fix: optionally disable the webhook server

charts/pvc-autoresizer/templates/controller/certificate.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.webhook.pvcMutatingWebhook.enabled }}
 {{- if not .Values.webhook.caBundle }}
 {{- if not .Values.webhook.certificate.generate }}
 {{- if not .Values.webhook.existingCertManagerIssuer }}
@@ -54,3 +55,4 @@ spec:
     - client auth
 {{- end }}
 {{- end }}
+{{- end }}

charts/pvc-autoresizer/templates/controller/deployment.yaml

@@ -42,6 +42,9 @@ spec:
           {{- with .Values.controller.args.additionalArgs -}}
             {{ toYaml . | nindent 12 }}
           {{- end }}
+          {{- if not .Values.webhook.pvcMutatingWebhook.enabled }}
+            - --pvc-mutating-webhook-enabled=false
+          {{- end}}
           image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
           {{- with .Values.image.pullPolicy }}
           imagePullPolicy: {{ . }}
@@ -67,9 +70,11 @@ spec:
             httpGet:
               path: /healthz
               port: health
+          {{- if .Values.webhook.pvcMutatingWebhook.enabled }}
           volumeMounts:
             - name: certs
               mountPath: /certs
+          {{- end }}
           securityContext:
             {{- toYaml .Values.controller.securityContext | nindent 12 }}
     {{- with .Values.controller.nodeSelector }}
@@ -80,10 +85,12 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
+      {{- if .Values.webhook.pvcMutatingWebhook.enabled }}
       volumes:
         - name: certs
           secret:
             defaultMode: 420
             secretName: {{ template "pvc-autoresizer.fullname" . }}-controller
+      {{- end }}
       securityContext:
         {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}

charts/pvc-autoresizer/templates/controller/issuer.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.webhook.pvcMutatingWebhook.enabled }}
 {{- if not .Values.webhook.caBundle }}
 {{- if not .Values.webhook.existingCertManagerIssuer }}
 {{- if not .Values.webhook.certificate.generate }}
@@ -27,3 +28,4 @@ spec:
 {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}

cmd/main.go

@@ -13,17 +13,18 @@ import (
 )
 
 var config struct {
-	certDir          string
-	webhookAddr      string
-	metricsAddr      string
-	healthAddr       string
-	namespaces       []string
-	watchInterval    time.Duration
-	prometheusURL    string
-	useK8sMetricsApi bool
-	skipAnnotation   bool
-	development      bool
-	zapOpts          zap.Options
+	certDir                   string
+	webhookAddr               string
+	metricsAddr               string
+	healthAddr                string
+	namespaces                []string
+	watchInterval             time.Duration
+	prometheusURL             string
+	useK8sMetricsApi          bool
+	skipAnnotation            bool
+	development               bool
+	zapOpts                   zap.Options
+	pvcMutatingWebhookEnabled bool
 }
 
 // rootCmd represents the base command when called without any subcommands
@@ -58,6 +59,8 @@ func init() {
 	fs.BoolVar(&config.useK8sMetricsApi, "use-k8s-metrics-api", false, "Use Kubernetes metrics API instead of Prometheus")
 	fs.BoolVar(&config.skipAnnotation, "no-annotation-check", false, "Skip annotation check for StorageClass")
 	fs.BoolVar(&config.development, "development", false, "Use development logger config")
+	fs.BoolVar(&config.pvcMutatingWebhookEnabled, "pvc-mutating-webhook-enabled", true,
+		"Enable the pvc mutating webhook endpoint")
 
 	goflags := flag.NewFlagSet("zap", flag.ExitOnError)
 	config.zapOpts.BindFlags(goflags)

cmd/run.go

@@ -40,15 +40,24 @@ func subMain() error {
 	}
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&config.zapOpts)))
 
-	hookHost, portStr, err := net.SplitHostPort(config.webhookAddr)
-	if err != nil {
-		setupLog.Error(err, "invalid webhook addr")
-		return err
-	}
-	hookPort, err := net.LookupPort("tcp", portStr)
-	if err != nil {
-		setupLog.Error(err, "invalid webhook port")
-		return err
+	var webhookServer webhook.Server
+	if config.pvcMutatingWebhookEnabled {
+		hookHost, portStr, err := net.SplitHostPort(config.webhookAddr)
+		if err != nil {
+			setupLog.Error(err, "invalid webhook addr")
+			return err
+		}
+		hookPort, err := net.LookupPort("tcp", portStr)
+		if err != nil {
+			setupLog.Error(err, "invalid webhook port")
+			return err
+		}
+
+		webhookServer = webhook.NewServer(webhook.Options{
+			Host:    hookHost,
+			Port:    hookPort,
+			CertDir: config.certDir,
+		})
 	}
 
 	graceTimeout := 10 * time.Second
@@ -70,12 +79,8 @@ func subMain() error {
 	}
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
-		Scheme: scheme,
-		WebhookServer: webhook.NewServer(webhook.Options{
-			Host:    hookHost,
-			Port:    hookPort,
-			CertDir: config.certDir,
-		}),
+		Scheme:        scheme,
+		WebhookServer: webhookServer,
 		Metrics: metricsserver.Options{
 			BindAddress: config.metricsAddr,
 		},
@@ -101,8 +106,10 @@ func subMain() error {
 	if err := mgr.AddReadyzCheck("ping", healthz.Ping); err != nil {
 		return err
 	}
-	if err := mgr.AddReadyzCheck("webhook", mgr.GetWebhookServer().StartedChecker()); err != nil {
-		return err
+	if config.pvcMutatingWebhookEnabled {
+		if err := mgr.AddReadyzCheck("webhook", mgr.GetWebhookServer().StartedChecker()); err != nil {
+			return err
+		}
 	}
 
 	var metricsClient runners.MetricsClient
@@ -133,10 +140,12 @@ func subMain() error {
 		return err
 	}
 
-	dec := admission.NewDecoder(scheme)
-	if err = hooks.SetupPersistentVolumeClaimWebhook(mgr, dec, ctrl.Log.WithName("hooks")); err != nil {
-		setupLog.Error(err, "unable to create PersistentVolumeClaim webhook")
-		return err
+	if config.pvcMutatingWebhookEnabled {
+		dec := admission.NewDecoder(scheme)
+		if err = hooks.SetupPersistentVolumeClaimWebhook(mgr, dec, ctrl.Log.WithName("hooks")); err != nil {
+			setupLog.Error(err, "unable to create PersistentVolumeClaim webhook")
+			return err
+		}
 	}
 
 	//+kubebuilder:scaffold:builder