Skip to content

Commit

Permalink
Add WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP env-var (#3106)
Browse files Browse the repository at this point in the history
Signed-off-by: Mathew Wicks <[email protected]>
Co-authored-by: Mathew Wicks <[email protected]>
  • Loading branch information
knative-prow-robot and thesuperzapper authored Oct 21, 2024
1 parent 95b4b97 commit 4af9a0d
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 2 deletions.
14 changes: 14 additions & 0 deletions webhook/env.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ const (
secretNameEnvKey = "WEBHOOK_SECRET_NAME" //nolint:gosec // This is not a hardcoded credential

tlsMinVersionEnvKey = "WEBHOOK_TLS_MIN_VERSION"

disableNamespaceOwnershipEnvKey = "WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP"
)

// PortFromEnv returns the webhook port set by portEnvKey, or default port if env var is not set.
Expand Down Expand Up @@ -82,3 +84,15 @@ func TLSMinVersionFromEnv(defaultTLSMinVersion uint16) uint16 {
panic(fmt.Sprintf("the environment variable %q has to be either '1.2' or '1.3'", tlsMinVersionEnvKey))
}
}

func DisableNamespaceOwnershipFromEnv() *bool {
disableNamespaceOwnership := os.Getenv(disableNamespaceOwnershipEnvKey)
if disableNamespaceOwnership == "" {
return nil
}
disableNamespaceOwnershipBool, err := strconv.ParseBool(disableNamespaceOwnership)
if err != nil {
panic(fmt.Sprintf("failed to convert the environment variable %q : %v", disableNamespaceOwnershipEnvKey, err))
}
return &disableNamespaceOwnershipBool
}
12 changes: 10 additions & 2 deletions webhook/webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,10 @@ type Options struct {
// before shutting down.
GracePeriod time.Duration

// DisableNamespaceOwnership configures whether the webhook adds an owner reference for the SYSTEM_NAMESPACE
// Disabling this is useful when you expect the webhook configuration to be managed by something other than knative
// DisableNamespaceOwnership configures if the SYSTEM_NAMESPACE is added as an owner reference to the
// webhook configuration resources. Overridden by the WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP environment variable.
// Disabling can be useful to avoid breaking systems that expect ownership to indicate a true controller
// relationship: https://github.com/knative/serving/issues/15483
DisableNamespaceOwnership bool

// ControllerOptions encapsulates options for creating a new controller,
Expand Down Expand Up @@ -164,6 +166,12 @@ func New(
return nil, fmt.Errorf("unsupported TLS version: %d", opts.TLSMinVersion)
}

// if the environment variable is set, it overrides the value in the Options
disableNamespaceOwnership := DisableNamespaceOwnershipFromEnv()
if disableNamespaceOwnership != nil {
opts.DisableNamespaceOwnership = *disableNamespaceOwnership
}

syncCtx, cancel := context.WithCancel(context.Background())

webhook = &Webhook{
Expand Down

0 comments on commit 4af9a0d

Please sign in to comment.