kaasops
diff --git a/‎controllers/suite_test.go‎
Lines changed: 1 addition & 2 deletions b/‎controllers/suite_test.go‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎controllers/webhook_controller.go‎
Lines changed: 9 additions & 12 deletions b/‎controllers/webhook_controller.go‎
Lines changed: 9 additions & 12 deletions
diff --git a/‎docs/contributing/development.md‎
Lines changed: 65 additions & 0 deletions b/‎docs/contributing/development.md‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎helm/charts/envoy-xds-controller/Chart.yaml‎
Lines changed: 2 additions & 2 deletions b/‎helm/charts/envoy-xds-controller/Chart.yaml‎
Lines changed: 2 additions & 2 deletions
@@ -30,7 +30,6 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
-	envoyv1alpha1 "github.com/kaasops/envoy-xds-controller/api/v1alpha1"
 	v1alpha1 "github.com/kaasops/envoy-xds-controller/api/v1alpha1"
 	//+kubebuilder:scaffold:imports
 )
@@ -69,7 +68,7 @@ var _ = BeforeSuite(func() {
 	err = v1alpha1.AddToScheme(scheme.Scheme)
 	Expect(err).NotTo(HaveOccurred())
 
-	err = envoyv1alpha1.AddToScheme(scheme.Scheme)
+	err = v1alpha1.AddToScheme(scheme.Scheme)
 	Expect(err).NotTo(HaveOccurred())
 
 	//+kubebuilder:scaffold:scheme
 
@@ -16,7 +16,6 @@ import (
 
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
-	api_errors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/retry"
@@ -68,20 +67,13 @@ func (r *WebhookReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 
 	certSecret := &corev1.Secret{}
 	if err := r.Client.Get(ctx, req.NamespacedName, certSecret); err != nil {
-		if api_errors.IsNotFound(err) {
-			r.Log.V(1).Info("Secret with TLS was not found. Creating")
-			certSecret.Name = req.Name
-			certSecret.Namespace = req.Namespace
-			certSecret.Labels = map[string]string{
-				options.SecretLabelKey: options.WebhookSecretLabelValue,
-			}
-			if err = r.Client.Create(ctx, certSecret); err != nil {
-				return reconcile.Result{}, errors.Wrap(err, errors.CreateInKubernetesMessage)
-			}
-		}
 		return reconcile.Result{}, errors.Wrap(err, errors.GetFromKubernetesMessage)
 	}
 
+	certSecret.Labels = map[string]string{
+		options.SecretLabelKey: options.WebhookSecretLabelValue,
+	}
+
 	if err := r.ReconcileCertificates(ctx, certSecret); err != nil {
 		return reconcile.Result{}, errors.Wrap(err, "cannot reconcile TLS certificate")
 	}
@@ -102,6 +94,11 @@ func (r *WebhookReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 }
 
 func (r *WebhookReconciler) ReconcileCertificates(ctx context.Context, certSecret *corev1.Secret) error {
+
+	if err := r.Client.Get(ctx, types.NamespacedName{Namespace: certSecret.Namespace, Name: certSecret.Name}, certSecret); err != nil {
+		return errors.Wrap(err, errors.GetFromKubernetesMessage)
+	}
+
 	// If need create of update certificate for webhook - do it
 	if r.shouldUpdateCertificate(certSecret) {
 		r.Log.Info("Generating new TLS Certificate")
 
@@ -0,0 +1,65 @@
+### Setup the development environment
+
+
+If you don't need Validation WebHook for working - start localy Envoy xDS Controller with env `WEBHOOK_DISABLE` = `true`.
+
+If you need full instalation with Validation Webhook logic on local instance Envoy xDS controller, you need Kubernetes with network access to workstation (Laptop). For example you can use [KIND](https://kind.sigs.k8s.io/).
+
+Deploy Helm Envoy xDS Controller to you kubernetes:
+
+```bash
+cd helm/charts/envoy-xds-controller
+helm upgrade envoy --install --namespace envoy-xds-controller --create-namespace .
+```
+
+Wait when Pod starting. After this - set Replicas for Envoy xDS Controller to 0.
+
+```bash
+kubectl scale deployment -n envoy-xds-controller envoy-envoy-xds-controller --replicas 0
+```
+
+After this, create dir for local certificates for Webhook Server:
+
+```bash
+mkdir -p /tmp/k8s-webhook-server/serving-certs
+```
+
+Copy generated certificate and key for Webhook Server:
+
+```bash
+kubectl get secrets -n envoy-xds-controller envoy-xds-controller-tls -o jsonpath='{.data.tls\.crt}' | base64 -D > /tmp/k8s-webhook-server/serving-certs/tls.crt
+kubectl get secrets -n envoy-xds-controller envoy-xds-controller-tls -o jsonpath='{.data.tls\.key}' | base64 -D > /tmp/k8s-webhook-server/serving-certs/tls.key
+```
+
+Delete service for Werhook
+
+```bash
+kubectl delete service -n envoy-xds-controller envoy-xds-controller-webhook-service
+```
+
+Apply new service. Insert you IP to <WORKSTATION_IP>:
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: envoy-xds-controller-webhook-service
+  namespace: envoy-xds-controller
+spec:
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 9443
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: envoy-xds-controller-webhook-service
+  namespace: envoy-xds-controller
+subsets:
+  - addresses:
+      - ip: 172.28.128.20
+    ports:
+      - port: 9443
+```
+
@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "0.40"
+version: "0.41"
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.1.36"
+appVersion: "v0.1.37"
 
 home: https://github.com/kaasops/envoy-xds-controller
 sources: