Make webhook Logging options configurable using configfile.

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
cert-manager · Aug 15, 2023 · 542ca3b · 542ca3b
1 parent 9dc498b
commit 542ca3b
Show file tree

Hide file tree

Showing 8 changed files with 154 additions and 45 deletions.
diff --git a/cmd/webhook/app/webhook.go b/cmd/webhook/app/webhook.go
@@ -95,7 +95,7 @@ func NewServerCommand(stopCh <-chan struct{}) *cobra.Command {
 				os.Exit(1)
 			}
 
-			if err := logf.ValidateAndApply(webhookFlags.Logging); err != nil {
+			if err := logf.ValidateAndApply(&webhookConfig.Logging); err != nil {
 				log.Error(err, "Failed to validate webhook flags")
 				os.Exit(1)
 			}
@@ -117,6 +117,11 @@ func NewServerCommand(stopCh <-chan struct{}) *cobra.Command {
 					log.Error(err, "Failed to set feature gates from config file")
 					os.Exit(1)
 				}
+
+				if err := logf.ValidateAndApply(&webhookConfig.Logging); err != nil {
+					log.Error(err, "Failed to validate webhook flags")
+					os.Exit(1)
+				}
 			}
 
 			srv, err := cmwebhook.NewCertManagerWebhookServer(log, *webhookConfig)

diff --git a/internal/apis/config/controller/fuzzer/fuzzer.go b/internal/apis/config/controller/fuzzer/fuzzer.go
@@ -33,45 +33,87 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
 		func(s *controller.ControllerConfiguration, c fuzz.Continue) {
 			c.FuzzNoCustom(s) // fuzz self without calling this function again
 
-			defaultTime := 60 * time.Second
-			s.APIServerHost = "defaultHost"
-			s.KubeConfig = "defaultConfig"
-			s.KubernetesAPIQPS = 10
-			s.KubernetesAPIBurst = 10
-			s.ClusterResourceNamespace = "defaultClusterResourceNamespace"
-			s.Namespace = "defaultNamespace"
-			s.LeaderElectionConfig.Enabled = true
-			s.LeaderElectionConfig.Namespace = "defaultLeaderElectionNamespace"
-			s.LeaderElectionConfig.LeaseDuration = defaultTime
-			s.LeaderElectionConfig.RenewDeadline = defaultTime
-			s.LeaderElectionConfig.RetryPeriod = defaultTime
-			s.Controllers = []string{"*"}
-			s.ACMEHTTP01Config.SolverImage = "defaultACMEHTTP01SolverImage"
-			s.ACMEHTTP01Config.SolverResourceRequestCPU = "10m"
-			s.ACMEHTTP01Config.SolverResourceRequestMemory = "64Mi"
-			s.ACMEHTTP01Config.SolverResourceLimitsCPU = "100m"
-			s.ACMEHTTP01Config.SolverResourceLimitsMemory = "64Mi"
-			s.ACMEHTTP01Config.SolverRunAsNonRoot = true
-			s.ACMEHTTP01Config.SolverNameservers = []string{"8.8.8.8:53"}
-			s.ClusterIssuerAmbientCredentials = true
-			s.IssuerAmbientCredentials = true
-			s.IngressShimConfig.DefaultIssuerName = "defaultTLSACMEIssuerName"
-			s.IngressShimConfig.DefaultIssuerKind = "defaultIssuerKind"
-			s.IngressShimConfig.DefaultIssuerGroup = "defaultTLSACMEIssuerGroup"
-			s.IngressShimConfig.DefaultAutoCertificateAnnotations = []string{"kubernetes.io/tls-acme"}
-			s.ACMEDNS01Config.RecursiveNameservers = []string{"8.8.8.8:53"}
-			s.ACMEDNS01Config.RecursiveNameserversOnly = true
-			s.EnableCertificateOwnerRef = true
-			s.NumberOfConcurrentWorkers = 1
-			s.MaxConcurrentChallenges = 1
-			s.MetricsListenAddress = "0.0.0.0:9402"
-			s.HealthzListenAddress = "0.0.0.0:9402"
-			s.LeaderElectionConfig.HealthzTimeout = defaultTime
-			s.EnablePprof = true
-			s.PprofAddress = "something:1234"
-			s.CopiedAnnotationPrefixes = []string{"*", "-kubectl.kubernetes.io/", "-fluxcd.io/", "-argocd.argoproj.io/"}
+			if s.ClusterResourceNamespace == "" {
+				s.ClusterResourceNamespace = "test-roundtrip"
+			}
+
+			if len(s.Controllers) == 0 {
+				s.Controllers = []string{"test-roundtrip"}
+			}
+
+			if len(s.CopiedAnnotationPrefixes) == 0 {
+				s.CopiedAnnotationPrefixes = []string{"test-roundtrip"}
+			}
+
+			if s.MetricsListenAddress == "" {
+				s.MetricsListenAddress = "test-roundtrip"
+			}
+
+			if s.HealthzListenAddress == "" {
+				s.HealthzListenAddress = "test-roundtrip"
+			}
+
+			if s.PprofAddress == "" {
+				s.PprofAddress = "test-roundtrip"
+			}
 
