add webhook

pkg/k8s/k8s.go

@@ -9,23 +9,29 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/manager/signals"
 )
 
+var log = ctrl.Log.WithName("k8s")
+
 type Config struct {
 	ctrl.Options
-	PProf bool
+	PProf       bool
+	WebhookName string
+	CaKey       types.NamespacedName
 }
 
 type Manager struct {
 	mgr ctrl.Manager
 }
 
-func NewManager(conf Config) (*Manager, error) {
+func NewManager(conf Config, setupFinished chan struct{}) (*Manager, error) {
 	restConfig, err := config.GetConfig()
 	if err != nil {
 		return nil, err
@@ -52,6 +58,25 @@ func NewManager(conf Config) (*Manager, error) {
 		mgr.AddMetricsExtraHandler("/debug/pprof/trace", http.HandlerFunc(pprof.Trace))
 	}
 
+	if conf.CertDir != "" {
+		// Make sure certs are generated and valid if cert rotation is enabled.
+		cr := &CertRotator{
+			CaKey:   conf.CaKey,
+			CertDir: conf.CertDir,
+			DNSName: fmt.Sprintf("%s.%s.svc", conf.WebhookName, conf.CaKey.Namespace),
+			IsReady: setupFinished,
+			Webhooks: []WebhookInfo{
+				{
+					Name: "monitor-mutating-webhook-configuration",
+					Type: Mutating,
+				},
+			},
+		}
+		if err = AddRotator(mgr, cr); err != nil {
+			return nil, err
+		}
+	}
+
 	return &Manager{mgr: mgr}, nil
 }
 
@@ -63,8 +88,8 @@ func (s *Manager) Setup(f func(manager.Manager) error) error {
 	return f(s.mgr)
 }
 
-func (s *Manager) WebHook(obj runtime.Object) error {
-	return ctrl.NewWebhookManagedBy(s.mgr).For(obj).Complete()
+func (s *Manager) WebHook(obj runtime.Object) *builder.WebhookBuilder {
+	return ctrl.NewWebhookManagedBy(s.mgr).For(obj)
 }
 
 func (s *Manager) Start() error {