Remove webhook

Author: jsafrane

assets/assets.go

@@ -4,7 +4,7 @@ import (
 	"embed"
 )
 
-//go:embed *.yaml rbac/*.yaml
+//go:embed *.yaml
 var f embed.FS
 
 // ReadFile reads and returns the content of the named file.

assets/rbac/webhook_clusterrole.yaml

@@ -31,7 +31,6 @@ import (
 	"github.com/openshift/library-go/pkg/operator/staticresourcecontroller"
 	"github.com/openshift/library-go/pkg/operator/status"
 	"github.com/openshift/library-go/pkg/operator/v1helpers"
-	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/api/core/v1"
@@ -43,7 +42,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/dynamic/dynamicinformer"
-	informercorev1 "k8s.io/client-go/informers/core/v1"
 	kubeclient "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/cache"
@@ -59,12 +57,10 @@ const (
 	operatorVersionEnvName = "OPERATOR_IMAGE_VERSION"
 	operandVersionEnvName  = "OPERAND_IMAGE_VERSION"
 	operandImageEnvName    = "OPERAND_IMAGE"
-	webhookImageEnvName    = "WEBHOOK_IMAGE"
 
 	defaultPriorityClass     = "system-cluster-critical"
 	hypershiftPriorityClass  = "hypershift-control-plane"
 	hyperShiftPullSecretName = "pull-secret"
-	webhookSecretName        = "csi-snapshot-webhook-secret"
 
 	resync = 20 * time.Minute
 )
@@ -179,8 +175,6 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 		"CSISnapshotGuestStaticResourceController",
 		namespacedAssetFunc,
 		[]string{
-			"rbac/webhook_clusterrole.yaml",
-			"rbac/webhook_clusterrolebinding.yaml",
 			"volumesnapshots.yaml",
 			"volumesnapshotcontents.yaml",
 			"volumesnapshotclasses.yaml",
@@ -204,8 +198,6 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 		namespacedAssetFunc,
 		[]string{
 			"serviceaccount.yaml",
-			"webhook_serviceaccount.yaml",
-			"webhook_service.yaml",
 		},
 		resourceapply.NewKubeClientHolder(controlPlaneKubeClient),
 		guestOperatorClient,
@@ -215,7 +207,6 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 		namespacedAssetFunc,
 		[]string{
 			"csi_controller_deployment_pdb.yaml",
-			"webhook_deployment_pdb.yaml",
 		},
 		func() bool {
 			if isHyperShift {
@@ -242,23 +233,6 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 		return err
 	}
 
-	var webhookHooks []validatingWebhookConfigHook
-	if isHyperShift {
-		webhookHooks = []validatingWebhookConfigHook{
-			hyperShiftSetWebhookService(),
-		}
-	}
-	webhookController := NewValidatingWebhookConfigController(
-		"WebhookController",
-		guestOperatorClient,
-		guestKubeClient,
-		guestKubeInformersForNamespaces.InformersFor("").Admissionregistration().V1().ValidatingWebhookConfigurations(),
-		namespacedAssetFunc,
-		"webhook_config.yaml",
-		eventRecorder,
-		webhookHooks,
-	)
-
 	priorityClass := defaultPriorityClass
 	var deploymentHooks []dc.DeploymentHookFunc
 	deploymentInformers := []factory.Informer{
@@ -286,6 +260,7 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 			hyperShiftColocationHook(controlPlaneNamespace),
 			hyperShiftNodeSelectorHook(hcpInformer.Lister(), controlPlaneNamespace),
 			hyperShiftSetSecurityContext(),
+			withVolumeGroupSnapshot(volumeGroupSnapshotAPIEnabled),
 		}
 
 	} else {
@@ -295,7 +270,7 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 			csidrivercontrollerservicecontroller.WithReplicasHook(
 				guestConfigInformers,
 			),
-			withVolumeGroupSnapshotWebhook(volumeGroupSnapshotAPIEnabled),
+			withVolumeGroupSnapshot(volumeGroupSnapshotAPIEnabled),
 		}
 	}
 	controllerDeploymentController := dc.NewDeploymentController(
@@ -312,41 +287,6 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 		deploymentHooks...,
 	)
 
