Add helm flag to enable/disable installation of valwebhook (#1327)

* Add helm flag to enable/disable installation of valwebhook This commit adds a helm flag `bpValidatingWebhook.enabled` that can be used to specify if we want to install validating webhook that validates the blueprints or not. * Change helm_test to not install validating webhook Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
kanisterio · Mar 24, 2022 · fb8315e · fb8315e
1 parent e1fe6d7
commit fb8315e
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 2 deletions.
diff --git a/helm/kanister-operator/templates/deployment.yaml b/helm/kanister-operator/templates/deployment.yaml
@@ -15,17 +15,21 @@ spec:
 {{ include "kanister-operator.helmLabels" . | indent 8}}
     spec:
       serviceAccountName: {{ template "kanister-operator.serviceAccountName" . }}
+{{- if .Values.bpValidatingWebhook.enabled }}
       volumes:
         - name: webhook-certs
           secret:
             secretName: kanister-webhook-certs
+{{- end }}
       containers:
       - name: {{ template "kanister-operator.fullname" . }}
         image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
+{{- if .Values.bpValidatingWebhook.enabled }}
         volumeMounts:
           - name: webhook-certs
             mountPath: /var/run/webhook/serving-cert
+{{- end }}
         env:
         - name: CREATEORUPDATE_CRDS
           value: {{ .Values.controller.updateCRDs | quote }}

diff --git a/helm/kanister-operator/templates/validating-webhook.yaml b/helm/kanister-operator/templates/validating-webhook.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.bpValidatingWebhook.enabled -}}
 {{ $altNames := list  ( printf "%s.%s" ( include "kanister-operator.fullname" . ) .Release.Namespace )  ( printf "%s.%s.svc" ( include "kanister-operator.fullname" . ) .Release.Namespace ) }}
 # generate ca cert with 365 days of validity
 {{ $ca := genCA ( printf "%s-ca" ( include "kanister-operator.fullname" . ) ) 365 }}
@@ -34,3 +35,4 @@ webhooks:
   admissionReviewVersions: ["v1", "v1beta1"]
   sideEffects: None
   timeoutSeconds: 5
+{{- end -}}
diff --git a/helm/kanister-operator/values.yaml b/helm/kanister-operator/values.yaml
@@ -18,6 +18,8 @@ controller:
   # false : CRDs would be created by helm
   # true : CRDs would be created by kanister controller
   updateCRDs: true
+bpValidatingWebhook:
+  enabled: true
 resources:
 # We usually recommend not to specify default resources and to leave this as a conscious
 # choice for the user. This also increases chances charts run on environments with little

diff --git a/pkg/testing/helm/helm_test.go b/pkg/testing/helm/helm_test.go
@@ -53,7 +53,9 @@ func (h *HelmTestSuite) SetUpSuite(c *C) {
 
 	h.deploymentName = fmt.Sprintf("%s-%s", kanisterName, "kanister-operator")
 
-	helmValues := make(map[string]string)
+	helmValues := map[string]string{
+		"bpValidatingWebhook.enabled": "false",
+	}
 
 	kanisterApp, err := NewHelmApp(helmValues, kanisterName, "kanister/kanister-operator", kanisterName, "", false)
 	c.Assert(err, IsNil)
@@ -80,7 +82,8 @@ func (h *HelmTestSuite) TestUpgrade(c *C) {
 	c.Log("Upgrading the kanister release with local chart and updated image")
 	// upgrade the installed application
 	updatedValues := map[string]string{
-		"image.tag": "v9.99.9-dev",
+		"image.tag":                   "v9.99.9-dev",
+		"bpValidatingWebhook.enabled": "false",
 	}
 	c.Assert(h.helmApp.Upgrade("../../../helm/kanister-operator", updatedValues), IsNil)