From bbea24763dfad45643059f425b4ead2e47276f5c Mon Sep 17 00:00:00 2001 From: Ce Gao Date: Tue, 17 Dec 2019 12:22:23 +0800 Subject: [PATCH] feat(config): Add a new config for webhook Signed-off-by: Ce Gao --- cmd/katib-controller/v1alpha3/main.go | 10 +++++++++- pkg/controller.v1alpha3/consts/const.go | 3 +++ pkg/webhook/v1alpha3/webhook.go | 20 ++++++++++++++------ 3 files changed, 26 insertions(+), 7 deletions(-) diff --git a/cmd/katib-controller/v1alpha3/main.go b/cmd/katib-controller/v1alpha3/main.go index 9cb3e73b37f..7dd17ca2c53 100644 --- a/cmd/katib-controller/v1alpha3/main.go +++ b/cmd/katib-controller/v1alpha3/main.go @@ -40,18 +40,26 @@ func main() { var experimentSuggestionName string var metricsAddr string var webhookPort int + var certLocalFS bool flag.StringVar(&experimentSuggestionName, "experiment-suggestion-name", "default", "The implementation of suggestion interface in experiment controller (default|fake)") flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") flag.IntVar(&webhookPort, "webhook-port", 8443, "The port number to be used for admission webhook server.") + flag.BoolVar(&certLocalFS, "cert-localfs", false, "Store the webhook cert in local file system") flag.Parse() + // Set the config in viper. viper.Set(consts.ConfigExperimentSuggestionName, experimentSuggestionName) + viper.Set(consts.ConfigCertLocalFS, certLocalFS) + log.Info("Config:", consts.ConfigExperimentSuggestionName, - viper.GetString(consts.ConfigExperimentSuggestionName)) + viper.GetString(consts.ConfigExperimentSuggestionName), + consts.ConfigCertLocalFS, + viper.GetBool(consts.ConfigCertLocalFS), + ) // Get a config to talk to the apiserver cfg, err := config.GetConfig() diff --git a/pkg/controller.v1alpha3/consts/const.go b/pkg/controller.v1alpha3/consts/const.go index 4c2f617d3bb..73019da9587 100644 --- a/pkg/controller.v1alpha3/consts/const.go +++ b/pkg/controller.v1alpha3/consts/const.go @@ -6,6 +6,9 @@ const ( // ConfigExperimentSuggestionName is the config name of the // suggestion client implementation in experiment controller. ConfigExperimentSuggestionName = "experiment-suggestion-name" + // ConfigCertLocalFS is the config name which indicates if we + // should store the cert in file system. + ConfigCertLocalFS = "cert-local-filesystem" // LabelExperimentName is the label of experiment name. LabelExperimentName = "experiment" diff --git a/pkg/webhook/v1alpha3/webhook.go b/pkg/webhook/v1alpha3/webhook.go index a54758f7b57..979fac5e57d 100644 --- a/pkg/webhook/v1alpha3/webhook.go +++ b/pkg/webhook/v1alpha3/webhook.go @@ -16,6 +16,7 @@ limitations under the License. package webhook import ( + "github.com/spf13/viper" admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -36,13 +37,9 @@ const ( ) func AddToManager(m manager.Manager, port int32) error { - server, err := webhook.NewServer("katib-admission-server", m, webhook.ServerOptions{ + so := webhook.ServerOptions{ CertDir: "/tmp/cert", BootstrapOptions: &webhook.BootstrapOptions{ - Secret: &types.NamespacedName{ - Namespace: consts.DefaultKatibNamespace, - Name: katibControllerName, - }, Service: &webhook.Service{ Namespace: consts.DefaultKatibNamespace, Name: katibControllerName, @@ -54,7 +51,18 @@ func AddToManager(m manager.Manager, port int32) error { MutatingWebhookConfigName: "katib-mutating-webhook-config", }, Port: port, - }) + } + + // Decide if we should use local file system. + // If not, we set a secret in BootstrapOptions. + usingFS := viper.GetBool(consts.ConfigCertLocalFS) + if !usingFS { + so.BootstrapOptions.Secret = &types.NamespacedName{ + Namespace: consts.DefaultKatibNamespace, + Name: katibControllerName, + } + } + server, err := webhook.NewServer("katib-admission-server", m, so) if err != nil { return err }