* images/kube-webhook-certgen/rootfs/pkg/k8s: return err from functions
Initially only from some to preserve existing behavior.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs: make patching return error
So we don't call log.Fatal in so many places, which makes code testable.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/pkg/k8s: require context
So initialize top-level contexts in tests and CLI, then pass them around
all the way down, so there is an ability e.g. to add timeouts to patch
operations, if needed and to follow general conventions.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/pkg/k8s: support patching APIService
APIService object is very similar to MutatingWebhookConfiguration and
ValidatingWebhookConfiguration objects, so support for patching it
shouldn't be too much of a burden.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/cmd: use new patch API
So old function PatchWebhookConfigurations can be unexported and CLI can
be extended to also support patching APIService.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/pkg/k8s: unexport old patch function
PatchObjects should be now used instead.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs: add .gitignore
To ignore manually built binaries during development process.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/cmd: test patching
By adding a PatchConfig and Patch function, it is now possible to test
logic of flag validation, which was previously tied to CLI options.
This commit adds nice set of tests covering existing logic.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/cmd: improve formatting
Those strings will be changed anyway in future commits, so at first we
can properly capitalize used names.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/cmd: support patching APIService
As logic for creating a CA certificate and patching an object is almost
the same for both webhook configuration and API services, this commit
adds support to kube-webhook-certgen CLI to also patch APIService
objects, so they can be served over TLS as well.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs: pass failure policy by value
k8s.k8s.patchWebhookConfigurations() always dereferences it and we do
not do a nil check, so the code may panic in some conditions, so it's
safer to just pass it by value, as it's just a wrapped string.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
it has two important bugfix:
1. should force convert weight to a number since it may cause dead loop
when weight is a string type "0".
2. out-of-bounds memory writing may happen in chash_point_sort.
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Since kube-lego has not been maintained in quite a while,
I thought it would be best to remove the documentation about it
and replace it with information about cert-manager.
* added another documentation example
* added end of file newline
* Revert "added end of file newline"
This reverts commit 2d196ffba3.
* added another documentation example
* images/kube-webhook-certgen/rootfs/README.md: remove trailing whitespace
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs: improve code formatting
Automatically using gofumpt.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs: remove executable bits from files
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/cmd: remove unreachable code
log.Fatal(|f) will alread call os.Exit(1), so this code is never
reached.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/pkg/k8s: fix unit tests
Right now they fail as everything else migrated from using v1beta1 to
v1.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs: create clientset in cmd package
So one can easily mock the client, without touching unexported parts of
the code and to soften the dependency between CLI code (kubeconfig
path).
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/cmd: simplify bool logic
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/pkg/k8s: improve formatting
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/pkg/k8s: improve variable names
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/pkg/k8s: refactor a bit
Move patching logic to separate functions.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
* images/kube-webhook-certgen/rootfs/pkg/k8s: fix error log messages
In patchMutating() function, log messages were waying still patching
validating webhook.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
- Add github action test-image-build
- Filters the images folder
and checks for changes
- If the changes are done then the
make build would be performed
* Fix old tag of custom error pages used in example
* Move nginx-errors to k8s registry
Since the setup for the custom-error-messages was really different from
the other images that are build using cloudbuild, I changed it to "fit
in better"
* Use Go version 1.17 for custom-error-pages
Since Go >= 1.16 required the use of modules, I also initialized the module using the name k8s.io/ingress-nginx/custom-error-pages
It is possible to change this behavior on an ingress level, which works
well when you only have a few of them. When running several dozen
ingress and with a high change rate of running pods it makes it easier
to define this configuration on a global level.
This change is completely backwards compatible, only adding the
possibility of defining a new key in the configmap.
