webhookSecretName is hardcoded to webhook-server-cert

[btrepp]

It appears that webhookSecretName is hardcoded to 'webhook-server-cert'. This causes some issues when deploying via kustomize. As if you have 'namePrefix' you can't skip or wind that back.

Most other items in MetalLb seem to be configurable, but this one seems hardcoded here

metallb/internal/k8s/k8s.go

Line 64 in 651427b

webhookSecretName = "webhook-server-cert" //#nosec G101

This leads to a situation in which kustomize has correctly prefixed resources, but metal-lb still doesn't work

W0704 11:24:20.560894       1 warnings.go:70] metallb.io v1beta1 AddressPool is deprecated, consider using IPAddressPool
{"level":"error","ts":"2023-07-04T11:24:20Z","logger":"cert-rotation","msg":"could not refresh cert on startup","error":"acquiring secret to update certificates: Secret \"webhook-server-cert\" not found","errorVerbose":"Secret \"webhook-server-cert\" not found\nacquiring secret to update certificates\ngithub.com/open-policy-agent/cert-controller/pkg/rotator.(*CertRotator).refreshCertIfNeeded.func1\n\t/go/pkg/mod/github.com/open-policy-agent/cert-controller@v0.7.0/pkg/rotator/rotator.go:246\nk8s.io/apimachinery/pkg/util/wait.ConditionFunc.WithContext.func1\n\t/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/wait/wait.go:222\nk8s.io/apimachinery/pkg/util/wait.runConditionWithCrashProtectionWithContext\n\t/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/wait/wait.go:235\nk8s.io/apimachinery/pkg/util/wait.runConditionWithCrashProtection\n\t/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/wait/wait.go:228\nk8s.io/apimachinery/pkg/util/wait.ExponentialBackoff\n\t/go/pkg/mod/k8s.io/apimachinery@v0.26.4/pkg/util/wait/wait.go:423\ngithub.com/open-policy-agent/cert-controller/pkg/rotator.(*CertRotator).refreshCertIfNeeded\n\t/go/pkg/mod/github.com/open-policy-agent/cert-controller@v0.7.0/pkg/rotator/rotator.go:278\ngithub.com/open-policy-agent/cert-controller/pkg/rotator.(*CertRotator).Start\n\t/go/pkg/mod/github.com/open-policy-agent/cert-controller@v0.7.0/pkg/rotator/rotator.go:210\nsigs.k8s.io/controller-runtime/pkg/manager.(*runnableGroup).reconcile.func1\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.6/pkg/manager/runnable_group.go:219\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_arm64.s:1172","stacktrace":"github.com/open-policy-agent/cert-controller/pkg/rotator.(*CertRotator).Start\n\t/go/pkg/mod/github.com/open-policy-agent/cert-controller@v0.7.0/pkg/rotator/rotator.go:211\nsigs.k8s.io/controller-runtime/pkg/manager.(*runnableGroup).reconcile.func1\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.6/pkg/manager/runnable_group.go:219"}

apiVersion: v1
kind: Secret
metadata:
  name: metallb-webhook-server-cert

This is in version 0.13.9, but as it's hardcoded in main I think the problem still exists.

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. This issue will be closed in 10 days unless you do one of the following:

• respond to this issue
• have one of these labels applied: bug,good first issue,help wanted,hold,enhancement,documentation,question

[github-actions]

This issue was automatically closed because of lack of activity after being marked stale in the
past 10 days. If you feel this was done in error, please feel free to re-open this issue.

[btrepp]

Looks like the bot closed it

[11-aryan]

Hello,
Can i take up this issue ?

[fedepaol]

Hello, Can i take up this issue ?

there is already a pr fixing this #2070