Merge branch 'support_auto_scaling_status' of https://github.com/Yisa…

…er/tidb-operator into support_auto_scaling_status
pingcap · Apr 15, 2020 · cdac855 · cdac855
2 parents 60a2118 + 3dc0b03
commit cdac855
Show file tree

Hide file tree

Showing 16 changed files with 25 additions and 361 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -13,11 +13,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        target:
-        - "check-setup check"
-        - "docker e2e-docker cli"
-        - "test GOFLAGS=-race"
-        - "e2e-examples"
+        job:
+        - verify
+        - build
+        - test
+        - e2e-examples
     steps:
     - name: Set up Go 1.13
       uses: actions/setup-go@v1
@@ -31,12 +31,20 @@ jobs:
         ref: ${{ github.event.pull_request.head.sha }}
         path: go/src/github.com/${{ github.repository }}
 
-    - name: make ${{ matrix.target }}
+    - name: ${{ matrix.job }}
       run: |
         # workaround for https://github.com/actions/setup-go/issues/14
         export GOPATH=${GITHUB_WORKSPACE}/go
         export PATH=$PATH:$GOPATH/bin
-        make $target
+        if [[ "$job" == "verify" ]]; then
+          make check-setup check
+        elif [[ "$job" == "build" ]]; then
+          make docker e2e-docker cli debug-build-docker
+        elif [[ "$job" == "test" ]]; then
+          make test GOFLAGS=-race
+        else
+          make $job
+        fi
       working-directory: ${{ github.workspace }}/go/src/github.com/${{ github.repository }}
       env:
-        target: ${{ matrix.target }}
+        job: ${{ matrix.job }}
diff --git a/Makefile b/Makefile
@@ -218,4 +218,4 @@ debug-build-docker: debug-build
 debug-build:
 	$(GO_BUILD) -ldflags '$(LDFLAGS)' -o misc/images/debug-launcher/bin/debug-launcher misc/cmd/debug-launcher/main.go
 
-.PHONY: check check-setup check-all build e2e-build debug-build cli e2e
+.PHONY: check check-setup check-all build e2e-build debug-build cli e2e test docker e2e-docker debug-build-docker
diff --git a/charts/tidb-operator/templates/controller-manager-rbac.yaml b/charts/tidb-operator/templates/controller-manager-rbac.yaml
@@ -74,12 +74,6 @@ rules:
 - apiGroups: [""]
   resources: ["persistentvolumes"]
   verbs: ["get", "list", "watch", "patch","update"]
-- apiGroups: ["certificates.k8s.io"]
-  resources: ["certificatesigningrequests"]
-  verbs: ["create", "get", "list", "watch", "delete"]
-- apiGroups: ["certificates.k8s.io"]
-  resources: ["certificatesigningrequests/approval", "certificatesigningrequests/status"]
-  verbs: ["update"]
 {{/*
 Allow controller manager to escalate its privileges to other subjects, the subjects may never have privilege over the controller.
 Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping

diff --git a/misc/images/tidb-control/Dockerfile b/misc/images/tidb-control/Dockerfile
@@ -1,14 +1,12 @@
 FROM bash:4.3.48
 RUN wget -q http://download.pingcap.org/tidb-latest-linux-amd64.tar.gz \
         && tar xzf tidb-latest-linux-amd64.tar.gz \
-        && mv tidb-latest-linux-amd64/bin/pd-ctl \
-              tidb-latest-linux-amd64/bin/tidb-ctl \
+        && mv tidb-*-linux-amd64/bin/pd-ctl \
+              tidb-*-linux-amd64/bin/tidb-ctl \
               /usr/local/bin/ \
-        && rm -rf tidb-latest-linux-amd64.tar.gz tidb-latest-linux-amd64
+        && rm -rf tidb-latest-linux-amd64.tar.gz tidb-*-linux-amd64
 
 ADD banner /etc/banner
 ADD profile  /etc/profile
 
 CMD ["/usr/local/bin/bash", "-l"]
-
-
diff --git a/pkg/controller/cert_control.go b/pkg/controller/cert_control.go
diff --git a/pkg/controller/secret_control.go b/pkg/controller/secret_control.go
@@ -17,21 +17,16 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
-	"fmt"
 
-	"github.com/pingcap/tidb-operator/pkg/label"
 	certutil "github.com/pingcap/tidb-operator/pkg/util/crypto"
-	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	types "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/klog"
 )
 
 // SecretControlInterface manages certificates used by TiDB clusters
 type SecretControlInterface interface {
-	Create(or metav1.OwnerReference, certOpts *TiDBClusterCertOptions, cert []byte, key []byte) error
 	Load(ns string, secretName string) ([]byte, []byte, error)
 	Check(ns string, secretName string) bool
 }
@@ -49,32 +44,6 @@ func NewRealSecretControl(
 	}
 }
 
-func (rsc *realSecretControl) Create(or metav1.OwnerReference, certOpts *TiDBClusterCertOptions, cert []byte, key []byte) error {
-	secretName := fmt.Sprintf("%s-%s", certOpts.Instance, certOpts.Suffix)
-
-	secretLabel := label.New().Instance(certOpts.Instance).
-		Component(certOpts.Component).Labels()
-
-	secret := &corev1.Secret{
-		ObjectMeta: types.ObjectMeta{
-			Name:            secretName,
-			Labels:          secretLabel,
-			OwnerReferences: []metav1.OwnerReference{or},
-		},
-		Data: map[string][]byte{
-			v1.TLSCertKey:       cert,
-			v1.TLSPrivateKeyKey: key,
-		},
-		Type: v1.SecretTypeTLS,
-	}
-
-	_, err := rsc.kubeCli.CoreV1().Secrets(certOpts.Namespace).Create(secret)
-	if err == nil {
-		klog.Infof("save cert to secret %s/%s", certOpts.Namespace, secretName)
-	}
-	return err
-}
-
 // Load loads cert and key from Secret matching the name
 func (rsc *realSecretControl) Load(ns string, secretName string) ([]byte, []byte, error) {
 	secret, err := rsc.kubeCli.CoreV1().Secrets(ns).Get(secretName, metav1.GetOptions{})