From 2d7a584c9af3915986d3f97b1c3760e16e07a622 Mon Sep 17 00:00:00 2001
From: Sebastian Sch <sebassch@gmail.com>
Date: Mon, 1 Jul 2019 20:01:34 +0300
Subject: [PATCH] Change Cert to file system mode

This PR change the cert creation mode from secret to file system.

This way the pod will not make a restart in the first time.
---
 config/default/kustomization.yaml   |  7 -------
 config/default/manager/manager.yaml | 17 -----------------
 config/release/kubemacpool.yaml     | 17 -----------------
 config/test/kubemacpool.yaml        | 17 -----------------
 pkg/webhook/webhook.go              |  5 -----
 5 files changed, 63 deletions(-)

diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index 802f618af..1ea6b9d35 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -38,12 +38,5 @@ resources:
   # manager_prometheus_metrics_patch.yaml should be enabled.
 #- manager_prometheus_metrics_patch.yaml
 
-vars:
-- fieldref: {}
-  name: WEBHOOK_SECRET_NAME
-  objref:
-    apiVersion: v1
-    kind: Secret
-    name: webhook-secret
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
diff --git a/config/default/manager/manager.yaml b/config/default/manager/manager.yaml
index ca81d93f0..3ea729446 100644
--- a/config/default/manager/manager.yaml
+++ b/config/default/manager/manager.yaml
@@ -53,8 +53,6 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-          - name: SECRET_NAME
-            value: $(WEBHOOK_SECRET_NAME)
           - name: RANGE_START
             valueFrom:
               configMapKeyRef:
@@ -76,19 +74,4 @@ spec:
         - containerPort: 9876
           name: webhook-server
           protocol: TCP
-        volumeMounts:
-        - mountPath: /tmp/cert
-          name: cert
-          readOnly: true
       terminationGracePeriodSeconds: 5
-      volumes:
-      - name: cert
-        secret:
-          defaultMode: 420
-          secretName: webhook-secret
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: webhook-secret
-  namespace: system
diff --git a/config/release/kubemacpool.yaml b/config/release/kubemacpool.yaml
index 92ec98ba1..40128bfdc 100644
--- a/config/release/kubemacpool.yaml
+++ b/config/release/kubemacpool.yaml
@@ -137,12 +137,6 @@ metadata:
   name: kubemacpool-mac-range-config
   namespace: kubemacpool-system
 ---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: kubemacpool-webhook-secret
-  namespace: kubemacpool-system
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -173,8 +167,6 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        - name: SECRET_NAME
-          value: kubemacpool-webhook-secret
         - name: RANGE_START
           valueFrom:
             configMapKeyRef:
@@ -199,14 +191,5 @@ spec:
           requests:
             cpu: 500m
             memory: 500Mi
-        volumeMounts:
-        - mountPath: /tmp/cert
-          name: cert
-          readOnly: true
       restartPolicy: Always
       terminationGracePeriodSeconds: 5
-      volumes:
-      - name: cert
-        secret:
-          defaultMode: 420
-          secretName: kubemacpool-webhook-secret
diff --git a/config/test/kubemacpool.yaml b/config/test/kubemacpool.yaml
index 547925986..a1e168b05 100644
--- a/config/test/kubemacpool.yaml
+++ b/config/test/kubemacpool.yaml
@@ -137,12 +137,6 @@ metadata:
   name: kubemacpool-mac-range-config
   namespace: kubemacpool-system
 ---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: kubemacpool-webhook-secret
-  namespace: kubemacpool-system
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -173,8 +167,6 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        - name: SECRET_NAME
-          value: kubemacpool-webhook-secret
         - name: RANGE_START
           valueFrom:
             configMapKeyRef:
@@ -199,14 +191,5 @@ spec:
           requests:
             cpu: 500m
             memory: 500Mi
-        volumeMounts:
-        - mountPath: /tmp/cert
-          name: cert
-          readOnly: true
       restartPolicy: Always
       terminationGracePeriodSeconds: 5
-      volumes:
-      - name: cert
-        secret:
-          defaultMode: 420
-          secretName: kubemacpool-webhook-secret
diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go
index b91f12204..509f40c9a 100644
--- a/pkg/webhook/webhook.go
+++ b/pkg/webhook/webhook.go
@@ -22,7 +22,6 @@ import (
 	admissionregistration "k8s.io/api/admissionregistration/v1beta1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	apitypes "k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes"
 
 	"sigs.k8s.io/controller-runtime/pkg/manager"
@@ -51,10 +50,6 @@ func AddToManager(mgr manager.Manager, poolManager *pool_manager.PoolManager) er
 		Port:    8000,
 		BootstrapOptions: &runtimewebhook.BootstrapOptions{
 			MutatingWebhookConfigName: "kubemacpool",
-			Secret: &apitypes.NamespacedName{
-				Namespace: "kubemacpool-system",
-				Name:      "kubemacpool-webhook-secret",
-			},
 			Service: &runtimewebhook.Service{
 				Namespace: "kubemacpool-system",
 				Name:      "kubemacpool-service",