allow for one to install jobset in a different namespace (#751)

kannon92 · web-flow · commit 8d85dac69de3 · 2025-01-14T11:04:33.000-08:00
diff --git a/main.go b/main.go
@@ -135,7 +135,7 @@ func main() {
 	}
 
 	certsReady := make(chan struct{})
-	if err = cert.CertsManager(mgr, certsReady); err != nil {
+	if err = cert.CertsManager(mgr, cfg, certsReady); err != nil {
 		setupLog.Error(err, "unable to setup cert rotation")
 		os.Exit(1)
 	}
diff --git a/pkg/util/cert/cert.go b/pkg/util/cert/cert.go
@@ -19,32 +19,30 @@ import (
 	cert "github.com/open-policy-agent/cert-controller/pkg/rotator"
 	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
+
+	config "sigs.k8s.io/jobset/api/config/v1alpha1"
 )
 
 const (
-	serviceName             = "jobset-webhook-service"
-	secretName              = "jobset-webhook-server-cert"
-	secretNamespace         = "jobset-system"
 	certDir                 = "/tmp/k8s-webhook-server/serving-certs"
 	validateWebhookConfName = "jobset-validating-webhook-configuration"
 	mutatingWebhookConfName = "jobset-mutating-webhook-configuration"
 	caName                  = "jobset-ca"
 	caOrg                   = "jobset"
 )
 
-// dnsName is the format of <service name>.<namespace>.svc
-var dnsName = fmt.Sprintf("%s.%s.svc", serviceName, secretNamespace)
-
 //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;update
 //+kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=mutatingwebhookconfigurations,verbs=get;list;watch;update
 //+kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=validatingwebhookconfigurations,verbs=get;list;watch;update
 
 // CertsManager creates certs for webhooks.
-func CertsManager(mgr ctrl.Manager, setupFinish chan struct{}) error {
+func CertsManager(mgr ctrl.Manager, cfg config.Configuration, setupFinish chan struct{}) error {
+	// DNSName is <service name>.<namespace>.svc
+	var dnsName = fmt.Sprintf("%s.%s.svc", *cfg.InternalCertManagement.WebhookServiceName, *cfg.Namespace)
 	return cert.AddRotator(mgr, &cert.CertRotator{
 		SecretKey: types.NamespacedName{
-			Namespace: secretNamespace,
-			Name:      secretName,
+			Namespace: *cfg.Namespace,
+			Name:      *cfg.InternalCertManagement.WebhookSecretName,
 		},
 		CertDir:        certDir,
 		CAName:         caName,

Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,7 @@ func main() {`
`135`	`135`	`}`
`136`	`136`
`137`	`137`	`certsReady := make(chan struct{})`
`138`		`- if err = cert.CertsManager(mgr, certsReady); err != nil {`
	`138`	`+ if err = cert.CertsManager(mgr, cfg, certsReady); err != nil {`
`139`	`139`	`setupLog.Error(err, "unable to setup cert rotation")`
`140`	`140`	`os.Exit(1)`
`141`	`141`	`}`