knative
/
pkg
mirror of https://github.com/knative/pkg.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add `WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP` env-var (#3103) 

Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com>
This commit is contained in:
Mathew Wicks 2024-10-17 13:24:23 -07:00 committed by GitHub
parent 6eb75e8939
commit 6d1085172f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
webhook/env.go
View File

@ -32,6 +32,8 @@ const (
secretNameEnvKey = "WEBHOOK_SECRET_NAME" //nolint:gosec // This is not a hardcoded credential
tlsMinVersionEnvKey = "WEBHOOK_TLS_MIN_VERSION"
disableNamespaceOwnershipEnvKey = "WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP"
)
// PortFromEnv returns the webhook port set by portEnvKey, or default port if env var is not set.
@ -82,3 +84,15 @@ func TLSMinVersionFromEnv(defaultTLSMinVersion uint16) uint16 {
panic(fmt.Sprintf("the environment variable %q has to be either '1.2' or '1.3'", tlsMinVersionEnvKey))
}
}
func DisableNamespaceOwnershipFromEnv() *bool {
disableNamespaceOwnership := os.Getenv(disableNamespaceOwnershipEnvKey)
if disableNamespaceOwnership == "" {
return nil
}
disableNamespaceOwnershipBool, err := strconv.ParseBool(disableNamespaceOwnership)
if err != nil {
panic(fmt.Sprintf("failed to convert the environment variable %q : %v", disableNamespaceOwnershipEnvKey, err))
}
return &disableNamespaceOwnershipBool
}

12
webhook/webhook.go
View File

@ -81,8 +81,10 @@ type Options struct {
// before shutting down.
GracePeriod time.Duration
// DisableNamespaceOwnership configures whether the webhook adds an owner reference for the SYSTEM_NAMESPACE
// Disabling this is useful when you expect the webhook configuration to be managed by something other than knative
// DisableNamespaceOwnership configures if the SYSTEM_NAMESPACE is added as an owner reference to the
// webhook configuration resources. Overridden by the WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP environment variable.
// Disabling can be useful to avoid breaking systems that expect ownership to indicate a true controller
// relationship: https://github.com/knative/serving/issues/15483
DisableNamespaceOwnership bool
// ControllerOptions encapsulates options for creating a new controller,
@ -164,6 +166,12 @@ func New(
return nil, fmt.Errorf("unsupported TLS version: %d", opts.TLSMinVersion)
}
// if the environment variable is set, it overrides the value in the Options
disableNamespaceOwnership := DisableNamespaceOwnershipFromEnv()
if disableNamespaceOwnership != nil {
opts.DisableNamespaceOwnership = *disableNamespaceOwnership
}
syncCtx, cancel := context.WithCancel(context.Background())
webhook = &Webhook{