We need to use the cert-manager annotation on the webhook with the co…

…rrect APIGroup for older cert-manager (#1553) Signed-off-by: Andreas Neumann <aneumann@mesosphere.com>
kudobuilder · Jun 5, 2020 · 5a54251 · 5a54251
1 parent 8841203
commit 5a54251
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/pkg/kudoctl/kudoinit/prereq/webhook.go b/pkg/kudoctl/kudoinit/prereq/webhook.go
@@ -76,7 +76,7 @@ func (k *KudoWebHook) installWithCertManager(client *kube.Client) error {
 	if err := installUnstructured(client.DynamicClient, k.certificate); err != nil {
 		return err
 	}
-	if err := installAdmissionWebhook(client.KubeClient.AdmissionregistrationV1beta1(), InstanceAdmissionWebhook(k.opts.Namespace)); err != nil {
+	if err := installAdmissionWebhook(client.KubeClient.AdmissionregistrationV1beta1(), instanceAdmissionWebhookCertManager(k.opts.Namespace, k.certManagerGroup)); err != nil {
 		return err
 	}
 	return nil
@@ -120,7 +120,7 @@ func (k *KudoWebHook) Resources() []runtime.Object {
 }
 
 func (k *KudoWebHook) resourcesWithCertManager() []runtime.Object {
-	av := InstanceAdmissionWebhook(k.opts.Namespace)
+	av := instanceAdmissionWebhookCertManager(k.opts.Namespace, k.certManagerGroup)
 	objs := []runtime.Object{&av}
 	objs = append(objs, k.issuer)
 	objs = append(objs, k.certificate)
@@ -307,6 +307,13 @@ func instanceAdmissionWebhookWithCABundle(ns string, caData []byte) admissionv1b
 	return iaw
 }
 
+func instanceAdmissionWebhookCertManager(ns string, certManagerGroup string) admissionv1beta1.MutatingWebhookConfiguration {
+	iaw := InstanceAdmissionWebhook(ns)
+	injectCaAnnotationName := fmt.Sprintf("%s/inject-ca-from", certManagerGroup)
+	iaw.Annotations[injectCaAnnotationName] = fmt.Sprintf("%s/kudo-webhook-server-certificate", ns)
+	return iaw
+}
+
 // InstanceAdmissionWebhook returns a MutatingWebhookConfiguration for the instance admission controller.
 func InstanceAdmissionWebhook(ns string) admissionv1beta1.MutatingWebhookConfiguration {
 	namespacedScope := admissionv1beta1.NamespacedScope
@@ -315,10 +322,8 @@ func InstanceAdmissionWebhook(ns string) admissionv1beta1.MutatingWebhookConfigu
 	noSideEffects := admissionv1beta1.SideEffectClassNone
 	return admissionv1beta1.MutatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: "kudo-manager-instance-admission-webhook-config",
-			Annotations: map[string]string{
-				"cert-manager.io/inject-ca-from": fmt.Sprintf("%s/kudo-webhook-server-certificate", ns),
-			},
+			Name:        "kudo-manager-instance-admission-webhook-config",
+			Annotations: map[string]string{},
 		},
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "MutatingWebhookConfiguration",