diff --git a/charts/tidb-operator/templates/controller-manager-rbac.yaml b/charts/tidb-operator/templates/controller-manager-rbac.yaml index bf67c2ea195..079e897a0fb 100644 --- a/charts/tidb-operator/templates/controller-manager-rbac.yaml +++ b/charts/tidb-operator/templates/controller-manager-rbac.yaml @@ -74,12 +74,6 @@ rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "patch","update"] -- apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests"] - verbs: ["create", "get", "list", "watch", "delete"] -- apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests/approval", "certificatesigningrequests/status"] - verbs: ["update"] {{/* Allow controller manager to escalate its privileges to other subjects, the subjects may never have privilege over the controller. Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping diff --git a/pkg/controller/cert_control.go b/pkg/controller/cert_control.go deleted file mode 100644 index 62f709679a6..00000000000 --- a/pkg/controller/cert_control.go +++ /dev/null @@ -1,266 +0,0 @@ -// Copyright 2019 PingCAP, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "encoding/pem" - "fmt" - "time" - - "github.com/pingcap/tidb-operator/pkg/label" - certutil "github.com/pingcap/tidb-operator/pkg/util/crypto" - capi "k8s.io/api/certificates/v1beta1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/client-go/kubernetes" - certlisters "k8s.io/client-go/listers/certificates/v1beta1" - "k8s.io/klog" -) - -// TiDBClusterCertOptions contains information needed to create new certificates -type TiDBClusterCertOptions struct { - Namespace string - Instance string - CommonName string - HostList []string - IPList []string - Suffix string - Component string -} - -// CertControlInterface manages certificates used by TiDB clusters -type CertControlInterface interface { - Create(or metav1.OwnerReference, certOpts *TiDBClusterCertOptions) error - CheckSecret(ns string, secretName string) bool - //RevokeCert() error - //RenewCert() error -} - -type realCertControl struct { - kubeCli kubernetes.Interface - csrLister certlisters.CertificateSigningRequestLister - secControl SecretControlInterface -} - -// NewRealCertControl creates a new CertControlInterface -func NewRealCertControl( - kubeCli kubernetes.Interface, - csrLister certlisters.CertificateSigningRequestLister, - secControl SecretControlInterface, -) CertControlInterface { - return &realCertControl{ - kubeCli: kubeCli, - csrLister: csrLister, - secControl: secControl, - } -} - -func (rcc *realCertControl) Create(or metav1.OwnerReference, certOpts *TiDBClusterCertOptions) error { - var csrName string - if certOpts.Suffix == "" { - csrName = certOpts.Instance - } else { - csrName = fmt.Sprintf("%s-%s", certOpts.Instance, certOpts.Suffix) - } - - // generate certificate if not exist - if rcc.secControl.Check(certOpts.Namespace, csrName) { - klog.Infof("Secret %s already exist, reusing the key pair. TidbCluster: %s/%s", csrName, certOpts.Namespace, csrName) - return nil - } - - rawCSR, key, err := certutil.NewCSR(certOpts.CommonName, certOpts.HostList, certOpts.IPList) - if err != nil { - return fmt.Errorf("fail to generate new key and certificate for %s/%s, %v", certOpts.Namespace, csrName, err) - } - - // sign certificate - csr, err := rcc.sendCSR(or, certOpts.Namespace, certOpts.Instance, rawCSR, csrName) - if err != nil { - return err - } - err = rcc.approveCSR(csr) - if err != nil { - return err - } - - // wait at most 5min for the cert to be signed - timeout := int64(time.Minute.Seconds() * 5) - tick := time.After(time.Second * 10) - watchReq := types.ListOptions{ - Watch: true, - TimeoutSeconds: &timeout, - FieldSelector: fields.OneTermEqualSelector("metadata.name", csrName).String(), - } - - csrCh, err := rcc.kubeCli.CertificatesV1beta1().CertificateSigningRequests().Watch(watchReq) - if err != nil { - klog.Errorf("error watch CSR for [%s/%s]: %s", certOpts.Namespace, certOpts.Instance, csrName) - return err - } - - watchCh := csrCh.ResultChan() - for { - select { - case <-tick: - klog.Infof("CSR still not approved for [%s/%s]: %s, retry later", certOpts.Namespace, certOpts.Instance, csrName) - continue - case event, ok := <-watchCh: - if !ok { - return fmt.Errorf("fail to get signed certificate for %s", csrName) - } - - if len(event.Object.