diff --git a/Makefile b/Makefile index 76ca5d77..63794d12 100644 --- a/Makefile +++ b/Makefile @@ -378,6 +378,7 @@ SKIP_CERT ?=false run-with-webhook: export METRICS_PORT?=8080 run-with-webhook: export HEALTH_PORT?=8081 run-with-webhook: export PPROF_PORT?=8082 +run-with-webhook: export WEBHOOK_PORT?=9443 run-with-webhook: manifests generate fmt vet ## Run a controller from your host. /bin/bash hack/run_with_local_webhook.sh diff --git a/hack/run_with_local_webhook.sh b/hack/run_with_local_webhook.sh index fe5b6af0..b793cdd9 100755 --- a/hack/run_with_local_webhook.sh +++ b/hack/run_with_local_webhook.sh @@ -15,9 +15,10 @@ TMPDIR=${TMPDIR:-"/tmp/k8s-webhook-server/serving-certs"} SKIP_CERT=${SKIP_CERT:-false} CRC_IP=${CRC_IP:-$(/sbin/ip -o -4 addr list crc | awk '{print $4}' | cut -d/ -f1)} FIREWALL_ZONE=${FIREWALL_ZONE:-"libvirt"} +WEBHOOK_PORT=${WEBHOOK_PORT:-${WEBHOOK_PORT}} -#Open 9443 -sudo firewall-cmd --zone=${FIREWALL_ZONE} --add-port=9443/tcp +#Open ${WEBHOOK_PORT} +sudo firewall-cmd --zone=${FIREWALL_ZONE} --add-port=${WEBHOOK_PORT}/tcp sudo firewall-cmd --runtime-to-permanent # Generate the certs and the ca bundle @@ -48,7 +49,7 @@ webhooks: - v1 clientConfig: caBundle: ${CA_BUNDLE} - url: https://${CRC_IP}:9443/validate-mariadb-openstack-org-v1beta1-mariadb + url: https://${CRC_IP}:${WEBHOOK_PORT}/validate-mariadb-openstack-org-v1beta1-mariadb failurePolicy: Fail matchPolicy: Equivalent name: vmariadb.kb.io @@ -70,7 +71,7 @@ webhooks: - v1 clientConfig: caBundle: ${CA_BUNDLE} - url: https://${CRC_IP}:9443/validate-mariadb-openstack-org-v1beta1-galera + url: https://${CRC_IP}:${WEBHOOK_PORT}/validate-mariadb-openstack-org-v1beta1-galera failurePolicy: Fail matchPolicy: Equivalent name: vgalera.kb.io @@ -98,7 +99,7 @@ webhooks: - v1 clientConfig: caBundle: ${CA_BUNDLE} - url: https://${CRC_IP}:9443/mutate-mariadb-openstack-org-v1beta1-mariadb + url: https://${CRC_IP}:${WEBHOOK_PORT}/mutate-mariadb-openstack-org-v1beta1-mariadb failurePolicy: Fail matchPolicy: Equivalent name: mmariadb.kb.io @@ -120,7 +121,7 @@ webhooks: - v1 clientConfig: caBundle: ${CA_BUNDLE} - url: https://${CRC_IP}:9443/mutate-mariadb-openstack-org-v1beta1-galera + url: https://${CRC_IP}:${WEBHOOK_PORT}/mutate-mariadb-openstack-org-v1beta1-galera failurePolicy: Fail matchPolicy: Equivalent name: mgalera.kb.io @@ -176,4 +177,4 @@ else oc scale --replicas=0 -n openstack-operators deploy/mariadb-operator-controller-manager fi -go run ./main.go -metrics-bind-address ":${METRICS_PORT}" -health-probe-bind-address ":${HEALTH_PORT}" -pprof-bind-address ":${PPROF_PORT}" +go run ./main.go -metrics-bind-address ":${METRICS_PORT}" -health-probe-bind-address ":${HEALTH_PORT}" -pprof-bind-address ":${PPROF_PORT}" -webhook-bind-address "${WEBHOOK_PORT}" diff --git a/main.go b/main.go index fe377669..1421fa4e 100644 --- a/main.go +++ b/main.go @@ -62,11 +62,13 @@ func main() { var enableLeaderElection bool var probeAddr string var pprofBindAddress string + var webhookPort int var enableHTTP2 bool flag.BoolVar(&enableHTTP2, "enable-http2", enableHTTP2, "If HTTP/2 should be enabled for the metrics and webhook servers.") flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.StringVar(&pprofBindAddress, "pprof-bind-address", "", "The address the pprof endpoint binds to. Set to empty to disable pprof.") + flag.IntVar(&webhookPort, "webhook-bind-address", 9443, "The port the webhook server binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") @@ -96,7 +98,7 @@ func main() { PprofBindAddress: pprofBindAddress, WebhookServer: webhook.NewServer( webhook.Options{ - Port: 9443, + Port: webhookPort, TLSOpts: []func(config *tls.Config){disableHTTP2}, }), }