From ae1af87a20f6416d7f3ad603c2d8e9d465703974 Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Tue, 28 May 2019 16:32:16 +0800 Subject: [PATCH 01/10] make webhook configurable --- manifests/create-cert.sh | 25 ++++++++++++++++++++++++- tests/actions.go | 2 +- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/manifests/create-cert.sh b/manifests/create-cert.sh index 4e76ff8fa0..28c172f4a1 100755 --- a/manifests/create-cert.sh +++ b/manifests/create-cert.sh @@ -14,11 +14,26 @@ detailed explantion and additional instructions. The server key/cert k8s CA cert are stored in a k8s secret. + --namespace Namespace where webhook service and secret reside. EOF exit 1 } -namespace=default +while [[ $# -gt 0 ]]; do + case ${1} in + --namespace) + namespace="$2" + shift + ;; + *) + usage + ;; + esac + shift +done + + +[ -z ${namespace} ] && namespace=default service=admission-controller-svc secret=admission-controller-certs @@ -27,6 +42,12 @@ if [ ! -x "$(command -v openssl)" ]; then exit 1 fi +CURDIR=$(cd $(dirname ${BASH_SOURCE[0]}); pwd ) + +# reset namespace and ca_bundle of webhook.yaml +sed -i "/caBundle:*/c\ caBundle: \${CA_BUNDLE}" $CURDIR/webhook.yaml +sed -i "s/namespace:.*/namespace: \${NAMESPACE}/g" $CURDIR/webhook.yaml + csrName=${service}.${namespace} tmpdir=$(mktemp -d) @@ -99,3 +120,5 @@ kubectl create secret generic ${secret} \ --from-file=cert.pem=${tmpdir}/server-cert.pem \ --dry-run -o yaml | kubectl -n ${namespace} apply -f - + +sed -i "s/namespace: .*$/namespace: ${namespace}/g" $CURDIR/webhook.yaml diff --git a/tests/actions.go b/tests/actions.go index fdb1f01f32..f4885adfcf 100644 --- a/tests/actions.go +++ b/tests/actions.go @@ -387,7 +387,7 @@ func (oa *operatorActions) DeployOperator(info *OperatorConfig) error { } // create cert and secret for webhook - cmd = fmt.Sprintf("%s/create-cert.sh", oa.manifestPath(info.Tag)) + cmd = fmt.Sprintf("%s/create-cert.sh --namespace=%s", oa.manifestPath(info.Tag),info.Namespace) glog.Info(cmd) res, err = exec.Command("/bin/sh", "-c", cmd).CombinedOutput() From 55f3937c0373224eef635ecd12297c8418afba5a Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Tue, 28 May 2019 16:38:06 +0800 Subject: [PATCH 02/10] make check --- go.mod | 2 +- tests/actions.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index d74812053b..3dcf4ae01f 100644 --- a/go.mod +++ b/go.mod @@ -75,7 +75,7 @@ require ( github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e // indirect github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273 // indirect github.com/renstrom/dedent v1.1.0 // indirect - github.com/robfig/cron v1.1.0 // indirect + github.com/robfig/cron v1.1.0 github.com/russross/blackfriday v1.5.2+incompatible // indirect github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect github.com/sirupsen/logrus v1.0.6 diff --git a/tests/actions.go b/tests/actions.go index f4885adfcf..0a75138e1e 100644 --- a/tests/actions.go +++ b/tests/actions.go @@ -387,7 +387,7 @@ func (oa *operatorActions) DeployOperator(info *OperatorConfig) error { } // create cert and secret for webhook - cmd = fmt.Sprintf("%s/create-cert.sh --namespace=%s", oa.manifestPath(info.Tag),info.Namespace) + cmd = fmt.Sprintf("%s/create-cert.sh --namespace=%s", oa.manifestPath(info.Tag), info.Namespace) glog.Info(cmd) res, err = exec.Command("/bin/sh", "-c", cmd).CombinedOutput() From bb14cdbd514e0b180ace5497fed45754ca3c325c Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Tue, 28 May 2019 16:48:20 +0800 Subject: [PATCH 03/10] change namespace default to placeholder --- manifests/webhook.