Add webhook singleton command

Signed-off-by: Jian Qiu <[email protected]>

Author: qiujian16

cmd/registration-operator/main.go

@@ -48,6 +48,7 @@ func newNucleusCommand() *cobra.Command {
 
 	cmd.AddCommand(hub.NewHubOperatorCmd())
 	cmd.AddCommand(hub.NewHubManagerCmd())
+	cmd.AddCommand(hub.NewWebhookCmd())
 	cmd.AddCommand(spoke.NewKlusterletOperatorCmd())
 	cmd.AddCommand(spoke.NewKlusterletAgentCmd())
 

pkg/cmd/hub/operator.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/spf13/cobra"
 	"k8s.io/utils/clock"
+	ctrl "sigs.k8s.io/controller-runtime"
 
 	commonoptions "open-cluster-management.io/ocm/pkg/common/options"
 	"open-cluster-management.io/ocm/pkg/operator/operators/clustermanager"
@@ -47,3 +48,24 @@ func NewHubManagerCmd() *cobra.Command {
 	opts.AddFlags(flags)
 	return cmd
 }
+
+func NewWebhookCmd() *cobra.Command {
+	webhookOptions := commonoptions.NewWebhookOptions()
+	opts := hub.NewWebhookOptions()
+	cmd := &cobra.Command{
+		Use:   "webhook-server",
+		Short: "Start the registration webhook server",
+		RunE: func(c *cobra.Command, args []string) error {
+			if err := opts.SetupWebhookServer(webhookOptions); err != nil {
+				return err
+			}
+			return webhookOptions.RunWebhookServer(ctrl.SetupSignalHandler())
+		},
+	}
+
+	flags := cmd.Flags()
+	opts.AddFlags(flags)
+	webhookOptions.AddFlags(flags)
+
+	return cmd
+}

pkg/cmd/webhook/registration.go

@@ -2,23 +2,29 @@ package webhook
 
 import (
 	"github.com/spf13/cobra"
+	ctrl "sigs.k8s.io/controller-runtime"
 
+	commonoptions "open-cluster-management.io/ocm/pkg/common/options"
 	"open-cluster-management.io/ocm/pkg/registration/webhook"
 )
 
 func NewRegistrationWebhook() *cobra.Command {
-	ops := webhook.NewOptions()
+	webhookOptions := commonoptions.NewWebhookOptions()
+	opts := webhook.NewOptions()
 	cmd := &cobra.Command{
 		Use:   "webhook-server",
 		Short: "Start the registration webhook server",
 		RunE: func(c *cobra.Command, args []string) error {
-			err := ops.RunWebhookServer()
-			return err
+			if err := opts.SetupWebhookServer(webhookOptions); err != nil {
+				return err
+			}
+			return webhookOptions.RunWebhookServer(ctrl.SetupSignalHandler())
 		},
 	}
 
 	flags := cmd.Flags()
-	ops.AddFlags(flags)
+	opts.AddFlags(flags)
+	webhookOptions.AddFlags(flags)
 
 	return cmd
 }

pkg/cmd/webhook/work.go

@@ -2,24 +2,30 @@ package webhook
 
 import (
 	"github.com/spf13/cobra"
+	ctrl "sigs.k8s.io/controller-runtime"
 
+	commonoptions "open-cluster-management.io/ocm/pkg/common/options"
 	_ "open-cluster-management.io/ocm/pkg/features"
 	"open-cluster-management.io/ocm/pkg/work/webhook"
 )
 
 func NewWorkWebhook() *cobra.Command {
+	webhookOptions := commonoptions.NewWebhookOptions()
 	ops := webhook.NewOptions()
 	cmd := &cobra.Command{
 		Use:   "webhook-server",
 		Short: "Start the work webhook server",
 		RunE: func(c *cobra.Command, args []string) error {
-			err := ops.RunWebhookServer()
-			return err
+			if err := ops.SetupWebhookServer(webhookOptions); err != nil {
+				return err
+			}
+			return webhookOptions.RunWebhookServer(ctrl.SetupSignalHandler())
 		},
 	}
 
 	flags := cmd.Flags()
 	ops.AddFlags(flags)
+	webhookOptions.AddFlags(flags)
 
