From 972382a6b5f8219f8154da8a94232990daa3e6d3 Mon Sep 17 00:00:00 2001 From: David Desmarais-Michaud Date: Wed, 5 Feb 2025 22:58:45 -0500 Subject: [PATCH] atc-installer: use wasi/k8s api to avoid generating new tls secrets when they already exist --- cmd/atc-installer/installer/run.go | 37 ++++++++++++++++++++++++++---- cmd/atc/main_test.go | 6 ++--- cmd/yoke/main_test.go | 4 ++-- go.mod | 2 +- 4 files changed, 38 insertions(+), 11 deletions(-) diff --git a/cmd/atc-installer/installer/run.go b/cmd/atc-installer/installer/run.go index 8a15c74..ee06982 100644 --- a/cmd/atc-installer/installer/run.go +++ b/cmd/atc-installer/installer/run.go @@ -23,6 +23,7 @@ import ( "github.com/yokecd/yoke/pkg/apis/airway/v1alpha1" "github.com/yokecd/yoke/pkg/flight" + "github.com/yokecd/yoke/pkg/flight/wasi/k8s" "github.com/yokecd/yoke/pkg/openapi" ) @@ -34,6 +35,7 @@ type Config struct { Port int `json:"port"` ServiceAccountName string `json:"serviceAccountName"` ImagePullPolicy corev1.PullPolicy `json:"ImagePullPolicy"` + GenerateTLS bool `json:"generateTLS"` } var ( @@ -140,7 +142,34 @@ func Run(cfg Config) error { }, } - tls, err := NewTLS(svc) + const ( + keyRootCA = "ca.crt" + keyServerCert = "server.crt" + keyServerKey = "server.key" + ) + + tls, err := func() (*TLS, error) { + if cfg.GenerateTLS { + return NewTLS(svc) + } + secret, err := k8s.Lookup[corev1.Secret](k8s.ResourceIdentifier{ + Name: flight.Release() + "-tls", + Namespace: flight.Namespace(), + Kind: "Secret", + ApiVersion: "v1", + }) + if err != nil && !k8s.IsErrNotFound(err) { + return nil, fmt.Errorf("failed to lookup tls secret: %v", err) + } + if secret != nil { + return &TLS{ + RootCA: secret.Data[keyRootCA], + ServerCert: secret.Data[keyServerCert], + ServerKey: secret.Data[keyServerKey], + }, nil + } + return NewTLS(svc) + }() if err != nil { return err } @@ -155,9 +184,9 @@ func Run(cfg Config) error { Namespace: flight.Namespace(), }, Data: map[string][]byte{ - "ca.crt": tls.RootCA, - "server.crt": tls.ServerCert, - "server.key": tls.ServerKey, + keyRootCA: tls.RootCA, + keyServerCert: tls.ServerCert, + keyServerKey: tls.ServerKey, }, } diff --git a/cmd/atc/main_test.go b/cmd/atc/main_test.go index 0592bc5..c626a01 100644 --- a/cmd/atc/main_test.go +++ b/cmd/atc/main_test.go @@ -382,16 +382,14 @@ func TestAirTrafficController(t *testing.T) { "failed to detect new Backend version", ) - // ALthough we create a v1 version we will be able to fetch it as a v2 version. + // Although we create a v1 version we will be able to fetch it as a v2 version. require.NoError( t, commander.Takeoff(ctx, yoke.TakeoffParams{ Release: "c4ts", Flight: yoke.FlightParams{ Input: testutils.JsonReader(backendv1.Backend{ - ObjectMeta: metav1.ObjectMeta{ - Name: "c4ts", - }, + ObjectMeta: metav1.ObjectMeta{Name: "c4ts"}, Spec: backendv1.BackendSpec{ Image: "yokecd/c4ts:test", Replicas: 1, diff --git a/cmd/yoke/main_test.go b/cmd/yoke/main_test.go index e0dea7b..f105256 100644 --- a/cmd/yoke/main_test.go +++ b/cmd/yoke/main_test.go @@ -786,8 +786,8 @@ func TestLookupResource(t *testing.T) { TakeOff(background, TakeoffParams{ GlobalSettings: GlobalSettings{KubeConfigPath: home.Kubeconfig}, TakeoffParams: yoke.TakeoffParams{ - Release: "foo", - CreateNamespaces: true, + Release: "foo", + CreateNamespace: true, Flight: yoke.FlightParams{ Path: "./test_output/flight.wasm", Namespace: "foo", diff --git a/go.mod b/go.mod index ba321c5..4835686 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/yokecd/yoke // TODO: use go1.24.0 once it is released. Blocker for releasing this feature. // It is needed for the go:wasmexport directive. -go 1.24rc2 +go 1.24rc3 require ( github.com/alecthomas/chroma/v2 v2.15.0