Skip to content

Commit a9897a1

Browse files
shuijing198799shuijing198799
authored
make webhook configurable (#529)
* make webhook configurable * make check * change namespace default to placeholder * fix bug * make shell pretty * adress comment * address wire shell format * address wire shell format * address comment * address shell format
1 parent 83ad7c3 commit a9897a1

File tree

3 files changed

+41
-9
lines changed

3 files changed

+41
-9
lines changed

manifests/create-cert.sh

+33-1
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,35 @@ detailed explantion and additional instructions.
1414
1515
The server key/cert k8s CA cert are stored in a k8s secret.
1616
17+
-n,--namespace Namespace where webhook service and secret reside.
1718
EOF
1819
exit 1
1920
}
2021

21-
namespace=default
22+
optstring=":-:n"
23+
24+
while getopts "$optstring" opt; do
25+
case $opt in
26+
-)
27+
case "$OPTARG" in
28+
namespace)
29+
namespace="${2}"
30+
;;
31+
*)
32+
usage
33+
;;
34+
esac
35+
;;
36+
n)
37+
namespace="${2}"
38+
;;
39+
*)
40+
usage
41+
;;
42+
esac
43+
done
44+
45+
namespace=${namespace:-tidb-admin}
2246
service=admission-controller-svc
2347
secret=admission-controller-certs
2448

@@ -27,6 +51,12 @@ if [ ! -x "$(command -v openssl)" ]; then
2751
exit 1
2852
fi
2953

54+
CURDIR=$(cd $(dirname ${BASH_SOURCE[0]}); pwd )
55+
56+
# reset namespace and ca_bundle of webhook.yaml
57+
sed -i "s/caBundle:.*/caBundle: \${CA_BUNDLE}/g" $CURDIR/webhook.yaml
58+
sed -i "s/namespace:.*/namespace: \${NAMESPACE}/g" $CURDIR/webhook.yaml
59+
3060
csrName=${service}.${namespace}
3161
tmpdir=$(mktemp -d)
3262

@@ -99,3 +129,5 @@ kubectl create secret generic ${secret} \
99129
--from-file=cert.pem=${tmpdir}/server-cert.pem \
100130
--dry-run -o yaml |
101131
kubectl -n ${namespace} apply -f -
132+
133+
sed -i "s/namespace: .*$/namespace: ${namespace}/g" $CURDIR/webhook.yaml

manifests/webhook.yaml

+7-7
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
22
kind: ClusterRole
33
metadata:
44
name: admission-controller-cr
5-
namespace: default
5+
namespace: ${NAMESPACE}
66
labels:
77
app: admission-webhook
88
rules:
@@ -17,21 +17,21 @@ apiVersion: v1
1717
kind: ServiceAccount
1818
metadata:
1919
name: admission-controller-sa
20-
namespace: default
20+
namespace: ${NAMESPACE}
2121
labels:
2222
app: admission-controller
2323
---
2424
kind: ClusterRoleBinding
2525
apiVersion: rbac.authorization.k8s.io/v1
2626
metadata:
2727
name: admission-controller-crb
28-
namespace: default
28+
namespace: ${NAMESPACE}
2929
labels:
3030
app: admission-controller
3131
subjects:
3232
- kind: ServiceAccount
3333
name: admission-controller-sa
34-
namespace: default
34+
namespace: ${NAMESPACE}
3535
roleRef:
3636
apiGroup: rbac.authorization.k8s.io
3737
kind: ClusterRole
@@ -41,7 +41,7 @@ apiVersion: v1
4141
kind: Service
4242
metadata:
4343
name: admission-controller-svc
44-
namespace: default
44+
namespace: ${NAMESPACE}
4545
labels:
4646
app: admission-controller
4747
spec:
@@ -55,7 +55,7 @@ apiVersion: apps/v1
5555
kind: Deployment
5656
metadata:
5757
name: admission-controller
58-
namespace: default
58+
namespace: ${NAMESPACE}
5959
labels:
6060
app: admission-controller
6161
spec:
@@ -99,7 +99,7 @@ webhooks:
9999
clientConfig:
100100
service:
101101
name: admission-controller-svc
102-
namespace: default
102+
namespace: ${NAMESPACE}
103103
path: "/statefulsets"
104104
caBundle: ${CA_BUNDLE}
105105
rules:

tests/actions.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -394,7 +394,7 @@ func (oa *operatorActions) DeployOperator(info *OperatorConfig) error {
394394
}
395395

396396
// create cert and secret for webhook
397-
cmd = fmt.Sprintf("%s/create-cert.sh", oa.manifestPath(info.Tag))
397+
cmd = fmt.Sprintf("%s/create-cert.sh --namespace %s", oa.manifestPath(info.Tag), info.Namespace)
398398
glog.Info(cmd)
399399

400400
res, err = exec.Command("/bin/sh", "-c", cmd).CombinedOutput()

0 commit comments

Comments
 (0)