STOR-1442: Restart webhook Pods if webhook-serving-cert changed

[mpatlasov]

Adding WithSecretHashAnnotationHook() for shared-resource-csi-driver-webhook-serving-cert ensures that new annotation is published in shared-resource-csi-driver-webhook Deployment. This, in turn, leads to webhook pods restart.

[openshift-ci-robot]

@mpatlasov: This pull request references STOR-1442 which is a valid jira issue.

In response to this:

Adding WithSecretHashAnnotationHook() for shared-resource-csi-driver-webhook-serving-cert ensures that new annotation is published in shared-resource-csi-driver-webhook Deployment. This, in turn, leads to webhook pods restart.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[mpatlasov]

This PR is the same as #82, but for webhook secret/pods. We don't have any more secrets depending on CA for now:

[csi-driver-shared-resource-operator]$ grep -nr "service.beta.openshift.io/serving-cert-secret-name" *
assets/metrics_service.yaml:5:    service.beta.openshift.io/serving-cert-secret-name: shared-resource-csi-driver-node-metrics-serving-cert
assets/webhook/service.yaml:5:    service.beta.openshift.io/serving-cert-secret-name: shared-resource-csi-driver-webhook-serving-cert

/assign @adambkaplan

[mpatlasov]

/cc @jsafrane @openshift/storage

[openshift-ci]

@mpatlasov: GitHub didn't allow me to request PR reviews from the following users: openshift/storage.

Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @jsafrane @openshift/storage

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[Phaow]

Pre verifiy passed with the pre merged build 4.14.0-0.ci.test-2023-08-11-065827-ci-ln-t683fit-latest

# After the metrics-serving-cert secret changed, driver controller restarted
$ oc delete secret shared-resource-csi-driver-webhook-serving-cert
secret "shared-resource-csi-driver-webhook-serving-cert" deleted

$ oc get po -l name=shared-resource-csi-driver-webhook -w
NAME                                                  READY   STATUS    RESTARTS   AGE
shared-resource-csi-driver-webhook-7666c65cf5-h6kh8   1/1     Running   0          6s
shared-resource-csi-driver-webhook-7666c65cf5-v8g7j   1/1     Running   0          6s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     Pending   0          0s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     Pending   0          0s
shared-resource-csi-driver-webhook-7666c65cf5-v8g7j   1/1     Terminating   0          16s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     ContainerCreating   0          0s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     ContainerCreating   0          0s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     Pending             0          0s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     Pending             0          0s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     ContainerCreating   0          0s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     ContainerCreating   0          0s
shared-resource-csi-driver-webhook-7666c65cf5-v8g7j   0/1     Terminating         0          16s
shared-resource-csi-driver-webhook-7666c65cf5-v8g7j   0/1     Terminating         0          17s
shared-resource-csi-driver-webhook-7666c65cf5-v8g7j   0/1     Terminating         0          17s
shared-resource-csi-driver-webhook-7666c65cf5-v8g7j   0/1     Terminating         0          17s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     ContainerCreating   0          1s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     ContainerCreating   0          1s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     Terminating         0          1s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     Terminating         0          1s
shared-resource-csi-driver-webhook-6f4b497f54-2dbq4   0/1     Pending             0          0s
shared-resource-csi-driver-webhook-6f4b497f54-cltr7   0/1     Pending             0          0s
shared-resource-csi-driver-webhook-6f4b497f54-2dbq4   0/1     Pending             0          0s
shared-resource-csi-driver-webhook-6f4b497f54-cltr7   0/1     Pending             0          0s
shared-resource-csi-driver-webhook-6f4b497f54-2dbq4   0/1     Pending             0          0s
shared-resource-csi-driver-webhook-6f4b497f54-cltr7   0/1     Pending             0          0s
shared-resource-csi-driver-webhook-6f4b497f54-2dbq4   0/1     ContainerCreating   0          0s
shared-resource-csi-driver-webhook-6f4b497f54-cltr7   0/1     ContainerCreating   0          0s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   1/1     Terminating         0          1s
shared-resource-csi-driver-webhook-6f4b497f54-2dbq4   0/1     ContainerCreating   0          1s
shared-resource-csi-driver-webhook-6f4b497f54-cltr7   0/1     ContainerCreating   0          1s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   1/1     Terminating         0          2s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     Terminating         0          2s
shared-resource-csi-driver-webhook-6f4b497f54-cltr7   1/1     Running             0          1s
shared-resource-csi-driver-webhook-7666c65cf5-h6kh8   1/1     Terminating         0          18s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     Terminating         0          3s
shared-resource-csi-driver-webhook-6f4b497f54-2dbq4   1/1     Running             0          2s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     Terminating         0          3s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     Terminating         0          3s
shared-resource-csi-driver-webhook-559d4c5b57-njbg7   0/1     Terminating         0          3s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     Terminating         0          3s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     Terminating         0          3s
shared-resource-csi-driver-webhook-559d4c5b57-qjtsf   0/1     Terminating         0          3s
shared-resource-csi-driver-webhook-7666c65cf5-h6kh8   0/1     Terminating         0          20s
shared-resource-csi-driver-webhook-7666c65cf5-h6kh8   0/1     Terminating         0          20s
shared-resource-csi-driver-webhook-7666c65cf5-h6kh8   0/1     Terminating         0          20s
shared-resource-csi-driver-webhook-7666c65cf5-h6kh8   0/1     Terminating         0          20s

$ oc get po -l name=shared-resource-csi-driver-webhook
NAME                                                  READY   STATUS    RESTARTS   AGE
shared-resource-csi-driver-webhook-6f4b497f54-2dbq4   1/1     Running   0          2m53s
shared-resource-csi-driver-webhook-6f4b497f54-cltr7   1/1     Running   0          2m53s

[Phaow]

/label qe-approved

[jsafrane]

/lgtm
/approve
/label px-approved
/label docs-approved

[jsafrane]

@adambkaplan @gabemontero can you please approve?

[adambkaplan]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan, jsafrane, mpatlasov

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [adambkaplan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@mpatlasov: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.