From 51d67a1b1b510ee8d451aa43ea70d7aa0b9dfe5f Mon Sep 17 00:00:00 2001 From: leonarliu Date: Mon, 28 Sep 2020 16:14:51 +0800 Subject: [PATCH] fix(auth): ha not work for auth webhook --- api/platform/v1/cluster.go | 14 +++++++++++++- cmd/tke-installer/app/installer/installer.go | 14 +++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/api/platform/v1/cluster.go b/api/platform/v1/cluster.go index 11872fc4f..85d831f8a 100644 --- a/api/platform/v1/cluster.go +++ b/api/platform/v1/cluster.go @@ -180,6 +180,18 @@ func (in *Cluster) AuthzWebhookBuiltinEndpoint() (string, bool) { return "", false } - return utilhttp.MakeEndpoint("https", in.Spec.Machines[0].IP, + endPointHost := in.Spec.Machines[0].IP + + // use VIP in HA situation + if in.Spec.Features.HA != nil { + if in.Spec.Features.HA.TKEHA != nil { + endPointHost = in.Spec.Features.HA.TKEHA.VIP + } + if in.Spec.Features.HA.ThirdPartyHA != nil { + endPointHost = in.Spec.Features.HA.ThirdPartyHA.VIP + } + } + + return utilhttp.MakeEndpoint("https", endPointHost, constants.AuthzWebhookNodePort, "/auth/authz"), true } diff --git a/cmd/tke-installer/app/installer/installer.go b/cmd/tke-installer/app/installer/installer.go index 228e86abc..b56e35a8b 100644 --- a/cmd/tke-installer/app/installer/installer.go +++ b/cmd/tke-installer/app/installer/installer.go @@ -1328,7 +1328,19 @@ func (t *TKE) prepareCertificates(ctx context.Context) error { } func (t *TKE) authzWebhookBuiltinEndpoint() string { - return utilhttp.MakeEndpoint("https", t.Para.Cluster.Spec.Machines[0].IP, + endPointHost := t.Para.Cluster.Spec.Machines[0].IP + + // use VIP in HA situation + if t.Para.Cluster.Spec.Features.HA != nil { + if t.Para.Cluster.Spec.Features.HA.TKEHA != nil { + endPointHost = t.Para.Cluster.Spec.Features.HA.TKEHA.VIP + } + if t.Para.Cluster.Spec.Features.HA.ThirdPartyHA != nil { + endPointHost = t.Para.Cluster.Spec.Features.HA.ThirdPartyHA.VIP + } + } + + return utilhttp.MakeEndpoint("https", endPointHost, constants.AuthzWebhookNodePort, "/auth/authz") }