added-all

Signed-off-by: Tamal Saha <[email protected]>
kubeops · Jan 29, 2024 · c2fdc47 · c2fdc47
1 parent 6fcc175
commit c2fdc47
Showing 1 changed file with 59 additions and 1 deletion.
diff --git a/pkg/cmds/webhook.go b/pkg/cmds/webhook.go
@@ -19,18 +19,23 @@ package cmds
 import (
 	"context"
 	"os"
+	"path/filepath"
 
 	appsv1 "kubeops.dev/statefulset/apis/apps/v1"
 
 	"github.com/spf13/cobra"
 	flag "github.com/spf13/pflag"
+	v1 "k8s.io/api/admissionregistration/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/klog/v2/klogr"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 )
@@ -46,6 +51,7 @@ func init() {
 }
 
 func NewCmdWebhook(ctx context.Context) *cobra.Command {
+	certDir := "/var/serving-cert"
 	var metricsAddr string
 	var enableLeaderElection bool
 	var probeAddr string
@@ -69,7 +75,7 @@ func NewCmdWebhook(ctx context.Context) *cobra.Command {
 				HealthProbeBindAddress: probeAddr,
 				WebhookServer: webhook.NewServer(webhook.Options{
 					Port:    9443,
-					CertDir: "/var/serving-cert",
+					CertDir: certDir,
 				}),
 				LeaderElection:   enableLeaderElection,
 				LeaderElectionID: "0b66efc1.k8s.appscode.com",
@@ -104,6 +110,20 @@ func NewCmdWebhook(ctx context.Context) *cobra.Command {
 				os.Exit(1)
 			}
 
+			mgr.Add(manager.RunnableFunc(func(ctx context.Context) error {
+				if mgr.GetCache().WaitForCacheSync(context.TODO()) {
+					if err := updateMutatingWebhookCABundle(mgr, certDir); err != nil {
+						setupLog.Error(err, "unable to update caBundle for MutatingWebhookConfiguration")
+						os.Exit(1)
+					}
+					if err := updateValidatingWebhookCABundle(mgr, certDir); err != nil {
+						setupLog.Error(err, "unable to update caBundle for ValidatingWebhookConfiguration")
+						os.Exit(1)
+					}
+				}
+				return nil
+			}))
+
 			setupLog.Info("starting manager")
 			if err := mgr.Start(ctx); err != nil {
 				setupLog.Error(err, "problem running manager")
@@ -114,3 +134,41 @@ func NewCmdWebhook(ctx context.Context) *cobra.Command {
 
 	return cmd
 }
+
+func updateMutatingWebhookCABundle(mgr ctrl.Manager, certDir string) error {
+	webhook := &v1.MutatingWebhookConfiguration{}
+	err := mgr.GetClient().Get(context.TODO(), types.NamespacedName{
+		Name: "statefulset",
+	}, webhook)
+	if err != nil {
+		return err
+	}
+
+	caBundle, err := os.ReadFile(filepath.Join(certDir, "ca.crt"))
+	if err != nil {
+		return err
+	}
+	for i := range webhook.Webhooks {
+		webhook.Webhooks[i].ClientConfig.CABundle = caBundle
+	}
+	return mgr.GetClient().Update(context.TODO(), webhook, &client.UpdateOptions{})
+}
+
+func updateValidatingWebhookCABundle(mgr ctrl.Manager, certDir string) error {
+	webhook := &v1.ValidatingWebhookConfiguration{}
+	err := mgr.GetClient().Get(context.TODO(), types.NamespacedName{
+		Name: "statefulset",
+	}, webhook)
+	if err != nil {
+		return err
+	}
+
+	caBundle, err := os.ReadFile(filepath.Join(certDir, "ca.crt"))
+	if err != nil {
+		return err
+	}
+	for i := range webhook.Webhooks {
+		webhook.Webhooks[i].ClientConfig.CABundle = caBundle
+	}
+	return mgr.GetClient().Update(context.TODO(), webhook, &client.UpdateOptions{})
+}