From 91337998a2b0defbb253ab4c3d3021076cafde8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BCringer?=
 <4662360+sbueringer@users.noreply.github.com>
Date: Fri, 30 Jul 2021 19:43:38 +0200
Subject: [PATCH] fix webhook health check tls handshake timeouts (#1616)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stefan Büringer buringerst@vmware.com
---
 pkg/webhook/server.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkg/webhook/server.go b/pkg/webhook/server.go
index 0895397fcb..d2338d0b77 100644
--- a/pkg/webhook/server.go
+++ b/pkg/webhook/server.go
@@ -292,6 +292,9 @@ func (s *Server) Start(ctx context.Context) error {
 // StartedChecker returns an healthz.Checker which is healthy after the
 // server has been started.
 func (s *Server) StartedChecker() healthz.Checker {
+	config := &tls.Config{
+		InsecureSkipVerify: true, // nolint:gosec // config is used to connect to our own webhook port.
+	}
 	return func(req *http.Request) error {
 		s.mu.Lock()
 		defer s.mu.Unlock()
@@ -300,11 +303,15 @@ func (s *Server) StartedChecker() healthz.Checker {
 			return fmt.Errorf("webhook server has not been started yet")
 		}
 
-		conn, err := net.DialTimeout("tcp", net.JoinHostPort(s.Host, strconv.Itoa(s.Port)), 10*time.Second)
+		d := &net.Dialer{Timeout: 10 * time.Second}
+		conn, err := tls.DialWithDialer(d, "tcp", net.JoinHostPort(s.Host, strconv.Itoa(s.Port)), config)
 		if err != nil {
 			return fmt.Errorf("webhook server is not reachable: %v", err)
 		}
-		conn.Close()
+
+		if err := conn.Close(); err != nil {
+			return fmt.Errorf("webhook server is not reachable: closing connection: %v", err)
+		}
 
 		return nil
 	}