Skip to content

Commit

Permalink
Merge pull request #532 from redhatrises/fix_714
Browse files Browse the repository at this point in the history 
fix(admission): version 7.14 of admission controller requires webhook to exist before the service can start
  • Loading branch information
@redhatrises
redhatrises authored May 1, 2024
2 parents fcb9706 + f30e751 commit 1bc7ae9
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 5 deletions.
10 changes: 5 additions & 5 deletions internal/controller/admission/falconadmission_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,11 @@ func (r *FalconAdmissionReconciler) Reconcile(ctx context.Context, req ctrl.Requ
return ctrl.Result{}, err
}

webhookUpdated, err := r.reconcileAdmissionValidatingWebHook(ctx, req, log, falconAdmission, admissionTLSSecret.Data["ca.crt"])
if err != nil {
return ctrl.Result{}, err
}

err = r.reconcileAdmissionDeployment(ctx, req, log, falconAdmission)
if err != nil {
return ctrl.Result{}, err
Expand All @@ -252,11 +257,6 @@ func (r *FalconAdmissionReconciler) Reconcile(ctx context.Context, req ctrl.Requ
return ctrl.Result{RequeueAfter: 5 * time.Second}, nil
}

webhookUpdated, err := r.reconcileAdmissionValidatingWebHook(ctx, req, log, falconAdmission, admissionTLSSecret.Data["ca.crt"])
if err != nil {
return ctrl.Result{}, err
}

if configUpdated || serviceUpdated || webhookUpdated {
err = r.admissionDeploymentUpdate(ctx, req, log, falconAdmission)
if err != nil {
Expand Down
7 changes: 7 additions & 0 deletions internal/controller/assets/validatingwebhook.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package assets

import (
"github.com/crowdstrike/falcon-operator/pkg/common"
"golang.org/x/exp/maps"
arv1 "k8s.io/api/admissionregistration/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
Expand All @@ -17,6 +18,12 @@ func ValidatingWebhook(name string, namespace string, webhookName string, caBund
scope := arv1.AllScopes
admissionOperatorValues := []string{"disabled"}
labels := common.CRLabels("validatingwebhook", name, common.FalconAdmissionController)
helmLabels := map[string]string{
"app": "falcon-kac",
"app.kubernetes.io/name": "falcon-kac",
"app.kubernetes.io/component": "kac",
}
maps.Copy(labels, helmLabels)

return &arv1.ValidatingWebhookConfiguration{
TypeMeta: metav1.TypeMeta{
Expand Down
7 changes: 7 additions & 0 deletions internal/controller/assets/validatingwebhook_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (

"github.com/crowdstrike/falcon-operator/pkg/common"
"github.com/google/go-cmp/cmp"
"golang.org/x/exp/maps"
arv1 "k8s.io/api/admissionregistration/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
Expand All @@ -30,6 +31,12 @@ func testValidatingWebhook(name string, namespace string, webhookName string, ca
scope := arv1.AllScopes
admissionOperatorValues := []string{"disabled"}
labels := common.CRLabels("validatingwebhook", name, common.FalconAdmissionController)
helmLabels := map[string]string{
"app": "falcon-kac",
"app.kubernetes.io/name": "falcon-kac",
"app.kubernetes.io/component": "kac",
}
maps.Copy(labels, helmLabels)

return &arv1.ValidatingWebhookConfiguration{
TypeMeta: metav1.TypeMeta{
Expand Down

0 comments on commit 1bc7ae9

Please sign in to comment.