Simplify CA Bundle injection for multus admission webhook

bindata/network/multus-admission-controller/003-webhook.yaml

@@ -5,6 +5,8 @@ metadata:
   name: {{.MultusValidatingWebhookName}}
   labels:
     app: multus-admission-controller
+  annotations:
+    service.beta.openshift.io/inject-cabundle: "true"
 webhooks:
   - name: multus-validating-config.k8s.io
     clientConfig:

pkg/controller/add_networkconfig.go

@@ -15,7 +15,6 @@ func init() {
 		proxyconfig.Add,
 		operconfig.Add,
 		clusterconfig.Add,
-		operconfig.AddConfigMapReconciler,
 		configmapcainjector.Add,
 	)
 }

pkg/names/names.go

@@ -44,10 +44,6 @@ const KuryrOctaviaProviderAnnotation = "networkoperator.openshift.io/kuryr-octav
 // KuryrOctaviaVersionAnnotation is used to save latest Octavia version detected
 const KuryrOctaviaVersionAnnotation = "networkoperator.openshift.io/kuryr-octavia-version"
 
-// SERVICE_CA_CONFIGMAP is the name of the ConfigMap that contains service CA bundle
-// that is used in multus admission controller deployment
-const SERVICE_CA_CONFIGMAP = "openshift-service-ca"
-
 // MULTUS_VALIDATING_WEBHOOK is the name of the ValidatingWebhookConfiguration for multus-admission-controller
 // that is used in multus admission controller deployment
 const MULTUS_VALIDATING_WEBHOOK = "multus.openshift.io"

pkg/network/multus_admission_controller.go

@@ -19,7 +19,6 @@ func renderMultusAdmissonControllerConfig(manifestDir string) ([]*uns.Unstructur
 	data.Data["ReleaseVersion"] = os.Getenv("RELEASE_VERSION")
 	data.Data["MultusAdmissionControllerImage"] = os.Getenv("MULTUS_ADMISSION_CONTROLLER_IMAGE")
 	data.Data["MultusValidatingWebhookName"] = names.MULTUS_VALIDATING_WEBHOOK
-	data.Data["ServiceCAConfigMap"] = names.SERVICE_CA_CONFIGMAP
 	data.Data["KubeRBACProxyImage"] = os.Getenv("KUBE_RBAC_PROXY_IMAGE")
 
 	manifests, err := render.RenderDir(filepath.Join(manifestDir, "network/multus-admission-controller"), &data)

pkg/network/multus_admission_controller_test.go

@@ -50,12 +50,11 @@ func TestRenderMultusAdmissionController(t *testing.T) {
 	g.Expect(objs).To(ContainElement(HaveKubernetesID("DaemonSet", "openshift-multus", "multus-admission-controller")))
 
 	// Check rendered object
-	g.Expect(len(objs)).To(Equal(10))
+	g.Expect(len(objs)).To(Equal(9))
 	g.Expect(objs).To(ContainElement(HaveKubernetesID("Service", "openshift-multus", "multus-admission-controller")))
 	g.Expect(objs).To(ContainElement(HaveKubernetesID("ClusterRole", "", "multus-admission-controller-webhook")))
 	g.Expect(objs).To(ContainElement(HaveKubernetesID("ClusterRoleBinding", "", "multus-admission-controller-webhook")))
 	g.Expect(objs).To(ContainElement(HaveKubernetesID("ValidatingWebhookConfiguration", "", names.MULTUS_VALIDATING_WEBHOOK)))
-	g.Expect(objs).To(ContainElement(HaveKubernetesID("ConfigMap", "openshift-network-operator", names.SERVICE_CA_CONFIGMAP)))
 	g.Expect(objs).To(ContainElement(HaveKubernetesID("DaemonSet", "openshift-multus", "multus-admission-controller")))
 
 	// Make sure every obj is reasonable: