Disable http/2 on webhook server

Signed-off-by: Siddhesh Ghadi <[email protected]>

Author: svghadi

main.go

@@ -110,11 +110,6 @@ func main() {
 		}
 		c.NextProtos = []string{"http/1.1"}
 	}
-	webhookServerOptions := webhook.Options{
-		TLSOpts: []func(config *tls.Config){disableHTTP2},
-		Port:    9443,
-	}
-	webhookServer := webhook.NewServer(webhookServerOptions)
 
 	metricsServerOptions := metricsserver.Options{
 		BindAddress: metricsAddr,
@@ -124,7 +119,6 @@ func main() {
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:                 scheme,
 		Metrics:                metricsServerOptions,
-		WebhookServer:          webhookServer,
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
 		LeaderElectionID:       "2b63967d.openshift.io",
@@ -153,6 +147,12 @@ func main() {
 			setupLog.Error(err, "unable to create webhook", "webhook", "ArgoCD")
 			os.Exit(1)
 		}
+
+		// disable http/2 to mitigate CVE-2023-44487 & CVE-2023-39325
+		server, ok := mgr.GetWebhookServer().(*webhook.DefaultServer)
+		if ok {
+			server.Options.TLSOpts = append(server.Options.TLSOpts, disableHTTP2)
+		}
 	}
 
 	if err = (&controllers.ReconcileGitopsService{