-	webhookDeploymentManifest, err := namespacedAssetFunc("webhook_deployment.yaml")
-	if err != nil {
-		return err
-	}
-	var secretInformer informercorev1.SecretInformer
-	if isHyperShift {
-		secretInformer = controlPlaneInformersForNamespaces.InformersFor(controlPlaneNamespace).Core().V1().Secrets()
-	} else {
-		secretInformer = guestKubeInformersForNamespaces.InformersFor(controlPlaneNamespace).Core().V1().Secrets()
-	}
-	deploymentHooks = append(deploymentHooks, csidrivercontrollerservicecontroller.WithSecretHashAnnotationHook(
-		guestNamespace,
-		webhookSecretName,
-		secretInformer,
-	))
-	webhookDeploymentController := dc.NewDeploymentController(
-		// Name of this controller must match SISnapshotWebhookController from 4.11
-		// so it "adopts" its conditions during upgrade
-		"CSISnapshotWebhookController",
-		webhookDeploymentManifest,
-		eventRecorder,
-		guestOperatorClient,
-		controlPlaneKubeClient,
-		controlPlaneInformersForNamespaces.InformersFor(controlPlaneNamespace).Apps().V1().Deployments(),
-		[]factory.Informer{
-			guestKubeInformersForNamespaces.InformersFor("").Core().V1().Nodes().Informer(),
-			guestConfigInformers.Config().V1().Infrastructures().Informer(),
-			secretInformer.Informer(),
-		},
-		[]dc.ManifestHookFunc{
-			replacePlaceholdersHook(os.Getenv(webhookImageEnvName), priorityClass),
-		},
-		deploymentHooks...,
-	)
-
 	versionController := NewVersionController(
 		"VersionController",
 		guestOperatorClient,
@@ -410,12 +350,10 @@ func RunOperator(ctx context.Context, controllerConfig *controllercmd.Controller
 		logLevelController,
 		managementStateController,
 		controllerDeploymentController,
-		webhookDeploymentController,
 		versionController,
 		cndController,
 		guestStaticResourceController,
 		controlPlaneStaticResourcesController,
-		webhookController,
 	} {
 		if controller != nil {
 			go controller.Run(ctx, 1)
@@ -702,20 +640,6 @@ func hyperShiftAddKubeConfigVolume(secretName string) dc.DeploymentHookFunc {
 	}
 }
 
-func hyperShiftSetWebhookService() validatingWebhookConfigHook {
-	return func(configuration *admissionregistrationv1.ValidatingWebhookConfiguration) error {
-		for i := range configuration.Webhooks {
-			webhook := &configuration.Webhooks[i]
-			webhook.ClientConfig.Service = nil
-			// Name of csi-snapshot-webhook service in the same namespace as the guest API server.
-			url := "https://csi-snapshot-webhook"
-			webhook.ClientConfig.URL = &url
-		}
-
-		return nil
-	}
-}
-
 func hyperShiftAddPullSecret() dc.DeploymentHookFunc {
 	return func(_ *operatorv1.OperatorSpec, deployment *appsv1.Deployment) error {
 		if deployment.Spec.Template.Spec.ImagePullSecrets == nil {
@@ -740,7 +664,7 @@ func namespaceReplacer(assetFunc resourceapply.AssetFunc, placeholder, namespace
 	}
 }
 
-func withVolumeGroupSnapshotWebhook(enabled bool) dc.DeploymentHookFunc {
+func withVolumeGroupSnapshot(enabled bool) dc.DeploymentHookFunc {
 	return func(_ *operatorv1.OperatorSpec, deployment *appsv1.Deployment) error {
 		if !enabled {
 			return nil
@@ -750,8 +674,6 @@ func withVolumeGroupSnapshotWebhook(enabled bool) dc.DeploymentHookFunc {
 			switch container.Name {
 			case "snapshot-controller":
 				container.Args = append(container.Args, "-feature-gates=CSIVolumeGroupSnapshot=true")
-			case "webhook":
-				container.Args = append(container.Args, "-feature-gates=CSIVolumeGroupSnapshot=true")
 			}
 		}
 		return nil