Skip to content

Commit

Permalink
Remove unused certificate control and related code. (#2176)
Browse files Browse the repository at this point in the history
  • Loading branch information
cofyc authored Apr 15, 2020
1 parent 761c5cd commit 469432c
Show file tree
Hide file tree
Showing 13 changed files with 5 additions and 347 deletions.
6 changes: 0 additions & 6 deletions charts/tidb-operator/templates/controller-manager-rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,6 @@ rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "patch","update"]
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
verbs: ["create", "get", "list", "watch", "delete"]
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests/approval", "certificatesigningrequests/status"]
verbs: ["update"]
{{/*
Allow controller manager to escalate its privileges to other subjects, the subjects may never have privilege over the controller.
Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping
Expand Down
266 changes: 0 additions & 266 deletions pkg/controller/cert_control.go

This file was deleted.

31 changes: 0 additions & 31 deletions pkg/controller/secret_control.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,21 +17,16 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"

"github.com/pingcap/tidb-operator/pkg/label"
certutil "github.com/pingcap/tidb-operator/pkg/util/crypto"
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/klog"
)

// SecretControlInterface manages certificates used by TiDB clusters
type SecretControlInterface interface {
Create(or metav1.OwnerReference, certOpts *TiDBClusterCertOptions, cert []byte, key []byte) error
Load(ns string, secretName string) ([]byte, []byte, error)
Check(ns string, secretName string) bool
}
Expand All @@ -49,32 +44,6 @@ func NewRealSecretControl(
}
}

func (rsc *realSecretControl) Create(or metav1.OwnerReference, certOpts *TiDBClusterCertOptions, cert []byte, key []byte) error {
secretName := fmt.Sprintf("%s-%s", certOpts.Instance, certOpts.Suffix)

secretLabel := label.New().Instance(certOpts.Instance).
Component(certOpts.Component).Labels()

secret := &corev1.Secret{
ObjectMeta: types.ObjectMeta{
Name: secretName,
Labels: secretLabel,
OwnerReferences: []metav1.OwnerReference{or},
},
Data: map[string][]byte{
v1.TLSCertKey: cert,
v1.TLSPrivateKeyKey: key,
},
Type: v1.SecretTypeTLS,
}

_, err := rsc.kubeCli.CoreV1().Secrets(certOpts.Namespace).Create(secret)
if err == nil {
klog.Infof("save cert to secret %s/%s", certOpts.Namespace, secretName)
}
return err
}

// Load loads cert and key from Secret matching the name
func (rsc *realSecretControl) Load(ns string, secretName string) ([]byte, []byte, error) {
secret, err := rsc.kubeCli.CoreV1().Secrets(ns).Get(secretName, metav1.GetOptions{})
Expand Down
8 changes: 0 additions & 8 deletions pkg/controller/tidbcluster/tidb_cluster_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,6 @@ func NewController(
pvInformer := kubeInformerFactory.Core().V1().PersistentVolumes()
podInformer := kubeInformerFactory.Core().V1().Pods()
nodeInformer := kubeInformerFactory.Core().V1().Nodes()
csrInformer := kubeInformerFactory.Certificates().V1beta1().CertificateSigningRequests()

tcControl := controller.NewRealTidbClusterControl(cli, tcInformer.Lister(), recorder)
pdControl := pdapi.NewDefaultPDControl(kubeCli)
Expand All @@ -102,8 +101,6 @@ func NewController(
pvControl := controller.NewRealPVControl(kubeCli, pvcInformer.Lister(), pvInformer.Lister(), recorder)
pvcControl := controller.NewRealPVCControl(kubeCli, recorder, pvcInformer.Lister())
podControl := controller.NewRealPodControl(kubeCli, pdControl, podInformer.Lister(), recorder)
secControl := controller.NewRealSecretControl(kubeCli)
certControl := controller.NewRealCertControl(kubeCli, csrInformer.Lister(), secControl)
typedControl := controller.NewTypedControl(controller.NewRealGenericControl(genericCli, recorder))
pdScaler := mm.NewPDScaler(pdControl, pvcInformer.Lister(), pvcControl)
tikvScaler := mm.NewTiKVScaler(pdControl, pvcInformer.Lister(), pvcControl, podInformer.Lister())
Expand All @@ -128,7 +125,6 @@ func NewController(
setControl,
svcControl,
podControl,
certControl,
typedControl,
setInformer.Lister(),
svcInformer.Lister(),
Expand All @@ -144,7 +140,6 @@ func NewController(
pdControl,
setControl,
svcControl,
certControl,
typedControl,
setInformer.Lister(),
svcInformer.Lister(),
Expand All @@ -159,7 +154,6 @@ func NewController(
setControl,
svcControl,
tidbControl,
certControl,
typedControl,
setInformer.Lister(),
svcInformer.Lister(),
Expand Down Expand Up @@ -196,7 +190,6 @@ func NewController(
pvControl,
),
mm.NewPumpMemberManager(
certControl,
setControl,
svcControl,
typedControl,
Expand All @@ -209,7 +202,6 @@ func NewController(
pdControl,
setControl,
svcControl,
certControl,
typedControl,
setInformer.Lister(),
svcInformer.Lister(),
Expand Down
Loading

0 comments on commit 469432c

Please sign in to comment.