Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

change cert generate method and add pd and kv webhook #406

Merged
merged 11 commits into from
Apr 29, 2019
5 changes: 4 additions & 1 deletion tests/cmd/e2e/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,10 @@ func main() {

cli, kubeCli := client.NewCliOrDie()

context := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), "webhook-service")
context, err := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), "webhook-service")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

merge this function into StartValidatingAdmissionWebhookServerOrDie.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

if err != nil {
glog.Fatalf("fail to setup server cert: %v", err)
}

oa := tests.NewOperatorActions(cli, kubeCli, conf)

Expand Down
5 changes: 4 additions & 1 deletion tests/cmd/stability/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,10 @@ func main() {
conf := tests.ParseConfigOrDie()
cli, kubeCli := client.NewCliOrDie()

context := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), "webhook-service")
context, err := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), "webhook-service")
if err != nil {
glog.Fatalf("fail to setup server cert: %v", err)
}

oa := tests.NewOperatorActions(cli, kubeCli, conf)
fta := tests.NewFaultTriggerAction(cli, kubeCli, conf)
Expand Down
14 changes: 12 additions & 2 deletions tests/pkg/apimachinery/certs.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,30 +16,35 @@ type CertContext struct {

// Setup the server cert. For example, user apiservers and admission webhooks
// can use the cert to prove their identify to the kube-apiserver
func SetupServerCert(namespaceName, serviceName string) *CertContext {
func SetupServerCert(namespaceName, serviceName string) (*CertContext, error) {
certDir, err := ioutil.TempDir("", "test-e2e-server-cert")
if err != nil {
glog.Errorf("Failed to create a temp dir for cert generation %v", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should return an error.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all done

return nil, err
}
defer os.RemoveAll(certDir)
signingKey, err := cert.NewPrivateKey()
if err != nil {
glog.Errorf("Failed to create CA private key %v", err)
return nil, err
}
signingCert, err := cert.NewSelfSignedCACert(cert.Config{CommonName: "e2e-server-cert-ca"}, signingKey)
if err != nil {
glog.Errorf("Failed to create CA cert for apiserver %v", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

return nil, err
}
caCertFile, err := ioutil.TempFile(certDir, "ca.crt")
if err != nil {
glog.Errorf("Failed to create a temp file for ca cert generation %v", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and all these should return a error.

return nil, err
}
if err := ioutil.WriteFile(caCertFile.Name(), cert.EncodeCertPEM(signingCert), 0644); err != nil {
glog.Errorf("Failed to write CA cert %v", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return error here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be fixed also

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

}
key, err := cert.NewPrivateKey()
if err != nil {
glog.Errorf("Failed to create private key for %v", err)
return nil, err
}
signedCert, err := cert.NewSignedCert(
cert.Config{
Expand All @@ -50,24 +55,29 @@ func SetupServerCert(namespaceName, serviceName string) *CertContext {
)
if err != nil {
glog.Errorf("Failed to create cert%v", err)
return nil, err
}
certFile, err := ioutil.TempFile(certDir, "server.crt")
if err != nil {
glog.Errorf("Failed to create a temp file for cert generation %v", err)
return nil, err
}
keyFile, err := ioutil.TempFile(certDir, "server.key")
if err != nil {
glog.Errorf("Failed to create a temp file for key generation %v", err)
return nil, err
}
if err = ioutil.WriteFile(certFile.Name(), cert.EncodeCertPEM(signedCert), 0600); err != nil {
glog.Errorf("Failed to write cert file %v", err)
return nil, err
}
if err = ioutil.WriteFile(keyFile.Name(), cert.EncodePrivateKeyPEM(key), 0644); err != nil {
glog.Errorf("Failed to write key file %v", err)
return nil, err
}
return &CertContext{
Cert: cert.EncodeCertPEM(signedCert),
Key: cert.EncodePrivateKeyPEM(key),
SigningCert: cert.EncodeCertPEM(signingCert),
}
}, nil
}
9 changes: 5 additions & 4 deletions tests/pkg/webhook/pods.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/golang/glog"
"github.com/pingcap/kvproto/pkg/pdpb"
"github.com/pingcap/tidb-operator/pkg/controller"
"github.com/pingcap/tidb-operator/pkg/label"
"github.com/pingcap/tidb-operator/tests/pkg/client"
"k8s.io/api/admission/v1beta1"
)
Expand Down Expand Up @@ -79,9 +80,9 @@ func admitPods(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
return &reviewResponse
}

glog.Infof("delete pod %s", pod.Labels["app.kubernetes.io/component"])
glog.Infof("delete pod %s", pod.Labels[label.ComponentLabelKey])

if pod.Labels["app.kubernetes.io/component"] == "tidb" {
if pod.Labels[label.ComponentLabelKey] == "tidb" {
podIP := pod.Status.PodIP
url := fmt.Sprintf("http://%s:10080/info", podIP)

Expand All @@ -106,7 +107,7 @@ func admitPods(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
glog.Infof("savely delete pod namespace %s name %s content %s", nameSpace, name, string(content))
}

} else if pod.Labels["app.kubernetes.io/component"] == "pd" {
} else if pod.Labels[label.ComponentLabelKey] == "pd" {
podIP := tc.Status.PD.Leader.ClientURL
url := fmt.Sprintf("%s/pd/api/v1/leader", podIP)

Expand All @@ -131,7 +132,7 @@ func admitPods(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
glog.Infof("savely delete pod namespace %s name %s leader name %s", nameSpace, name, leader.Name)
}

} else if pod.Labels["app.kubernetes.io/component"] == "tikv" {
} else if pod.Labels[label.ComponentLabelKey] == "tikv" {
var storeID string
podIP := tc.Status.PD.Leader.ClientURL
for _, store := range tc.Status.TiKV.Stores {
Expand Down