Skip to content

Commit

Permalink
Update job name and service name as configurable for cert generator (#…
Browse files Browse the repository at this point in the history 
…1889)

* add more flags

* rename

* add service validation

* add service read permission

Co-authored-by: shaowei su <shaowei.su@airbnb.com>
  • Loading branch information
@shaowei-su
shaowei-su and shaowei su committed Jun 14, 2022
1 parent a75b83f commit 170647d
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 6 deletions.
1 change: 1 addition & 0 deletions manifests/v1beta1/components/cert-generator/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ rules:
- ""
resources:
- secrets
- services
verbs:
- get
- create
Expand Down
20 changes: 15 additions & 5 deletions pkg/cert-generator/v1beta1/generate/generate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ import (
// generateOptions contains values for all certificates.
type generateOptions struct {
namespace string
serviceName string
jobName string
fullServiceDomain string
}

Expand All @@ -59,12 +61,20 @@ func NewGenerateCmd(kubeClient client.Client) *cobra.Command {
}
f := cmd.Flags()
f.StringVarP(&o.namespace, "namespace", "n", "kubeflow", "set namespace")
f.StringVarP(&o.jobName, "jobName", "j", consts.JobName, "set job name")
f.StringVarP(&o.serviceName, "serviceName", "s", consts.Service, "set service name")
return cmd
}

// run is main function for `generate` subcommand.
func (o *generateOptions) run(ctx context.Context, kubeClient client.Client) error {
o.fullServiceDomain = strings.Join([]string{consts.Service, o.namespace, "svc"}, ".")
controllerService := &corev1.Service{}
if err := kubeClient.Get(ctx, client.ObjectKey{Namespace: o.namespace, Name: o.serviceName}, controllerService); err != nil {
klog.Errorf("Unable to locate controller service: %s", o.serviceName)
return err
}

o.fullServiceDomain = strings.Join([]string{o.serviceName, o.namespace, "svc"}, ".")

caKeyPair, err := o.createCACert()
if err != nil {
Expand Down Expand Up @@ -127,8 +137,8 @@ func (o *generateOptions) createCert(caKeyPair *certificates) (*certificates, er
CommonName: o.fullServiceDomain,
},
DNSNames: []string{
consts.Service,
strings.Join([]string{consts.Service, o.namespace}, "."),
o.serviceName,
strings.Join([]string{o.serviceName, o.namespace}, "."),
o.fullServiceDomain,
},
NotBefore: now,
Expand Down Expand Up @@ -156,7 +166,7 @@ func (o *generateOptions) createCert(caKeyPair *certificates) (*certificates, er
func (o *generateOptions) createWebhookCertSecret(ctx context.Context, kubeClient client.Client, caKeyPair *certificates, keyPair *certificates) error {

certGeneratorJob := &batchv1.Job{}
if err := kubeClient.Get(ctx, client.ObjectKey{Namespace: o.namespace, Name: consts.JobName}, certGeneratorJob); err != nil {
if err := kubeClient.Get(ctx, client.ObjectKey{Namespace: o.namespace, Name: o.jobName}, certGeneratorJob); err != nil {
return err
}

Expand All @@ -177,7 +187,7 @@ func (o *generateOptions) createWebhookCertSecret(ctx context.Context, kubeClien
APIVersion: "batch/v1",
Kind: "Job",
Controller: &isController,
Name: consts.JobName,
Name: o.jobName,
UID: jobUID,
},
},
Expand Down
24 changes: 23 additions & 1 deletion pkg/cert-generator/v1beta1/generate/generate_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,6 @@ func TestGenerate(t *testing.T) {
},
},
}

oldWebhookCertSecret := &corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
Expand All @@ -96,6 +95,16 @@ func TestGenerate(t *testing.T) {
Namespace: testNamespace,
},
}
testControllerService := &corev1.Service{
TypeMeta: metav1.TypeMeta{
Kind: "Service",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: consts.Service,
Namespace: testNamespace,
},
}

tests := []struct {
testDescription string
Expand All @@ -109,6 +118,7 @@ func TestGenerate(t *testing.T) {
testGeneratorJob,
testValidatingWebhook,
testMutatingWebhook,
testControllerService,
},
},
{
Expand All @@ -119,6 +129,7 @@ func TestGenerate(t *testing.T) {
testValidatingWebhook,
testMutatingWebhook,
oldWebhookCertSecret,
testControllerService,
},
},
{
Expand All @@ -127,6 +138,7 @@ func TestGenerate(t *testing.T) {
objects: []client.Object{
testValidatingWebhook,
testMutatingWebhook,
testControllerService,
},
},
{
Expand All @@ -135,6 +147,7 @@ func TestGenerate(t *testing.T) {
objects: []client.Object{
testGeneratorJob,
testMutatingWebhook,
testControllerService,
},
},
{
Expand All @@ -143,6 +156,15 @@ func TestGenerate(t *testing.T) {
objects: []client.Object{
testGeneratorJob,
testValidatingWebhook,
testControllerService,
},
},
{
testDescription: "There is no Service katib-controller",
err: true,
objects: []client.Object{
testGeneratorJob,
testMutatingWebhook,
},
},
}
Expand Down

0 comments on commit 170647d

Please sign in to comment.