Skip to content

Commit

Permalink
fix: rename webhook secret name and remove leader election (#126)
Browse files Browse the repository at this point in the history
Rename the secret name so that it is specific to workspace webhook. The
workspace controller only runs single instance so that webhook HA is not
needed.

Co-authored-by: guofei <[email protected]>
  • Loading branch information
Fei-Guo and Fei-Guo authored Nov 2, 2023
1 parent 0a5a9a2 commit ab74683
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 15 deletions.
2 changes: 1 addition & 1 deletion charts/kaito/workspace/templates/clusterrole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,4 @@ rules:
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["validatingwebhookconfigurations"]
verbs: ["update"]
resourceNames: ["validation.webhook.kaito.sh"]
resourceNames: ["validation.workspace.kaito.sh"]
9 changes: 1 addition & 8 deletions charts/kaito/workspace/templates/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,4 @@ rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["update"]
resourceNames: ["webhook-cert"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "list", "watch", "create"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["patch", "update"]
resourceNames: ["webhook.validationwebhook.00-of-01", "webhook.webhookcertificates.00-of-01"]
resourceNames: ["workspace-webhook-cert"]
2 changes: 1 addition & 1 deletion charts/kaito/workspace/templates/secret-webhook-cert.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: webhook-cert
name: workspace-webhook-cert
namespace: {{ include "kaito.fullname" .}}
labels:
{{- include "kaito.labels" . | nindent 4 }}
Expand Down
4 changes: 2 additions & 2 deletions charts/kaito/workspace/templates/webhooks.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validation.webhook.kaito.sh
name: validation.workspace.kaito.sh
labels:
{{- include "kaito.labels" . | nindent 4 }}
webhooks:
- name: validation.webhook.kaito.sh
- name: validation.workspace.kaito.sh
admissionReviewVersions: ["v1"]
clientConfig:
service:
Expand Down
6 changes: 4 additions & 2 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,9 +129,11 @@ func main() {
ctx := webhook.WithOptions(signals.NewContext(), webhook.Options{
ServiceName: os.Getenv(WebhookServiceName),
Port: p,
SecretName: "webhook-cert",
SecretName: "workspace-webhook-cert",
})
sharedmain.MainWithConfig(sharedmain.WithHealthProbesDisabled(ctx), "webhook", ctrl.GetConfigOrDie(), webhooks.NewWebhooks()...)
ctx = sharedmain.WithHealthProbesDisabled(ctx)
ctx = sharedmain.WithHADisabled(ctx)
sharedmain.MainWithConfig(ctx, "webhook", ctrl.GetConfigOrDie(), webhooks.NewWebhooks()...)
}()
// wait 2 seconds to allow reconciling webhookconfiguration and service endpoint.
time.Sleep(2 * time.Second)
Expand Down
2 changes: 1 addition & 1 deletion pkg/webhooks/webhooks.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func NewWebhooks() []knativeinjection.ControllerConstructor {

func NewCRDValidationWebhook(ctx context.Context, _ configmap.Watcher) *controller.Impl {
return validation.NewAdmissionController(ctx,
"validation.webhook.kaito.sh",
"validation.workspace.kaito.sh",
"/validate/workspace.kaito.sh",
Resources,
func(ctx context.Context) context.Context { return ctx },
Expand Down

0 comments on commit ab74683

Please sign in to comment.