add: enable webhook patching with flag

Signed-off-by: krishna sindhur <[email protected]>
kedacore · Dec 1, 2024 · bc4db15 · bc4db15
1 parent b2ce95d
commit bc4db15
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 9 deletions.
diff --git a/cmd/operator/main.go b/cmd/operator/main.go
@@ -86,6 +86,7 @@ func main() {
 	var enableCertRotation bool
 	var validatingWebhookName string
 	var caDirs []string
+	var enableWebhookPatching bool
 	pflag.BoolVar(&enablePrometheusMetrics, "enable-prometheus-metrics", true, "Enable the prometheus metric of keda-operator.")
 	pflag.BoolVar(&enableOpenTelemetryMetrics, "enable-opentelemetry-metrics", false, "Enable the opentelemetry metric of keda-operator.")
 	pflag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the prometheus metric endpoint binds to.")
@@ -108,6 +109,7 @@ func main() {
 	pflag.BoolVar(&enableCertRotation, "enable-cert-rotation", false, "enable automatic generation and rotation of TLS certificates/keys")
 	pflag.StringVar(&validatingWebhookName, "validating-webhook-name", "keda-admission", "ValidatingWebhookConfiguration name. Defaults to keda-admission")
 	pflag.StringArrayVar(&caDirs, "ca-dir", []string{"/custom/ca"}, "Directory with CA certificates for scalers to authenticate TLS connections. Can be specified multiple times. Defaults to /custom/ca")
+	pflag.BoolVar(&enableWebhookPatching, "enable-webhook-patching", true, "Enable patching of webhook resources. Defaults to true.")
 	opts := zap.Options{}
 	opts.BindFlags(flag.CommandLine)
 	pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
@@ -299,6 +301,7 @@ func main() {
 			APIServiceName:        "v1beta1.external.metrics.k8s.io",
 			Logger:                setupLog,
 			Ready:                 certReady,
+			EnableWebhookPatching: enableWebhookPatching,
 		}
 		if err := certManager.AddCertificateRotation(ctx, mgr); err != nil {
 			setupLog.Error(err, "unable to set up cert rotation")

diff --git a/pkg/certificates/certificate_manager.go b/pkg/certificates/certificate_manager.go
@@ -50,19 +50,26 @@ type CertManager struct {
 	APIServiceName        string
 	Logger                logr.Logger
 	Ready                 chan struct{}
+	EnableWebhookPatching bool
 }
 
 // AddCertificateRotation registers all needed services to generate the certificates and patches needed resources with the caBundle
 func (cm CertManager) AddCertificateRotation(ctx context.Context, mgr manager.Manager) error {
-	var rotatorHooks = []rotator.WebhookInfo{
-		{
-			Name: cm.ValidatingWebhookName,
-			Type: rotator.Validating,
-		},
-		{
-			Name: cm.APIServiceName,
-			Type: rotator.APIService,
-		},
+	var rotatorHooks []rotator.WebhookInfo
+
+	if cm.EnableWebhookPatching {
+		rotatorHooks = []rotator.WebhookInfo{
+			{
+				Name: cm.ValidatingWebhookName,
+				Type: rotator.Validating,
+			},
+			{
+				Name: cm.APIServiceName,
+				Type: rotator.APIService,
+			},
+		}
+	} else {
+		cm.Logger.V(1).Info("Webhook patching is disabled, skipping webhook certificates")
 	}
 
 	err := cm.ensureSecret(ctx, mgr, cm.SecretName)