Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Add tls options to manager.Options #2028

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions pkg/envtest/webhook_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package envtest

import (
"context"
"crypto/tls"
"path/filepath"
"time"

Expand All @@ -41,6 +42,9 @@ var _ = Describe("Test", func() {
Port: env.WebhookInstallOptions.LocalServingPort,
Host: env.WebhookInstallOptions.LocalServingHost,
CertDir: env.WebhookInstallOptions.LocalServingCertDir,
TLSOpts: []func(*tls.Config){
func(config *tls.Config) {},
},
}) // we need manager here just to leverage manager.SetFields
Expect(err).NotTo(HaveOccurred())
server := m.GetWebhookServer()
Expand Down
4 changes: 4 additions & 0 deletions pkg/manager/internal.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package manager

import (
"context"
"crypto/tls"
"errors"
"fmt"
"net"
Expand Down Expand Up @@ -135,6 +136,8 @@ type controllerManager struct {
// if not set, webhook server would look up the server key and certificate in
// {TempDir}/k8s-webhook-server/serving-certs
certDir string
// tlsOpts is used to allow configuring the TLS config used for the webhook server.
tlsOpts []func(*tls.Config)

webhookServer *webhook.Server
// webhookServerOnce will be called in GetWebhookServer() to optionally initialize
Expand Down Expand Up @@ -305,6 +308,7 @@ func (cm *controllerManager) GetWebhookServer() *webhook.Server {
Port: cm.port,
Host: cm.host,
CertDir: cm.certDir,
TLSOpts: cm.tlsOpts,
}
}
if err := cm.Add(cm.webhookServer); err != nil {
Expand Down
5 changes: 5 additions & 0 deletions pkg/manager/manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package manager

import (
"context"
"crypto/tls"
"fmt"
"net"
"net/http"
Expand Down Expand Up @@ -241,6 +242,9 @@ type Options struct {
// It is used to set webhook.Server.CertDir if WebhookServer is not set.
CertDir string

// TLSOpts is used to allow configuring the TLS config used for the webhook server.
TLSOpts []func(*tls.Config)

// WebhookServer is an externally configured webhook.Server. By default,
// a Manager will create a default server using Port, Host, and CertDir;
// if this is set, the Manager will use this server instead.
Expand Down Expand Up @@ -421,6 +425,7 @@ func New(config *rest.Config, options Options) (Manager, error) {
port: options.Port,
host: options.Host,
certDir: options.CertDir,
tlsOpts: options.TLSOpts,
webhookServer: options.WebhookServer,
leaseDuration: *options.LeaseDuration,
renewDeadline: *options.RenewDeadline,
Expand Down
6 changes: 6 additions & 0 deletions pkg/manager/manager_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package manager

import (
"context"
"crypto/tls"
"errors"
"fmt"
"io"
Expand Down Expand Up @@ -211,6 +212,9 @@ var _ = Describe("manger.Manager", func() {
},
}

optionsTlSOptsFuncs := []func(*tls.Config){
func(config *tls.Config) {},
}
m, err := Options{
SyncPeriod: &optDuration,
LeaderElection: true,
Expand All @@ -228,6 +232,7 @@ var _ = Describe("manger.Manager", func() {
Port: 8080,
Host: "example.com",
CertDir: "/pki",
TLSOpts: optionsTlSOptsFuncs,
}.AndFrom(&fakeDeferredLoader{ccfg})
Expect(err).To(BeNil())

Expand All @@ -247,6 +252,7 @@ var _ = Describe("manger.Manager", func() {
Expect(m.Port).To(Equal(8080))
Expect(m.Host).To(Equal("example.com"))
Expect(m.CertDir).To(Equal("/pki"))
Expect(m.TLSOpts).To(Equal(optionsTlSOptsFuncs))
})

It("should lazily initialize a webhook server if needed", func() {
Expand Down
2 changes: 2 additions & 0 deletions pkg/webhook/webhook_integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ var _ = Describe("Webhook", func() {
Port: testenv.WebhookInstallOptions.LocalServingPort,
Host: testenv.WebhookInstallOptions.LocalServingHost,
CertDir: testenv.WebhookInstallOptions.LocalServingCertDir,
TLSOpts: []func(*tls.Config){func(config *tls.Config) {}},
}) // we need manager here just to leverage manager.SetFields
Expect(err).NotTo(HaveOccurred())
server := m.GetWebhookServer()
Expand All @@ -108,6 +109,7 @@ var _ = Describe("Webhook", func() {
Port: testenv.WebhookInstallOptions.LocalServingPort,
Host: testenv.WebhookInstallOptions.LocalServingHost,
CertDir: testenv.WebhookInstallOptions.LocalServingCertDir,
TLSOpts: []func(*tls.Config){func(config *tls.Config) {}},
}) // we need manager here just to leverage manager.SetFields
Expect(err).NotTo(HaveOccurred())
server := m.GetWebhookServer()
Expand Down