change cert generate method and add pd and kv webhook #406
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
shuijing198799
commented
Apr 18, 2019
shuijing198799
commented
- auto generator ca key crt file
- add kv and pd webhook
|
@weekface @xiaojingchen PTLA |
|
@onlymellb PTAL the cert generate method |
weekface
reviewed
Apr 18, 2019
| func SetupServerCert(namespaceName, serviceName string) *CertContext { | ||
| certDir, err := ioutil.TempDir("", "test-e2e-server-cert") | ||
| if err != nil { | ||
| glog.Errorf("Failed to create a temp dir for cert generation %v", err) |
There was a problem hiding this comment.
You should return an error.
| } | ||
| signingCert, err := cert.NewSelfSignedCACert(cert.Config{CommonName: "e2e-server-cert-ca"}, signingKey) | ||
| if err != nil { | ||
| glog.Errorf("Failed to create CA cert for apiserver %v", err) |
| } | ||
| caCertFile, err := ioutil.TempFile(certDir, "ca.crt") | ||
| if err != nil { | ||
| glog.Errorf("Failed to create a temp file for ca cert generation %v", err) |
There was a problem hiding this comment.
and all these should return a error.
tests/pkg/webhook/pods.go
Outdated
| glog.Infof("savely delete pod namespace %s name %s content %s", nameSpace, name, string(content)) | ||
| } | ||
|
|
||
| } else if pod.Labels["app.kubernetes.io/component"] == "pd" { |
There was a problem hiding this comment.
Suggested change
| } else if pod.Labels["app.kubernetes.io/component"] == "pd" { | |
| } else if pod.Labels[label.ComponentLabelKey] == "pd" { |
tests/pkg/webhook/pods.go
Outdated
| } | ||
|
|
||
| if info.IsOwner { | ||
| glog.Errorf("tidb is ddl owner, can't be deleted namespace %s name %s", nameSpace, name) | ||
| } else if pod.Labels["app.kubernetes.io/component"] == "tikv" { |
tests/pkg/webhook/pods.go
Outdated
| podIP := tc.Status.PD.Leader.ClientURL | ||
| for _, store := range tc.Status.TiKV.Stores { | ||
| if store.PodName == name { | ||
| storeID = store.ID |
There was a problem hiding this comment.
Suggested change
| storeID = store.ID | |
| storeID = store.ID | |
| break |
weekface
reviewed
Apr 19, 2019
tests/cmd/e2e/main.go
Outdated
| @@ -40,7 +40,10 @@ func main() { | |||
|
|
|||
| cli, kubeCli := client.NewCliOrDie() | |||
|
|
|||
| context := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), "webhook-service") | |||
| context, err := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), "webhook-service") | |||
There was a problem hiding this comment.
merge this function into StartValidatingAdmissionWebhookServerOrDie.
| } | ||
| caCertFile, err := ioutil.TempFile(certDir, "ca.crt") | ||
| if err != nil { | ||
| glog.Errorf("Failed to create a temp file for ca cert generation %v", err) | ||
| return nil, err | ||
| } | ||
| if err := ioutil.WriteFile(caCertFile.Name(), cert.EncodeCertPEM(signingCert), 0644); err != nil { | ||
| glog.Errorf("Failed to write CA cert %v", err) |
There was a problem hiding this comment.
this should be fixed also
|
/run-e2e-tests |
tests/pkg/webhook/pods.go
Outdated
|
|
||
| } | ||
|
|
||
| if kvLeaders, err = getAllKVLeaders(tc, httpClient); err != nil { |
There was a problem hiding this comment.
the getAllKVLeaders should be called outside admitPods, best in the init phase of the webhook server.
weekface
reviewed
Apr 22, 2019
tests/pkg/webhook/pods.go
Outdated
| ret = make(map[string]int) | ||
| podIP := tc.Status.PD.Leader.ClientURL | ||
| for _, store := range tc.Status.TiKV.Stores { | ||
| url := fmt.Sprintf("%s/pd/api/v1/store/%s", podIP, store.ID) |
There was a problem hiding this comment.
why not use GetStore:
tidb-operator/pkg/controller/pd_control.go
Line 292 in ebd499e
There was a problem hiding this comment.
get store have no pod name。
There was a problem hiding this comment.
use GetStore is better,it only needs storeID and less codes
… to record the number
weekface
reviewed
Apr 25, 2019
| @@ -89,6 +96,37 @@ func (tdc *defaultTiDBControl) ResignDDLOwner(tc *v1alpha1.TidbCluster, ordinal | |||
| return false, err2 | |||
| } | |||
|
|
|||
| func (tdc *defaultTiDBControl) GetInfo(tc *v1alpha1.TidbCluster, ordinal int32) (*dbInfo, error) { | |||
There was a problem hiding this comment.
Open an issue to remember to add unit tests to cover this method.
| if err != nil { | ||
| reviewResponse.Allowed = false |
There was a problem hiding this comment.
Why delete this line? reviewResponse.Allowed default is true.
tests/pkg/webhook/pods.go
Outdated
| if err != nil { | ||
| reviewResponse.Allowed = false |
| if err != nil { | ||
| glog.Errorf("fail to read response %v", err) | ||
| glog.Errorf("fail to convert string to int while deleting TiDB err %v", err) | ||
| return &reviewResponse |
| if err != nil { | ||
| glog.Errorf("unmarshal failed,namespace %s name %s error:%v", nameSpace, name, err) | ||
| glog.Errorf("fail to get tidb info error:%v", err) |
tests/pkg/webhook/pods.go
Outdated
| if err != nil { | ||
| glog.Errorf("fail to read response %v", err) | ||
| return &reviewResponse |
| err = json.Unmarshal(content, leader) | ||
| if err != nil { | ||
| glog.Errorf("unmarshal failed,namespace %s name %s error:%v", nameSpace, name, err) | ||
| glog.Errorf("fail to get pd leader %v", err) |
| storeID, err = strconv.ParseUint(store.ID, 10, 64) | ||
| if err != nil { | ||
| glog.Errorf("fail to convert string to int while deleting PD err %v", err) | ||
| return &reviewResponse |
| glog.Errorf("fail to read response %v", err) | ||
| // Fail to get store in stores | ||
| if storeID == 0 { | ||
| glog.Errorf("fail to find store in TIKV.Stores podname %s", name) |
| if err != nil { | ||
| glog.Errorf("unmarshal failed,namespace %s name %s error:%v", nameSpace, name, err) | ||
| glog.Errorf("fail to read storeID %d response %v", storeID, err) |
|
/run-e2e-tests |
|
/run-e2e-tests |
|
/run-e2e-tests |
3 similar comments
|
/run-e2e-tests |
|
/run-e2e-tests |
|
/run-e2e-tests |
weekface
approved these changes
Apr 29, 2019
yahonda
pushed a commit
that referenced
this pull request
Dec 27, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.