chore: helm chart support scheduler webhook cert-manager #951
Conversation
Signed-off-by: 王然 <ranwang@alauda.io>
Signed-off-by: 王然 <ranwang@alauda.io>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Flags with carried forward coverage won't be shown. Click here to find out more. see 10 files with indirect coverage changes 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for using cert-manager to generate TLS certificates for the HAMi scheduler webhook while preserving the existing kube-webhook-certgen option.
- Added Helm chart templates (Certificate and Issuer) for cert-manager support.
- Updated the webhook configuration and documentation to include cert-manager based TLS certificate generation.
- Updated conditional logic in job-patch related resources to only render when patch mode is enabled and cert-manager is disabled.
Reviewed Changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| charts/hami/templates/scheduler/certmanager.yaml | Adds cert-manager Certificate and Issuer resources conditional on certManager.enabled. |
| charts/hami/templates/scheduler/webhook.yaml | Conditionally injects annotations for cert-manager CA injection. |
| docs/config.md, docs/config_cn.md | Updates configuration docs to document cert-manager TLS certificate options. |
| charts/hami/values.yaml | Introduces scheduler.certManager.enabled flag and adjusts patch configuration. |
| charts/hami/templates/scheduler/job-patch/* | Wraps various job-patch resources with conditional logic to disable them when cert-manager is enabled. |
| @@ -24,3 +25,4 @@ rules: | |||
| resourceNames: | |||
| - {{ include "hami-vgpu.fullname" . }}-admission | |||
| {{- end }} | |||
There was a problem hiding this comment.
An extra closing template directive is present. Remove the redundant '{{- end }}' at line 28 to properly close the single if block opened at line 1.
| {{- end }} |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
What type of PR is this?
/kind feature
What this PR does / why we need it:
cert-manager streamlines and automates TLS certificate management in Kubernetes, enhancing security and reducing operational complexity for webhook authentication.
Does this PR introduce a user-facing change?:
No.