Add webhook serving related flags (#136)

Signed-off-by: RainbowMango <renhongcai@huawei.com>
2021-01-22 15:34:31 +08:00 · 2021-01-22 15:34:31 +08:00 · 53d8c3d036
parent 202a88d0dd
commit 53d8c3d036
3 changed files with 35 additions and 3 deletions
--- a/artifacts/deploy/karmada-webhook.yaml
+++ b/artifacts/deploy/karmada-webhook.yaml
@ -26,6 +26,9 @@ spec:
          command:
            - /bin/karmada-webhook
            - --kubeconfig=/etc/kubeconfig
+            - --bind-address=0.0.0.0
+            - --secure-port=8443
+            - --cert-dir=/var/serving-cert
          ports:
            - containerPort: 8443
          volumeMounts:
--- a/cmd/webhook/app/options/options.go
+++ b/cmd/webhook/app/options/options.go
@ -3,6 +3,7 @@ package options
 import (
 	"time"

+	"github.com/spf13/pflag"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/leaderelection/resourcelock"
 	componentbaseconfig "k8s.io/component-base/config"
@ -15,8 +16,24 @@ var (
 	defaultElectionRetryPeriod   = metav1.Duration{Duration: 2 * time.Second}
 )

+const (
+	defaultBindAddress = "0.0.0.0"
+	defaultPort        = 8443
+	defaultCertDir     = "/tmp/k8s-webhook-server/serving-certs"
+)
+
 // Options contains everything necessary to create and run webhook server.
 type Options struct {
+	// BindAddress is the IP address on which to listen for the --secure-port port.
+	// Default is "0.0.0.0".
+	BindAddress string
+	// SecurePort is the port that the webhook server serves at.
+	// Default is 8443.
+	SecurePort int
+	// CertDir is the directory that contains the server key and certificate.
+	// if not set, webhook server would look up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs.
+	// The server key and certificate must be named `tls.key` and `tls.crt`, respectively.
+	CertDir        string
 	LeaderElection componentbaseconfig.LeaderElectionConfiguration
 }

@ -47,3 +64,13 @@ func (o *Options) Complete() {
 		klog.Infof("Set default value: Options.LeaderElection.RetryPeriod = %s", defaultElectionRetryPeriod.Duration.String())
 	}
 }
+
+// AddFlags adds flags to the specified FlagSet.
+func (o *Options) AddFlags(flags *pflag.FlagSet) {
+	flags.StringVar(&o.BindAddress, "bind-address", defaultBindAddress,
+		"The IP address on which to listen for the --secure-port port.")
+	flags.IntVar(&o.SecurePort, "secure-port", defaultPort,
+		"The secure port on which to serve HTTPS.")
+	flags.StringVar(&o.CertDir, "cert-dir", defaultCertDir,
+		"The directory that contains the server key(named tls.key) and certificate(named tls.crt).")
+}
--- a/cmd/webhook/app/webhook.go
+++ b/cmd/webhook/app/webhook.go
@ -35,6 +35,8 @@ func NewWebhookCommand(stopChan <-chan struct{}) *cobra.Command {
 	}

 	cmd.Flags().AddGoFlagSet(flag.CommandLine)
+	opts.AddFlags(cmd.Flags())
+
 	return cmd
 }

@ -49,9 +51,9 @@ func Run(opts *options.Options, stopChan <-chan struct{}) error {
 	}
 	hookManager, err := controllerruntime.NewManager(config, controllerruntime.Options{
 		Scheme:           gclient.NewSchema(),
-		Host:             "0.0.0.0",
-		Port:             8443,
-		CertDir:          "/var/serving-cert",
+		Host:             opts.BindAddress,
+		Port:             opts.SecurePort,
+		CertDir:          opts.CertDir,
 		LeaderElection:   false,
 		LeaderElectionID: "webhook.karmada.io",
 	})