(*capi.CertificateSigningRequest).Status.Conditions) == 0 { - continue - } - - updatedCSR := event.Object.(*capi.CertificateSigningRequest) - approveCond := updatedCSR.Status.Conditions[len(csr.Status.Conditions)-1].Type - - if updatedCSR.UID == csr.UID && - approveCond == capi.CertificateApproved && - updatedCSR.Status.Certificate != nil { - klog.Infof("signed certificate for [%s/%s]: %s", certOpts.Namespace, certOpts.Instance, csrName) - - // save signed certificate and key to secret - err = rcc.secControl.Create(or, certOpts, updatedCSR.Status.Certificate, key) - if err == nil { - // cleanup the approved csr - delOpts := &types.DeleteOptions{TypeMeta: types.TypeMeta{Kind: "CertificateSigningRequest"}} - return rcc.kubeCli.CertificatesV1beta1().CertificateSigningRequests().Delete(csrName, delOpts) - } - return err - } - continue - } - } -} - -func (rcc *realCertControl) getCSR(ns string, instance string, csrName string) (*capi.CertificateSigningRequest, error) { - csr, err := rcc.csrLister.Get(csrName) - if err != nil && apierrors.IsNotFound(err) { - // it's supposed to be not found - return nil, nil - } - if err != nil { - // something else went wrong - return nil, err - } - - labelTemp := label.New() - if csr.Labels[label.NamespaceLabelKey] == ns && - csr.Labels[label.ManagedByLabelKey] == labelTemp[label.ManagedByLabelKey] && - csr.Labels[label.InstanceLabelKey] == instance { - return csr, nil - } - return nil, fmt.Errorf("CSR %s/%s already exist, but not created by tidb-operator, skip it", ns, csrName) -} - -func (rcc *realCertControl) sendCSR(or metav1.OwnerReference, ns, instance string, rawCSR []byte, csrName string) (*capi.CertificateSigningRequest, error) { - var csr *capi.CertificateSigningRequest - - // check for exist CSR, overwrite if it was created by operator, otherwise block the process - csr, err := rcc.getCSR(ns, instance, csrName) - if err != nil { - return nil, fmt.Errorf("failed to create CSR for [%s/%s]: %s, error: %v", ns, instance, csrName, err) - } - - if csr != nil { - klog.Infof("found exist CSR %s/%s created by tidb-operator, overwriting", ns, csrName) - delOpts := &types.DeleteOptions{TypeMeta: types.TypeMeta{Kind: "CertificateSigningRequest"}} - err := rcc.kubeCli.CertificatesV1beta1().CertificateSigningRequests().Delete(csrName, delOpts) - if err != nil { - return nil, fmt.Errorf("failed to delete exist old CSR for [%s/%s]: %s, error: %v", ns, instance, csrName, err) - } - klog.Infof("exist old CSR deleted for [%s/%s]: %s", ns, instance, csrName) - return rcc.sendCSR(or, ns, instance, rawCSR, csrName) - } - - csrLabels := label.New().Instance(instance).Labels() - csr = &capi.CertificateSigningRequest{ - TypeMeta: types.TypeMeta{Kind: "CertificateSigningRequest"}, - ObjectMeta: types.ObjectMeta{ - Name: csrName, - Labels: csrLabels, - OwnerReferences: []metav1.OwnerReference{or}, - }, - Spec: capi.CertificateSigningRequestSpec{ - Request: pem.EncodeToMemory(&pem.Block{ - Type: "CERTIFICATE REQUEST", - Headers: nil, - Bytes: rawCSR, - }), - Usages: []capi.KeyUsage{ - capi.UsageClientAuth, - capi.UsageServerAuth, - }, - }, - } - - resp, err := rcc.kubeCli.CertificatesV1beta1().CertificateSigningRequests().Create(csr) - if err != nil { - return resp, fmt.Errorf("failed to create CSR for [%s/%s]: %s, error: %v", ns, instance, csrName, err) - } - klog.Infof("CSR created for [%s/%s]: %s", ns, instance, csrName) - return resp, nil -} - -func (rcc *realCertControl) approveCSR(csr *capi.CertificateSigningRequest) error { - csr.Status.Conditions = append(csr.Status.Conditions, capi.CertificateSigningRequestCondition{ - Type: capi.CertificateApproved, - Reason: "AutoApproved", - Message: "Auto approved by TiDB Operator", - }) - - _, err := rcc.kubeCli.CertificatesV1beta1().CertificateSigningRequests().UpdateApproval(csr) - if err != nil { - return fmt.Errorf("error updating