From d7d7655f5d4d43f2d68701d8f0ba53c8fcc43dc7 Mon Sep 17 00:00:00 2001 From: Rory Z <16801068+Rory-Z@users.noreply.github.com> Date: Mon, 13 Jan 2025 17:31:00 +0800 Subject: [PATCH] chore: can disable webhook in helm Signed-off-by: Rory Z <16801068+Rory-Z@users.noreply.github.com> --- .github/workflows/deploy.yaml | 11 +++++++++++ .../charts/emqx-operator/templates/cert-manager.yaml | 2 ++ .../templates/controller-manager-webhook-service.yaml | 2 ++ .../emqx-operator/templates/controller-manager.yaml | 9 +++++++++ .../templates/webhook-mutating-configuration.yaml | 2 ++ .../templates/webhook-validating-configuration.yaml | 2 ++ deploy/charts/emqx-operator/values.yaml | 3 +++ 7 files changed, 31 insertions(+) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index b54e4b948..7d07cbe11 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -35,9 +35,20 @@ jobs: single_namespace: - false - true + enable_webhook: + - true exclude: - install: static single_namespace: true + include: + - enable_webhook: false + install: helm + single_namespace: true + emqx: [EMQX, emqx, "config/samples/emqx/v2beta1/emqx-slim.yaml"] + - enable_webhook: false + install: helm + single_namespace: true + emqx: [EMQX, emqx, "config/samples/emqx/v2beta1/emqx-full.yaml"] steps: - run: minikube start diff --git a/deploy/charts/emqx-operator/templates/cert-manager.yaml b/deploy/charts/emqx-operator/templates/cert-manager.yaml index b5b41dad1..807b7dd14 100644 --- a/deploy/charts/emqx-operator/templates/cert-manager.yaml +++ b/deploy/charts/emqx-operator/templates/cert-manager.yaml @@ -1,3 +1,4 @@ +{{- if .Values.webhook.enabled }} {{- if (index .Values "cert-manager" "enable") }} --- apiVersion: cert-manager.io/v1 @@ -22,3 +23,4 @@ spec: name: {{ include "emqx-operator.fullname" . }}-selfsigned-issuer secretName: {{ index .Values "cert-manager" "secretName" | default (printf "%s-webhook-server-cert" (include "emqx-operator.fullname" .)) }} {{- end }} +{{- end }} diff --git a/deploy/charts/emqx-operator/templates/controller-manager-webhook-service.yaml b/deploy/charts/emqx-operator/templates/controller-manager-webhook-service.yaml index fc4786524..f40b71b07 100644 --- a/deploy/charts/emqx-operator/templates/controller-manager-webhook-service.yaml +++ b/deploy/charts/emqx-operator/templates/controller-manager-webhook-service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.webhook.enabled -}} --- apiVersion: v1 kind: Service @@ -11,3 +12,4 @@ spec: selector: control-plane: controller-manager {{- include "emqx-operator.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/deploy/charts/emqx-operator/templates/controller-manager.yaml b/deploy/charts/emqx-operator/templates/controller-manager.yaml index 71dd6d772..e936140bc 100644 --- a/deploy/charts/emqx-operator/templates/controller-manager.yaml +++ b/deploy/charts/emqx-operator/templates/controller-manager.yaml @@ -27,6 +27,9 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + env: + - name: ENABLE_WEBHOOKS + value: {{ .Values.webhook.enabled | quote }} containers: - args: - --leader-elect @@ -48,9 +51,11 @@ spec: - containerPort: 8080 name: metrics protocol: TCP + {{- if .Values.webhook.enabled }} - containerPort: 9443 name: webhook-server protocol: TCP + {{- end }} {{- if .Values.singleNamespace }} env: - name: WATCH_NAMESPACE @@ -68,19 +73,23 @@ spec: {{- toYaml .Values.resources | nindent 12 }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- if .Values.webhook.enabled }} volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true + {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} serviceAccountName: {{ include "emqx-operator.serviceAccountName" . }} terminationGracePeriodSeconds: 10 + {{- if .Values.webhook.enabled }} volumes: - name: cert secret: defaultMode: 420 secretName: {{ index .Values "cert-manager" "secretName" | default (printf "%s-webhook-server-cert" (include "emqx-operator.fullname" .)) }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deploy/charts/emqx-operator/templates/webhook-mutating-configuration.yaml b/deploy/charts/emqx-operator/templates/webhook-mutating-configuration.yaml index 5d3d8815d..a4083c901 100644 --- a/deploy/charts/emqx-operator/templates/webhook-mutating-configuration.yaml +++ b/deploy/charts/emqx-operator/templates/webhook-mutating-configuration.yaml @@ -1,3 +1,4 @@ +{{- if .Values.webhook.enabled }} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -69,3 +70,4 @@ webhooks: resources: - emqxplugins sideEffects: None +{{- end -}} diff --git a/deploy/charts/emqx-operator/templates/webhook-validating-configuration.yaml b/deploy/charts/emqx-operator/templates/webhook-validating-configuration.yaml index a3204a80c..3323f7207 100644 --- a/deploy/charts/emqx-operator/templates/webhook-validating-configuration.yaml +++ b/deploy/charts/emqx-operator/templates/webhook-validating-configuration.yaml @@ -1,3 +1,4 @@ +{{- if .Values.webhook.enabled }} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -90,3 +91,4 @@ webhooks: resources: - emqxplugins sideEffects: None +{{- end -}} diff --git a/deploy/charts/emqx-operator/values.yaml b/deploy/charts/emqx-operator/values.yaml index ec0b3ccb2..303ca497f 100644 --- a/deploy/charts/emqx-operator/values.yaml +++ b/deploy/charts/emqx-operator/values.yaml @@ -27,6 +27,9 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +webhook: + enabled: true + serviceAccount: # Specifies whether a service account should be created create: true