Merge pull request #623 from karelyatin/custom_webhook_port

Make local webhook port configurable

Author: openshift-merge-bot[bot]

Makefile

@@ -370,6 +370,7 @@ SKIP_CERT ?=false
 run-with-webhook: export METRICS_PORT?=8080
 run-with-webhook: export HEALTH_PORT?=8081
 run-with-webhook: export PPROF_PORT?=8082
+run-with-webhook: export WEBHOOK_PORT?=9443
 run-with-webhook: manifests generate fmt vet ## Run a controller from your host.
 	/bin/bash hack/run_with_local_webhook.sh
 

hack/run_with_local_webhook.sh

@@ -15,9 +15,10 @@ TMPDIR=${TMPDIR:-"/tmp/k8s-webhook-server/serving-certs"}
 SKIP_CERT=${SKIP_CERT:-false}
 CRC_IP=${CRC_IP:-$(/sbin/ip -o -4 addr list crc | awk '{print $4}' | cut -d/ -f1)}
 FIREWALL_ZONE=${FIREWALL_ZONE:-"libvirt"}
+WEBHOOK_PORT=${WEBHOOK_PORT:-${WEBHOOK_PORT}}
 
-#Open 9443
-sudo firewall-cmd --zone=${FIREWALL_ZONE} --add-port=9443/tcp
+#Open ${WEBHOOK_PORT}
+sudo firewall-cmd --zone=${FIREWALL_ZONE} --add-port=${WEBHOOK_PORT}/tcp
 sudo firewall-cmd --runtime-to-permanent
 
 # Generate the certs and the ca bundle
@@ -48,7 +49,7 @@ webhooks:
   - v1
   clientConfig:
     caBundle: ${CA_BUNDLE}
-    url: https://${CRC_IP}:9443/validate-keystone-openstack-org-v1beta1-keystoneapi
+    url: https://${CRC_IP}:${WEBHOOK_PORT}/validate-keystone-openstack-org-v1beta1-keystoneapi
   failurePolicy: Fail
   matchPolicy: Equivalent
   name: vkeystoneapi.kb.io
@@ -76,7 +77,7 @@ webhooks:
   - v1
   clientConfig:
     caBundle: ${CA_BUNDLE}
-    url: https://${CRC_IP}:9443/mutate-keystone-openstack-org-v1beta1-keystoneapi
+    url: https://${CRC_IP}:${WEBHOOK_PORT}/mutate-keystone-openstack-org-v1beta1-keystoneapi
   failurePolicy: Fail
   matchPolicy: Equivalent
   name: mkeystoneapi.kb.io
@@ -132,4 +133,4 @@ else
     oc scale --replicas=0 -n openstack-operators deploy/keystone-operator-controller-manager
 fi
 
-go run ./main.go -metrics-bind-address ":${METRICS_PORT}" -health-probe-bind-address ":${HEALTH_PORT}" -pprof-bind-address ":${PPROF_PORT}"
+go run ./main.go -metrics-bind-address ":${METRICS_PORT}" -health-probe-bind-address ":${HEALTH_PORT}" -pprof-bind-address ":${PPROF_PORT}" -webhook-bind-address "${WEBHOOK_PORT}"

main.go

@@ -72,11 +72,13 @@ func main() {
 	var enableLeaderElection bool
 	var probeAddr string
 	var pprofBindAddress string
+	var webhookPort int
 	var enableHTTP2 bool
 	flag.BoolVar(&enableHTTP2, "enable-http2", enableHTTP2, "If HTTP/2 should be enabled for the metrics and webhook servers.")
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.StringVar(&pprofBindAddress, "pprof-bind-address", "", "The address the pprof endpoint binds to. Set to empty to disable pprof.")
+	flag.IntVar(&webhookPort, "webhook-bind-address", 9443, "The port the webhook server binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
@@ -106,7 +108,7 @@ func main() {
 		PprofBindAddress:       pprofBindAddress,
 		WebhookServer: webhook.NewServer(
 			webhook.Options{
-				Port:    9443,
+				Port:    webhookPort,
 				TLSOpts: []func(config *tls.Config){disableHTTP2},
 			}),
 	}