Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

make webhook configurable #529

Merged
merged 11 commits into from
May 30, 2019
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ require (
github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e // indirect
github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273 // indirect
github.com/renstrom/dedent v1.1.0 // indirect
github.com/robfig/cron v1.1.0 // indirect
github.com/robfig/cron v1.1.0
github.com/russross/blackfriday v1.5.2+incompatible // indirect
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
github.com/sirupsen/logrus v1.0.6
Expand Down
34 changes: 33 additions & 1 deletion manifests/create-cert.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,35 @@ detailed explantion and additional instructions.

The server key/cert k8s CA cert are stored in a k8s secret.

-n,--namespace Namespace where webhook service and secret reside.
EOF
exit 1
}

namespace=default
optstring=":-:n"

while getopts "$optstring" opt; do
case $opt in
-)
case "$OPTARG" in
namespace)
namespace="${2}"
;;
*)
usage
;;
esac
;;
n)
namespace="${2}"
;;
*)
usage
;;
esac
done

namespace=${namespace:-tidb-admin}
service=admission-controller-svc
secret=admission-controller-certs

Expand All @@ -27,6 +51,12 @@ if [ ! -x "$(command -v openssl)" ]; then
exit 1
fi

CURDIR=$(cd $(dirname ${BASH_SOURCE[0]}); pwd )

# reset namespace and ca_bundle of webhook.yaml
sed -i "s/caBundle:.*/caBundle: \${CA_BUNDLE}/g" $CURDIR/webhook.yaml
sed -i "s/namespace:.*/namespace: \${NAMESPACE}/g" $CURDIR/webhook.yaml

csrName=${service}.${namespace}
tmpdir=$(mktemp -d)

Expand Down Expand Up @@ -99,3 +129,5 @@ kubectl create secret generic ${secret} \
--from-file=cert.pem=${tmpdir}/server-cert.pem \
--dry-run -o yaml |
kubectl -n ${namespace} apply -f -

sed -i "s/namespace: .*$/namespace: ${namespace}/g" $CURDIR/webhook.yaml
14 changes: 7 additions & 7 deletions manifests/webhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admission-controller-cr
namespace: default
namespace: ${NAMESPACE}
labels:
app: admission-webhook
rules:
Expand All @@ -17,21 +17,21 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: admission-controller-sa
namespace: default
namespace: ${NAMESPACE}
labels:
app: admission-controller
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admission-controller-crb
namespace: default
namespace: ${NAMESPACE}
labels:
app: admission-controller
subjects:
- kind: ServiceAccount
name: admission-controller-sa
namespace: default
namespace: ${NAMESPACE}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand All @@ -41,7 +41,7 @@ apiVersion: v1
kind: Service
metadata:
name: admission-controller-svc
namespace: default
namespace: ${NAMESPACE}
labels:
app: admission-controller
spec:
Expand All @@ -55,7 +55,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: admission-controller
namespace: default
namespace: ${NAMESPACE}
labels:
app: admission-controller
spec:
Expand Down Expand Up @@ -99,7 +99,7 @@ webhooks:
clientConfig:
service:
name: admission-controller-svc
namespace: default
namespace: ${NAMESPACE}
path: "/statefulsets"
caBundle: ${CA_BUNDLE}
rules:
Expand Down
2 changes: 1 addition & 1 deletion tests/actions.go
Original file line number Diff line number Diff line change
Expand Up @@ -387,7 +387,7 @@ func (oa *operatorActions) DeployOperator(info *OperatorConfig) error {
}

// create cert and secret for webhook
cmd = fmt.Sprintf("%s/create-cert.sh", oa.manifestPath(info.Tag))
cmd = fmt.Sprintf("%s/create-cert.sh --namespace %s", oa.manifestPath(info.Tag), info.Namespace)
glog.Info(cmd)

res, err = exec.Command("/bin/sh", "-c", cmd).CombinedOutput()
Expand Down