Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

change cert generate method and add pd and kv webhook #406

Merged
merged 11 commits into from
Apr 29, 2019
Merged

change cert generate method and add pd and kv webhook #406

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
333f221
change cert generate method and add pd and kv webhook
shuijing198799 Apr 18, 2019
9c3c6d3
comment fix
shuijing198799 Apr 19, 2019
21e1fe9
merge setupcert into validatingwebhook function
shuijing198799 Apr 19, 2019
7cdc33a
fix comment
shuijing198799 Apr 19, 2019
d6f9478
save tikv leader count and compare
shuijing198799 Apr 20, 2019
38d645b
use pdclient and tidbcontroller instead of raw httpclient and use map…
shuijing198799 Apr 24, 2019
7349ed1
conflit resolve
shuijing198799 Apr 24, 2019
48aab80
all illegel condition return false
shuijing198799 Apr 25, 2019
71162db
if tidb is deleting, allow the delete operation in webhook
shuijing198799 Apr 26, 2019
41436ab
forget to format
shuijing198799 Apr 26, 2019
055761e
Merge branch 'master' into webhook-teseet
shuijing198799 Apr 28, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 18 additions & 20 deletions tests/actions.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
package tests

import (
"crypto/tls"
"database/sql"
"encoding/json"
"fmt"
Expand All @@ -30,6 +31,7 @@ import (
"github.com/golang/glog"
pingcapErrors "github.com/pingcap/errors"
"github.com/pingcap/kvproto/pkg/metapb"
"github.com/pingcap/tidb-operator/tests/pkg/apimachinery"
"github.com/pingcap/tidb-operator/tests/pkg/webhook"
admissionV1beta1 "k8s.io/api/admissionregistration/v1beta1"
"k8s.io/api/apps/v1beta1"
Expand Down Expand Up @@ -117,7 +119,7 @@ type OperatorActions interface {
RegisterWebHookAndService(info *OperatorConfig) error
RegisterWebHookAndServiceOrDie(info *OperatorConfig)
CleanWebHookAndService(info *OperatorConfig) error
StartValidatingAdmissionWebhookServerOrDie()
StartValidatingAdmissionWebhookServerOrDie(info *OperatorConfig)
}

type operatorActions struct {
Expand All @@ -140,6 +142,7 @@ type OperatorConfig struct {
WebhookServiceName string
WebhookSecretName string
WebhookConfigName string
Context *apimachinery.CertContext
}

type TidbClusterConfig struct {
Expand All @@ -166,6 +169,16 @@ type TidbClusterConfig struct {
BlockWriteConfig blockwriter.Config
}

func (oi *OperatorConfig) ConfigTLS() *tls.Config {
sCert, err := tls.X509KeyPair(oi.Context.Cert, oi.Context.Key)
if err != nil {
glog.Fatal(err)
}
return &tls.Config{
Certificates: []tls.Certificate{sCert},
}
}

func (tc *TidbClusterConfig) BackupHelmSetString(m map[string]string) string {

set := map[string]string{
Expand Down Expand Up @@ -1864,23 +1877,8 @@ func (oa *operatorActions) RegisterWebHookAndService(info *OperatorConfig) error

namespace := os.Getenv("NAMESPACE")
configName := info.WebhookConfigName
filePath := "/webhook.local.config/certificates/ca.crt"

fd, err := os.Open(filePath)
if err != nil {
glog.Errorf("file can't open file path %s err %v", filePath, err)
return err
}
defer fd.Close()

ca, err := ioutil.ReadAll(fd)

if err != nil {
glog.Errorf("file can't read file path %s err %v", filePath, err)
return err
}