 			logsapi.SetRecommendedLoggingConfiguration(&s.Logging)
+
+			if s.LeaderElectionConfig.Namespace == "" {
+				s.LeaderElectionConfig.Namespace = "test-roundtrip"
+			}
+
+			if s.LeaderElectionConfig.LeaseDuration == time.Duration(0) {
+				s.LeaderElectionConfig.LeaseDuration = time.Second * 8875
+			}
+
+			if s.LeaderElectionConfig.RenewDeadline == time.Duration(0) {
+				s.LeaderElectionConfig.RenewDeadline = time.Second * 8875
+			}
+
+			if s.LeaderElectionConfig.RetryPeriod == time.Duration(0) {
+				s.LeaderElectionConfig.RetryPeriod = time.Second * 8875
+			}
+
+			if s.LeaderElectionConfig.HealthzTimeout == time.Duration(0) {
+				s.LeaderElectionConfig.HealthzTimeout = time.Second * 8875
+			}
+
+			if s.IngressShimConfig.DefaultIssuerKind == "" {
+				s.IngressShimConfig.DefaultIssuerKind = "test-roundtrip"
+			}
+
+			if s.IngressShimConfig.DefaultIssuerGroup == "" {
+				s.IngressShimConfig.DefaultIssuerGroup = "test-roundtrip"
+			}
+
+			if len(s.IngressShimConfig.DefaultAutoCertificateAnnotations) == 0 {
+				s.IngressShimConfig.DefaultAutoCertificateAnnotations = []string{"test-roundtrip"}
+			}
+
+			if s.ACMEHTTP01Config.SolverImage == "" {
+				s.ACMEHTTP01Config.SolverImage = "test-roundtrip"
+			}
+
+			if s.ACMEHTTP01Config.SolverResourceRequestCPU == "" {
+				s.ACMEHTTP01Config.SolverResourceRequestCPU = "test-roundtrip"
+			}
+
+			if s.ACMEHTTP01Config.SolverResourceRequestMemory == "" {
+				s.ACMEHTTP01Config.SolverResourceRequestMemory = "test-roundtrip"
+			}
+
+			if s.ACMEHTTP01Config.SolverResourceLimitsCPU == "" {
+				s.ACMEHTTP01Config.SolverResourceLimitsCPU = "test-roundtrip"
+			}
+
+			if s.ACMEHTTP01Config.SolverResourceLimitsMemory == "" {
+				s.ACMEHTTP01Config.SolverResourceLimitsMemory = "test-roundtrip"
+			}
+
+			if s.ACMEDNS01Config.CheckRetryPeriod == time.Duration(0) {
+				s.ACMEDNS01Config.CheckRetryPeriod = time.Second * 8875
+			}
 		},
 	}
 }
diff --git a/internal/apis/config/util/conversion.go b/internal/apis/config/util/conversion.go
@@ -0,0 +1,51 @@
+/*
+Copyright 2021 The cert-manager Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	conversion "k8s.io/apimachinery/pkg/conversion"
+)
+
+func Convert_Pointer_float32_To_float32(in **float32, out *float32, s conversion.Scope) error {
+	if *in == nil {
+		*out = 0
+		return nil
+	}
+	*out = float32(**in)
+	return nil
+}
+
+func Convert_float32_To_Pointer_float32(in *float32, out **float32, s conversion.Scope) error {
+	temp := float32(*in)
+	*out = &temp
+	return nil
+}
+
+func Convert_Pointer_int32_To_int(in **int32, out *int, s conversion.Scope) error {
+	if *in == nil {
+		*out = 0
+		return nil
+	}
+	*out = int(**in)
+	return nil
+}
+
+func Convert_int_To_Pointer_int32(in *int, out **int32, s conversion.Scope) error {
+	temp := int32(*in)
+	*out = &temp
+	return nil
+}
diff --git a/internal/apis/config/webhook/fuzzer/fuzzer.go b/internal/apis/config/webhook/fuzzer/fuzzer.go
@@ -19,6 +19,7 @@ package fuzzer
 import (
 	fuzz "github.com/google/gofuzz"
 	runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
+	logsapi "k8s.io/component-base/logs/api/v1"
 
