github.com/verrazzano/verrazzano@v1.7.0/application-operator/internal/operatorinit/update_webhook.go

github.com/verrazzano/verrazzano@v1.7.0/application-operator/internal/operatorinit/update_webhook.go (about)

     1  // Copyright (c) 2022, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  package operatorinit
     5  
     6  import (
     7  	"context"
     8  	"github.com/verrazzano/verrazzano/application-operator/internal/certificates"
     9  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    10  	"k8s.io/client-go/kubernetes"
    11  )
    12  
    13  // updateValidatingWebhookConfiguration sets the CABundle
    14  func updateValidatingWebhookConfiguration(kubeClient kubernetes.Interface, name string) error {
    15  	validatingWebhook, err := kubeClient.AdmissionregistrationV1().ValidatingWebhookConfigurations().Get(context.TODO(), name, metav1.GetOptions{})
    16  	if err != nil {
    17  		return err
    18  	}
    19  	caSecret, errX := kubeClient.CoreV1().Secrets(certificates.OperatorNamespace).Get(context.TODO(), certificates.OperatorCA, metav1.GetOptions{})
    20  	if errX != nil {
    21  		return errX
    22  	}
    23  
    24  	crt := caSecret.Data[certificates.CertKey]
    25  	for i := range validatingWebhook.Webhooks {
    26  		validatingWebhook.Webhooks[i].ClientConfig.CABundle = crt
    27  	}
    28  
    29  	_, err = kubeClient.AdmissionregistrationV1().ValidatingWebhookConfigurations().Update(context.TODO(), validatingWebhook, metav1.UpdateOptions{})
    30  	return err
    31  }
    32  
    33  // updateMutatingWebhookConfiguration sets the CABundle
    34  func updateMutatingWebhookConfiguration(kubeClient kubernetes.Interface, name string) error {
    35  	mutatingWebhook, err := kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Get(context.TODO(), name, metav1.GetOptions{})
    36  	if err != nil {
    37  		return err
    38  	}
    39  	caSecret, errX := kubeClient.CoreV1().Secrets(certificates.OperatorNamespace).Get(context.TODO(), certificates.OperatorCA, metav1.GetOptions{})
    40  	if errX != nil {
    41  		return errX
    42  	}
    43  
    44  	crt := caSecret.Data[certificates.CertKey]
    45  	for i := range mutatingWebhook.Webhooks {
    46  		mutatingWebhook.Webhooks[i].ClientConfig.CABundle = crt
    47  	}
    48  
    49  	_, err = kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Update(context.TODO(), mutatingWebhook, metav1.UpdateOptions{})
    50  	return err
    51  }