Provide a deployment option for disabling the webhooks

[fedepaol]

Given the issues related to validating webhooks can be related to multiple factors (see #1597 and https://hackmd.io/@maelvls/debug-cert-manager-webhook ), it makes sense to offer an option to disable the validating webhooks, to make metallb usable in those scenarios (despite with less checks on the CR creation).

[attiss]

@fedepaol I'd be happy to contribute this. Just to double check: we want to provide a configuration option that controls whether the metallb-webhook-configuration resource is deployed or not, correct?

Do you have any preference regarding the configuration? How about something like this?

crds:
  enabled: true
  validation:
    enabled: true

(crds.validation.enabled would default to true)

[fedepaol]

Either that, or an alternative method is to drive the failure policy of the webhook, here.
I'd also try to keep backward compatibility, and as the default behaviour is now to deploy the webhooks, I'd call it "disableWebhooks".

[attiss]

or an alternative method is to drive the failure policy of the webhook

Sounds good to me! If we go this path, how about calling the config option permissiveWebhooks or ignoreWebhookFailures?

[fedepaol]

ignoreWebhookFailures sounds a bit too scary :p
How about exporting the policy itself and call it just validationFailurePolicy ?

[attiss]

I can open a PR for this later today, if that's fine with you.

[fedepaol]

No rush! Take your time, and thanks for looking into this!

[attiss]

PR opened: #1623