in pkg/controllers/webhookconfig_controller.go [104:155]
func (c *mutatingWebhookConfigController) UpdateWebhookConfigCertificate(
ctx context.Context, labelSelector string, cert []byte) bool {
// Get all validating configs with matching label
mwcList, err := c.mwcInterface.List(ctx, metav1.ListOptions{
LabelSelector: labelSelector,
})
if err != nil {
klog.Errorf("Failed to retrieve mutating webhook config list : %s", err)
return false
}
// Update them one by one
for _, mwc := range mwcList.Items {
// Make a copy of the webhook config to update
newMwc := mwc.DeepCopy()
// Update all webhooks' CA bundle
for i := range newMwc.Webhooks {
newMwc.Webhooks[i].ClientConfig.CABundle = cert
}
// Prepare a patch to be applied
existingJSON, err := json.Marshal(mwc)
if err != nil {
klog.Error("Failed to encode existing mutating webhook config : ", err)
return false
}
updatedJSON, err := json.Marshal(newMwc)
if err != nil {
klog.Error("Failed to encode updated mutating webhook config : ", err)
return false
}
patch, err := strategicpatch.CreateTwoWayMergePatch(
existingJSON, updatedJSON, admissionregistrationv1.MutatingWebhookConfiguration{})
if err != nil {
klog.Error("Failed to generate the patch to be applied : ", err)
return false
}
// Apply the patch
if newMwc, err = c.mwcInterface.Patch(
ctx, newMwc.Name, types.StrategicMergePatchType, patch, metav1.PatchOptions{}); err != nil {
klog.Errorf("Failed to patch mutating webhook config %s : %s",
newMwc.Name, err)
return false
}
klog.Infof("Successfully updated the mutatingWebhookConfig '%s' with the certificate", newMwc.Name)
}
return true
}