Skip to content

Commit

Permalink
fix: optionally disable the webhook server
Browse files Browse the repository at this point in the history
  • Loading branch information
wparr-circle committed Jul 8, 2024
1 parent c4a4a6e commit 12b282e
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 21 deletions.
2 changes: 2 additions & 0 deletions charts/pvc-autoresizer/templates/controller/certificate.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.webhook.pvcMutatingWebhook.enabled }}
{{- if not .Values.webhook.caBundle }}
{{- if not .Values.webhook.certificate.generate }}
{{- if not .Values.webhook.existingCertManagerIssuer }}
Expand Down Expand Up @@ -54,3 +55,4 @@ spec:
- client auth
{{- end }}
{{- end }}
{{- end }}
7 changes: 7 additions & 0 deletions charts/pvc-autoresizer/templates/controller/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ spec:
{{- with .Values.controller.args.additionalArgs -}}
{{ toYaml . | nindent 12 }}
{{- end }}
{{- if not .Values.webhook.pvcMutatingWebhook.enabled }}
- --webhook-enabled=false
{{- end}}
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
{{- with .Values.image.pullPolicy }}
imagePullPolicy: {{ . }}
Expand All @@ -67,9 +70,11 @@ spec:
httpGet:
path: /healthz
port: health
{{- if .Values.webhook.pvcMutatingWebhook.enabled }}
volumeMounts:
- name: certs
mountPath: /certs
{{- end }}
securityContext:
{{- toYaml .Values.controller.securityContext | nindent 12 }}
{{- with .Values.controller.nodeSelector }}
Expand All @@ -80,10 +85,12 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.webhook.pvcMutatingWebhook.enabled }}
volumes:
- name: certs
secret:
defaultMode: 420
secretName: {{ template "pvc-autoresizer.fullname" . }}-controller
{{- end }}
securityContext:
{{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
2 changes: 2 additions & 0 deletions charts/pvc-autoresizer/templates/controller/issuer.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.webhook.pvcMutatingWebhook.enabled }}
{{- if not .Values.webhook.caBundle }}
{{- if not .Values.webhook.existingCertManagerIssuer }}
{{- if not .Values.webhook.certificate.generate }}
Expand Down Expand Up @@ -27,3 +28,4 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- end }}
2 changes: 2 additions & 0 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ var config struct {
skipAnnotation bool
development bool
zapOpts zap.Options
webhookEnabled bool
}

// rootCmd represents the base command when called without any subcommands
Expand Down Expand Up @@ -58,6 +59,7 @@ func init() {
fs.BoolVar(&config.useK8sMetricsApi, "use-k8s-metrics-api", false, "Use Kubernetes metrics API instead of Prometheus")
fs.BoolVar(&config.skipAnnotation, "no-annotation-check", false, "Skip annotation check for StorageClass")
fs.BoolVar(&config.development, "development", false, "Use development logger config")
fs.BoolVar(&config.webhookEnabled, "webhook-enabled", true, "Enable the webhook endpoint")

goflags := flag.NewFlagSet("zap", flag.ExitOnError)
config.zapOpts.BindFlags(goflags)
Expand Down
51 changes: 30 additions & 21 deletions cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,15 +40,24 @@ func subMain() error {
}
ctrl.SetLogger(zap.New(zap.UseFlagOptions(&config.zapOpts)))

hookHost, portStr, err := net.SplitHostPort(config.webhookAddr)
if err != nil {
setupLog.Error(err, "invalid webhook addr")
return err
}
hookPort, err := net.LookupPort("tcp", portStr)
if err != nil {
setupLog.Error(err, "invalid webhook port")
return err
var webhookServer webhook.Server
if config.webhookEnabled {
hookHost, portStr, err := net.SplitHostPort(config.webhookAddr)
if err != nil {
setupLog.Error(err, "invalid webhook addr")
return err
}
hookPort, err := net.LookupPort("tcp", portStr)
if err != nil {
setupLog.Error(err, "invalid webhook port")
return err
}

webhookServer = webhook.NewServer(webhook.Options{
Host: hookHost,
Port: hookPort,
CertDir: config.certDir,
})
}

graceTimeout := 10 * time.Second
Expand All @@ -70,12 +79,8 @@ func subMain() error {
}

mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
WebhookServer: webhook.NewServer(webhook.Options{
Host: hookHost,
Port: hookPort,
CertDir: config.certDir,
}),
Scheme: scheme,
WebhookServer: webhookServer,
Metrics: metricsserver.Options{
BindAddress: config.metricsAddr,
},
Expand All @@ -101,8 +106,10 @@ func subMain() error {
if err := mgr.AddReadyzCheck("ping", healthz.Ping); err != nil {
return err
}
if err := mgr.AddReadyzCheck("webhook", mgr.GetWebhookServer().StartedChecker()); err != nil {
return err
if config.webhookEnabled {
if err := mgr.AddReadyzCheck("webhook", mgr.GetWebhookServer().StartedChecker()); err != nil {
return err
}
}

var metricsClient runners.MetricsClient
Expand Down Expand Up @@ -133,10 +140,12 @@ func subMain() error {
return err
}

dec := admission.NewDecoder(scheme)
if err = hooks.SetupPersistentVolumeClaimWebhook(mgr, dec, ctrl.Log.WithName("hooks")); err != nil {
setupLog.Error(err, "unable to create PersistentVolumeClaim webhook")
return err
if config.webhookEnabled {
dec := admission.NewDecoder(scheme)
if err = hooks.SetupPersistentVolumeClaimWebhook(mgr, dec, ctrl.Log.WithName("hooks")); err != nil {
setupLog.Error(err, "unable to create PersistentVolumeClaim webhook")
return err
}
}

//+kubebuilder:scaffold:builder
Expand Down

0 comments on commit 12b282e

Please sign in to comment.