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/webhook.yaml b/manifests/webhook.yaml index 489c14003b..cd8fe8aee8 100644 --- a/manifests/webhook.yaml +++ b/manifests/webhook.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: admission-controller-cr - namespace: default + namespace: ${NAMESPACE} labels: app: admission-webhook rules: @@ -17,7 +17,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: admission-controller-sa - namespace: default + namespace: ${NAMESPACE} labels: app: admission-controller --- @@ -25,13 +25,13 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: admission-controller-crb - namespace: default + namespace: ${NAMESPACE} labels: app: admission-controller subjects: - kind: ServiceAccount name: admission-controller-sa - namespace: default + namespace: ${NAMESPACE} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -41,7 +41,7 @@ apiVersion: v1 kind: Service metadata: name: admission-controller-svc - namespace: default + namespace: ${NAMESPACE} labels: app: admission-controller spec: @@ -55,7 +55,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: admission-controller - namespace: default + namespace: ${NAMESPACE} labels: app: admission-controller spec: @@ -99,7 +99,7 @@ webhooks: clientConfig: service: name: admission-controller-svc - namespace: default + namespace: ${NAMESPACE} path: "/statefulsets" caBundle: ${CA_BUNDLE} rules: From b9e91c731daeed5052d4cfe8fcffeebe320d8b12 Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Wed, 29 May 2019 10:39:42 +0800 Subject: [PATCH 04/10] fix bug --- tests/actions.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/actions.go b/tests/actions.go index 0a75138e1e..2713867831 100644 --- a/tests/actions.go +++ b/tests/actions.go @@ -387,7 +387,7 @@ func (oa *operatorActions) DeployOperator(info *OperatorConfig) error { } // create cert and secret for webhook - cmd = fmt.Sprintf("%s/create-cert.sh --namespace=%s", oa.manifestPath(info.Tag), info.Namespace) + cmd = fmt.Sprintf("%s/create-cert.sh --namespace %s", oa.manifestPath(info.Tag), info.Namespace) glog.Info(cmd) res, err = exec.Command("/bin/sh", "-c", cmd).CombinedOutput() From e5058f5504ee6470046b5746ab9bf90d54786f79 Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Wed, 29 May 2019 14:25:07 +0800 Subject: [PATCH 05/10] make shell pretty --- manifests/create-cert.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/create-cert.sh b/manifests/create-cert.sh index 28c172f4a1..90e64eab31 100755 --- a/manifests/create-cert.sh +++ b/manifests/create-cert.sh @@ -45,7 +45,7 @@ fi CURDIR=$(cd $(dirname ${BASH_SOURCE[0]}); pwd ) # reset namespace and ca_bundle of webhook.yaml -sed -i "/caBundle:*/c\ caBundle: \${CA_BUNDLE}" $CURDIR/webhook.yaml +sed -i "s/caBundle:.*/caBundle: \${CA_BUNDLE}/g" $CURDIR/webhook.yaml sed -i "s/namespace:.*/namespace: \${NAMESPACE}/g" $CURDIR/webhook.yaml csrName=${service}.${namespace} From ae36b938207129f745d5ff7e289549974407b7f6 Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Wed, 29 May 2019 21:04:56 +0800 Subject: [PATCH 06/10] adress comment --- manifests/create-cert.sh | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/manifests/create-cert.sh b/manifests/create-cert.sh index 90e64eab31..c3f2b8039c 100755 --- a/manifests/create-cert.sh +++ b/manifests/create-cert.sh @@ -14,28 +14,39 @@ detailed explantion and additional instructions. The server key/cert k8s CA cert are stored in a k8s secret. - --namespace Namespace where webhook service