func setWebhookServerTLSCerts()

in pkg/webhook/server.go [161:215]

• 38 lines of code
• 9 McCabe index (conditional complexity)

func setWebhookServerTLSCerts(ctx context.Context, ws *http.Server) {
	namespace, err := helpers.GetCurrentNamespace()
	if err != nil {
		klog.Fatalf("Could not get current namespace : %s", err)
	}

	var cert tls.Certificate

	// Check if the certificate and key files exist
	_, certErr := os.Stat(certFile)
	_, keyErr := os.Stat(keyFile)

	if certErr != nil || keyErr != nil {
		// Either certificate or key file is missing, generate new certificate
		td := createCertificate(config.serviceName, namespace)

		// Get k8s clientset
		clientset := getK8sClientset()
		if clientset == nil {
			klog.Fatal("Failed to create k8s clientset")
		}

		// Update the validating webhook config with the certificate
		vwcInterface := controllers.NewValidatingWebhookConfigController(clientset)
		if !vwcInterface.UpdateWebhookConfigCertificate(
			ctx, "webhook-server="+namespace+"-"+config.serviceName, td.certificate) {
			klog.Fatal("Failed to update validating webhook configs with the new certificate")
		}

		// Update the mutating webhook config with the certificate
		mwcInterface := controllers.NewMutatingWebhookConfigController(clientset)
		if !mwcInterface.UpdateWebhookConfigCertificate(
			ctx, "webhook-server="+namespace+"-"+config.serviceName, td.certificate) {
			klog.Fatal("Failed to update mutating webhook configs with the new certificate")
		}

		// Load the TLS certificate and key
		cert, err = tls.X509KeyPair(td.certificate, td.privateKey)
		if err != nil {
			klog.Fatal(err)
		}

	} else {
		// Load the TLS certificate and key files
		cert, err = tls.LoadX509KeyPair(certFile, keyFile)
		if err != nil {
			klog.Fatal("Failed to load TLS certificate and key:", err)
		}
	}

	// Add certificate to server config
	ws.TLSConfig = &tls.Config{
		Certificates: []tls.Certificate{cert},
	}
}