Skip to content

Commit

Permalink
rm overwriteControlPlaneCerts from the EnvoyGateway API (#5088)
Browse files Browse the repository at this point in the history
* rm overwriteControlPlaneCerts from the EnvoyGateway API

it was not implemented previously and instead must be specified
as a cmd line arg for `certgen`

Signed-off-by: Arko Dasgupta <[email protected]>

* lint

Signed-off-by: Arko Dasgupta <[email protected]>

---------

Signed-off-by: Arko Dasgupta <[email protected]>
  • Loading branch information
arkodg authored Jan 21, 2025
1 parent 973060b commit 0e52d06
Show file tree
Hide file tree
Showing 5 changed files with 4 additions and 25 deletions.
3 changes: 0 additions & 3 deletions api/v1alpha1/envoygateway_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -215,9 +215,6 @@ type EnvoyGatewayKubernetesProvider struct {
// should be deployed
// +optional
Deploy *KubernetesDeployMode `json:"deploy,omitempty"`
// OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set.
// +optional
OverwriteControlPlaneCerts *bool `json:"overwriteControlPlaneCerts,omitempty"`
// LeaderElection specifies the configuration for leader election.
// If it's not set up, leader election will be active by default, using Kubernetes' standard settings.
// +optional
Expand Down
5 changes: 0 additions & 5 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 4 additions & 15 deletions internal/cmd/certgen.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"path"

"github.com/spf13/cobra"
"k8s.io/utils/ptr"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
clicfg "sigs.k8s.io/controller-runtime/pkg/client/config"
Expand Down Expand Up @@ -57,10 +56,6 @@ func certGen(local bool) error {
}
log := cfg.Logger

if overwriteControlPlaneCerts {
cfg.EnvoyGateway.Provider.Kubernetes.OverwriteControlPlaneCerts = ptr.To(true)
}

certs, err := crypto.GenerateCerts(cfg)
if err != nil {
return fmt.Errorf("failed to generate certificates: %w", err)
Expand All @@ -73,7 +68,7 @@ func certGen(local bool) error {
return fmt.Errorf("failed to create controller-runtime client: %w", err)
}

if err = outputCertsForKubernetes(ctrl.SetupSignalHandler(), cli, cfg, certs); err != nil {
if err = outputCertsForKubernetes(ctrl.SetupSignalHandler(), cli, cfg, overwriteControlPlaneCerts, certs); err != nil {
return fmt.Errorf("failed to output certificates: %w", err)
}
} else {
Expand All @@ -87,15 +82,9 @@ func certGen(local bool) error {
}

// outputCertsForKubernetes outputs the provided certs to a secret in namespace ns.
func outputCertsForKubernetes(ctx context.Context, cli client.Client, cfg *config.Server, certs *crypto.Certificates) error {
var updateSecrets bool
if cfg.EnvoyGateway != nil &&
cfg.EnvoyGateway.Provider != nil &&
cfg.EnvoyGateway.Provider.Kubernetes != nil &&
cfg.EnvoyGateway.Provider.Kubernetes.OverwriteControlPlaneCerts != nil &&
*cfg.EnvoyGateway.Provider.Kubernetes.OverwriteControlPlaneCerts {
updateSecrets = true
}
func outputCertsForKubernetes(ctx context.Context, cli client.Client, cfg *config.Server,
updateSecrets bool, certs *crypto.Certificates,
) error {
secrets, err := kubernetes.CreateOrUpdateSecrets(ctx, cli, kubernetes.CertsToSecret(cfg.Namespace, certs), updateSecrets)
log := cfg.Logger

Expand Down
1 change: 0 additions & 1 deletion site/content/en/latest/api/extension_types.md
Original file line number Diff line number Diff line change
Expand Up @@ -1174,7 +1174,6 @@ _Appears in:_
| `rateLimitHpa` | _[KubernetesHorizontalPodAutoscalerSpec](#kuberneteshorizontalpodautoscalerspec)_ | false | | RateLimitHpa defines the Horizontal Pod Autoscaler settings for Envoy ratelimit Deployment.<br />If the HPA is set, Replicas field from RateLimitDeployment will be ignored. |
| `watch` | _[KubernetesWatchMode](#kuberneteswatchmode)_ | false | | Watch holds configuration of which input resources should be watched and reconciled. |
| `deploy` | _[KubernetesDeployMode](#kubernetesdeploymode)_ | false | | Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane<br />should be deployed |
| `overwriteControlPlaneCerts` | _boolean_ | false | | OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set. |
| `leaderElection` | _[LeaderElection](#leaderelection)_ | false | | LeaderElection specifies the configuration for leader election.<br />If it's not set up, leader election will be active by default, using Kubernetes' standard settings. |
| `shutdownManager` | _[ShutdownManager](#shutdownmanager)_ | false | | ShutdownManager defines the configuration for the shutdown manager. |

Expand Down
1 change: 0 additions & 1 deletion site/content/zh/latest/api/extension_types.md
Original file line number Diff line number Diff line change
Expand Up @@ -1174,7 +1174,6 @@ _Appears in:_
| `rateLimitHpa` | _[KubernetesHorizontalPodAutoscalerSpec](#kuberneteshorizontalpodautoscalerspec)_ | false | | RateLimitHpa defines the Horizontal Pod Autoscaler settings for Envoy ratelimit Deployment.<br />If the HPA is set, Replicas field from RateLimitDeployment will be ignored. |
| `watch` | _[KubernetesWatchMode](#kuberneteswatchmode)_ | false | | Watch holds configuration of which input resources should be watched and reconciled. |
| `deploy` | _[KubernetesDeployMode](#kubernetesdeploymode)_ | false | | Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane<br />should be deployed |
| `overwriteControlPlaneCerts` | _boolean_ | false | | OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set. |
| `leaderElection` | _[LeaderElection](#leaderelection)_ | false | | LeaderElection specifies the configuration for leader election.<br />If it's not set up, leader election will be active by default, using Kubernetes' standard settings. |
| `shutdownManager` | _[ShutdownManager](#shutdownmanager)_ | false | | ShutdownManager defines the configuration for the shutdown manager. |

Expand Down

0 comments on commit 0e52d06

Please sign in to comment.