and secret reside. + -n,--namespace Namespace where webhook service and secret reside. EOF exit 1 } -while [[ $# -gt 0 ]]; do - case ${1} in - --namespace) - namespace="$2" - shift +namespace=default +service=admission-controller-svc +secret=admission-controller-certs + +optstring=":-:n" + +while getopts "$optstring" opt; do + case $opt in + -) + case "$OPTARG" in + namespace) + namespace="${2}" + ;; + *) + usage + ;; + esac + ;; + n) + namespace="${2}" ;; *) usage ;; esac - shift done - -[ -z ${namespace} ] && namespace=default -service=admission-controller-svc -secret=admission-controller-certs +echo $namespace if [ ! -x "$(command -v openssl)" ]; then echo "openssl not found" From 87a73c100a79c07cf335682d9db46db93e4b1b21 Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Wed, 29 May 2019 21:07:12 +0800 Subject: [PATCH 07/10] address wire shell format --- manifests/create-cert.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/create-cert.sh b/manifests/create-cert.sh index c3f2b8039c..c4959f7f3e 100755 --- a/manifests/create-cert.sh +++ b/manifests/create-cert.sh @@ -37,13 +37,13 @@ while getopts "$optstring" opt; do ;; esac ;; - n) - namespace="${2}" - ;; - *) - usage - ;; - esac + n) + namespace="${2}" + ;; + *) + usage + ;; + esac done echo $namespace From 1fdb3c853e215f69099b9cb060fdca315ba06a3e Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Wed, 29 May 2019 21:07:50 +0800 Subject: [PATCH 08/10] address wire shell format --- manifests/create-cert.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/create-cert.sh b/manifests/create-cert.sh index c4959f7f3e..54bf84786a 100755 --- a/manifests/create-cert.sh +++ b/manifests/create-cert.sh @@ -26,7 +26,7 @@ secret=admission-controller-certs optstring=":-:n" while getopts "$optstring" opt; do - case $opt in + case $opt in -) case "$OPTARG" in namespace) From 7fc507a1ef1abfe54737ad9263c72ea4bcdfadbe Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Wed, 29 May 2019 21:24:16 +0800 Subject: [PATCH 09/10] address comment --- manifests/create-cert.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/manifests/create-cert.sh b/manifests/create-cert.sh index 54bf84786a..acc01cd967 100755 --- a/manifests/create-cert.sh +++ b/manifests/create-cert.sh @@ -19,10 +19,6 @@ EOF exit 1 } -namespace=default -service=admission-controller-svc -secret=admission-controller-certs - optstring=":-:n" while getopts "$optstring" opt; do @@ -46,7 +42,9 @@ while getopts "$optstring" opt; do esac done -echo $namespace +namespace=${namespace:-tidb-admin} +service=admission-controller-svc +secret=admission-controller-certs if [ ! -x "$(command -v openssl)" ]; then echo "openssl not found" From cfd0410fa6ff4a2cf95af623078b06b0658d93be Mon Sep 17 00:00:00 2001 From: shuijing198799 Date: Wed, 29 May 2019 21:29:25 +0800 Subject: [PATCH 10/10] address shell format --- manifests/create-cert.sh | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/manifests/create-cert.sh b/manifests/create-cert.sh index acc01cd967..95987e9222 100755 --- a/manifests/create-cert.sh +++ b/manifests/create-cert.sh @@ -22,24 +22,24 @@ EOF optstring=":-:n" while getopts "$optstring" opt; do - case $opt in - -) - case "$OPTARG" in - namespace) - namespace="${2}" - ;; - *) - usage - ;; - esac - ;; - n) - namespace="${2}" - ;; - *) - usage - ;; - esac + case $opt in + -) + case "$OPTARG" in + namespace) + namespace="${2}" + ;; + *) + usage + ;; + esac + ;; + n) + namespace="${2}" + ;; + *) + usage + ;; + esac done namespace=${namespace:-tidb-admin}