 	return cmd
 }

pkg/common/options/webhook.go

@@ -0,0 +1,102 @@
+package options
+
+import (
+	"context"
+	"crypto/tls"
+
+	"github.com/spf13/pflag"
+	"k8s.io/apimachinery/pkg/runtime"
+	_ "k8s.io/client-go/plugin/pkg/client/auth" // Import all auth plugins (e.g. Azure, GCP, OIDC, etc.) to ensure exec-entrypoint and run can make use of them.
+	"k8s.io/klog/v2"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+)
+
+type WebhookOptions struct {
+	Port     int
+	CertDir  string
+	scheme   *runtime.Scheme
+	webhooks []WebhookInitializer
+}
+
+func NewWebhookOptions() *WebhookOptions {
+	return &WebhookOptions{
+		Port:   9443,
+		scheme: runtime.NewScheme(),
+	}
+}
+
+func (c *WebhookOptions) AddFlags(fs *pflag.FlagSet) {
+	fs.IntVar(&c.Port, "port", c.Port,
+		"Port is the port that the webhook server serves at.")
+	fs.StringVar(&c.CertDir, "certdir", c.CertDir,
+		"CertDir is the directory that contains the server key and certificate. If not set, "+
+			"webhook server would look up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs")
+}
+
+type WebhookInitializer interface {
+	Init(mgr ctrl.Manager) error
+}
+
+func (c *WebhookOptions) InstallWebhook(webhooks ...WebhookInitializer) {
+	c.webhooks = append(c.webhooks, webhooks...)
+}
+
+func (c *WebhookOptions) InstallScheme(fns ...func(s *runtime.Scheme) error) error {
+	for _, f := range fns {
+		if err := f(c.scheme); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (c *WebhookOptions) RunWebhookServer(ctx context.Context) error {
+	logger := klog.LoggerWithName(klog.FromContext(ctx), "Webhook Server")
+	// This line prevents controller-runtime from complaining about log.SetLogger never being called
+	ctrl.SetLogger(logger)
+
+	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+		Scheme:                 c.scheme,
+		HealthProbeBindAddress: ":8000",
+		WebhookServer: webhook.NewServer(webhook.Options{
+			Port:    c.Port,
+			CertDir: c.CertDir,
+			TLSOpts: []func(config *tls.Config){
+				func(config *tls.Config) {
+					config.MinVersion = tls.VersionTLS12
+				},
+			},
+		}),
+	})
+	if err != nil {
+		logger.Error(err, "unable to start manager")
+		return err
+	}
+
+	// add healthz/readyz check handler
+	if err := mgr.AddHealthzCheck("healthz-ping", healthz.Ping); err != nil {
+		logger.Error(err, "unable to add healthz check handler")
+		return err
+	}
+
+	if err := mgr.AddReadyzCheck("readyz-ping", healthz.Ping); err != nil {
+		logger.Error(err, "unable to add readyz check handler")
+		return err
+	}
+
+	for _, webhookInitializer := range c.webhooks {
+		if err := webhookInitializer.Init(mgr); err != nil {
+			logger.Error(err, "unable to initilize webhook server")
+			return err
+		}
+	}
+
+	logger.Info("starting manager")
+	if err := mgr.Start(ctx); err != nil {
+		logger.Error(err, "problem running manager")
+		return err
+	}
+	return nil
+}

pkg/registration/webhook/option.go

@@ -1,24 +1,15 @@
 package webhook
 
-import "github.com/spf13/pflag"
+import (
+	"github.com/spf13/pflag"
+)
 
 // Config contains the server (the webhook) cert and key.
-type Options struct {
-	Port    int
-	CertDir string
-}
+type Options struct{}
 
 // NewOptions constructs a new set of default options for webhook.
 func NewOptions() *Options {
-	return &Options{
-		Port: 9443,
-	}
+	return &Options{}
 }
 
-func (c *Options) AddFlags(fs *pflag.FlagSet) {
-	fs.IntVar(&c.Port, "port", c.Port,
-		"Port is the port that the webhook server serves at.")
-	fs.StringVar(&c.CertDir, "certdir", c.CertDir,
-		"CertDir is the directory that contains the server key and certificate. If not set, "+
-			"webhook server would look up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs")
-}
+func (c *Options) AddFlags(_ *pflag.FlagSet) {}

pkg/registration/webhook/start.go

@@ -1,81 +1,26 @@
 package webhook
 
 import (
-	"context"
-	"crypto/tls"
-
-	"k8s.io/apimachinery/pkg/runtime"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	_ "k8s.io/client-go/plugin/pkg/client/auth" // Import all auth plugins (e.g. Azure, GCP, OIDC, etc.) to ensure exec-entrypoint and run can make use of them.
-	"k8s.io/klog/v2"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/healthz"
-	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	clusterv1 "open-cluster-management.io/api/cluster/v1"
 
+	commonoptions "open-cluster-management.io/ocm/pkg/common/options"
 	internalv1 "open-cluster-management.io/ocm/pkg/registration/webhook/v1"
 	internalv1beta2 "open-cluster-management.io/ocm/pkg/registration/webhook/v1beta2"
 )
 
-var (
-	scheme = runtime.NewScheme()
-)
-
-func init() {
-	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
-	utilruntime.Must(clusterv1.Install(scheme))
-	utilruntime.Must(internalv1beta2.Install(scheme))
-}
-
-func (c *Options) RunWebhookServer() error {
-	logger := klog.LoggerWithName(klog.FromContext(context.Background()), "Webhook Server")
-	// This line prevents controller-runtime from complaining about log.SetLogger never being called
-	ctrl.SetLogger(logger)
-
-	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
-		Scheme:                 scheme,
-		HealthProbeBindAddress: ":8000",
-		WebhookServer: webhook.NewServer(webhook.Options{
-			Port:    c.Port,
-			CertDir: c.CertDir,
-			TLSOpts: []func(config *tls.Config){
-				func(config *tls.Config) {
-					config.MinVersion = tls.VersionTLS12
-				},
-			},
-		}),
-	})
-	if err != nil {
-		logger.Error(err, "unable to start manager")
+func (c *Options) SetupWebhookServer(opts *commonoptions.WebhookOptions) error {
+	if err := opts.InstallScheme(
+		clientgoscheme.AddToScheme,
+		clusterv1.Install,
+		internalv1beta2.Install,
+	); err != nil {
 		return err
 	}
+	opts.InstallWebhook(
+		&internalv1.ManagedClusterWebhook{},
+		&internalv1beta2.ManagedClusterSetBindingWebhook{})
 
-	// add healthz/readyz check handler
-	if err := mgr.AddHealthzCheck("healthz-ping", healthz.Ping); err != nil {
-		logger.Error(err, "unable to add healthz check handler")
-		return err
-	}
-
-	if err := mgr.AddReadyzCheck("readyz-ping", healthz.Ping); err != nil {
-		logger.Error(err, "unable to add readyz check handler")
-		return err
-	}
-
-	if err = (&internalv1.ManagedClusterWebhook{}).Init(mgr); err != nil {
-		logger.Error(err, "unable to create ManagedCluster webhook")
-		return err
-	}
-	if err = (&internalv1beta2.ManagedClusterSetBindingWebhook{}).Init(mgr); err != nil {
-		logger.Error(err, "unable to create ManagedClusterSetBinding webhook", "version", "v1beta2")
-		return err
-	}
-
-	logger.Info("starting manager")
-	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
-		logger.Error(err, "problem running manager")
-		return err
-	}
 	return nil
 }

pkg/singleton/hub/webhook.go

@@ -0,0 +1,39 @@
+package hub
+
+import (
+	"github.com/spf13/pflag"
+
+	commonoptions "open-cluster-management.io/ocm/pkg/common/options"
+	registrationwebhook "open-cluster-management.io/ocm/pkg/registration/webhook"
+	workwebhook "open-cluster-management.io/ocm/pkg/work/webhook"
+)
+
+// Config contains the server (the webhook) cert and key.
+type WebhookOptions struct {
+	registrationWebhookOptions *registrationwebhook.Options
+	workWebhookOptions         *workwebhook.Options
+}
+
+// NewWebhookOptions constructs a new set of default options for webhook.
+func NewWebhookOptions() *WebhookOptions {
+	return &WebhookOptions{
+		registrationWebhookOptions: registrationwebhook.NewOptions(),
+		workWebhookOptions:         workwebhook.NewOptions(),
+	}
+}
+
+func (c *WebhookOptions) AddFlags(fs *pflag.FlagSet) {
+	c.workWebhookOptions.AddFlags(fs)
+	c.registrationWebhookOptions.AddFlags(fs)
+}
+
+func (c *WebhookOptions) SetupWebhookServer(opts *commonoptions.WebhookOptions) error {
+	if err := c.registrationWebhookOptions.SetupWebhookServer(opts); err != nil {
+		return err
+	}
+	if err := c.workWebhookOptions.SetupWebhookServer(opts); err != nil {
+		return err
+	}
+
+	return nil
+}