Networking configuration options for webhooks

Signed-off-by: Ben Perry <[email protected]>

Author: bhperry

operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml

@@ -91,6 +91,71 @@ spec:
                   DeployOption contains the options of deploying a cluster-manager
                   Default mode is used if DeployOption is not set.
                 properties:
+                  default:
+                    description: Default includes configurations for clustermanager
+                      in the Default mode
+                    properties:
+                      registrationWebhookConfiguration:
+                        description: RegistrationWebhookConfiguration represents the
+                          customized webhook-server configuration of registration.
+                        properties:
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
+                          port:
+                            default: 9443
+                            description: Port represents the port of a webhook-server.
+                              The default value of Port is 9443.
+                            format: int32
+                            maximum: 65535
+                            type: integer
+                        type: object
+                      workWebhookConfiguration:
+                        description: WorkWebhookConfiguration represents the customized
+                          webhook-server configuration of work.
+                        properties:
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
+                          port:
+                            default: 9443
+                            description: Port represents the port of a webhook-server.
+                              The default value of Port is 9443.
+                            format: int32
+                            maximum: 65535
+                            type: integer
+                        type: object
+                    type: object
                   hosted:
                     description: Hosted includes configurations we need for clustermanager
                       in the Hosted mode.
@@ -106,6 +171,24 @@ spec:
                               The Address must be reachable by apiserver of the hub cluster.
                             pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$
                             type: string
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
                           port:
                             default: 443
                             description: Port represents the port of a webhook-server.
@@ -127,6 +210,24 @@ spec:
                               The Address must be reachable by apiserver of the hub cluster.
                             pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$
                             type: string
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
                           port:
                             default: 443
                             description: Port represents the port of a webhook-server.

operator/v1/types_clustermanager.go

@@ -281,19 +281,62 @@ const (
 	FeatureGateModeTypeDisable FeatureGateModeType = "Disable"
 )
 
+// DefaultClusterManagerConfiguration represents customized configurations for clustermanager in the Default mode
+type DefaultClusterManagerConfiguration struct {
+	// RegistrationWebhookConfiguration represents the customized webhook-server configuration of registration.
+	// +optional
+	RegistrationWebhookConfiguration DefaultWebhookConfiguration `json:"registrationWebhookConfiguration,omitempty"`
+
+	// WorkWebhookConfiguration represents the customized webhook-server configuration of work.
+	// +optional
+	WorkWebhookConfiguration DefaultWebhookConfiguration `json:"workWebhookConfiguration,omitempty"`
+}
+
 // HostedClusterManagerConfiguration represents customized configurations we need to set for clustermanager in the Hosted mode.
 type HostedClusterManagerConfiguration struct {
 	// RegistrationWebhookConfiguration represents the customized webhook-server configuration of registration.
 	// +optional
-	RegistrationWebhookConfiguration WebhookConfiguration `json:"registrationWebhookConfiguration,omitempty"`
+	RegistrationWebhookConfiguration HostedWebhookConfiguration `json:"registrationWebhookConfiguration,omitempty"`
 
 	// WorkWebhookConfiguration represents the customized webhook-server configuration of work.
 	// +optional
-	WorkWebhookConfiguration WebhookConfiguration `json:"workWebhookConfiguration,omitempty"`
+	WorkWebhookConfiguration HostedWebhookConfiguration `json:"workWebhookConfiguration,omitempty"`
 }
 
