Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cache - Deployer should check whether the secret is installed #3992

Merged
merged 1 commit into from
Jun 16, 2020
Merged

Cache - Deployer should check whether the secret is installed #3992

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 24 additions & 2 deletions backend/src/cache/deployer/deploy-cache-service.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,25 +24,47 @@ echo "Start deploying cache service to existing cluster:"

NAMESPACE=${NAMESPACE_TO_WATCH:-kubeflow}
MUTATING_WEBHOOK_CONFIGURATION_NAME="cache-webhook-${NAMESPACE}"
WEBHOOK_SECRET_NAME=webhook-server-tls

# This should fail if there are connectivity problems
# Gotcha: Listing all objects requires list permission,
# but when listing a single oblect kubecttl will fail if it's not found
# unless --ignore-not-found is specified.
kubectl get mutatingwebhookconfigurations "${MUTATING_WEBHOOK_CONFIGURATION_NAME}" --namespace "${NAMESPACE}" --ignore-not-found >webhooks.txt
kubectl get secrets "${WEBHOOK_SECRET_NAME}" --namespace "${NAMESPACE}" --ignore-not-found >cache_secret.txt

webhook_config_exists=false
if grep "${MUTATING_WEBHOOK_CONFIGURATION_NAME}" -w <webhooks.txt; then
echo "Webhook is already installed. Sleeping forever."
webhook_config_exists=true
fi

webhook_secret_exists=false
if grep "${WEBHOOK_SECRET_NAME}" -w <cache_secret.txt; then
webhook_config_exists=true
fi

if [ "$webhook_config_exists" == "true" ] && [ "$webhook_config_exists" == "true" ]; then
echo "Webhook config and secret are already installed. Sleeping forever."
sleep infinity
fi

if [ "$webhook_config_exists" == "true" ]; then
echo "Warning: Webhook config exists, but the secret does not exist. Reinstalling."
kubectl delete mutatingwebhookconfigurations "${MUTATING_WEBHOOK_CONFIGURATION_NAME}" --namespace "${NAMESPACE}" || true
fi

if [ "$webhook_secret_exists" == "true" ]; then
echo "Warning: Webhook secret exists, but the config does not exist. Reinstalling."
kubectl delete secrets "${WEBHOOK_SECRET_NAME}" --namespace "${NAMESPACE}" || true
fi


export CA_FILE="ca_cert"
rm -f ${CA_FILE}
touch ${CA_FILE}

# Generate signed certificate for cache server.
./webhook-create-signed-cert.sh --namespace "${NAMESPACE}" --cert_output_path "${CA_FILE}"
./webhook-create-signed-cert.sh --namespace "${NAMESPACE}" --cert_output_path "${CA_FILE}" --secret "${WEBHOOK_SECRET_NAME}"
echo "Signed certificate generated for cache server"

# Patch CA_BUNDLE for MutatingWebhookConfiguration
Expand Down