Do not bind webhook port if webhooks are not present

kmala · kmala · commit 0e4648daf288 · 2024-09-04T16:56:26.000-07:00
diff --git a/staging/src/k8s.io/cloud-provider/options/options.go b/staging/src/k8s.io/cloud-provider/options/options.go
@@ -201,7 +201,7 @@ func (o *CloudControllerManagerOptions) ApplyTo(c *config.Config, allControllers
 		}
 	}
 	if o.WebhookServing != nil {
-		if err = o.WebhookServing.ApplyTo(&c.WebhookSecureServing); err != nil {
+		if err = o.WebhookServing.ApplyTo(&c.WebhookSecureServing, c.ComponentConfig.Webhook); err != nil {
 			return err
 		}
 	}
diff --git a/staging/src/k8s.io/cloud-provider/options/options_test.go b/staging/src/k8s.io/cloud-provider/options/options_test.go
@@ -434,6 +434,7 @@ func TestCreateConfig(t *testing.T) {
 
 	// Don't check
 	c.SecureServing = nil
+	assert.NotNil(t, c.WebhookSecureServing, "webhook secureserving shouldn't be nil")
 	c.WebhookSecureServing = nil
 	c.Authentication = apiserver.AuthenticationInfo{}
 	c.Authorization = apiserver.AuthorizationInfo{}
@@ -451,6 +452,143 @@ func TestCreateConfig(t *testing.T) {
 	}
 }
 
+func TestCreateConfigWithoutWebHooks(t *testing.T) {
+	fs := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
+
+	s, err := NewCloudControllerManagerOptions()
+	if err != nil {
+		t.Errorf("unexpected err: %v", err)
+	}
+
+	for _, f := range s.Flags([]string{""}, []string{""}, nil, []string{""}, []string{""}).FlagSets {
+		fs.AddFlagSet(f)
+	}
+
+	tmpdir, err := os.MkdirTemp("", "options_test")
+	if err != nil {
+		t.Fatalf("%s", err)
+	}
+	defer func() {
+		if err := os.RemoveAll(tmpdir); err != nil {
+			t.Error(err)
+		}
+	}()
+
+	args := []string{
+		"--allocate-node-cidrs=true",
+		"--authorization-always-allow-paths=",
+		"--bind-address=0.0.0.0",
+		"--secure-port=10200",
+		fmt.Sprintf("--cert-dir=%s/certs", tmpdir),
+		"--cloud-provider=aws",
+		"--cluster-cidr=1.2.3.4/24",
+		"--cluster-name=k8s",
+		"--configure-cloud-routes=false",
+		"--contention-profiling=true",
+		"--controller-start-interval=2m",
+		"--controllers=foo,bar",
+		"--concurrent-node-syncs=1",
+		"--http2-max-streams-per-connection=47",
+		"--kube-api-burst=101",
+		"--kube-api-content-type=application/vnd.kubernetes.protobuf",
+		"--kube-api-qps=50.0",
+		"--leader-elect=false",
+		"--leader-elect-lease-duration=30s",
+		"--leader-elect-renew-deadline=15s",
+		"--leader-elect-resource-lock=configmap",
+		"--leader-elect-retry-period=5s",
+		"--master=192.168.4.20",
+		"--min-resync-period=100m",
+		"--node-status-update-frequency=10m",
+		"--profiling=false",
+		"--route-reconciliation-period=30s",
+		"--use-service-account-credentials=false",
+	}
+	err = fs.Parse(args)
+	if err != nil {
+		t.Errorf("error parsing the arguments, error : %v", err)
+	}
+
+	fs.VisitAll(func(f *pflag.Flag) {
+		fmt.Printf("%s: %s\n", f.Name, f.Value)
+	})
+
+	c, err := s.Config([]string{"foo", "bar"}, []string{}, nil, []string{"foo", "bar", "baz"}, []string{})
+	if err != nil {
+		t.Errorf("error generating config, error : %v", err)
+	}
+
+	expected := &appconfig.Config{
+		ComponentConfig: cpconfig.CloudControllerManagerConfiguration{
+			Generic: cmconfig.GenericControllerManagerConfiguration{
+				Address:         "0.0.0.0",
+				MinResyncPeriod: metav1.Duration{Duration: 100 * time.Minute},
+				ClientConnection: componentbaseconfig.ClientConnectionConfiguration{
+					ContentType: "application/vnd.kubernetes.protobuf",
+					QPS:         50.0,
+					Burst:       101,
+				},
+				ControllerStartInterval: metav1.Duration{Duration: 2 * time.Minute},
+				LeaderElection: componentbaseconfig.LeaderElectionConfiguration{
+					ResourceLock:      "configmap",
+					LeaderElect:       false,
+					LeaseDuration:     metav1.Duration{Duration: 30 * time.Second},
+					RenewDeadline:     metav1.Duration{Duration: 15 * time.Second},
+					RetryPeriod:       metav1.Duration{Duration: 5 * time.Second},
+					ResourceName:      "cloud-controller-manager",
+					ResourceNamespace: "kube-system",
+				},
+				Controllers: []string{"foo", "bar"},
+				Debugging: componentbaseconfig.DebuggingConfiguration{
+					EnableProfiling:           false,
+					EnableContentionProfiling: true,
+				},
+				LeaderMigration: cmconfig.LeaderMigrationConfiguration{},
+			},
+			KubeCloudShared: cpconfig.KubeCloudSharedConfiguration{
+				RouteReconciliationPeriod: metav1.Duration{Duration: 30 * time.Second},
+				NodeMonitorPeriod:         metav1.Duration{Duration: 5 * time.Second},
+				ClusterName:               "k8s",
+				ClusterCIDR:               "1.2.3.4/24",
+				AllocateNodeCIDRs:         true,
+				CIDRAllocatorType:         "RangeAllocator",
+				ConfigureCloudRoutes:      false,
+				CloudProvider: cpconfig.CloudProviderConfiguration{
+					Name:            "aws",
+					CloudConfigFile: "",
+				},
+			},
+			ServiceController: serviceconfig.ServiceControllerConfiguration{
+				ConcurrentServiceSyncs: 1,
+			},
+			NodeController:            nodeconfig.NodeControllerConfiguration{ConcurrentNodeSyncs: 1},
+			NodeStatusUpdateFrequency: metav1.Duration{Duration: 10 * time.Minute},
+			Webhook:                   cpconfig.WebhookConfiguration{},
+		},
+		SecureServing:        nil,
+		WebhookSecureServing: nil,
+		Authentication:       apiserver.AuthenticationInfo{},
+		Authorization:        apiserver.AuthorizationInfo{},
+	}
+
+	// Don't check
+	c.SecureServing = nil
+	c.Authentication = apiserver.AuthenticationInfo{}
+	c.Authorization = apiserver.AuthorizationInfo{}
+	c.SharedInformers = nil
+	c.VersionedClient = nil
+	c.ClientBuilder = nil
+	c.EventRecorder = nil
+	c.EventBroadcaster = nil
+	c.Kubeconfig = nil
+	c.Client = nil
+	c.LoopbackClientConfig = nil
+
+	if !reflect.DeepEqual(expected, c) {
+		t.Errorf("Got different config than expected.\nDifference detected on:\n%s", cmp.Diff(expected, c))
+	}
+}
+
 func TestCloudControllerManagerAliases(t *testing.T) {
 	opts, err := NewCloudControllerManagerOptions()
 	if err != nil {
diff --git a/staging/src/k8s.io/cloud-provider/options/webhook.go b/staging/src/k8s.io/cloud-provider/options/webhook.go
@@ -151,14 +151,18 @@ func (o *WebhookServingOptions) Validate() []error {
 	return allErrors
 }
 
