From 29849dc723cd5d45dededaebcc03a6878b8297ce Mon Sep 17 00:00:00 2001 From: Christian Weichel Date: Mon, 11 Apr 2022 22:27:48 +0000 Subject: [PATCH] [installer] Connect custom CA certs with wsman --- .../pkg/components/ws-manager/configmap.go | 10 +++- .../pkg/components/ws-manager/deployment.go | 53 +++++++++++-------- 2 files changed, 40 insertions(+), 23 deletions(-) diff --git a/install/installer/pkg/components/ws-manager/configmap.go b/install/installer/pkg/components/ws-manager/configmap.go index a7b28551471b2f..22b9168e9b40d6 100644 --- a/install/installer/pkg/components/ws-manager/configmap.go +++ b/install/installer/pkg/components/ws-manager/configmap.go @@ -43,6 +43,11 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { timeoutAfterClose = *ctx.Config.Workspace.TimeoutAfterClose } + var customCASecret string + if ctx.Config.CustomCACert != nil { + customCASecret = ctx.Config.CustomCACert.Name + } + wsmcfg := config.ServiceConfiguration{ Manager: config.Configuration{ Namespace: ctx.Namespace, @@ -97,8 +102,9 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { Interrupted: util.Duration(5 * time.Minute), }, //EventTraceLog: "", // todo(sje): make conditional based on config - ReconnectionInterval: util.Duration(30 * time.Second), - RegistryFacadeHost: fmt.Sprintf("reg.%s:%d", ctx.Config.Domain, common.RegistryFacadeServicePort), + ReconnectionInterval: util.Duration(30 * time.Second), + RegistryFacadeHost: fmt.Sprintf("reg.%s:%d", ctx.Config.Domain, common.RegistryFacadeServicePort), + WorkspaceCACertSecret: customCASecret, }, Content: struct { Storage storageconfig.StorageConfig `json:"storage"` diff --git a/install/installer/pkg/components/ws-manager/deployment.go b/install/installer/pkg/components/ws-manager/deployment.go index 48053a08156ffc..48fce468c53967 100644 --- a/install/installer/pkg/components/ws-manager/deployment.go +++ b/install/installer/pkg/components/ws-manager/deployment.go @@ -43,10 +43,12 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { "memory": resource.MustParse("32Mi"), }, }, - Ports: []corev1.ContainerPort{{ - Name: RPCPortName, - ContainerPort: RPCPort, - }}, + Ports: []corev1.ContainerPort{ + { + Name: RPCPortName, + ContainerPort: RPCPort, + }, + }, SecurityContext: &corev1.SecurityContext{ Privileged: pointer.Bool(false), }, @@ -55,23 +57,25 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { common.TracingEnv(ctx), []corev1.EnvVar{{Name: "GRPC_GO_RETRY", Value: "on"}}, ), - VolumeMounts: []corev1.VolumeMount{{ - Name: VolumeConfig, - MountPath: "/config", - ReadOnly: true, - }, { - Name: VolumeWorkspaceTemplate, - MountPath: WorkspaceTemplatePath, - ReadOnly: true, - }, { - Name: wsdaemon.VolumeTLSCerts, - MountPath: "/ws-daemon-tls-certs", - ReadOnly: true, - }, { - Name: VolumeTLSCerts, - MountPath: "/certs", - ReadOnly: true, - }}, + VolumeMounts: []corev1.VolumeMount{ + { + Name: VolumeConfig, + MountPath: "/config", + ReadOnly: true, + }, { + Name: VolumeWorkspaceTemplate, + MountPath: WorkspaceTemplatePath, + ReadOnly: true, + }, { + Name: wsdaemon.VolumeTLSCerts, + MountPath: "/ws-daemon-tls-certs", + ReadOnly: true, + }, { + Name: VolumeTLSCerts, + MountPath: "/certs", + ReadOnly: true, + }, + }, }, *common.KubeRBACProxyContainer(ctx), }, @@ -112,6 +116,13 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { return nil, err } + if vol, mnt, _, ok := common.CustomCACertVolume(ctx); ok { + podSpec.Volumes = append(podSpec.Volumes, *vol) + container := podSpec.Containers[0] + container.VolumeMounts = append(container.VolumeMounts, *mnt) + podSpec.Containers[0] = container + } + return []runtime.Object{ &appsv1.Deployment{ TypeMeta: common.TypeMetaDeployment,