_, err = client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionV1beta1.ValidatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&admissionV1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: configName,
},
Expand All @@ -1901,7 +1899,7 @@ func (oa *operatorActions) RegisterWebHookAndService(info *OperatorConfig) error
Name: info.WebhookServiceName,
Path: strPtr("/pods"),
},
CABundle: ca,
CABundle: info.Context.SigningCert,
},
},
},
Expand Down Expand Up @@ -1998,11 +1996,11 @@ func (oa *operatorActions) drainerHealth(info *TidbClusterConfig, hostName strin
return len(healths.PumpPos) > 0 && healths.Synced
}

func (oa *operatorActions) StartValidatingAdmissionWebhookServerOrDie() {
func (oa *operatorActions) StartValidatingAdmissionWebhookServerOrDie(info *OperatorConfig) {
http.HandleFunc("/pods", webhook.ServePods)
server := &http.Server{
Addr: ":443",
TLSConfig: oa.cfg.ConfigTLS(),
TLSConfig: info.ConfigTLS(),
}
err := server.ListenAndServeTLS("", "")
if err != nil {
Expand Down
11 changes: 8 additions & 3 deletions tests/cmd/e2e/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,15 @@ package main
import (
"fmt"
_ "net/http/pprof"
"os"

"github.com/golang/glog"
"github.com/jinzhu/copier"
"k8s.io/apiserver/pkg/util/logs"

"github.com/pingcap/tidb-operator/tests"
"github.com/pingcap/tidb-operator/tests/backup"
"github.com/pingcap/tidb-operator/tests/pkg/apimachinery"
"github.com/pingcap/tidb-operator/tests/pkg/client"
)

Expand All @@ -38,10 +40,9 @@ func main() {

cli, kubeCli := client.NewCliOrDie()

oa := tests.NewOperatorActions(cli, kubeCli, conf)
context := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), "webhook-service")

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie()
oa := tests.NewOperatorActions(cli, kubeCli, conf)

operatorInfo := &tests.OperatorConfig{
Namespace: "pingcap",
Expand All @@ -54,8 +55,12 @@ func main() {
WebhookServiceName: "webhook-service",
WebhookSecretName: "webhook-secret",
WebhookConfigName: "webhook-config",
Context: context,
}

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie(operatorInfo)

initTidbVersion, err := conf.GetTiDBVersion()
if err != nil {
glog.Fatal(err)
Expand Down
12 changes: 9 additions & 3 deletions tests/cmd/stability/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,12 @@ import (
"fmt"
"net/http"
_ "net/http/pprof"
"os"
"time"

"github.com/golang/glog"
"github.com/jinzhu/copier"
"github.com/pingcap/tidb-operator/tests/pkg/apimachinery"
"github.com/pingcap/tidb-operator/tests/pkg/client"
"k8s.io/apiserver/pkg/util/logs"

Expand All @@ -37,16 +39,16 @@ func main() {

conf := tests.ParseConfigOrDie()
cli, kubeCli := client.NewCliOrDie()

context := apimachinery.SetupServerCert(os.Getenv("NAMESPACE"), "webhook-service")

oa := tests.NewOperatorActions(cli, kubeCli, conf)
fta := tests.NewFaultTriggerAction(cli, kubeCli, conf)
fta.CheckAndRecoverEnvOrDie()

tidbVersion := conf.GetTiDBVersionOrDie()
upgardeTiDBVersions := conf.GetUpgradeTidbVersionsOrDie()

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie()

// operator config
operatorCfg := &tests.OperatorConfig{
Namespace: "pingcap",
Expand All @@ -58,8 +60,12 @@ func main() {
WebhookServiceName: "webhook-service",
WebhookSecretName: "webhook-secret",
WebhookConfigName: "webhook-config",
Context: context,
}

// start a http server in goruntine
go oa.StartValidatingAdmissionWebhookServerOrDie(operatorCfg)

// TODO remove this
// create database and table and insert a column for test backup and restore
initSql := `"create database record;use record;create table test(t char(32))"`
Expand Down
16 changes: 0 additions & 16 deletions tests/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package tests

import (
"crypto/tls"
"flag"
"fmt"
"github.com/pingcap/tidb-operator/tests/pkg/blockwriter"
Expand Down Expand Up @@ -63,11 +62,6 @@ func NewConfig() *Config {
flag.StringVar(&cfg.TidbVersions, "tidb-versions", "v2.1.3,v2.1.4", "tidb versions")
flag.StringVar(&cfg.OperatorTag, "operator-tag", "master", "operator tag used to choose charts")
flag.StringVar(&cfg.OperatorImage, "operator-image", "pingcap/tidb-operator:latest", "operator image")
flag.StringVar(&cfg.CertFile, "tls-cert-file", cfg.CertFile, ""+
"File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated "+
"after server cert).")
flag.StringVar(&cfg.KeyFile, "tls-private-key-file", cfg.KeyFile, ""+
"File containing the default x509 private key matching --tls-cert-file.")
flag.StringVar(&cfg.OperatorRepoDir, "operator-repo-dir", "/tidb-operator", "local directory to which tidb-operator cloned")
flag.Parse()

