Skip to content

Commit

Permalink
Allow porch namespace in cert/webhook to be configured
Browse files Browse the repository at this point in the history
  • Loading branch information
liamfallon committed Mar 5, 2024
1 parent 29b1884 commit 5d56bdf
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 13 deletions.
10 changes: 8 additions & 2 deletions pkg/apiserver/apiserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"context"
"fmt"
"os"
"strings"
"time"

"github.com/nephio-project/porch/api/porch/install"
Expand Down Expand Up @@ -281,9 +282,14 @@ func (c completedConfig) New() (*PorchServer, error) {

func (s *PorchServer) Run(ctx context.Context) error {
porch.RunBackground(ctx, s.coreClient, s.cache)
webhookNs, found := os.LookupEnv("CERT_NAMESPACE")
if !found || strings.TrimSpace(webhookNs) == "" {
webhookNs = "porch-system"
}

certStorageDir, found := os.LookupEnv("CERT_STORAGE_DIR")
if found && certStorageDir != "" {
if err := setupWebhooks(ctx, certStorageDir); err != nil {
if found && strings.TrimSpace(certStorageDir) != "" {
if err := setupWebhooks(ctx, webhookNs, certStorageDir); err != nil {
klog.Errorf("%v\n", err)
return err
}
Expand Down
20 changes: 10 additions & 10 deletions pkg/apiserver/webhooks.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,12 @@ const (
serverEndpoint = "/validate-deletion"
)

func setupWebhooks(ctx context.Context, certStorageDir string) error {
caBytes, err := createCerts(certStorageDir)
func setupWebhooks(ctx context.Context, webhookNs string, certStorageDir string) error {
caBytes, err := createCerts(webhookNs, certStorageDir)
if err != nil {
return err
}
if err := createValidatingWebhook(ctx, caBytes); err != nil {
if err := createValidatingWebhook(ctx, webhookNs, caBytes); err != nil {
return err
}
if err := runWebhookServer(certStorageDir); err != nil {
Expand All @@ -65,11 +65,11 @@ func setupWebhooks(ctx context.Context, certStorageDir string) error {
return nil
}

func createCerts(certStorageDir string) ([]byte, error) {
klog.Infoln("creating self-signing TLS cert and key ")
func createCerts(webhookNs string, certStorageDir string) ([]byte, error) {
klog.Infoln("creating self-signing TLS cert and key with namespace " + webhookNs + " in directory " + certStorageDir)
dnsNames := []string{"api",
"api.porch-system", "api.porch-system.svc"}
commonName := "api.porch-system.svc"
"api." + webhookNs, "api." + webhookNs + ".svc"}
commonName := "api." + webhookNs + ".svc"

var caPEM, serverCertPEM, serverPrivateKeyPEM *bytes.Buffer
// CA config
Expand Down Expand Up @@ -165,8 +165,8 @@ func WriteFile(filepath string, c []byte) error {
return nil
}

func createValidatingWebhook(ctx context.Context, caCert []byte) error {
klog.Infoln("Creating validating webhook")
func createValidatingWebhook(ctx context.Context, webhookNs string, caCert []byte) error {
klog.Infoln("Creating validating webhook with namespace " + webhookNs)

cfg := ctrl.GetConfigOrDie()
kubeClient, err := kubernetes.NewForConfig(cfg)
Expand All @@ -175,7 +175,7 @@ func createValidatingWebhook(ctx context.Context, caCert []byte) error {
}

var (
webhookNamespace = "porch-system"
webhookNamespace = webhookNs
validationCfgName = "packagerev-deletion-validating-webhook"
webhookService = "api"
path = serverEndpoint
Expand Down
2 changes: 1 addition & 1 deletion pkg/apiserver/webhooks_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ func TestCreateCerts(t *testing.T) {
require.NoError(t, os.RemoveAll(dir))
}()

caCert, err := createCerts(dir)
caCert, err := createCerts("", dir)
require.NoError(t, err)

caStr := strings.TrimSpace(string(caCert))
Expand Down

0 comments on commit 5d56bdf

Please sign in to comment.