atc-installer: use wasi/k8s api to avoid generating new tls secrets w…

…hen they already exist
yokecd · Feb 14, 2025 · 972382a · 972382a
1 parent 53e9e45
commit 972382a
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 11 deletions.
diff --git a/cmd/atc-installer/installer/run.go b/cmd/atc-installer/installer/run.go
@@ -23,6 +23,7 @@ import (
 
 	"github.com/yokecd/yoke/pkg/apis/airway/v1alpha1"
 	"github.com/yokecd/yoke/pkg/flight"
+	"github.com/yokecd/yoke/pkg/flight/wasi/k8s"
 	"github.com/yokecd/yoke/pkg/openapi"
 )
 
@@ -34,6 +35,7 @@ type Config struct {
 	Port               int               `json:"port"`
 	ServiceAccountName string            `json:"serviceAccountName"`
 	ImagePullPolicy    corev1.PullPolicy `json:"ImagePullPolicy"`
+	GenerateTLS        bool              `json:"generateTLS"`
 }
 
 var (
@@ -140,7 +142,34 @@ func Run(cfg Config) error {
 		},
 	}
 
-	tls, err := NewTLS(svc)
+	const (
+		keyRootCA     = "ca.crt"
+		keyServerCert = "server.crt"
+		keyServerKey  = "server.key"
+	)
+
+	tls, err := func() (*TLS, error) {
+		if cfg.GenerateTLS {
+			return NewTLS(svc)
+		}
+		secret, err := k8s.Lookup[corev1.Secret](k8s.ResourceIdentifier{
+			Name:       flight.Release() + "-tls",
+			Namespace:  flight.Namespace(),
+			Kind:       "Secret",
+			ApiVersion: "v1",
+		})
+		if err != nil && !k8s.IsErrNotFound(err) {
+			return nil, fmt.Errorf("failed to lookup tls secret: %v", err)
+		}
+		if secret != nil {
+			return &TLS{
+				RootCA:     secret.Data[keyRootCA],
+				ServerCert: secret.Data[keyServerCert],
+				ServerKey:  secret.Data[keyServerKey],
+			}, nil
+		}
+		return NewTLS(svc)
+	}()
 	if err != nil {
 		return err
 	}
@@ -155,9 +184,9 @@ func Run(cfg Config) error {
 			Namespace: flight.Namespace(),
 		},
 		Data: map[string][]byte{
-			"ca.crt":     tls.RootCA,
-			"server.crt": tls.ServerCert,
-			"server.key": tls.ServerKey,
+			keyRootCA:     tls.RootCA,
+			keyServerCert: tls.ServerCert,
+			keyServerKey:  tls.ServerKey,
 		},
 	}
 

diff --git a/cmd/atc/main_test.go b/cmd/atc/main_test.go
@@ -382,16 +382,14 @@ func TestAirTrafficController(t *testing.T) {
 		"failed to detect new Backend version",
 	)
 
-	// ALthough we create a v1 version we will be able to fetch it as a v2  version.
+	// Although we create a v1 version we will be able to fetch it as a v2 version.
 	require.NoError(
 		t,
 		commander.Takeoff(ctx, yoke.TakeoffParams{
 			Release: "c4ts",
 			Flight: yoke.FlightParams{
 				Input: testutils.JsonReader(backendv1.Backend{
-					ObjectMeta: metav1.ObjectMeta{
-						Name: "c4ts",
-					},
+					ObjectMeta: metav1.ObjectMeta{Name: "c4ts"},
 					Spec: backendv1.BackendSpec{
 						Image:    "yokecd/c4ts:test",
 						Replicas: 1,

diff --git a/cmd/yoke/main_test.go b/cmd/yoke/main_test.go
@@ -786,8 +786,8 @@ func TestLookupResource(t *testing.T) {
 		TakeOff(background, TakeoffParams{
 			GlobalSettings: GlobalSettings{KubeConfigPath: home.Kubeconfig},
 			TakeoffParams: yoke.TakeoffParams{
-				Release:          "foo",
-				CreateNamespaces: true,
+				Release:         "foo",
+				CreateNamespace: true,
 				Flight: yoke.FlightParams{
 					Path:      "./test_output/flight.wasm",
 					Namespace: "foo",

diff --git a/go.mod b/go.mod
@@ -2,7 +2,7 @@ module github.com/yokecd/yoke
 
 // TODO: use go1.24.0 once it is released. Blocker for releasing this feature.
 // It is needed for the go:wasmexport directive.
-go 1.24rc2
+go 1.24rc3
 
 require (
 	github.com/alecthomas/chroma/v2 v2.15.0