Eliminate the Namespace config option in favor of system.Namespace. (#817)

2019-10-28 11:41:43 -07:00 · 2019-10-28 11:41:43 -07:00 · 070396a075
parent 809ce573e4
commit 070396a075
3 changed files with 10 additions and 13 deletions
--- a/webhook/helper_test.go
+++ b/webhook/helper_test.go
@ -31,6 +31,7 @@ import (
 	"k8s.io/client-go/kubernetes"

 	. "knative.dev/pkg/logging/testing"
+	"knative.dev/pkg/system"
 	. "knative.dev/pkg/testing"
 )

@ -108,7 +109,7 @@ func createSecureTLSClient(t *testing.T, kubeClient kubernetes.Interface, acOpts

 	tlsClientConfig := &tls.Config{
 		// Add knative namespace as CN
-		ServerName:   "webhook.knative-something",
+		ServerName:   "webhook." + system.Namespace(),
 		RootCAs:      pool,
 		Certificates: tlsServerConfig.Certificates,
 	}
--- a/webhook/webhook.go
+++ b/webhook/webhook.go
@ -30,6 +30,7 @@ import (
 	"golang.org/x/sync/errgroup"
 	"knative.dev/pkg/logging"
 	"knative.dev/pkg/logging/logkey"
+	"knative.dev/pkg/system"

 	admissionv1beta1 "k8s.io/api/admission/v1beta1"
 	corev1 "k8s.io/api/core/v1"
@ -68,9 +69,6 @@ type ControllerOptions struct {
 	// registration.
 	SecretName string

-	// Namespace is the namespace in which everything above lives.
-	Namespace string
-
 	// Port where the webhook is served. Per k8s admission
 	// registration requirements this should be 443 unless there is
 	// only a single port for the service.
@ -302,7 +300,7 @@ func makeTLSConfig(serverCert, serverKey, caCert []byte, clientAuthType tls.Clie
 func getOrGenerateKeyCertsFromSecret(ctx context.Context, client kubernetes.Interface,
 	options *ControllerOptions) (serverKey, serverCert, caCert []byte, err error) {
 	logger := logging.FromContext(ctx)
-	secret, err := client.CoreV1().Secrets(options.Namespace).Get(options.SecretName, metav1.GetOptions{})
+	secret, err := client.CoreV1().Secrets(system.Namespace()).Get(options.SecretName, metav1.GetOptions{})
 	if err != nil {
 		if !apierrors.IsNotFound(err) {
 			return nil, nil, nil, err
@ -318,7 +316,7 @@ func getOrGenerateKeyCertsFromSecret(ctx context.Context, client kubernetes.Inte
 				return nil, nil, nil, err
 			}
 			// OK, so something else might have created, try fetching it instead.
-			secret, err = client.CoreV1().Secrets(options.Namespace).Get(options.SecretName, metav1.GetOptions{})
+			secret, err = client.CoreV1().Secrets(system.Namespace()).Get(options.SecretName, metav1.GetOptions{})
 			if err != nil {
 				return nil, nil, nil, err
 			}
@ -368,14 +366,14 @@ func makeErrorStatus(reason string, args ...interface{}) *admissionv1beta1.Admis
 }

 func generateSecret(ctx context.Context, options *ControllerOptions) (*corev1.Secret, error) {
-	serverKey, serverCert, caCert, err := CreateCerts(ctx, options.ServiceName, options.Namespace)
+	serverKey, serverCert, caCert, err := CreateCerts(ctx, options.ServiceName, system.Namespace())
 	if err != nil {
 		return nil, err
 	}
 	return &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      options.SecretName,
-			Namespace: options.Namespace,
+			Namespace: system.Namespace(),
 		},
 		Data: map[string][]byte{
 			secretServerKey:  serverKey,
--- a/webhook/webhook_test.go
+++ b/webhook/webhook_test.go
@ -33,11 +33,12 @@ import (

 	"knative.dev/pkg/configmap"
 	. "knative.dev/pkg/logging/testing"
+	"knative.dev/pkg/system"
+	_ "knative.dev/pkg/system/testing"
 )

 func newDefaultOptions() ControllerOptions {
 	return ControllerOptions{
-		Namespace:                       "knative-something",
 		ServiceName:                     "webhook",
 		Port:                            443,
 		SecretName:                      "webhook-certs",
@ -94,10 +95,9 @@ func TestRegistrationStopChanFire(t *testing.T) {

 func TestCertConfigurationForAlreadyGeneratedSecret(t *testing.T) {
 	secretName := "test-secret"
-	ns := "test-namespace"
+	ns := system.Namespace()
 	opts := newDefaultOptions()
 	opts.SecretName = secretName
-	opts.Namespace = ns
 	kubeClient, ac := newNonRunningTestWebhook(t, opts)

 	ctx := TestContextWithLogger(t)
@ -139,10 +139,8 @@ func TestCertConfigurationForAlreadyGeneratedSecret(t *testing.T) {

 func TestCertConfigurationForGeneratedSecret(t *testing.T) {
 	secretName := "test-secret"
-	ns := "test-namespace"
 	opts := newDefaultOptions()
 	opts.SecretName = secretName
-	opts.Namespace = ns
 	kubeClient, ac := newNonRunningTestWebhook(t, opts)

 	ctx := TestContextWithLogger(t)