Expand Down Expand Up @@ -132,16 +126,6 @@ func (c *Config) GetTiDBVersionOrDie() string {
return v
}

func (c *Config) ConfigTLS() *tls.Config {
sCert, err := tls.LoadX509KeyPair(c.CertFile, c.KeyFile)
if err != nil {
glog.Fatal(err)
}
return &tls.Config{
Certificates: []tls.Certificate{sCert},
}
}

func (c *Config) GetUpgradeTidbVersions() []string {
tidbVersions := strings.Split(c.TidbVersions, ",")

Expand Down
20 changes: 0 additions & 20 deletions tests/manifests/e2e/e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,3 @@
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-secret
namespace: tidb-operator-e2e
type: Opaque
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2ekNDQWRPZ0F3SUJBZ0lJV2xBRzZaeDVxRDR3RFFZSktvWklodmNOQVFFTEJRQXdFakVRTUE0R0ExVUUKQXhNSFkyRXRZMlZ5ZERBZUZ3MHhPVEEwTVRjd016TTRNVGRhRncweU1EQTBNVFl3TXpNNE1UZGFNREF4TGpBcwpCZ05WQkFNVEpYZGxZbWh2YjJzdGMyVnlkbWxqWlM1MGFXUmlMVzl3WlhKaGRHOXlMV1V5WlM1emRtTXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzdGaHBoRWpRMWlMN1lKRjZBUmJhb1hHZEcKS21Lbkw3NHhvMkFnT2F3M1dmM3pVWXR3eUVsbUFzNDBLWXowL01saWFuMGRHalVRVVNQbEpFeEV5dUt1QVdPYQpnOXE4WUZKUklqNTQxUnZqZlI2NytwMDBPT0lTamJrUkhiemErcS93N1NTMkxjSUhBTXFsUVFNQnVUMVZScnUrCnF1R0M2K0VCLzVQMnB2RHRXWHo3dVFnYmhyOERFRmZsdFBWTUJWWnhOdDRMSUpTYm1UTkVsREdIVTl1R3NiZEsKd1FlNWp5T1dOOHNvT01PNEpkMzY4Y3MvSGFtenBOYktDZVpMbWVsTVpsc1Z3Y0tsOEt3dVdVSkM5dE11cHM1TQo1Zk1yMGE4OERhOFM3RkFVZ2ZZVkh5QTVXby9JOGlWQ21vUThrd2svaUxsNzd1bkkwdmVDZFhETFVsMHJBZ01CCkFBR2pKekFsTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNEQVRBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFWSG41Z3IyeWpydkdhaGtCWXBZT0JYZFBOb0Z3Ykg5K1BraG9YOVJKRmtMMgoxbVQ1TUpvdHNTT2hRR0RaS2VvQm5tdlFoRUNJakVSb2xiVm5wdG9JYkN4elBFNFV0ZVc0NGoxU1AwL2xmZGtJCm5Cb2MycmhhQ0NmR3ZnMWgzWDVZZ0ZMblJaL1F1Y3puVno4b1RnVTB1dVBxTlhJOXFQc2dKT2laaWpVa1pwRzQKV090cDYrVEY2blRhY25PMnJ6bFl2RjJ2NkxZN2I1TmNXU0xUbnc0MUYzdVJDYnU4MHZxcm5yd2xJMkUrcXpySAo1MVdpWHI5VmJaMHBJUlowWEZIdXdoY2hmWVpEaENUVDFHMlh0b2ZqaTF1aUsrZWJsWVE3czJ0NWU1ZXJqTnZNCmxRUnVPNVUzemhxcHltZG1QaHJ0SFdBbVRSMXZwOER1NnZTakhmQzFXUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXhZYVlSSTBOWWkrMkNSZWdFVzJxRnhuUmlwaXB5KytNYU5nSURtc04xbjk4MUdMCmNNaEpaZ0xPTkNtTTlQekpZbXA5SFJvMUVGRWo1U1JNUk1yaXJnRmptb1BhdkdCU1VTSStlTlViNDMwZXUvcWQKTkRqaUVvMjVFUjI4MnZxdjhPMGt0aTNDQndES3BVRURBYms5VlVhN3ZxcmhndXZoQWYrVDlxYnc3Vmw4KzdrSQpHNGEvQXhCWDViVDFUQVZXY1RiZUN5Q1VtNWt6UkpReGgxUGJockczU3NFSHVZOGpsamZMS0RqRHVDWGQrdkhMClB4MnBzNlRXeWdubVM1bnBUR1piRmNIQ3BmQ3NMbGxDUXZiVExxYk9UT1h6SzlHdlBBMnZFdXhRRklIMkZSOGcKT1ZxUHlQSWxRcHFFUEpNSlA0aTVlKzdweU5MM2duVnd5MUpkS3dJREFRQUJBb0lCQURHdUJlVS9DMFFvQXQycwprcmVuUzREYndNVGVIb0pjNkRtUU04ZDY2U050cjBUOG8zV1lpZjBmdzVnUWJKRGx5NmhwdEwyVXB3Q2xPMDN1CjNKM3I3bFBjcEpGMGNCSlQxYWdiMnRFRmJqbHprVVREb1Jrci9jU0ZnOTVxc2lySUpRNXFPclJ4NURNdDM2SVEKYUhiOXRLNi9jTDJKN1FaeUVyY1FJajkrUno0UGI3L3NqZDFNYzBETHJJS0ZvRWoxdkNpcDRCWWZ4YlliQXZOWQozQTZzVU8rUENja0ZXaytxeE9BMndVUS83Tjc3UDBIMGRYeURmYitIVUIzL1RRbWhxWXh5S1kxRXo4cWZXNkg0Cmp6ZWhDYjhUSGhqVXB2WnhvTzQ3R0YvWmt4SVBISlozK0djc0UySnROODlBSTExSk9SNEZCckFKK1N5Y1BjRXkKbTgxdmpza0NnWUVBeVMvQ1hoeXpMb2UwU3ZyL05sK3M1eE1KUnZTSmhGcmZSR3I5T1UxQUFxZk52WTVVUDhsagpqK3RZOC9VSTE2YjdvZjJvVUdMZFd6cVBxeC93ajNXNzlVZGZyVDJobmZ0OFhRQ3JvZFN3WXdLMUJaK2FMclpqCjBzSTdRWHV6WlMyaWMrVDdiR04ycHdiaHJwRGlxQ0hVUzBmU1IwOFNCS3NmVWpLSklvQnlRcFVDZ1lFQTdnN2oKMmxtR09hakJpN05MZ3lINmE4WFRNMFAxU0wzUGQ4QnNiQXZoM2pLVG8zbWYwZmhjMFhyR0d4b0xkLzJ2NHdqUApLS3ptVWlvNGpiZXJsaW5XTXNWM3pNSXYvREVqVEFhUHJKUWJGUHRuTW92ZEU2K1pVdmZGQU9uS2VhczRqZFIxCk5vd2tOcTlRbE45Wmg0OHF2TnhkVHByeGp6NmFKZFAwcFg1TDhMOENnWUJoK3JWeE9nNzFrVGQzOE1kTUJzcGcKK3Y5Z3BBVTVCVHlJeUlZc1d2ZmFremg2b1k5Y1JVc01zelJ1RXg3TVQ5RnFzZXMvd3ZaRTBMOVpPc1BnU2hsUQp1Z0xaanhOZnFqT0Y0NmF5dUs5eWVNWUtTQkZCd0tmYTQ2Y1NIQmxoSkJsaTBkaTBqN2dnWGhTWS9JeTJEMHVoCm9nZkJuTHVNdEg0YmZPc1dkM0d1QlFLQmdRQ1J1NXZSTjZ6cjcxdE00bDMvMFBVMHRNNHVQQlFVaTk1T09RWW0KdnI5dS94ZFNwRW9xaUJpS1JOYXlFS2VrdFREUGs3ejk4WnF1QWhyTTV2dXIyY0MvSkJQS3piWUNkVEplZ0VYRQpLSWJMdVh2YmZiUEJNV1p6WENyRi9GbHZVbG8wdVROb1NUS0NKNkQxQWlZVXpwZ2pOZVFKRXVGK0I1em1PM014ClBMZlFrUUtCZ0NhOVZ3OTBsMzRUQ0ZQVHR2VFh6ZmdHUDY1eWhoaE80TURSY21LODdueHJmekxDbnJGZUZ6VmQKTUhVRDdmbUVzbEViUjVJRTNCbnBTR2dkTlQ1T2RvR3g4OTN4QllMKzdvODN1RnJ0MnpVSk5Vbm1TOXBkWGFIdwp5WU9sN0J6YVlrOVVodjRoS2REYVJYSnd1YVlRYzhINVlZN3N2Q1NKVk1rWWhTc3lKNFlCCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN3akNDQWFxZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkallTMWoKWlhKME1CNFhEVEU1TURReE56QXpNemd4TjFvWERUSTVNRFF4TkRBek16Z3hOMW93RWpFUU1BNEdBMVVFQXhNSApZMkV0WTJWeWREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5tTDFRdGhGOVlVCklMOWlnNGJRc3F4bE42RVVuODRkWHg5akV0d0dQanNJU2xqVWtsSStjYmNRelhSd3BTK0JnUFZMQjdlNWtlTjQKYStlc0JISEN6WXZQZjZ5aUI1eXR1emc3VWJ0RnVTMXZkNmdTT01QcS9vVXpZYTVydkVTY2dMLzlWL2RLMVNObAp6R3poZlU4anlGeFNDMWt1U2lUMnI0VXBSZStwL1kyQnVwQ2U3UVhQUUVNYS9Qa0Z4UDBaekVyc3NnSmV0azJECnBPemlLcG5oQmhiNXN1amw2RWhqbStjakYwRWlxUDhrSXhSS3cxUE5lRFZ4WEdseHpaZzFLMjZyUXhCNUtJdW4KeHRmMFh2dDRZZ2NnMTJPVHVNMVRwcFlaaHhRM3k5TVBRdm9nK3lTRktoREZ4ZEJ6TUt0RDY0QXoxU1Q5VVUvawo1WjBSYVlyMlgrOENBd0VBQWFNak1DRXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CCkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBS21XczJYNXRuTm4vTmNnOENJSGpNMUIyRDN3SDE2d0ttb2oKelVQcFEvdXpBaWZ5ZW1WdytKNEVjWnVyVlpSUlpBUFp0Kyt1RTYvS2kxcUFPNmp1U0dSU0xXaVA3ZFA5SXF6dwpIRDZ6Nzl5dDBFMDJSRFlVUzhsbVJqWlFhbzJoNVJVTi81ZXVabmtqaWFFQ2VlOUMxVGkyaWwrMHdUZEdQbFl1CmFRTTZYMU45aXZiK3huSnROQlE2STJseTBDNG94aFZKM1o0SC80Ym9Vd3UzT3d0OEhmL21NYzA0bkl6N1lZOGwKUm12U3BrNWYxM0k1VjRLTUZuQ1V4WjAyWGVTbkY1dWVNYktpcUo0NXk3cVJ2SWIydlNBRVFHbWx4M1piRjNPRwpUdC9BWk1ITkM3ZnNWQmY5c1QrQUFEMGtTSXc3SERiMXBGOEFUVU84UHRHZzh5NGhJQTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
apiVersion: v1
kind: Service
metadata:
Expand Down Expand Up @@ -61,14 +49,9 @@ spec:
- --operator-tag=e2e
- --operator-image=pingcap/tidb-operator:latest
- --tidb-versions=v2.1.3,v2.1.4
- --tls-cert-file=/webhook.local.config/certificates/tls.crt
- --tls-private-key-file=/webhook.local.config/certificates/tls.key
volumeMounts:
- mountPath: /logDir
name: logdir
- name: webhook-certs
readOnly: true
mountPath: /webhook.local.config/certificates
env:
- name: NAMESPACE
valueFrom:
Expand All @@ -79,7 +62,4 @@ spec:
hostPath:
