feat: Add flag ti set webhookConfig timeout

freepik-company · Nov 21, 2024 · 7730723 · 7730723
1 parent ec1723d
commit 7730723
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -57,6 +57,27 @@ resources:
 > 🧚🏼 **Hey, listen! If you prefer to deploy using Helm, go to the [Helm registry](https://freepik-company.github.io/admitik/)**
 
 
+## Flags
+
+Some configuration parameters can be defined by flags that can be passed to the controller.
+They are described in the following table:
+
+| Name                           | Description                                                                    |        Default         |
+|:-------------------------------|:-------------------------------------------------------------------------------|:----------------------:|
+| `--metrics-bind-address`       | The address the metric endpoint binds to. </br> 0 disables the server          |          `0`           |
+| `--health-probe-bind-address`  | he address the probe endpoint binds to                                         |        `:8081`         |
+| `--leader-elect`               | Enable leader election for controller manager                                  |        `false`         |
+| `--metrics-secure`             | If set the metrics endpoint is served securely                                 |        `false`         |
+| `--enable-http2`               | If set, HTTP/2 will be enabled for the metrirs                                 |        `false`         |
+| `--webhook-client-hostname`    | The hostname used by Kubernetes when calling the webhooks server               | `webhooks.admitik.svc` |
+| `--webhook-client-port`        | The port used by Kubernetes when calling the webhooks server                   |        `10250`         |
+| `--webhook-client-timeout`     | The seconds until timout waited by Kubernetes when calling the webhooks server |          `10`          |
+| `--webhook-server-port`        | The port where the webhooks server listens                                     |        `10250`         |
+| `--webhook-server-path`        | The path where the webhooks server listens                                     |      `/validate`       |
+| `--webhook-server-ca`          | The CA bundle to use for the webhooks server                                   |          `-`           |
+| `--webhook-server-certificate` | The Certificate used by webhooks server                                        |          `-`           |
+| `--webhook-server-private-key` | The Private Key used by webhooks server                                        |          `-`           |
+
 
 ## Examples
 

diff --git a/cmd/main.go b/cmd/main.go
@@ -72,6 +72,7 @@ func main() {
 	// Custom flags from here
 	var webhooksClientHostname string
 	var webhooksClientPort int
+	var webhooksClientTimeout int
 
 	var webhooksServerPort int
 	var webhooksServerPath string
@@ -98,6 +99,8 @@ func main() {
 		"The hostname used by Kubernetes when calling the webhooks server")
 	flag.IntVar(&webhooksClientPort, "webhook-client-port", 10250,
 		"The port used by Kubernetes when calling the webhooks server")
+	flag.IntVar(&webhooksClientTimeout, "webhook-client-timeout", 10,
+		"The time waited by Kubernetes when calling the webhooks server before considering timeout")
 
 	flag.IntVar(&webhooksServerPort, "webhook-server-port", 10250,
 		"The port where the webhooks server listens")
@@ -323,6 +326,7 @@ func main() {
 		Scheme: mgr.GetScheme(),
 		Options: controller.ClusterAdmissionPolicyControllerOptions{
 			WebhookClientConfig: *webhookClientConfig,
+			WebhookTimeout:      webhooksClientTimeout,
 		},
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "ClusterAdmissionPolicy")

diff --git a/internal/controller/clusteradmissionpolicy_controller.go b/internal/controller/clusteradmissionpolicy_controller.go
@@ -37,6 +37,7 @@ import (
 // TODO
 type ClusterAdmissionPolicyControllerOptions struct {
 	WebhookClientConfig admissionregv1.WebhookClientConfig
+	WebhookTimeout      int
 }
 
 // ClusterAdmissionPolicyReconciler reconciles a ClusterAdmissionPolicy object

diff --git a/internal/controller/clusteradmissionpolicy_sync.go b/internal/controller/clusteradmissionpolicy_sync.go
@@ -147,11 +147,13 @@ func (r *ClusterAdmissionPolicyReconciler) SyncAdmissionPool(ctx context.Context
 
 	// Create a bare new 'webhooks' section for the ValidatingWebhookConfiguration and fill it
 	tmpWebhookObj := admissionregv1.ValidatingWebhook{}
+	timeoutSecondsConverted := int32(r.Options.WebhookTimeout)
 
 	tmpWebhookObj.Name = "validate.admitik.svc"
 	tmpWebhookObj.AdmissionReviewVersions = []string{"v1"}
 	tmpWebhookObj.ClientConfig = r.Options.WebhookClientConfig
 	tmpWebhookObj.Rules = currentVwcRules
+	tmpWebhookObj.TimeoutSeconds = &timeoutSecondsConverted
 	//tmpWebhookObj.MatchConditions = object.Spec.WatchedResources.MatchConditions
 
 	sideEffectsClass := admissionregv1.SideEffectClass(admissionregv1.SideEffectClassNone)