Skip to content

Commit ff7648d

Browse files
dgrove-ossdgrove-oss
committed
review comment: keep cert config private
1 parent 78d4db9 commit ff7648d

File tree

2 files changed

+23
-26
lines changed

2 files changed

+23
-26
lines changed

main.go

Lines changed: 23 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,17 @@ import (
6262
// +kubebuilder:scaffold:imports
6363
)
6464

65+
type certManagementConfig struct {
66+
Namespace string `json:"namespace,omitempty"`
67+
CertificateDir string `json:"certificateDir,omitempty"`
68+
CertificateName string `json:"certificateName,omitempty"`
69+
CertificateOrg string `json:"certificateOrg,omitempty"`
70+
MutatingWebhookConfigName string `json:"mutatingWebhookConfigName,omitempty"`
71+
ValidatingWebhookConfigName string `json:"validatingWebhookConfigName,omitempty"`
72+
WebhookServiceName string `json:"webhookServiceName,omitempty"`
73+
WebhookSecretName string `json:"webhookSecretName,omitempty"`
74+
}
75+
6576
var (
6677
scheme = runtime.NewScheme()
6778
setupLog = ctrl.Log.WithName("setup")
@@ -123,16 +134,6 @@ func main() {
123134
},
124135
LeaderElection: &configv1alpha1.LeaderElectionConfiguration{},
125136
},
126-
CertManagement: &config.CertManagementConfig{
127-
Namespace: namespace,
128-
CertificateDir: "/tmp/k8s-webhook-server/serving-certs",
129-
CertificateName: "codeflare-ca",
130-
CertificateOrg: "codeflare",
131-
MutatingWebhookConfigName: "codeflare-operator-mutating-webhook-configuration",
132-
ValidatingWebhookConfigName: "codeflare-operator-validating-webhook-configuration",
133-
WebhookServiceName: "codeflare-operator-webhook-service",
134-
WebhookSecretName: "codeflare-operator-webhook-server-cert",
135-
},
136137
KubeRay: &config.KubeRayConfiguration{
137138
RayDashboardOAuthEnabled: ptr.To(true),
138139
},
@@ -194,7 +195,17 @@ func main() {
194195
if os.Getenv("ENABLE_WEBHOOKS") == "false" {
195196
close(certsReady)
196197
} else {
197-
exitOnError(setupCertManagement(mgr, cfg.CertManagement, certsReady), "unable to set up cert rotation")
198+
certConfig := &certManagementConfig{
199+
Namespace: namespace,
200+
CertificateDir: "/tmp/k8s-webhook-server/serving-certs",
201+
CertificateName: "codeflare-ca",
202+
CertificateOrg: "codeflare",
203+
MutatingWebhookConfigName: "codeflare-operator-mutating-webhook-configuration",
204+
ValidatingWebhookConfigName: "codeflare-operator-validating-webhook-configuration",
205+
WebhookServiceName: "codeflare-operator-webhook-service",
206+
WebhookSecretName: "codeflare-operator-webhook-server-cert",
207+
}
208+
exitOnError(setupCertManagement(mgr, certConfig, certsReady), "unable to set up cert rotation")
198209
}
199210

200211
v, err := HasAPIResourceForGVK(kubeClient.DiscoveryClient, rayv1.GroupVersion.WithKind("RayCluster"))
@@ -288,7 +299,7 @@ func HasAPIResourceForGVK(dc discovery.DiscoveryInterface, gvk schema.GroupVersi
288299
// +kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=mutatingwebhookconfigurations,verbs=get;list;watch;update
289300
// +kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=validatingwebhookconfigurations,verbs=get;list;watch;update
290301

291-
func setupCertManagement(mgr ctrl.Manager, config *config.CertManagementConfig, certsReady chan struct{}) error {
302+
func setupCertManagement(mgr ctrl.Manager, config *certManagementConfig, certsReady chan struct{}) error {
292303
// DNSName is <service name>.<namespace>.svc
293304
var dnsName = fmt.Sprintf("%s.%s.svc", config.WebhookServiceName, config.Namespace)
294305

pkg/config/config.go

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -30,9 +30,6 @@ type CodeFlareOperatorConfiguration struct {
3030
// ControllerManager returns the configurations for controllers
3131
ControllerManager `json:",inline"`
3232

33-
// CertManagement configures the open-policy-agent cert-controller
34-
CertManagement *CertManagementConfig `json:"certManagement,omitempty"`
35-
3633
KubeRay *KubeRayConfiguration `json:"kuberay,omitempty"`
3734

3835
// AppWrapper contains the AppWrapper controller configuration
@@ -50,17 +47,6 @@ type KubeRayConfiguration struct {
5047
RayDashboardOAuthEnabled *bool `json:"rayDashboardOAuthEnabled,omitempty"`
5148
}
5249

53-
type CertManagementConfig struct {
54-
Namespace string `json:"namespace,omitempty"`
55-
CertificateDir string `json:"certificateDir,omitempty"`
56-
CertificateName string `json:"certificateName,omitempty"`
57-
CertificateOrg string `json:"certificateOrg,omitempty"`
58-
MutatingWebhookConfigName string `json:"mutatingWebhookConfigName,omitempty"`
59-
ValidatingWebhookConfigName string `json:"validatingWebhookConfigName,omitempty"`
60-
WebhookServiceName string `json:"webhookServiceName,omitempty"`
61-
WebhookSecretName string `json:"webhookSecretName,omitempty"`
62-
}
63-
6450
type ControllerManager struct {
6551
// Metrics contains the controller metrics configuration
6652
// +optional

0 commit comments

Comments
 (0)