path: /var/log
type: Directory
- name: webhook-certs
secret:
secretName: webhook-secret
restartPolicy: Never
20 changes: 0 additions & 20 deletions tests/manifests/stability/stability.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,3 @@
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-secret
namespace: tidb-operator-stability
type: Opaque
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvRENDQWVTZ0F3SUJBZ0lJVS9pL0hYaGpvaXN3RFFZSktvWklodmNOQVFFTEJRQXdIVEViTUJrR0ExVUUKQXhNU1pUSmxMWE5sY25abGNpMWpaWEowTFdOaE1CNFhEVEU1TURReE5EQTJNVFUwTWxvWERUSXdNRFF4TXpBMgpNVFUwTTFvd05qRTBNRElHQTFVRUF4TXJkMlZpYUc5dmF5MXpaWEoyYVdObExuUnBaR0l0YjNCbGNtRjBiM0l0CmMzUmhZbWxzYVhSNUxuTjJZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMVmwKZCtTR1dONDNSd3hNTUt3MVZhWG1vYWRtWXU1VjNsNlhVTjczZTNSYUZ2RDlYZEI0MUovc0EvQmp5NThqSm1OKwpoYURTczgvMVA1L1JHODFhVExpUUZDS3FWdTY3bDQvR3Y1a1gyZ3I4UHJMcjBkVW9hbGpyYUpzbm9VdVJ5VEJQCkJWSm1BQWppQlAySmJoWldIVy9HWCtvNjNTa3NucHZmZEcxVXA3M3NCS0hYRCt5dXEydnVMOHI0WTIveHU4SnYKZUFhbUE0K0hHdHNuNlUrQWVwc0V3QjdDcEQ3SWd6ejVROE9HVWtUcVg1NVJtNFJyM3dyOWJDY3ZyZmZNd0VZZgpLME9jWmNEcG9yRnkyNkxCeWx6WjJCOWdDRlhzdFN6V2xaSDZ2TmhJaDZ5OEl3YzlvWjRWZWFJOTkzUmF4cHpRCi8ySzhhbGVCZHl3TmNLeFZGbVVDQXdFQUFhTW5NQ1V3RGdZRFZSMFBBUUgvQkFRREFnV2dNQk1HQTFVZEpRUU0KTUFvR0NDc0dBUVVGQndNQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQXFFRlE2NzVEMTlVMy9TWENOdk1XWAptMy9kdE0vd2V2b2JNZWdwbEFPSUdNT20xSW5ScDQ3MU1mZURURmUvQWpEL1JVZ1J6QlI0bGQxMC9Cc1B4SkFtCkk5OGJYd3N3UVhRSEE0NEtGcXN0SmdqbVpncHR4eVhNb3ptMnU4WHVHTHQ5UWJLcUU4UEdFZWFhSXJlRFg3TVEKaWdxRFlwTDV1cVpOYnRZekxhemllekZKYTJQeWkvSG5aeFZzTU1vdUFPdk5hMlduQUdDTWV1eDlCTStDMSt6SApjWnJOWVpZVWFMU2doSWJYa1dHMVoyenZONzFtUHd1TGtBcGFoUHMycDl6c0FLN3pmVVgrZjQxTlJUNWR6MGo5CkJUYWlQVlF6MWFVM2grOUhpSlNSV3FoeEViQjMrSjVOQXN6d1N0WktHYlBtdmlISjJqQkZ3aGRleU9zdmlheUgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdFdWMzVJWlkzamRIREV3d3JEVlZwZWFocDJaaTdsWGVYcGRRM3ZkN2RGb1c4UDFkCjBIalVuK3dEOEdQTG55TW1ZMzZGb05LenovVS9uOUVielZwTXVKQVVJcXBXN3J1WGo4YS9tUmZhQ3Z3K3N1dlIKMVNocVdPdG9teWVoUzVISk1FOEZVbVlBQ09JRS9ZbHVGbFlkYjhaZjZqcmRLU3llbTk5MGJWU252ZXdFb2RjUAo3SzZyYSs0dnl2aGpiL0c3d205NEJxWURqNGNhMnlmcFQ0QjZtd1RBSHNLa1BzaURQUGxEdzRaU1JPcGZubEdiCmhHdmZDdjFzSnkrdDk4ekFSaDhyUTV4bHdPbWlzWExib3NIS1hObllIMkFJVmV5MUxOYVZrZnE4MkVpSHJMd2oKQnoyaG5oVjVvajMzZEZyR25ORC9ZcnhxVjRGM0xBMXdyRlVXWlFJREFRQUJBb0lCQUhCVWpaSXV3QW1jSVpzego4MUF4RndETmVYMjRvYnNGNGRhaHphckZodVhlaENab1FCaEJPeXB0ZFdMLzZiQjZpK05CRG04eEM3alVIcnBSCk8rNUc1UXZGN1RJcVdmc3NvQWFoQlRWQTEvM0ZodTQxcXBOZG03M0V5ZHFMQ0E5TUVGS2lIS0dTR0tObms3K04KdzJhQm5Xa0NaNU1kTUtlMndlRzAxdHg5ZUFMYmdsZ0VvQUVaR0g3c2lpUmpqd3hUN0dFd0FHSklTQWxobmUzUwo4UmhGY1dLNmp5QVRWS1RzY0Fhc2J3TVJXV21FcFFDMFhhNVhuZ01MR1piSmFCb20zM3RGbEd3dDFxdVhRbGkvCnV6UGZxNjhINVNaYisyOHArNS94ZmhuNlhPYVBaNVJ6QnpvVzBtV2tZOEFaR29STXVXLzV0TEVsdGpEQ1ZwZDkKaTVmQy8yRUNnWUVBMEc5TTl0Q2Z2eGpLSkU2UUcxL3hUcHNDNU0rbElERkFLUVVZWjFQamxWanUwcDkxc0FmUAoxNFRyakJCdlRJR2JGazhCN2tXQVI4Q3NSS0JPQVpqSkZFNmRGZFc4aStNK29PTzRVOTZNdDJIc0lKemxNT0JuCnk3ZWxSTjhXcGZCamNyK1QwWmtqOGV3M0g4QnhkOXZhYWE4WkRUWW1XaXhQM09CT0VTb0lYa2NDZ1lFQTNzcVgKZUgvZUhYblFlSlRsZ25MOTVoVUhJbEJ1eUU4NmlQb2k1SGVDWkZMUWgzR28rQmxLeXpBNm1BL3dwR2E0MEhlUwpnQkJwQTk3U3crYUtldGdoOEh0ODhEb0l6eWllZEdmVWkyQ0dPTWtNWDBLdjZ1c0RqcHlmWTB3KzdpMGFidURICkRWK1VTSjdtNjhzY05yNUFzVkx0anhqS0dFMk9Uc3FXQmpTL0gvTUNnWUFzK1djVTlvMFJrY3JFTE1PQmRLRS8Kd2NqTkVGVGo3bHlXdlVlM3UrMG1ZNHNjblZXcWh2VDgzdXhvUzMrSWRZcStOSXdKR3F3RVQzbWNVUzZqdjVEYgp0ZDdGUUZvdm9QZjVoVWxYcDNTYmVTQ1hKT043T1dDTUgzTWt1akpMMmVQTGRiVHlpK1dxcExwOE9tMEJYTW55Cjlkb2s5S012MzlIWHFmcU9UNUNBcndLQmdGVU5MRlFoSkc5R1FMSzN6UUpHMmV6TEhFVWFSYUNNdG9EeVZQMjUKTGZzVXJtejJsQlhhdWZYbHZJaXVsU1I5M3BJZkE3dUdDRUVsQUhzdStMQzY4QUg1Y3BIVzVlUUgwcTRIc1ZsZwpDUDJHcXdWMjFPZXV2bFhrTHVqZWc2dXpaa0xyNXJHUlNtK0swZ2MwSzlvdU9VNDRwVjRhalpSSGowcy9CWlRxCjhBZkhBb0dCQUtWeWpVV05wSHBZNzFFNlJxUjlsRE5sY2RjaE8zdjYwdnBUL1FjVkJyZUdqWmFBeWkremNvMlIKZlRwaUlPT0hhVUxCVVBqVmYxNTllMjRINi9PSkNMeGQrM0hzbE1lZDcvMndNUlZEWjBaV0EzbWR6SnRSMG56Zwo4ZTAweW41QTdTNm12NFJldVhvM1E1Tm1ESkxLZGk3eXNCNXVWMWpvSE9PZmRVQ3dSbDVkCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMyRENDQWNDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFkTVJzd0dRWURWUVFERXhKbE1tVXQKYzJWeWRtVnlMV05sY25RdFkyRXdIaGNOTVRrd05ERTBNRFl4TlRReVdoY05Namt3TkRFeE1EWXhOVFF5V2pBZApNUnN3R1FZRFZRUURFeEpsTW1VdGMyVnlkbVZ5TFdObGNuUXRZMkV3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBCkE0SUJEd0F3Z2dFS0FvSUJBUUMrS0hhN0xIV1IrbWkwWGsyUjEzcnRyTmxTNVBHSlYxV2psMXcyWTRraEZYakcKNGRXNCtKcndwRGZjb09DY0VlOG5rcTRWbDRSZTZZT1luUyszV2lWWVlDaXJNejQ0bGUrQU9EY3c5bDZkYTNINwpEczRzSllPSklZaWRxQldtY0FxZy9tKzZBaHBsdlRiZEdxcjZuMEQ4SVhacFhJUGNpMGpSTDlqaE96ZEpqNnFlClV5Y1hCQUVkK1ZpRGpmU3drMSt0cWxUY3RaTWZxbTJwcmllUVNXSjl2R21SZXlNUFNpMVdPZ3dCbDJFVzRhN0UKcEdHM2liUCtWeERaNmlYR0g4Y2dwWDVSRlB3VC9yeUJ4WkllSmtTbFZmUVpjeWV6cXJNYkRsNGJDWTkvMzIzSgpLODFjUDM2L1BYOHg4OVk3VFhmQUtWRHZicVk5b0VlbktBT2R5d2QxQWdNQkFBR2pJekFoTUE0R0ExVWREd0VCCi93UUVBd0lDcERBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCZUZmcGkKYkQ3Mi96Nyt5a0w5SHJoOWtWL1pralM2WThkUVdnOTFQNzlJOVUzdXI2Vk9iaHJZY3VTdVZNdkFnZCtPeEEveApYTnpHYitpN2pzYzdzMXM0bXdpUnZjY0pBSnFKQmxXTWM0R1pLRVBxRW9XbUxlVXlBaEZ1WGZaVk5Yb3Y0VEJyCmdneEc0Zjcwb2VqcVh1VGNQUEdaREh1blhUQzhNMEhuaTZEY2huZ1ZVOHh4Q1cydWVYRC9paGNxSXBmcHNxa0oKL01EdnVJUjRWakZ2QVpveU1NcXhpQkYzMXlwQk5TU2RnMXRGQ05sa3hBNkZhaVM2VHhtckV5bUxFVmJ0MGxlUwo5ZzdENFdwcFo0RWRvbmtEd0lrSWpFd1BWMVFRVnhrbEZCTzFqbjMwVVBTcEpwR0RYRkNZQmo4bkZGYjV4aUtKCkNhcDRBak5xU3ZWMWZKSmsKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
---
apiVersion: v1
kind: Service
metadata:
Expand Down Expand Up @@ -59,17 +47,12 @@ spec:
command:
- /usr/local/bin/stability-test
- --config=/etc/tidb-operator-stability/config.yaml
- --tls-cert-file=/webhook.local.config/certificates/tls.crt
- --tls-private-key-file=/webhook.local.config/certificates/tls.key
volumeMounts:
- mountPath: /logDir
name: logdir
- name: config
readOnly: true
mountPath: /etc/tidb-operator-stability
- name: webhook-certs
readOnly: true
mountPath: /webhook.local.config/certificates
env:
- name: MY_NODE_NAME
valueFrom:
Expand All @@ -90,7 +73,4 @@ spec:
items:
- key: config
path: config.yaml
- name: webhook-certs
secret:
secretName: webhook-secret
restartPolicy: Never
Loading