 	"github.com/cert-manager/cert-manager/internal/apis/config/webhook"
 )
@@ -32,6 +33,8 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
 			if s.PprofAddress == "" {
 				s.PprofAddress = "something:1234"
 			}
+
+			logsapi.SetRecommendedLoggingConfiguration(&s.Logging)
 		},
 	}
 }
diff --git a/internal/apis/config/webhook/types.go b/internal/apis/config/webhook/types.go
@@ -18,6 +18,7 @@ package webhook
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/component-base/logs"
 )
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -51,6 +52,9 @@ type WebhookConfiguration struct {
 	// Defaults to 'localhost:6060'.
 	PprofAddress string
 
+	// https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration
+	Logging logs.Options
+
 	// featureGates is a map of feature names to bools that enable or disable experimental
 	// features.
 	// Default: nil

diff --git a/internal/apis/config/webhook/v1alpha1/defaults.go b/internal/apis/config/webhook/v1alpha1/defaults.go
@@ -18,6 +18,7 @@ package v1alpha1
 
 import (
 	"k8s.io/apimachinery/pkg/runtime"
+	logsapi "k8s.io/component-base/logs/api/v1"
 	"k8s.io/utils/pointer"
 
 	"github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1"
@@ -37,4 +38,6 @@ func SetDefaults_WebhookConfiguration(obj *v1alpha1.WebhookConfiguration) {
 	if obj.PprofAddress == "" {
 		obj.PprofAddress = "localhost:6060"
 	}
+
+	logsapi.SetRecommendedLoggingConfiguration(&obj.Logging)
 }
diff --git a/pkg/apis/config/webhook/v1alpha1/types.go b/pkg/apis/config/webhook/v1alpha1/types.go
@@ -18,6 +18,7 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	logsapi "k8s.io/component-base/logs/api/v1"
 )
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -51,6 +52,10 @@ type WebhookConfiguration struct {
 	// Defaults to 'localhost:6060'.
 	PprofAddress string `json:"pprofAddress,omitempty"`
 
+	// logging configures the logging behaviour of the webhook.
+	// https://pkg.go.dev/k8s.io/component-base@v0.27.3/logs/api/v1#LoggingConfiguration
+	Logging logsapi.LoggingConfiguration `json:"logging"`
+
 	// featureGates is a map of feature names to bools that enable or disable experimental
 	// features.
 	// Default: nil

diff --git a/pkg/webhook/options/options.go b/pkg/webhook/options/options.go
@@ -21,7 +21,6 @@ import (
 
 	"github.com/spf13/pflag"
 	cliflag "k8s.io/component-base/cli/flag"
-	"k8s.io/component-base/logs"
 
 	config "github.com/cert-manager/cert-manager/internal/apis/config/webhook"
 	configscheme "github.com/cert-manager/cert-manager/internal/apis/config/webhook/scheme"
@@ -32,21 +31,16 @@ import (
 
 // WebhookFlags defines options that can only be configured via flags.
 type WebhookFlags struct {
-	Logging *logs.Options
-
 	// Path to a file containing a WebhookConfiguration resource
 	Config string
 }
 
 func NewWebhookFlags() *WebhookFlags {
-	return &WebhookFlags{
-		Logging: logs.NewOptions(),
-	}
+	return &WebhookFlags{}
 }
 
 func (f *WebhookFlags) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&f.Config, "config", "", "Path to a file containing a WebhookConfiguration object used to configure the webhook")
-	logf.AddFlags(f.Logging, fs)
 }
 
 func NewWebhookConfiguration() (*config.WebhookConfiguration, error) {
@@ -93,4 +87,6 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.WebhookConfiguration) {
 			"Possible values: "+strings.Join(tlsPossibleVersions, ", "))
 	fs.Var(cliflag.NewMapStringBool(&c.FeatureGates), "feature-gates", "A set of key=value pairs that describe feature gates for alpha/experimental features. "+
 		"Options are:\n"+strings.Join(utilfeature.DefaultFeatureGate.KnownFeatures(), "\n"))
+
+	logf.AddFlags(&c.Logging, fs)
 }