-// WebhookConfiguration has two properties: Address and Port.
+// WebhookConfiguration represents customization of webhook servers
 type WebhookConfiguration struct {
+	// HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+	// Healthchecks may be disabled by setting a value of "0" or "".
+	// +optional
+	// +kubebuilder:default=":8000"
+	HealthProbeBindAddress string `json:"healthProbeBindAddress"`
+
+	// MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+	// Metrics may be disabled by setting a value of "0" or "".
+	// +optional
+	// +kubebuilder:default=":8080"
+	MetricsBindAddress string `json:"metricsBindAddress"`
+
+	// HostNetwork enables running webhook pods with hostNetwork: true
+	// This may be required in some installations, such as EKS with Calico CNI,
+	// to allow the API Server to communicate with the webhook pods.
+	// +optional
+	HostNetwork bool `json:"hostNetwork,omitempty"`
+}
+
+// DefaultWebhookConfiguration represents customization of webhook servers running in default installation mode
+type DefaultWebhookConfiguration struct {
+	// Port represents the port of a webhook-server. The default value of Port is 9443.
+	// +optional
+	// +kubebuilder:default=9443
+	// +kubebuilder:validation:Maximum=65535
+	Port int32 `json:"port,omitempty"`
+
+	WebhookConfiguration `json:",inline"`
+}
+
+// HostedWebhookConfiguration represents customization of webhook servers running in hosted installation mode
+type HostedWebhookConfiguration struct {
 	// Address represents the address of a webhook-server.
 	// It could be in IP format or fqdn format.
 	// The Address must be reachable by apiserver of the hub cluster.
@@ -307,6 +350,8 @@ type WebhookConfiguration struct {
 	// +kubebuilder:default=443
 	// +kubebuilder:validation:Maximum=65535
 	Port int32 `json:"port,omitempty"`
+
+	WebhookConfiguration `json:",inline"`
 }
 
 // ClusterManagerDeployOption describes the deployment options for cluster-manager
@@ -323,6 +368,10 @@ type ClusterManagerDeployOption struct {
 	// +kubebuilder:validation:Enum=Default;Hosted
 	Mode InstallMode `json:"mode,omitempty"`
 
+	// Default includes configurations for clustermanager in the Default mode
+	// +optional
+	Default *DefaultClusterManagerConfiguration `json:"default,omitempty"`
+
 	// Hosted includes configurations we need for clustermanager in the Hosted mode.
 	// +optional
 	Hosted *HostedClusterManagerConfiguration `json:"hosted,omitempty"`

operator/v1/zz_generated.deepcopy.go

@@ -78,10 +78,10 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() {
 	Context("Set wrong format address", func() {
 		It("should return err", func() {
 			clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{
-				RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{
+				RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "test:test",
 				},
-				WorkWebhookConfiguration: operatorv1.WebhookConfiguration{
+				WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "test:test",
 				},
 			}
@@ -93,10 +93,10 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() {
 	Context("Set IPV4 format addresses", func() {
 		It("should create successfully", func() {
 			clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{
-				RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{
+				RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "192.168.2.3",
 				},
-				WorkWebhookConfiguration: operatorv1.WebhookConfiguration{
+				WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "192.168.2.4",
 				},
 			}
@@ -108,10 +108,10 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() {
 	Context("Set FQDN format addresses", func() {
 		It("should create successfully", func() {
 			clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{
-				RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{
+				RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "localhost",
 				},
-				WorkWebhookConfiguration: operatorv1.WebhookConfiguration{
+				WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "foo.com",
 				},
 			}
@@ -121,12 +121,12 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() {
 	})
 
 	Context("Set nothing in ports", func() {
-		It("should has 443 as default value", func() {
+		It("should have 443 as default value in hosted mode", func() {
 			clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{
-				RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{
+				RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "localhost",
 				},
-				WorkWebhookConfiguration: operatorv1.WebhookConfiguration{
+				WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "foo.com",
 				},
 			}
@@ -140,11 +140,11 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() {
 	Context("Set port bigger than 65535", func() {
 		It("should return err", func() {
 			clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{
-				RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{
+				RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "localhost",
 					Port:    65536,
 				},
-				WorkWebhookConfiguration: operatorv1.WebhookConfiguration{
+				WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "foo.com",
 				},
 			}
@@ -156,11 +156,11 @@ var _ = Describe("Create Cluster Manager Hosted mode", func() {
 	Context("Set customized WebhookConfiguration", func() {
 		It("should have euqually value after create", func() {
 			clusterManager.Spec.DeployOption.Hosted = &operatorv1.HostedClusterManagerConfiguration{
-				RegistrationWebhookConfiguration: operatorv1.WebhookConfiguration{
+				RegistrationWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "foo1.com",
 					Port:    1443,
 				},
-				WorkWebhookConfiguration: operatorv1.WebhookConfiguration{
+				WorkWebhookConfiguration: operatorv1.HostedWebhookConfiguration{
 					Address: "foo2.com",
 					Port:    2443,
 				},