chore!(stackable-webhook): Default listen address to bind to all addresses (#1045)

* chore!(stackable-webhook): Default listen address to bind to all interfaces

* changelog

* interfaces -> addresses

* DEFAULT_SOCKET_ADDR -> DEFAULT_SOCKET_ADDRESS

* hint on IPv6 usage

Author: sbernauer

crates/stackable-webhook/CHANGELOG.md

@@ -8,7 +8,16 @@ All notable changes to this project will be documented in this file.
 
 - Don't pull in the `aws-lc-rs` crate, as this currently fails to build in `make run-dev` ([#1043]).
 
+### Changed
+
+- BREAKING: The constant `DEFAULT_IP_ADDRESS` has been renamed to `DEFAULT_LISTEN_ADDRESS` and binds to all
+  addresses (instead of only loopback) by default. This was changed because all the webhooks
+  deployed to Kubernetes (e.g. conversion or mutating - which this crate targets) need to be
+  accessible by it, which is not the case when only using loopback.
+  Also, the constant `DEFAULT_SOCKET_ADDR` has been renamed to `DEFAULT_SOCKET_ADDRESS` ([#1045]).
+
 [#1043]: https://github.com/stackabletech/operator-rs/pull/1043
+[#1045]: https://github.com/stackabletech/operator-rs/pull/1045
 
 ## [0.3.1] - 2024-07-10
 

crates/stackable-webhook/src/constants.rs

@@ -5,8 +5,14 @@ use std::net::{IpAddr, Ipv4Addr, SocketAddr};
 /// The default HTTPS port `8443`
 pub const DEFAULT_HTTPS_PORT: u16 = 8443;
 
-/// The default IP address `127.0.0.1` the webhook server binds to.
-pub const DEFAULT_IP_ADDRESS: IpAddr = IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1));
+/// The default IP address [`Ipv4Addr::UNSPECIFIED`] (`0.0.0.0`) the webhook server binds to,
+/// which represents binding on all network addresses.
+//
+// TODO: We might want to switch to `Ipv6Addr::UNSPECIFIED)` here, as this *normally* binds to IPv4
+// and IPv6. However, it's complicated and depends on the underlying system...
+// If we do so, we should set `set_only_v6(false)` on the socket to not rely on system defaults.
+pub const DEFAULT_LISTEN_ADDRESS: IpAddr = IpAddr::V4(Ipv4Addr::UNSPECIFIED);
 
-/// The default socket address `127.0.0.1:8443` the webhook server vinds to.
-pub const DEFAULT_SOCKET_ADDR: SocketAddr = SocketAddr::new(DEFAULT_IP_ADDRESS, DEFAULT_HTTPS_PORT);
+/// The default socket address `0.0.0.0:8443` the webhook server binds to.
+pub const DEFAULT_SOCKET_ADDRESS: SocketAddr =
+    SocketAddr::new(DEFAULT_LISTEN_ADDRESS, DEFAULT_HTTPS_PORT);

crates/stackable-webhook/src/options.rs

@@ -6,7 +6,7 @@ use std::{
 
 use stackable_certs::PrivateKeyType;
 
-use crate::constants::DEFAULT_SOCKET_ADDR;
+use crate::constants::DEFAULT_SOCKET_ADDRESS;
 
 /// Specifies available webhook server options.
 ///
@@ -78,15 +78,15 @@ impl OptionsBuilder {
     /// Sets the IP address of the socket address the webhook server uses to
     /// bind for HTTPS.
     pub fn bind_ip(mut self, bind_ip: impl Into<IpAddr>) -> Self {
-        let addr = self.socket_addr.get_or_insert(DEFAULT_SOCKET_ADDR);
+        let addr = self.socket_addr.get_or_insert(DEFAULT_SOCKET_ADDRESS);
         addr.set_ip(bind_ip.into());
         self
     }
 
     /// Sets the port of the socket address the webhook server uses to bind
     /// for HTTPS.
     pub fn bind_port(mut self, bind_port: u16) -> Self {
-        let addr = self.socket_addr.get_or_insert(DEFAULT_SOCKET_ADDR);
+        let addr = self.socket_addr.get_or_insert(DEFAULT_SOCKET_ADDRESS);
         addr.set_port(bind_port);
         self
     }
@@ -95,7 +95,7 @@ impl OptionsBuilder {
     /// explicitly set option.
     pub fn build(self) -> Options {
         Options {
-            socket_addr: self.socket_addr.unwrap_or(DEFAULT_SOCKET_ADDR),
+            socket_addr: self.socket_addr.unwrap_or(DEFAULT_SOCKET_ADDRESS),
         }
     }
 }