-func (o *WebhookServingOptions) ApplyTo(cfg **server.SecureServingInfo) error {
+func (o *WebhookServingOptions) ApplyTo(cfg **server.SecureServingInfo, webhookCfg config.WebhookConfiguration) error {
 	if o == nil {
 		return nil
 	}
 
 	if o.BindPort <= 0 {
 		return nil
 	}
+	// no need to bind to the address if there are no webhook enabled.
+	if len(webhookCfg.Webhooks) == 0 {
+		return nil
+	}
 
 	var err error
 	var listener net.Listener

Original file line number	Diff line number	Diff line change
`@@ -201,7 +201,7 @@ func (o CloudControllerManagerOptions) ApplyTo(c config.Config, allControllers`
`201`	`201`	`}`
`202`	`202`	`}`
`203`	`203`	`if o.WebhookServing != nil {`
`204`		`- if err = o.WebhookServing.ApplyTo(&c.WebhookSecureServing); err != nil {`
	`204`	`+ if err = o.WebhookServing.ApplyTo(&c.WebhookSecureServing, c.ComponentConfig.Webhook); err != nil {`
`205`	`205`	`return err`
`206`	`206`	`}`
`207`	`207`	`}`
Original file line number	Diff line number	Diff line change
`@@ -151,14 +151,18 @@ func (o *WebhookServingOptions) Validate() []error {`
`151`	`151`	`return allErrors`
`152`	`152`	`}`
`153`	`153`
`154`		`-func (o WebhookServingOptions) ApplyTo(cfg *server.SecureServingInfo) error {`
	`154`	`+func (o WebhookServingOptions) ApplyTo(cfg *server.SecureServingInfo, webhookCfg config.WebhookConfiguration) error {`
`155`	`155`	`if o == nil {`
`156`	`156`	`return nil`
`157`	`157`	`}`
`158`	`158`
`159`	`159`	`if o.BindPort <= 0 {`
`160`	`160`	`return nil`
`161`	`161`	`}`
	`162`	`+ // no need to bind to the address if there are no webhook enabled.`
	`163`	`+ if len(webhookCfg.Webhooks) == 0 {`
	`164`	`+ return nil`
	`165`	`+ }`
`162`	`166`
`163`	`167`	`var err error`
`164`	`168`	`var listener net.Listener`