chore: helm chart support scheduler webhook cert-manager#951
Merged
Conversation
Signed-off-by: 王然 <ranwang@alauda.io>
Signed-off-by: 王然 <ranwang@alauda.io>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Flags with carried forward coverage won't be shown. Click here to find out more. see 10 files with indirect coverage changes 🚀 New features to boost your workflow:
|
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for using cert-manager to generate TLS certificates for the HAMi scheduler webhook while preserving the existing kube-webhook-certgen option.
- Added Helm chart templates (Certificate and Issuer) for cert-manager support.
- Updated the webhook configuration and documentation to include cert-manager based TLS certificate generation.
- Updated conditional logic in job-patch related resources to only render when patch mode is enabled and cert-manager is disabled.
Reviewed Changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| charts/hami/templates/scheduler/certmanager.yaml | Adds cert-manager Certificate and Issuer resources conditional on certManager.enabled. |
| charts/hami/templates/scheduler/webhook.yaml | Conditionally injects annotations for cert-manager CA injection. |
| docs/config.md, docs/config_cn.md | Updates configuration docs to document cert-manager TLS certificate options. |
| charts/hami/values.yaml | Introduces scheduler.certManager.enabled flag and adjusts patch configuration. |
| charts/hami/templates/scheduler/job-patch/* | Wraps various job-patch resources with conditional logic to disable them when cert-manager is enabled. |
| @@ -24,3 +25,4 @@ rules: | |||
| resourceNames: | |||
| - {{ include "hami-vgpu.fullname" . }}-admission | |||
| {{- end }} | |||
There was a problem hiding this comment.
An extra closing template directive is present. Remove the redundant '{{- end }}' at line 28 to properly close the single if block opened at line 1.
Suggested change
| {{- end }} |
Member
|
/lgtm |
imgbot Bot
pushed a commit
to haitwang-cloud/HAMi
that referenced
this pull request
Jun 3, 2026
…i#951) * chore: helm chart support scheduler webhook cert-manager Signed-off-by: 王然 <ranwang@alauda.io> * docs: add Webhook TLS Certificate Configs Signed-off-by: 王然 <ranwang@alauda.io> --------- Signed-off-by: 王然 <ranwang@alauda.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind feature
What this PR does / why we need it:
cert-manager streamlines and automates TLS certificate management in Kubernetes, enhancing security and reducing operational complexity for webhook authentication.
Does this PR introduce a user-facing change?:
No.