approval for csr: %v", err) - } - return nil -} - -/* -func (rcc *realCertControl) RevokeCert() error { - return nil -} -*/ -/* -func (rcc *realCertControl) RenewCert() error { - return nil -} -*/ - -func (rcc *realCertControl) CheckSecret(ns string, secretName string) bool { - return rcc.secControl.Check(ns, secretName) -} - -var _ CertControlInterface = &realCertControl{} - -type FakeCertControl struct { - realCertControl -} - -func NewFakeCertControl( - kubeCli kubernetes.Interface, - csrLister certlisters.CertificateSigningRequestLister, - secControl SecretControlInterface, -) CertControlInterface { - return &realCertControl{ - kubeCli: kubeCli, - csrLister: csrLister, - secControl: secControl, - } -} diff --git a/pkg/controller/secret_control.go b/pkg/controller/secret_control.go index 4b443574bba..ebe4db61559 100644 --- a/pkg/controller/secret_control.go +++ b/pkg/controller/secret_control.go @@ -17,21 +17,16 @@ import ( "crypto/tls" "crypto/x509" "encoding/pem" - "fmt" - "github.com/pingcap/tidb-operator/pkg/label" certutil "github.com/pingcap/tidb-operator/pkg/util/crypto" - corev1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/klog" ) // SecretControlInterface manages certificates used by TiDB clusters type SecretControlInterface interface { - Create(or metav1.OwnerReference, certOpts *TiDBClusterCertOptions, cert []byte, key []byte) error Load(ns string, secretName string) ([]byte, []byte, error) Check(ns string, secretName string) bool } @@ -49,32 +44,6 @@ func NewRealSecretControl( } } -func (rsc *realSecretControl) Create(or metav1.OwnerReference, certOpts *TiDBClusterCertOptions, cert []byte, key []byte) error { - secretName := fmt.Sprintf("%s-%s", certOpts.Instance, certOpts.Suffix) - - secretLabel := label.New().Instance(certOpts.Instance). - Component(certOpts.Component).Labels() - - secret := &corev1.Secret{ - ObjectMeta: types.ObjectMeta{ - Name: secretName, - Labels: secretLabel, - OwnerReferences: []metav1.OwnerReference{or}, - }, - Data: map[string][]byte{ - v1.TLSCertKey: cert, - v1.TLSPrivateKeyKey: key, - }, - Type: v1.SecretTypeTLS, - } - - _, err := rsc.kubeCli.CoreV1().Secrets(certOpts.Namespace).Create(secret) - if err == nil { - klog.Infof("save cert to secret %s/%s", certOpts.Namespace, secretName) - } - return err -} - // Load loads cert and key from Secret matching the name func (rsc *realSecretControl) Load(ns string, secretName string) ([]byte, []byte, error) { secret, err := rsc.kubeCli.CoreV1().Secrets(ns).Get(secretName, metav1.GetOptions{}) diff --git a/pkg/controller/tidbcluster/tidb_cluster_controller.go b/pkg/controller/tidbcluster/tidb_cluster_controller.go index d66aba0ee7e..a9f38154989 100644 --- a/pkg/controller/tidbcluster/tidb_cluster_controller.go +++ b/pkg/controller/tidbcluster/tidb_cluster_controller.go @@ -91,7 +91,6 @@ func NewController( pvInformer := kubeInformerFactory.Core().V1().PersistentVolumes() podInformer := kubeInformerFactory.Core().V1().Pods() nodeInformer := kubeInformerFactory.Core().V1().Nodes() - csrInformer := kubeInformerFactory.Certificates().V1beta1().CertificateSigningRequests() tcControl := controller.NewRealTidbClusterControl(cli, tcInformer.Lister(), recorder) pdControl := pdapi.NewDefaultPDControl(kubeCli) @@ -102,8 +101,6 @@ func NewController( pvControl := controller.NewRealPVControl(kubeCli, pvcInformer.Lister(), pvInformer.Lister(), recorder) pvcControl := controller.NewRealPVCControl(kubeCli, recorder, pvcInformer.Lister()) podControl := controller.NewRealPodControl(kubeCli, pdControl, podInformer.Lister(), recorder) - secControl := controller.NewRealSecretControl(kubeCli) - certControl := controller.NewRealCertControl(kubeCli, csrInformer.Lister(), secControl) typedControl := controller.NewTypedControl(controller.NewRealGenericControl(genericCli, recorder)) pdScaler := mm.NewPDScaler(pdControl, pvcInformer.Lister(), pvcControl) tikvScaler := mm.NewTiKVScaler(pdControl, pvcInformer.Lister(), pvcControl, podInformer.Lister()) @@ -128,7 +125,6 @@ func NewController( setControl, svcControl, podControl, - certControl, typedControl, setInformer.Lister(), svcInformer.Lister(), @@ -144,7 +140,6 @@ func NewController( pdControl, setControl, svcControl, - certControl, typedControl, setInformer.Lister(), svcInformer.Lister(), @@ -159,7 +154,6 @@ func NewController( setControl, svcControl, tidbControl, - certControl, typedControl, setInformer.Lister(), svcInformer.Lister(), @@ -196,7 +190,6 @@ func NewController( pvControl, ), mm.NewPumpMemberManager( - certControl, setControl, svcControl, typedControl, @@ -209,7 +202,6 @@ func NewController( pdControl, setControl, svcControl, - certControl, typedControl, setInformer.Lister(), svcInformer.Lister(), diff --git a/pkg/discovery/discovery.go b/pkg/discovery/discovery.go index d8e888a9512..f8f6c21ab7f 100644 --- a/pkg/discovery/discovery.go +++ b/pkg/discovery/discovery.go @@ -21,7 +21,6 @@ import ( "github.com/pingcap/tidb-operator/pkg/apis/pingcap/v1alpha1" "github.com/pingcap/tidb-operator/pkg/client/clientset/versioned" - "github.com/pingcap/tidb-operator/pkg/controller" "github.com/pingcap/tidb-operator/pkg/pdapi" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" @@ -34,12 +33,11 @@ type TiDBDiscovery interface { } type tidbDiscovery struct { - cli versioned.Interface - certControl controller.CertControlInterface - lock sync.Mutex - clusters map[string]*clusterInfo - tcGetFn func(ns, tcName string) (*v1alpha1.TidbCluster, error) - pdControl pdapi.PDControlInterface + cli versioned.Interface + lock sync.Mutex + clusters map[string]*clusterInfo + tcGetFn func(ns, tcName string) (*v1alpha1.TidbCluster, error) + pdControl pdapi.PDControlInterface } type clusterInfo struct { diff --git a/pkg/manager/member/pd_member_manager.go b/pkg/manager/member/pd_member_manager.go index f692ecdcbed..d45ccb1e1f7 100644 --- a/pkg/manager/member/pd_member_manager.go +++ b/pkg/manager/member/pd_member_manager.go @@ -47,7 +47,6 @@ type pdMemberManager struct { setControl controller.StatefulSetControlInterface svcControl controller.ServiceControlInterface podControl controller.PodControlInterface - certControl controller.CertControlInterface typedControl controller.TypedControlInterface setLister v1.StatefulSetLister svcLister corelisters.ServiceLister @@ -65,7 +64,6 @@ func NewPDMemberManager(pdControl pdapi.PDControlInterface, setControl controller.StatefulSetControlInterface, svcControl controller.ServiceControlInterface, podControl controller.PodControlInterface, - certControl controller.CertControlInterface, typedControl controller.TypedControlInterface, setLister v1.StatefulSetLister, svcLister corelisters.ServiceLister, @@ -81,7 +79,6 @@ func NewPDMemberManager(pdControl pdapi.PDControlInterface, setControl, svcControl, podControl, - certControl, typedControl, setLister, svcLister, diff --git a/pkg/manager/member/pd_member_manager_test.go b/pkg/manager/member/pd_member_manager_test.go index b2d5dc46f72..b43ed5bab08 100644 --- a/pkg/manager/member/pd_member_manager_test.go +++ b/pkg/manager/member/pd_member_manager_test.go @@ -746,13 +746,10 @@ func newFakePDMemberManager() (*pdMemberManager, *controller.FakeStatefulSetCont epsInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().Endpoints() pvcInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().PersistentVolumeClaims() tcInformer := informers.NewSharedInformerFactory(cli, 0).Pingcap().V1alpha1().TidbClusters() - csrInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Certificates().V1beta1().CertificateSigningRequests() setControl := controller.NewFakeStatefulSetControl(setInformer, tcInformer) svcControl := controller.NewFakeServiceControl(svcInformer, epsInformer, tcInformer) podControl := controller.NewFakePodControl(podInformer) pdControl := pdapi.NewFakePDControl(kubeCli) - secControl := controller.NewFakeSecretControl(kubeCli) - certControl := controller.NewFakeCertControl(kubeCli, csrInformer.Lister(), secControl) pdScaler := NewFakePDScaler() autoFailover := true pdFailover := NewFakePDFailover() @@ -764,7 +761,6 @@ func newFakePDMemberManager() (*pdMemberManager, *controller.FakeStatefulSetCont