Merge pull request #1983 from lxlxok/main

Add flags to set server key and certificate

Author: k8s-ci-robot

main.go

@@ -91,6 +91,7 @@ func main() {
 		setupLog.Error(err, "unable to start manager")
 		os.Exit(1)
 	}
+	config.ConfigureWebhookServerCert(controllerCFG.RuntimeConfig, mgr)
 	clientSet, err := kubernetes.NewForConfig(mgr.GetConfig())
 	if err != nil {
 		setupLog.Error(err, "unable to obtain clientSet")

pkg/config/runtime_config.go

@@ -20,6 +20,9 @@ const (
 	flagWatchNamespace          = "watch-namespace"
 	flagSyncPeriod              = "sync-period"
 	flagKubeconfig              = "kubeconfig"
+	flagWebhookCertDir          = "webhook-cert-dir"
+	flagWebhookCertName         = "webhook-cert-file"
+	flagWebhookKeyName          = "webhook-key-file"
 
 	defaultKubeconfig              = ""
 	defaultLeaderElectionID        = "aws-load-balancer-controller-leader"
@@ -34,7 +37,10 @@ const (
 	defaultQPS = 1e6
 	// High enough Burst to fit all expected use cases. Burst=0 is not set here, because
 	// client code is overriding it.
-	defaultBurst = 1e6
+	defaultBurst           = 1e6
+	defaultWebhookCertDir  = ""
+	defaultWebhookCertName = ""
+	defaultWebhookKeyName  = ""
 )
 
 // RuntimeConfig stores the configuration for the controller-runtime
@@ -49,6 +55,9 @@ type RuntimeConfig struct {
 	LeaderElectionNamespace string
 	WatchNamespace          string
 	SyncPeriod              time.Duration
+	WebhookCertDir          string
+	WebhookCertName         string
+	WebhookKeyName          string
 }
 
 // BindFlags binds the command line flags to the fields in the config object
@@ -72,6 +81,10 @@ func (c *RuntimeConfig) BindFlags(fs *pflag.FlagSet) {
 		"Namespace the controller watches for updates to Kubernetes objects, If empty, all namespaces are watched.")
 	fs.DurationVar(&c.SyncPeriod, flagSyncPeriod, defaultSyncPeriod,
 		"Period at which the controller forces the repopulation of its local object stores.")
+	fs.StringVar(&c.WebhookCertDir, flagWebhookCertDir, defaultWebhookCertDir, "WebhookCertDir is the directory that contains the webhook server key and certificate.")
+	fs.StringVar(&c.WebhookCertName, flagWebhookCertName, defaultWebhookCertName, "WebhookCertName is the webhook server certificate name.")
+	fs.StringVar(&c.WebhookKeyName, flagWebhookKeyName, defaultWebhookKeyName, "WebhookKeyName is the webhook server key name.")
+
 }
 
 // BuildRestConfig builds the REST config for the controller runtime
@@ -107,3 +120,10 @@ func BuildRuntimeOptions(rtCfg RuntimeConfig, scheme *runtime.Scheme) ctrl.Optio
 		SyncPeriod:              &rtCfg.SyncPeriod,
 	}
 }
+
+// ConfigureCert set up the server cert for the webhook server.
+func ConfigureWebhookServerCert(rtCfg RuntimeConfig, mgr ctrl.Manager) {
+	mgr.GetWebhookServer().CertDir = rtCfg.WebhookCertDir
+	mgr.GetWebhookServer().CertName = rtCfg.WebhookCertName
+	mgr.GetWebhookServer().KeyName = rtCfg.WebhookKeyName
+}