RDY0QXoxU1Q5VVUvawo1WjBSYVlyMlgrOENBd0VBQWFNak1DRXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CCkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBS21XczJYNXRuTm4vTmNnOENJSGpNMUIyRDN3SDE2d0ttb2oKelVQcFEvdXpBaWZ5ZW1WdytKNEVjWnVyVlpSUlpBUFp0Kyt1RTYvS2kxcUFPNmp1U0dSU0xXaVA3ZFA5SXF6dwpIRDZ6Nzl5dDBFMDJSRFlVUzhsbVJqWlFhbzJoNVJVTi81ZXVabmtqaWFFQ2VlOUMxVGkyaWwrMHdUZEdQbFl1CmFRTTZYMU45aXZiK3huSnROQlE2STJseTBDNG94aFZKM1o0SC80Ym9Vd3UzT3d0OEhmL21NYzA0bkl6N1lZOGwKUm12U3BrNWYxM0k1VjRLTUZuQ1V4WjAyWGVTbkY1dWVNYktpcUo0NXk3cVJ2SWIydlNBRVFHbWx4M1piRjNPRwpUdC9BWk1ITkM3ZnNWQmY5c1QrQUFEMGtTSXc3SERiMXBGOEFUVU84UHRHZzh5NGhJQTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
apiVersion: v1
kind: Service
metadata:
Expand Down Expand Up @@ -61,14 +49,9 @@ spec:
- --operator-tag=e2e
- --operator-image=pingcap/tidb-operator:latest
- --tidb-versions=v2.1.3,v2.1.4
- --tls-cert-file=/webhook.local.config/certificates/tls.crt
- --tls-private-key-file=/webhook.local.config/certificates/tls.key
volumeMounts:
- mountPath: /logDir
name: logdir
- name: webhook-certs
readOnly: true
mountPath: /webhook.local.config/certificates
env:
- name: NAMESPACE
valueFrom:
Expand All @@ -79,7 +62,4 @@ spec:
hostPath:
path: /var/log
type: Directory
- name: webhook-certs
secret:
secretName: webhook-secret
restartPolicy: Never
Loading