setControl, svcControl, podControl, - certControl, controller.NewTypedControl(genericControll), setInformer.Lister(), svcInformer.Lister(), diff --git a/pkg/manager/member/pump_member_manager.go b/pkg/manager/member/pump_member_manager.go index ef4eaaa8358..2afd319947b 100644 --- a/pkg/manager/member/pump_member_manager.go +++ b/pkg/manager/member/pump_member_manager.go @@ -41,7 +41,6 @@ const ( ) type pumpMemberManager struct { - certControl controller.CertControlInterface setControl controller.StatefulSetControlInterface svcControl controller.ServiceControlInterface typedControl controller.TypedControlInterface @@ -53,7 +52,6 @@ type pumpMemberManager struct { // NewPumpMemberManager returns a controller to reconcile pump clusters func NewPumpMemberManager( - certControl controller.CertControlInterface, setControl controller.StatefulSetControlInterface, svcControl controller.ServiceControlInterface, typedControl controller.TypedControlInterface, @@ -62,7 +60,6 @@ func NewPumpMemberManager( svcLister corelisters.ServiceLister, podLister corelisters.PodLister) manager.Manager { return &pumpMemberManager{ - certControl, setControl, svcControl, typedControl, diff --git a/pkg/manager/member/pump_member_manager_test.go b/pkg/manager/member/pump_member_manager_test.go index 69b73ee6e45..a2401191f25 100644 --- a/pkg/manager/member/pump_member_manager_test.go +++ b/pkg/manager/member/pump_member_manager_test.go @@ -441,18 +441,14 @@ func newFakePumpMemberManager() (*pumpMemberManager, *pumpFakeControls, *pumpFak setInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Apps().V1().StatefulSets() tcInformer := informers.NewSharedInformerFactory(cli, 0).Pingcap().V1alpha1().TidbClusters() svcInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().Services() - csrInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Certificates().V1beta1().CertificateSigningRequests() epsInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().Endpoints() cmInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().ConfigMaps() podInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().Pods() setControl := controller.NewFakeStatefulSetControl(setInformer, tcInformer) - secControl := controller.NewFakeSecretControl(kubeCli) - certControl := controller.NewFakeCertControl(kubeCli, csrInformer.Lister(), secControl) svcControl := controller.NewFakeServiceControl(svcInformer, epsInformer, tcInformer) cmControl := controller.NewFakeConfigMapControl(cmInformer) genericControl := controller.NewFakeGenericControl() pmm := &pumpMemberManager{ - certControl, setControl, svcControl, controller.NewTypedControl(genericControl), diff --git a/pkg/manager/member/tidb_member_manager.go b/pkg/manager/member/tidb_member_manager.go index fc74272f13f..97b8647a066 100644 --- a/pkg/manager/member/tidb_member_manager.go +++ b/pkg/manager/member/tidb_member_manager.go @@ -59,7 +59,6 @@ type tidbMemberManager struct { svcControl controller.ServiceControlInterface tidbControl controller.TiDBControlInterface typedControl controller.TypedControlInterface - certControl controller.CertControlInterface setLister v1.StatefulSetLister svcLister corelisters.ServiceLister podLister corelisters.PodLister @@ -74,7 +73,6 @@ type tidbMemberManager struct { func NewTiDBMemberManager(setControl controller.StatefulSetControlInterface, svcControl controller.ServiceControlInterface, tidbControl controller.TiDBControlInterface, - certControl controller.CertControlInterface, typedControl controller.TypedControlInterface, setLister v1.StatefulSetLister, svcLister corelisters.ServiceLister, @@ -87,7 +85,6 @@ func NewTiDBMemberManager(setControl controller.StatefulSetControlInterface, svcControl: svcControl, tidbControl: tidbControl, typedControl: typedControl, - certControl: certControl, setLister: setLister, svcLister: svcLister, podLister: podLister, diff --git a/pkg/manager/member/tidb_member_manager_test.go b/pkg/manager/member/tidb_member_manager_test.go index ba01f3db383..5f62c8d4cce 100644 --- a/pkg/manager/member/tidb_member_manager_test.go +++ b/pkg/manager/member/tidb_member_manager_test.go @@ -754,7 +754,6 @@ type fakeIndexers struct { tc cache.Indexer svc cache.Indexer eps cache.Indexer - csr cache.Indexer secret cache.Indexer set cache.Indexer } @@ -767,13 +766,10 @@ func newFakeTiDBMemberManager() (*tidbMemberManager, *controller.FakeStatefulSet svcInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().Services() epsInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().Endpoints() podInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().Pods() - csrInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Certificates().V1beta1().CertificateSigningRequests() secretInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().Secrets() cmInformer := kubeinformers.NewSharedInformerFactory(kubeCli, 0).Core().V1().ConfigMaps() setControl := controller.NewFakeStatefulSetControl(setInformer, tcInformer) svcControl := controller.NewFakeServiceControl(svcInformer, epsInformer, tcInformer) - secControl := controller.NewFakeSecretControl(kubeCli) - certControl := controller.NewFakeCertControl(kubeCli, csrInformer.Lister(), secControl) genericControl := controller.NewFakeGenericControl() tidbUpgrader := NewFakeTiDBUpgrader() tidbFailover := NewFakeTiDBFailover() @@ -784,7 +780,6 @@ func newFakeTiDBMemberManager() (*tidbMemberManager, *controller.FakeStatefulSet svcControl, tidbControl, controller.NewTypedControl(genericControl), - certControl, setInformer.Lister(), svcInformer.Lister(), podInformer.Lister(), @@ -799,7 +794,6 @@ func newFakeTiDBMemberManager() (*tidbMemberManager, *controller.FakeStatefulSet tc: tcInformer.Informer().GetIndexer(), svc: svcInformer.Informer().GetIndexer(), eps: epsInformer.Informer().GetIndexer(), - csr: csrInformer.Informer().GetIndexer(), secret: secretInformer.Informer().GetIndexer(), set: setInformer.Informer().GetIndexer(), } diff --git a/pkg/manager/member/tiflash_member_manager.go b/pkg/manager/member/tiflash_member_manager.go index f7a57e12ec9..a3ce2b94333 100644 --- a/pkg/manager/member/tiflash_member_manager.go +++ b/pkg/manager/member/tiflash_member_manager.go @@ -50,7 +50,6 @@ type tiflashMemberManager struct { setControl controller.StatefulSetControlInterface svcControl controller.ServiceControlInterface pdControl pdapi.PDControlInterface - certControl controller.CertControlInterface typedControl controller.TypedControlInterface setLister v1.StatefulSetLister svcLister corelisters.ServiceLister @@ -68,7 +67,6 @@ func NewTiFlashMemberManager( pdControl pdapi.PDControlInterface, setControl controller.StatefulSetControlInterface, svcControl controller.ServiceControlInterface, - certControl controller.CertControlInterface, typedControl controller.TypedControlInterface, setLister v1.StatefulSetLister, svcLister corelisters.ServiceLister, @@ -84,7 +82,6 @@ func NewTiFlashMemberManager( nodeLister: nodeLister, setControl: setControl, svcControl: svcControl, - certControl: certControl, typedControl: typedControl, setLister: setLister, svcLister: svcLister, diff --git a/pkg/manager/member/tikv_member_manager.go b/pkg/manager/member/tikv_member_manager.go index 39d1146729f..76b0c5ec30a 100644 --- a/pkg/manager/member/tikv_member_manager.go +++ b/pkg/manager/member/tikv_member_manager.go @@ -51,7 +51,6 @@ type tikvMemberManager struct { setControl controller.StatefulSetControlInterface svcControl controller.ServiceControlInterface pdControl pdapi.PDControlInterface - certControl controller.CertControlInterface typedControl controller.TypedControlInterface setLister v1.StatefulSetLister svcLister corelisters.ServiceLister @@ -69,7 +68,6 @@ func NewTiKVMemberManager( pdControl pdapi.PDControlInterface, setControl controller.StatefulSetControlInterface, svcControl controller.ServiceControlInterface, - certControl controller.CertControlInterface, typedControl controller.TypedControlInterface, setLister v1.StatefulSetLister, svcLister corelisters.ServiceLister, @@ -85,7 +83,6 @@ func NewTiKVMemberManager( nodeLister: nodeLister, setControl: setControl, svcControl: svcControl, - certControl: certControl, typedControl: typedControl, setLister: setLister, svcLister: svcLister,