github.com/verrazzano/verrazzano@v1.7.0/cluster-operator/internal/operatorinit/update_webhooks.go

github.com/verrazzano/verrazzano@v1.7.0/cluster-operator/internal/operatorinit/update_webhooks.go (about)

     1  // Copyright (c) 2022, 2023, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  package operatorinit
     5  
     6  import (
     7  	"context"
     8  
     9  	"github.com/verrazzano/verrazzano/cluster-operator/internal/certificate"
    10  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    11  	"k8s.io/client-go/kubernetes"
    12  )
    13  
    14  // updateValidatingWebhookConfiguration sets the CABundle
    15  func updateValidatingWebhookConfiguration(kubeClient kubernetes.Interface, name string) error {
    16  	validatingWebhook, err := kubeClient.AdmissionregistrationV1().ValidatingWebhookConfigurations().Get(context.TODO(), name, metav1.GetOptions{})
    17  	if err != nil {
    18  		return err
    19  	}
    20  	caSecret, errX := kubeClient.CoreV1().Secrets(certificate.WebhookNamespace).Get(context.TODO(), certificate.OperatorCA, metav1.GetOptions{})
    21  	if errX != nil {
    22  		return errX
    23  	}
    24  
    25  	crt := caSecret.Data[certificate.CertKey]
    26  	for i := range validatingWebhook.Webhooks {
    27  		validatingWebhook.Webhooks[i].ClientConfig.CABundle = crt
    28  	}
    29  
    30  	_, err = kubeClient.AdmissionregistrationV1().ValidatingWebhookConfigurations().Update(context.TODO(), validatingWebhook, metav1.UpdateOptions{})
    31  	return err
    32  }