Adapt webhook.Server interface.

Earlier `webhook.Server` was a struct. All the struct fields like `Port`, `CertDir` is being moved to `Options` struct.
kubernetes-sigs/controller-runtime#2293

extensions/pkg/webhook/certificates/reconciler.go

@@ -31,8 +31,9 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
-	"github.com/gardener/gardener/extensions/pkg/webhook"
+	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
 	extensionsshootwebhook "github.com/gardener/gardener/extensions/pkg/webhook/shoot"
 	"github.com/gardener/gardener/pkg/controllerutils"
 	kubernetesutils "github.com/gardener/gardener/pkg/utils/kubernetes"
@@ -85,7 +86,7 @@ type reconciler struct {
 // AddToManager generates webhook CA and server cert if it doesn't exist on the cluster yet. Then it adds reconciler to
 // the given manager in order to periodically regenerate the webhook secrets.
 func (r *reconciler) AddToManager(ctx context.Context, mgr manager.Manager) error {
-	r.serverPort = mgr.GetWebhookServer().Port
+	r.serverPort = mgr.GetWebhookServer().(*webhook.DefaultServer).Options.Port
 	r.client = mgr.GetClient()
 
 	present, err := isWebhookServerSecretPresent(ctx, mgr.GetAPIReader(), r.ServerSecretName, r.Namespace, r.Identity)
@@ -179,7 +180,7 @@ func (r *reconciler) Reconcile(ctx context.Context, _ reconcile.Request) (reconc
 	if r.ShootWebhookConfig != nil {
 		// update shoot webhook config object (in memory) with the freshly created CA bundle which is also used by the
 		// ControlPlane actuator
-		if err := webhook.InjectCABundleIntoWebhookConfig(r.ShootWebhookConfig, caBundleSecret.Data[secretsutils.DataKeyCertificateBundle]); err != nil {
+		if err := extensionswebhook.InjectCABundleIntoWebhookConfig(r.ShootWebhookConfig, caBundleSecret.Data[secretsutils.DataKeyCertificateBundle]); err != nil {
 			return reconcile.Result{}, err
 		}
 		r.AtomicShootWebhookConfig.Store(r.ShootWebhookConfig.DeepCopy())
@@ -206,7 +207,7 @@ func (r *reconciler) reconcileSourceWebhookConfig(ctx context.Context, sourceWeb
 	}
 
 	patch := client.MergeFromWithOptions(config.DeepCopyObject().(client.Object), client.MergeFromWithOptimisticLock{})
-	if err := webhook.InjectCABundleIntoWebhookConfig(config, caBundleSecret.Data[secretsutils.DataKeyCertificateBundle]); err != nil {
+	if err := extensionswebhook.InjectCABundleIntoWebhookConfig(config, caBundleSecret.Data[secretsutils.DataKeyCertificateBundle]); err != nil {
 		return err
 	}
 	return r.client.Patch(ctx, config, patch)

extensions/pkg/webhook/certificates/reloader.go

@@ -28,6 +28,7 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	"github.com/gardener/gardener/pkg/controllerutils"
 	secretsutils "github.com/gardener/gardener/pkg/utils/secrets"
@@ -58,7 +59,7 @@ type reloader struct {
 // manager in order to periodically reload the secret from the cluster.
 func (r *reloader) AddToManager(ctx context.Context, mgr manager.Manager) error {
 	r.reader = mgr.GetClient()
-	r.certDir = mgr.GetWebhookServer().CertDir
+	r.certDir = mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir
 
 	// initial retrieval of server cert, needed in order for the webhook server to start successfully
 	found, _, serverCert, serverKey, err := r.getServerCert(ctx, mgr.GetAPIReader())

extensions/pkg/webhook/cmd/options.go

@@ -25,6 +25,7 @@ import (
 	"k8s.io/utils/clock"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
 	"github.com/gardener/gardener/extensions/pkg/webhook/certificates"
@@ -245,7 +246,7 @@ func (c *AddToManagerConfig) AddToManager(ctx context.Context, mgr manager.Manag
 	}
 	webhookServer := mgr.GetWebhookServer()
 
-	servicePort := webhookServer.Port
+	servicePort := webhookServer.(*webhook.DefaultServer).Options.Port
 	if (c.Server.Mode == extensionswebhook.ModeService || c.Server.Mode == extensionswebhook.ModeURLWithServiceName) && c.Server.ServicePort > 0 {
 		servicePort = c.Server.ServicePort
 	}
@@ -280,7 +281,7 @@ func (c *AddToManagerConfig) AddToManager(ctx context.Context, mgr manager.Manag
 		mgr.GetLogger().Info("Running webhooks with unmanaged certificates (i.e., the webhook CA will not be rotated automatically). " +
 			"This mode is supposed to be used for development purposes only. Make sure to configure --webhook-config-namespace in production.")
 
-		caBundle, err := certificates.GenerateUnmanagedCertificates(c.extensionName, webhookServer.CertDir, c.Server.Mode, c.Server.URL)
+		caBundle, err := certificates.GenerateUnmanagedCertificates(c.extensionName, webhookServer.(*webhook.DefaultServer).Options.CertDir, c.Server.Mode, c.Server.URL)
 		if err != nil {
 			return nil, fmt.Errorf("error generating new certificates for webhook server: %w", err)
 		}
@@ -356,7 +357,7 @@ func (c *AddToManagerConfig) reconcileShootWebhookConfigs(mgr manager.Manager, s
 			if err := extensionswebhook.InjectCABundleIntoWebhookConfig(shootWebhookConfig, caBundle); err != nil {
 				return err
 			}
-			if err := extensionsshootwebhook.ReconcileWebhooksForAllNamespaces(ctx, mgr.GetClient(), c.Server.Namespace, c.extensionName, c.shootWebhookManagedResourceName, c.shootNamespaceSelector, mgr.GetWebhookServer().Port, shootWebhookConfig); err != nil {
+			if err := extensionsshootwebhook.ReconcileWebhooksForAllNamespaces(ctx, mgr.GetClient(), c.Server.Namespace, c.extensionName, c.shootWebhookManagedResourceName, c.shootNamespaceSelector, mgr.GetWebhookServer().(*webhook.DefaultServer).Options.Port, shootWebhookConfig); err != nil {
 				return fmt.Errorf("error reconciling all shoot webhook configs: %w", err)
 			}
 		}

pkg/provider-local/controller/controlplane/add.go

@@ -19,6 +19,7 @@ import (
 
 	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller"
 	"github.com/gardener/gardener/extensions/pkg/controller/controlplane"
@@ -49,7 +50,7 @@ func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error {
 	return controlplane.Add(mgr, controlplane.AddArgs{
 		Actuator: genericactuator.NewActuator(local.Name, getSecretConfigs, nil, nil, nil, nil, nil, controlPlaneShootChart,
 			nil, storageClassChart, nil, NewValuesProvider(), extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot),
-			imagevector.ImageVector(), "", opts.ShootWebhookConfig, opts.WebhookServerNamespace, mgr.GetWebhookServer().Port),
+			imagevector.ImageVector(), "", opts.ShootWebhookConfig, opts.WebhookServerNamespace, mgr.GetWebhookServer().(*webhook.DefaultServer).Options.Port),
 		ControllerOptions: opts.Controller,
 		Predicates:        controlplane.DefaultPredicates(opts.IgnoreOperationAnnotation),
 		Type:              local.Type,

test/integration/extensions/webhook/certificates/certificates_test.go

@@ -39,6 +39,7 @@ import (
 	"k8s.io/utils/pointer"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
 	"github.com/gardener/gardener/extensions/pkg/webhook/certificates"
@@ -198,11 +199,11 @@ var _ = Describe("Certificates tests", func() {
 
 			By("Verify certificates exist on disk")
 			Eventually(func(g Gomega) {
-				serverCert, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.crt"))
+				serverCert, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.crt"))
 				g.Expect(err).NotTo(HaveOccurred())
 				g.Expect(serverCert).NotTo(BeEmpty())
 
-				serverKey, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.key"))
+				serverKey, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.key"))
 				g.Expect(err).NotTo(HaveOccurred())
 				g.Expect(serverKey).NotTo(BeEmpty())
 			}).Should(Succeed())
@@ -267,13 +268,13 @@ var _ = Describe("Certificates tests", func() {
 
 				By("Read generated server certificate from disk")
 				Eventually(func(g Gomega) []byte {
-					serverCert1, err = os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.crt"))
+					serverCert1, err = os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.crt"))
 					g.Expect(err).NotTo(HaveOccurred())
 					return serverCert1
 				}).Should(Not(BeEmpty()))
 
 				Eventually(func(g Gomega) []byte {
-					serverKey1, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.key"))
+					serverKey1, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.key"))
 					g.Expect(err).NotTo(HaveOccurred())
 					return serverKey1
 				}).Should(Not(BeEmpty()))
@@ -288,7 +289,7 @@ var _ = Describe("Certificates tests", func() {
 
 				By("Read re-generated server certificate from disk")
 				Eventually(func(g Gomega) []byte {
-					serverCert2, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.crt"))
+					serverCert2, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.crt"))
 					g.Expect(err).NotTo(HaveOccurred())
 					return serverCert2
 				}).Should(And(
@@ -365,11 +366,11 @@ var _ = Describe("Certificates tests", func() {
 
 			By("Verify certificates exist on disk")
 			Eventually(func(g Gomega) {
-				serverCert, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.crt"))
+				serverCert, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.crt"))
 				g.Expect(err).NotTo(HaveOccurred())
 				g.Expect(serverCert).NotTo(BeEmpty())
 
-				serverKey, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.key"))
+				serverKey, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.key"))
 				g.Expect(err).NotTo(HaveOccurred())
 				g.Expect(serverKey).NotTo(BeEmpty())
 			}).Should(Succeed())
@@ -459,13 +460,13 @@ var _ = Describe("Certificates tests", func() {
 
 				By("Read generated server certificate from disk")
 				Eventually(func(g Gomega) []byte {
-					serverCert1, err = os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.crt"))
+					serverCert1, err = os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.crt"))
 					g.Expect(err).NotTo(HaveOccurred())
 					return serverCert1
 				}).Should(Not(BeEmpty()))
 
 				Eventually(func(g Gomega) []byte {
-					serverKey1, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.key"))
+					serverKey1, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.key"))
 					g.Expect(err).NotTo(HaveOccurred())
 					return serverKey1
 				}).Should(Not(BeEmpty()))
@@ -492,7 +493,7 @@ var _ = Describe("Certificates tests", func() {
 
 				By("Read re-generated server certificate from disk")
 				Eventually(func(g Gomega) []byte {
-					serverCert2, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().CertDir, "tls.crt"))
+					serverCert2, err := os.ReadFile(filepath.Join(mgr.GetWebhookServer().(*webhook.DefaultServer).Options.CertDir, "tls.crt"))
 					g.Expect(err).NotTo(HaveOccurred())
 					return serverCert2
 				}).Should(And(